Verified Commit 8aae4d87 authored by Joakim Saario's avatar Joakim Saario
Browse files

Docker setup: Configure NGINX

NGINX serves both FastAPI and PHP versions of aurweb with TLS termination.
There's also a convenience redirect from non-https ports to http which might be
useful since default ports aren't used.
parent 3c63c08d
Pipeline #8238 passed with stage
in 2 minutes and 18 seconds
......@@ -5,7 +5,8 @@ services:
build: .
image: aurweb:latest
init: true
command: python -u -m hypercorn -b 0.0.0.0:8082 aurweb.asgi:app
entrypoint: /fastapi-entrypoint.sh
command: python -u -m hypercorn -b 0.0.0.0:8000 aurweb.asgi:app
volumes:
- ./aurweb:/aurweb/aurweb
- ./migrations:/aurweb/migrations
......@@ -15,30 +16,37 @@ services:
- ./templates:/aurweb/templates
- ./Makefile:/aurweb/Makefile
ports:
- 8082:8082
- 8000:8000
aurweb-php:
image: aurweb:latest
init: true
command: php -S 0.0.0.0:8081 -t /aurweb/web/html
entrypoint: /php-entrypoint.sh
command: php -S 0.0.0.0:8001 -t /aurweb/web/html
volumes:
- ./web:/aurweb/web
ports:
- 8081:8081
- 8001:8001
nginx:
image: aurweb:latest
init: true
entrypoint: /nginx-entrypoint.sh
command: nginx
volumes:
- ./docker/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
ports:
# FastAPI
- 8080:8080
- 8443:8443 # TLS
# PHP
- 8081:8081
- 8444:8444 # TLS
mysql:
image: aurweb:latest
init: true
working_dir: /var/lib/mysql
entrypoint: /mysql-entrypoint.sh
command: mysqld_safe --datadir=/var/lib/mysql
volumes:
......
......@@ -9,15 +9,34 @@ pid /run/nginx.pid;
http {
access_log /dev/stdout;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server {
listen 8080;
return 302 https://$host:8443$request_uri;
}
server {
listen 8081;
return 302 https://$host:8444$request_uri;
}
server {
listen 8443 ssl;
location / {
proxy_pass http://aurweb-php:8081;
proxy_pass http://aurweb-fastapi:8000;
}
}
location /sso {
proxy_pass http://aurweb-fastapi:8082;
server {
listen 8444 ssl;
location / {
proxy_pass http://aurweb-php:8001;
}
}
}
#!/bin/bash
set -euo pipefail
sed -ri 's;^(aur_location).*;\1 = https://127.0.0.1:8443;' /aurweb/conf/config
exec "$@"
#!/bin/bash
set -euo pipefail
gen_cert() {
mkdir -p /etc/nginx/ssl
openssl req \
-x509 \
-new \
-days 365 \
-subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' \
-out /etc/nginx/ssl/cert.crt \
-keyout /etc/nginx/ssl/cert.key \
-nodes
}
# Only generate certificate if it doesn't exist.
if ! test -f /etc/nginx/ssl/cert.crt; then
gen_cert
fi
exec "$@"
#!/bin/bash
set -euo pipefail
sed -ri 's;^(aur_location).*;\1 = https://127.0.0.1:8444;' /aurweb/conf/config
exec "$@"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment