Added SSL cert volume and restart policy for all containers

2024-07-26 18:19:09 +00:00 · 2024-07-26 18:19:09 +00:00 · c89540978a
commit c89540978a
parent cb8a880300
5 changed files with 60 additions and 6 deletions
--- a/3
+++ b/3
@ -13,7 +13,8 @@ RUN mkdir conf.d/
 WORKDIR /

 FROM base AS portfolio-proxy
-EXPOSE 80/tcp
+RUN mkdir -p /etc/ssl/letsencrypt/
+EXPOSE 443/tcp
 CMD ["nginx","-g","daemon off;"]

 FROM base AS portfolio-web
--- a/certbot/cli.ini
+++ b/certbot/cli.ini
@ -0,0 +1,34 @@
+# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Certbot with
+# "--help" to learn more about the available options.
+#
+# Note that these options apply automatically to all use of Certbot for
+# obtaining or renewing certificates, so options specific to a single
+# certificate on a system with several certificates should not be placed
+# here.
+
+# Use ECC for the private key
+key-type = ecdsa
+elliptic-curve = secp384r1
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Uncomment and update to register with the specified e-mail address
+email = cndjomouo@icloud.com
+
+# Uncomment to use the standalone authenticator on port 443
+authenticator = standalone
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+# authenticator = webroot
+# webroot-path = /usr/share/nginx/html
+
+# Uncomment to automatically agree to the terms of service of the ACME server
+agree-tos = true
+
+# An example of using an alternate ACME server that uses EAB credentials
+# server = https://acme.sectigo.com/v2/InCommonRSAOV
+# eab-kid = somestringofstuffwithoutquotes
+# eab-hmac-key = yaddayaddahexhexnotquoted
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,9 +8,11 @@ services:
    networks:
      - portfolio-net
    ports:
-      - "80:80/tcp"
+      - "443:443/tcp"
    volumes:
+      - /etc/letsencrypt/:/etc/ssl/letsencrypt/:ro
      - ./nginx/default-nginx-proxy.conf:/etc/nginx/conf.d/default.conf:ro
+    restart: unless-stopped

  web:
    build:
@ -23,6 +25,7 @@ services:
    volumes:
      - ./nginx/default-nginx-web.conf:/etc/nginx/conf.d/default.conf:ro
      - ./src:/www
+    restart: unless-stopped

 networks:
-  portfolio-net: 
+  portfolio-net:
--- a/nginx/default-nginx-proxy.conf
+++ b/nginx/default-nginx-proxy.conf
@ -15,9 +15,25 @@ server {
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
-
 } 

+server {
+    listen 443 ssl;
+    server_name christiangoeschel.com;
+    ssl_certificate /etc/ssl/letsencrypt/live/christiangoeschel.com/fullchain.pem;
+    ssl_certificate_key /etc/ssl/letsencrypt/live/christiangoeschel.com/privkey.pem;
+    
+    location / {
+        proxy_pass http://portfolio-web:8080;
+        proxy_buffering on;
+        proxy_buffers 16 4k;
+        proxy_buffer_size 4k;
+        proxy_busy_buffers_size 8k;
+	proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+
    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
--- a/src/css/style.css
+++ b/src/css/style.css
@ -117,7 +117,7 @@ input, textarea {
 }

 #right_section{
-    width:55%;
+    width:45%;
    height: 100%;
    background-image: url("../images/gutenberg.png");
    background-size: auto 100%;
@ -126,7 +126,7 @@ input, textarea {
 }

 #left_section{
-    width:45%;
+    width:55%;
    height: 100%;
    overflow-y: scroll;
    overflow-x: hidden;