diff --git a/config/nginx.conf b/config/nginx.conf index fe8385a..fa9f4da 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -47,12 +47,13 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } - location /api { - rewrite ^/api/?(.*)$ /$1 break; - proxy_pass http://backend/$1; + location ~* ^/api/(.*)$ { + proxy_redirect off; + proxy_pass http://backend/api/$1$is_args$args; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; } location /files { diff --git a/config/nginx.conf.test b/config/nginx.conf.test new file mode 100644 index 0000000..e6ed273 --- /dev/null +++ b/config/nginx.conf.test @@ -0,0 +1,72 @@ +upstream frontend { + server 172.17.0.1:3000; +} + +upstream backend { + server 172.17.0.1:8080; +} + +upstream minio { + server 172.17.0.1:9000; +} + +server { + listen 80; + listen [::]:80; + server_name test.bytser.com; + + location ~ /.well-known/acme-challenge { + allow all; + root /tmp/acme_challenge; + } + + location / { + rewrite ^ https://$host$request_uri? permanent; + } + + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl http2; + server_name portal.bytser.com; + ssl_certificate /etc/letsencrypt/live/test.bytser.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/test.bytser.com/privkey.pem; + client_max_body_size 100M; + + location / { + rewrite ^/?(.*)$ /$1 break; + proxy_pass http://frontend/$1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location ~* ^/api/(.*)$ { + proxy_redirect off; + proxy_pass http://backend/api/$1$is_args$args; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + + location /files { + rewrite ^/files/?(.*)$ /$1 break; + proxy_pass http://minio/files/$1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/create-certs.sh b/create-certs.sh index 2557943..99db03b 100644 --- a/create-certs.sh +++ b/create-certs.sh @@ -1,5 +1,7 @@ #!/bin/bash +# docker network create nordcod-network + mv config/nginx.conf config/nginx.conf.bk mv config/nginx.conf.initial config/nginx.conf docker-compose up --build nginx -d # start nginx for acme challenge diff --git a/docker-compose-le.yaml b/docker-compose-le.yaml index 86d9e56..020cde3 100644 --- a/docker-compose-le.yaml +++ b/docker-compose-le.yaml @@ -1,4 +1,5 @@ -version: "3.3" +version: "3.3" + services: letsencrypt: container_name: 'certbot-service' diff --git a/docker-compose-le.yaml.test b/docker-compose-le.yaml.test new file mode 100644 index 0000000..80a08d1 --- /dev/null +++ b/docker-compose-le.yaml.test @@ -0,0 +1,13 @@ +version: "3.3" + +services: + letsencrypt: + container_name: 'certbot-service' + image: certbot/certbot:v1.17.0 + command: sh -c "certbot certonly --webroot -w /tmp/acme_challenge -d test.bytser.com --text --agree-tos --email bytser@bytser.com --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http" + entrypoint: "" + volumes: + - "/etc/letsencrypt:/etc/letsencrypt" + - "/tmp/acme_challenge:/tmp/acme_challenge" + environment: + - TERM=xterm diff --git a/docker-compose.yaml b/docker-compose.yaml index 3bb7f36..1047686 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,12 +7,12 @@ services: context: . dockerfile: docker/nginx.Dockerfile ports: - - 80:80 - - 443:443 + - 4444:4444 volumes: - ./config:/config - /etc/letsencrypt:/etc/letsencrypt:ro - /tmp/acme_challenge:/tmp/acme_challenge + - ./config/nginx.conf:/etc/nginx/conf.d/nginx.conf networks: - default - app