EbookFoundation
/
oapen-suggestion-service
mirror of https://github.com/EbookFoundation/oapen-suggestion-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dockerize lets encrpyt & nginx for SSL setup

peterrauscher/oap-66
Peter Rauscher 2023-04-24 02:18:12 -04:00
parent 3622261f98
commit f2d363269f
7 changed files with 98 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/Dockerfile
View File

@ -17,6 +17,6 @@ COPY ./certificates/* /usr/local/share/ca-certificates/
RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
EXPOSE 3001 EXPOSE ${API_PORT}
CMD [ "npm", "start" ] CMD [ "npm", "start" ]

2
api/app.js
View File

@ -22,5 +22,5 @@ const port = process.env.API_PORT || 3001;
app.listen(port, () => { app.listen(port, () => {
console.log("Suggestion Service API is up on port " + port); console.log("Suggestion Service API is up on port " + port);
console.log("Running at http://localhost:" + port + "/"); console.log("Running at http://localhost:" + port + "/api");
}); });

25
docker-compose-https.yml Normal file
View File

@ -0,0 +1,25 @@
version: "3.8"
services:
nginx:
image: nginx:mainline-alpine
restart: always
env_file:
- .env
environment:
- NGINX_ENVSUBST_TEMPLATE_SUFFIX=.setup
volumes:
- ./nginx:/etc/nginx/templates
- /etc/certbot/conf:/etc/letsencrypt
- /etc/certbot/www:/var/www/certbot
ports:
- 80:80
- 443:443
certbot:
container_name: certbot
image: certbot/certbot
depends_on:
- nginx
volumes:
- /etc/certbot/conf:/etc/letsencrypt
- /etc/certbot/www:/var/www/certbot
command: certonly --webroot -w /var/www/certbot --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos

33
docker-compose.yml
View File

@ -10,12 +10,37 @@ services:
- REFRESH_PERIOD=86400 # daily - REFRESH_PERIOD=86400 # daily
- HARVEST_PERIOD=604800 # weekly - HARVEST_PERIOD=604800 # weekly
api: api:
container_name: api
build: ./api/ build: ./api/
restart: always restart: always
env_file: env_file:
- .env - .env
ports: ports:
- "0.0.0.0:${API_PORT}:${API_PORT}" - 0.0.0.0:${API_PORT}:${API_PORT}
networks:
- nginx-passthrough
nginx:
image: nginx:mainline-alpine
restart: always
env_file:
- .env
volumes:
- ./nginx:/etc/nginx/templates
- /etc/certbot/conf:/etc/letsencrypt
- /etc/certbot/www:/var/www/certbot
ports:
- 80:80
- 443:443
networks:
- nginx-passthrough
certbot:
image: certbot/certbot
depends_on:
- nginx
volumes:
- /etc/certbot/conf:/etc/letsencrypt
- /etc/certbot/www:/var/www/certbot
command: certonly --webroot -w /var/www/certbot --force-renewal --email ${SSL_EMAIL} -d ${DOMAIN} --agree-tos
web: web:
build: ./web/ build: ./web/
restart: always restart: always
@ -26,6 +51,6 @@ services:
restart: always restart: always
ports: ports:
- "0.0.0.0:${EMBED_SCRIPT_PORT}:3002" - "0.0.0.0:${EMBED_SCRIPT_PORT}:3002"
volumes: networks:
db: nginx-passthrough:
driver: local driver: bridge

10
nginx/nginx.conf.setup Normal file
View File

@ -0,0 +1,10 @@
server {
listen 80;
server_name ${DOMAIN} www.${DOMAIN};
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
}

23
nginx/nginx.conf.template Normal file
View File

@ -0,0 +1,23 @@
server {
listen 80;
server_name ${DOMAIN} www.${DOMAIN};
return 301 https://${DOMAIN}$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
server_name ${DOMAIN} www.${DOMAIN};
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
location / {
proxy_pass http://api:${API_PORT}/;
}
}

9
setup-https.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
docker compose stop nginx certbot
docker compose rm -f nginx certbot
docker compose --file docker-compose-https.yml up -d
docker wait certbot
docker compose logs certbot
docker compose --file docker-compose-https.yml down
docker compose --file docker-compose-https.yml rm -f nginx certbot