Add SSL cert configuration

This commit is contained in:
Maciej Pesko 2018-09-25 09:14:44 +00:00
parent f123537da4
commit 9107baeae4
3 changed files with 26 additions and 5 deletions

View file

@ -31,10 +31,13 @@ services:
image: nginx
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- static_volume:/comixify/static
- media_volume:/comixify/media
- /etc/certs-data/:/data/letsencrypt/
- /etc/letsencrypt/:/etc/letsencrypt/
depends_on:
- web
networks:
@ -49,4 +52,4 @@ networks:
volumes:
db_volume:
static_volume:
media_volume:
media_volume:

View file

@ -2,10 +2,20 @@ upstream hello_server {
server web:8008;
}
server {
listen 80;
server_name localhost;
client_max_body_size 50M;
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name localhost;
client_max_body_size 50M;
ssl on;
ssl_certificate /etc/letsencrypt/live/comixify.ii.pw.edu.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/comixify.ii.pw.edu.pl/privkey.pem;
location / {
# everything is passed to Gunicorn
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -13,6 +23,10 @@ server {
proxy_redirect off;
proxy_pass http://hello_server;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
location /static/ {
alias /comixify/static/;
}
@ -20,4 +34,4 @@ server {
location /media/ {
alias /comixify/media/;
}
}
}

View file

@ -96,3 +96,7 @@ sudo docker-compose up -d
# ASSURE THAT PORT 80 is open
sudo iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT
# GET CERTIFICATES (SECOND COMMAND SHOULD BE RUN AFTER IAMGES ARE BUILD AND CONTAINERS RUN)
sudo mkdir /etc/certs-data/
sudo certbot certonly --webroot -w /etc/certs-data/ -d comixify.ii.pw.edu.pl