christiangoeschel/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added SSL cert volume and restart policy for all containers

Browse Source
This commit is contained in:
christiangoeschel 2024-07-26 18:19:09 +00:00
parent cb8a880300
commit c89540978a
5 changed files with 60 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@ -13,7 +13,8 @@ RUN mkdir conf.d/
WORKDIR / WORKDIR /
FROM base AS portfolio-proxy FROM base AS portfolio-proxy
EXPOSE 80/tcp RUN mkdir -p /etc/ssl/letsencrypt/
EXPOSE 443/tcp
CMD ["nginx","-g","daemon off;"] CMD ["nginx","-g","daemon off;"]
FROM base AS portfolio-web FROM base AS portfolio-web

34
certbot/cli.ini Normal file
View File

@ -0,0 +1,34 @@
# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Certbot with
# "--help" to learn more about the available options.
#
# Note that these options apply automatically to all use of Certbot for
# obtaining or renewing certificates, so options specific to a single
# certificate on a system with several certificates should not be placed
# here.
# Use ECC for the private key
key-type = ecdsa
elliptic-curve = secp384r1
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = cndjomouo@icloud.com
# Uncomment to use the standalone authenticator on port 443
authenticator = standalone
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html
# Uncomment to automatically agree to the terms of service of the ACME server
agree-tos = true
# An example of using an alternate ACME server that uses EAB credentials
# server = https://acme.sectigo.com/v2/InCommonRSAOV
# eab-kid = somestringofstuffwithoutquotes
# eab-hmac-key = yaddayaddahexhexnotquoted

7
docker-compose.yml
View File

@ -8,9 +8,11 @@ services:
networks: networks:
- portfolio-net - portfolio-net
ports: ports:
- "80:80/tcp" - "443:443/tcp"
volumes: volumes:
- /etc/letsencrypt/:/etc/ssl/letsencrypt/:ro
- ./nginx/default-nginx-proxy.conf:/etc/nginx/conf.d/default.conf:ro - ./nginx/default-nginx-proxy.conf:/etc/nginx/conf.d/default.conf:ro
restart: unless-stopped
web: web:
build: build:
@ -23,6 +25,7 @@ services:
volumes: volumes:
- ./nginx/default-nginx-web.conf:/etc/nginx/conf.d/default.conf:ro - ./nginx/default-nginx-web.conf:/etc/nginx/conf.d/default.conf:ro
- ./src:/www - ./src:/www
restart: unless-stopped
networks: networks:
portfolio-net: portfolio-net:

18
nginx/default-nginx-proxy.conf
View File

@ -15,9 +15,25 @@ server {
location = /50x.html { location = /50x.html {
root /usr/share/nginx/html; root /usr/share/nginx/html;
} }
} }
server {
listen 443 ssl;
server_name christiangoeschel.com;
ssl_certificate /etc/ssl/letsencrypt/live/christiangoeschel.com/fullchain.pem;
ssl_certificate_key /etc/ssl/letsencrypt/live/christiangoeschel.com/privkey.pem;
location / {
proxy_pass http://portfolio-web:8080;
proxy_buffering on;
proxy_buffers 16 4k;
proxy_buffer_size 4k;
proxy_busy_buffers_size 8k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80 # proxy the PHP scripts to Apache listening on 127.0.0.1:80
# #
#location ~ \.php$ { #location ~ \.php$ {

4
src/css/style.css
View File

@ -117,7 +117,7 @@ input, textarea {
} }
#right_section{ #right_section{
width:55%; width:45%;
height: 100%; height: 100%;
background-image: url("../images/gutenberg.png"); background-image: url("../images/gutenberg.png");
background-size: auto 100%; background-size: auto 100%;
@ -126,7 +126,7 @@ input, textarea {
} }
#left_section{ #left_section{
width:45%; width:55%;
height: 100%; height: 100%;
overflow-y: scroll; overflow-y: scroll;
overflow-x: hidden; overflow-x: hidden;