dockerize lets encrpyt & nginx for SSL setup
Peter Rauscher
parent
3622261f98
commit
f2d363269f
|
|
@ -17,6 +17,6 @@ COPY ./certificates/* /usr/local/share/ca-certificates/
|
|||
|
||||
RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
|
||||
|
||||
EXPOSE 3001
|
||||
EXPOSE ${API_PORT}
|
||||
|
||||
CMD [ "npm", "start" ]
|
||||
|
|
|
|||
|
|
@ -22,5 +22,5 @@ const port = process.env.API_PORT || 3001;
|
|||
|
||||
app.listen(port, () => {
|
||||
console.log("Suggestion Service API is up on port " + port);
|
||||
console.log("Running at http://localhost:" + port + "/");
|
||||
console.log("Running at http://localhost:" + port + "/api");
|
||||
});
|
||||
|
|
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:mainline-alpine
|
||||
restart: always
|
||||
env_file:
|
||||
- .env
|
||||
environment:
|
||||
- NGINX_ENVSUBST_TEMPLATE_SUFFIX=.setup
|
||||
volumes:
|
||||
- ./nginx:/etc/nginx/templates
|
||||
- /etc/certbot/conf:/etc/letsencrypt
|
||||
- /etc/certbot/www:/var/www/certbot
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
certbot:
|
||||
container_name: certbot
|
||||
image: certbot/certbot
|
||||
depends_on:
|
||||
- nginx
|
||||
volumes:
|
||||
- /etc/certbot/conf:/etc/letsencrypt
|
||||
- /etc/certbot/www:/var/www/certbot
|
||||
command: certonly --webroot -w /var/www/certbot --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos
|
||||
|
|
@ -10,12 +10,37 @@ services:
|
|||
- REFRESH_PERIOD=86400 # daily
|
||||
- HARVEST_PERIOD=604800 # weekly
|
||||
api:
|
||||
container_name: api
|
||||
build: ./api/
|
||||
restart: always
|
||||
env_file:
|
||||
- .env
|
||||
ports:
|
||||
- "0.0.0.0:${API_PORT}:${API_PORT}"
|
||||
- 0.0.0.0:${API_PORT}:${API_PORT}
|
||||
networks:
|
||||
- nginx-passthrough
|
||||
nginx:
|
||||
image: nginx:mainline-alpine
|
||||
restart: always
|
||||
env_file:
|
||||
- .env
|
||||
volumes:
|
||||
- ./nginx:/etc/nginx/templates
|
||||
- /etc/certbot/conf:/etc/letsencrypt
|
||||
- /etc/certbot/www:/var/www/certbot
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
networks:
|
||||
- nginx-passthrough
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
depends_on:
|
||||
- nginx
|
||||
volumes:
|
||||
- /etc/certbot/conf:/etc/letsencrypt
|
||||
- /etc/certbot/www:/var/www/certbot
|
||||
command: certonly --webroot -w /var/www/certbot --force-renewal --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos
|
||||
web:
|
||||
build: ./web/
|
||||
restart: always
|
||||
|
|
@ -26,6 +51,6 @@ services:
|
|||
restart: always
|
||||
ports:
|
||||
- "0.0.0.0:${EMBED_SCRIPT_PORT}:3002"
|
||||
volumes:
|
||||
db:
|
||||
driver: local
|
||||
networks:
|
||||
nginx-passthrough:
|
||||
driver: bridge
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
server {
|
||||
listen 80;
|
||||
|
||||
server_name ${DOMAIN} www.${DOMAIN};
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/certbot;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
server {
|
||||
listen 80;
|
||||
|
||||
server_name ${DOMAIN} www.${DOMAIN};
|
||||
|
||||
return 301 https://${DOMAIN}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
|
||||
server_name ${DOMAIN} www.${DOMAIN};
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://api:${API_PORT}/;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
docker compose stop nginx certbot
|
||||
docker compose rm -f nginx certbot
|
||||
docker compose --file docker-compose-https.yml up -d
|
||||
docker wait certbot
|
||||
docker compose logs certbot
|
||||
docker compose --file docker-compose-https.yml down
|
||||
docker compose --file docker-compose-https.yml rm -f nginx certbot
|
||||
Loading…
Reference in New Issue