-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from pdurandfr/simple-docker-compose-+-https-ng…
…inx-reverse Simple docker compose + https nginx reverse
- Loading branch information
Showing
7 changed files
with
271 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<?php | ||
|
||
namespace App\Http\Middleware; | ||
|
||
use Closure; | ||
|
||
class ForceXForwardedProto | ||
{ | ||
public function handle($request, Closure $next) | ||
{ | ||
if ($request->header('X-Forwarded-Proto') === 'https') { | ||
$request->server->set('HTTPS', 'on'); | ||
} else { | ||
$request->server->set('HTTPS', 'off'); | ||
} | ||
|
||
return $next($request); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
events { | ||
|
||
} | ||
|
||
http { | ||
|
||
client_max_body_size 0; | ||
|
||
################################# | ||
## redirect http -> https | ||
################################# | ||
server { | ||
listen 80 default_server; | ||
server_name _; | ||
|
||
location / { | ||
return 301 https://$host$request_uri; | ||
} | ||
} | ||
|
||
################################# | ||
## common to all sites | ||
################################# | ||
include /etc/nginx/mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
sendfile on; | ||
keepalive_timeout 65; | ||
|
||
################################# | ||
## mercator.mycompany.com | ||
################################# | ||
server { | ||
listen 443 ssl; | ||
|
||
########################################## | ||
# CONFIG : change host name to match your server name | ||
server_name mercator.mycompany.com; | ||
########################################## | ||
|
||
########################################## | ||
# CONFIG : modify with your own certificate and key name here. They are mapped in the docker-compose file. | ||
ssl_certificate /etc/nginx/certs/mercator.mycompany.com.crt; | ||
ssl_certificate_key /etc/nginx/certs/mercator.mycompany.com.key; | ||
########################################## | ||
|
||
client_max_body_size 25m; | ||
|
||
location / { | ||
proxy_pass http://mercator:80; | ||
|
||
########################################## | ||
# CONFIG : change host name to match server_name | ||
proxy_set_header Host mercator.mycompany.com; | ||
########################################## | ||
|
||
proxy_set_header X-Forwarded-Host $http_host; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-NginX-Proxy true; | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
update-ca-certificates --fresh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
This docker-compose folder is intented to launch a SIMPLE & PERSISTENT mercator instance behind nginx reverse https proxy. | ||
|
||
# Pre-requisite | ||
## Obtain a valid certificate and key files from your organisation. If you don't have you can generate self-signed with these commands (replace with your own domain name) : | ||
``` | ||
``` | ||
|
||
# Initialize your personal files | ||
## Create persistent sqlite database | ||
``` | ||
touch ./PV/mercator/db.sqlite && chmod a+w ./PV/mercator/db.sqlite | ||
``` | ||
|
||
## Put your mercator's https certificates in the nginx PV folder | ||
``` | ||
cp <source .crt and .key files> ./PV/nginx/certs | ||
``` | ||
If you need to generate your own certificates : | ||
``` | ||
openssl genpkey -algorithm RSA -out ./PV/nginx/certs/mercator.mycompany.com.key | ||
openssl req -new -x509 -key ./PV/nginx/certs/mercator.mycompany.com.key -out ./PV/nginx/certs/mercator.mycompany.com.crt | ||
``` | ||
|
||
## If you need your company's ca root certificate in Nginx because you want to also reverse proxy an https site | ||
Put certificates in ./PV/nginx/certs | ||
|
||
Then, uncomment associated volumes in docker-compose.yml, under nginx service section | ||
|
||
|
||
# Modify the configuration to match your domain name | ||
Check all CONFIG lines in the following files, and adapt it to your domain name | ||
``` | ||
./docker-compose.yml | ||
./env/mercator.env | ||
./PV/nginx/nginx.conf | ||
``` | ||
|
||
# There we go! | ||
``` | ||
docker-compose up -d | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
version: '3.7' | ||
services: | ||
reverse-proxy: | ||
image: nginx:latest | ||
volumes: | ||
- ./PV/nginx/nginx.conf:/etc/nginx/nginx.conf | ||
- ./PV/nginx/certs:/etc/nginx/certs | ||
########################################## | ||
# uncomment if you need your company's CA root certificate (don't forget to change the certificate name) | ||
# - ./PV/nginx/myCompany.crt:/usr/local/share/ca-certificates/myCompagny.crt | ||
# - ./PV/nginx/update-ca-certificates.sh:/docker-entrypoint.d/1000-update-ca-certificates.sh | ||
########################################## | ||
|
||
ports: | ||
- 443:443 | ||
depends_on: | ||
- mercator | ||
|
||
mercator: | ||
image: ghcr.io/dbarzin/mercator:latest | ||
restart: unless-stopped | ||
container_name: mercator | ||
volumes: | ||
- ./PV/mercator/db.sqlite/:/var/www/mercator/sql/db.sqlite | ||
- ./env/mercator.env:/var/www/mercator/.env | ||
expose: | ||
- 80 | ||
environment: | ||
########################################## | ||
# CONFIG set to your company's domain name | ||
- APP_URL=https://mercator.mycompany.com/ | ||
- ASSET_URL=https://mercator.mycompany.com/ | ||
########################################## | ||
|
||
########################################## | ||
# uncomment if you want to load demo data | ||
# - USE_DEMO_DATA=1 | ||
########################################## | ||
|
||
# - Plusieurs types possibles : AD, OpenLDAP, FreeIPA, DirectoryServer | ||
# - LDAP_TYPE="AD" | ||
# - # If true, LDAP actions will be written to the application's default log file | ||
# - LDAP_LOGGING=true | ||
# - LDAP_CONNECTION=default | ||
# - LDAP_HOST=127.0.0.1 | ||
# - # Identifiers of the user who will connect to the LDAP in order to perform queries | ||
# - LDAP_USERNAME="cn=user,dc=local,dc=com" | ||
# - LDAP_PASSWORD=secret | ||
# - LDAP_PORT=389 | ||
# - LDAP_BASE_DN="dc=local,dc=com" | ||
# - LDAP_TIMEOUT=5 | ||
# - LDAP_SSL=false | ||
# - LDAP_TLS=false | ||
# - # Allows you to restrict access to a tree structure | ||
# - LDAP_SCOPE="ou=Accounting,ou=Groups,dc=planetexpress,dc=com" | ||
# - # Allows you to restrict access to groups | ||
# - LDAP_GROUPS="Delivering,Help Desk" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
## APP_NAME=Mercator | ||
APP_ENV=production | ||
## APP_KEY= | ||
## APP_DEBUG=false | ||
|
||
########################################## | ||
# CONFIG set to your own domain name | ||
APP_URL=https://mercator.mycompany.com | ||
########################################## | ||
|
||
## ASSET_URL=https://mercator.mycompany.com | ||
## LOG_CHANNEL=stack | ||
## | ||
## DB_CONNECTION=mysql | ||
## DB_HOST=db | ||
## DB_PORT=3306 | ||
## DB_DATABASE=mercator | ||
## DB_USERNAME=mercator_user | ||
## DB_PASSWORD=1ù_-qeeRH21!8zA1~ | ||
## DB_ROOT_PASSWORD=2ù_-qeeYT21!8zA2~ | ||
## | ||
## ################################################################# | ||
## # Uncomment to user LDAP authentication | ||
## # | ||
## # Availables Types : OpenLDAP | AD | FreeIPA | DirectoryServer | ||
## # LDAP_TYPE="AD" | ||
## # LDAP_LOGGING=true | ||
## # LDAP_CONNECTION=default | ||
## # LDAP_HOST=127.0.0.1 | ||
## # LDAP_USERNAME="cn=user,dc=local,dc=com" | ||
## # LDAP_PASSWORD=secret | ||
## # LDAP_PORT=389 | ||
## # LDAP_BASE_DN="dc=local,dc=com" | ||
## # LDAP_TIMEOUT=5 | ||
## # LDAP_SSL=false | ||
## # LDAP_TLS=false | ||
## # LDAP_SCOPE="ou=Accounting,ou=Groups,dc=planetexpress,dc=com" | ||
## # LDAP_GROUPS="Delivering,Help Desk" | ||
## ################################################################# | ||
## | ||
## BROADCAST_DRIVER=log | ||
## CACHE_DRIVER=file | ||
## QUEUE_CONNECTION=sync | ||
## SESSION_DRIVER=file | ||
## SESSION_LIFETIME=120 | ||
## | ||
## REDIS_HOST=127.0.0.1 | ||
## REDIS_PASSWORD=null | ||
## REDIS_PORT=6379 | ||
## | ||
## MAIL_MAILER=smtp | ||
## MAIL_HOST=smtp.mailtrap.io | ||
## MAIL_PORT=2525 | ||
## MAIL_USERNAME=null | ||
## MAIL_PASSWORD=null | ||
## MAIL_ENCRYPTION=null | ||
## MAIL_FROM_ADDRESS=null | ||
## MAIL_FROM_NAME="${APP_NAME}" | ||
## | ||
## AWS_ACCESS_KEY_ID= | ||
## AWS_SECRET_ACCESS_KEY= | ||
## AWS_DEFAULT_REGION=us-east-1 | ||
## AWS_BUCKET= | ||
## | ||
## PUSHER_APP_ID= | ||
## PUSHER_APP_KEY= | ||
## PUSHER_APP_SECRET= | ||
## PUSHER_APP_CLUSTER=mt1 | ||
## | ||
## MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" | ||
## MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" | ||
## | ||
## # Uncomment this line if you want to use the Cartographers | ||
## # | ||
## # Cartographers are attached to applications, and, when this enabled, only them (and admins) can modify their own apps | ||
## # and what is attach to (under the application view). Documentation here : | ||
## # CARTOGRAPHERS=true | ||
## |