forked from prehistoric-systems/comixify
Add SSL cert configuration
This commit is contained in:
parent
f123537da4
commit
9107baeae4
3 changed files with 26 additions and 5 deletions
|
|
@ -31,10 +31,13 @@ services:
|
|||
image: nginx
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/conf.d/default.conf
|
||||
- static_volume:/comixify/static
|
||||
- media_volume:/comixify/media
|
||||
- /etc/certs-data/:/data/letsencrypt/
|
||||
- /etc/letsencrypt/:/etc/letsencrypt/
|
||||
depends_on:
|
||||
- web
|
||||
networks:
|
||||
|
|
@ -49,4 +52,4 @@ networks:
|
|||
volumes:
|
||||
db_volume:
|
||||
static_volume:
|
||||
media_volume:
|
||||
media_volume:
|
||||
|
|
|
|||
22
nginx.conf
22
nginx.conf
|
|
@ -2,10 +2,20 @@ upstream hello_server {
|
|||
server web:8008;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
client_max_body_size 50M;
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
server_name localhost;
|
||||
client_max_body_size 50M;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/comixify.ii.pw.edu.pl/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/comixify.ii.pw.edu.pl/privkey.pem;
|
||||
location / {
|
||||
# everything is passed to Gunicorn
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
|
@ -13,6 +23,10 @@ server {
|
|||
proxy_redirect off;
|
||||
proxy_pass http://hello_server;
|
||||
}
|
||||
location ^~ /.well-known {
|
||||
allow all;
|
||||
root /data/letsencrypt/;
|
||||
}
|
||||
location /static/ {
|
||||
alias /comixify/static/;
|
||||
}
|
||||
|
|
@ -20,4 +34,4 @@ server {
|
|||
location /media/ {
|
||||
alias /comixify/media/;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -96,3 +96,7 @@ sudo docker-compose up -d
|
|||
|
||||
# ASSURE THAT PORT 80 is open
|
||||
sudo iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||
|
||||
# GET CERTIFICATES (SECOND COMMAND SHOULD BE RUN AFTER IAMGES ARE BUILD AND CONTAINERS RUN)
|
||||
sudo mkdir /etc/certs-data/
|
||||
sudo certbot certonly --webroot -w /etc/certs-data/ -d comixify.ii.pw.edu.pl
|
||||
|
|
|
|||
Loading…
Reference in a new issue