diff --git a/api/Dockerfile b/api/Dockerfile index 32e76b4..34e7b0d 100644 --- a/api/Dockerfile +++ b/api/Dockerfile @@ -17,6 +17,6 @@ COPY ./certificates/* /usr/local/share/ca-certificates/ RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates -EXPOSE 3001 +EXPOSE ${API_PORT} CMD [ "npm", "start" ] diff --git a/api/app.js b/api/app.js index 5b7178f..03227c5 100644 --- a/api/app.js +++ b/api/app.js @@ -22,5 +22,5 @@ const port = process.env.API_PORT || 3001; app.listen(port, () => { console.log("Suggestion Service API is up on port " + port); - console.log("Running at http://localhost:" + port + "/"); + console.log("Running at http://localhost:" + port + "/api"); }); diff --git a/docker-compose-https.yml b/docker-compose-https.yml new file mode 100644 index 0000000..7911af2 --- /dev/null +++ b/docker-compose-https.yml @@ -0,0 +1,25 @@ +version: "3.8" +services: + nginx: + image: nginx:mainline-alpine + restart: always + env_file: + - .env + environment: + - NGINX_ENVSUBST_TEMPLATE_SUFFIX=.setup + volumes: + - ./nginx:/etc/nginx/templates + - /etc/certbot/conf:/etc/letsencrypt + - /etc/certbot/www:/var/www/certbot + ports: + - 80:80 + - 443:443 + certbot: + container_name: certbot + image: certbot/certbot + depends_on: + - nginx + volumes: + - /etc/certbot/conf:/etc/letsencrypt + - /etc/certbot/www:/var/www/certbot + command: certonly --webroot -w /var/www/certbot --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8f24420..e08bb98 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,12 +10,37 @@ services: - REFRESH_PERIOD=86400 # daily - HARVEST_PERIOD=604800 # weekly api: + container_name: api build: ./api/ restart: always env_file: - .env ports: - - "0.0.0.0:${API_PORT}:${API_PORT}" + - 0.0.0.0:${API_PORT}:${API_PORT} + networks: + - nginx-passthrough + nginx: + image: nginx:mainline-alpine + restart: always + env_file: + - .env + volumes: + - ./nginx:/etc/nginx/templates + - /etc/certbot/conf:/etc/letsencrypt + - /etc/certbot/www:/var/www/certbot + ports: + - 80:80 + - 443:443 + networks: + - nginx-passthrough + certbot: + image: certbot/certbot + depends_on: + - nginx + volumes: + - /etc/certbot/conf:/etc/letsencrypt + - /etc/certbot/www:/var/www/certbot + command: certonly --webroot -w /var/www/certbot --force-renewal --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos web: build: ./web/ restart: always @@ -26,6 +51,6 @@ services: restart: always ports: - "0.0.0.0:${EMBED_SCRIPT_PORT}:3002" -volumes: - db: - driver: local +networks: + nginx-passthrough: + driver: bridge \ No newline at end of file diff --git a/nginx/nginx.conf.setup b/nginx/nginx.conf.setup new file mode 100644 index 0000000..7e59fac --- /dev/null +++ b/nginx/nginx.conf.setup @@ -0,0 +1,10 @@ +server { + listen 80; + + server_name ${DOMAIN} www.${DOMAIN}; + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/certbot; + } +} \ No newline at end of file diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template new file mode 100644 index 0000000..b462aa3 --- /dev/null +++ b/nginx/nginx.conf.template @@ -0,0 +1,23 @@ +server { + listen 80; + + server_name ${DOMAIN} www.${DOMAIN}; + + return 301 https://${DOMAIN}$request_uri; +} + +server { + listen 443 ssl http2; + ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; + server_name ${DOMAIN} www.${DOMAIN}; + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/certbot; + } + + location / { + proxy_pass http://api:${API_PORT}/; + } +} \ No newline at end of file diff --git a/setup-https.sh b/setup-https.sh new file mode 100755 index 0000000..5f73e7f --- /dev/null +++ b/setup-https.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker compose stop nginx certbot +docker compose rm -f nginx certbot +docker compose --file docker-compose-https.yml up -d +docker wait certbot +docker compose logs certbot +docker compose --file docker-compose-https.yml down +docker compose --file docker-compose-https.yml rm -f nginx certbot \ No newline at end of file