letsencrypt and nginx proxy updates

sourmash-bio · Feb 15, 2018 · ebdeae4 · ebdeae4
1 parent 9ce305d
commit ebdeae4
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,7 @@
 **/__pycache__
 redis/
+env.production
+iam/
+integration/
+letsencrypt_certs/
+*.swp
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -62,7 +62,7 @@ services:
       PYTHONUNBUFFERED: 'true'
       FLASK_APP: 'wortapp.py'
     ports:
-      - "5000:5000"
+      - "5000"
     links:
       - redis
       - db
@@ -76,20 +76,19 @@ services:
 
   proxy:
     restart: always
-    image: nginx
+    build:
+      context: nginx
+      dockerfile: Dockerfile
     volumes:
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./letsencrypt_certs:/etc/nginx/certs
       - ./letsencrypt_www:/var/www/letsencrypt
     ports:
       - "80:80"
       - "443:443"
-    links:
-      - web:wort.oxli.org
 
   letsencrypt:
     image: certbot/certbot
     command: /bin/true
     volumes:
-      - ./letsencrypt_certs:/etc/nginx/certs
+      - ./letsencrypt_certs:/etc/letsencrypt
       - ./letsencrypt_www:/var/www/letsencrypt
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -0,0 +1,3 @@
+FROM nginx:stable
+COPY nginx.conf /etc/nginx/
+COPY wort.conf /etc/nginx/conf.d/
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -1,27 +1,31 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
 http {
-	server {
-	  listen 80;
-	  server_name wort.oxli.org;
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
 
-	  location /.well-known/acme-challenge/ {
-		root /var/www/letsencrypt;
-	  }
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
 
-	  location / {
-		return 301 https://$host$request_uri;
-	  }
-	}
+    access_log  /var/log/nginx/access.log  main;
 
-	server {
-	  listen 443 ssl;
+    sendfile        on;
+    #tcp_nopush     on;
 
-	  ssl_certificate certs/live/wort.oxli.org/fullchain.pem;
-	  ssl_certificate_key certs/live/wort.oxli.org/privkey.pem;
+    keepalive_timeout  65;
 
-	  server_name wort.oxli.org;
+    #gzip  on;
 
-	  location / {
-		proxy_pass http://wort.oxli.org;
-	  }
-	}
+    include /etc/nginx/conf.d/*.conf;
 }
diff --git a/nginx/wort.conf b/nginx/wort.conf
@@ -0,0 +1,35 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name wort.oxli.org;
+
+  location /.well-known/acme-challenge/ {
+    allow all;
+    root /var/www/letsencrypt/;
+  }
+
+  location / {
+    return 301 https://$host$request_uri;
+  }
+}
+
+server {
+  listen 443 ssl;
+
+  ssl_certificate certs/live/wort.oxli.org/fullchain.pem;
+  ssl_certificate_key certs/live/wort.oxli.org/privkey.pem;
+
+  server_name wort.oxli.org;
+
+  resolver 127.0.0.11;
+  set $backends web;
+
+  location / {
+    proxy_pass http://web:5000;
+  }
+}