Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
86 lines (69 sloc) 2.9 KB
# This builds the stabug.com nginx reverse proxy with live letsencrypt certs
#
# Assumes: aai.starbug.com_00:8080 and obsui_00:8090 are running
# and sharing the log partition (for logrotate)
#
# Names must be coordinated with the gunicorn WSGI server. See also www/gunicorn.sh
#
# Uses letsencrypt and wellknown for persistent storage. These will
# not be replaced when a new container image is pushed. You will need to
# delete the volume to force the update.
#
# with docker compose
#
# docker-compose -f tls.starbug.com-compose.yaml up -d
# docker-compose -f tls.starbug.com-compose.yaml down
#
# with just docker
#
# one time setup
# storage: docker volume create starbuglogs
# docker volume create letsencrypt
# docker volume create wellknown
# docker volume create starbugbackup
#
# create network: docker network create starbugnet
#
# to build: docker build -f Dockerfile.nginx.letsencrypt -t tls.starbug.com .
#
# to run: docker run --name tls.starbug.com_00 --net starbugnet --mount source=letsencrypt,target=/etc/letsencrypt --mount source=wellknown,target=/opt/starbug.com/www/.well-known --mount source=starbuglogs,target=/opt/starbug.com/logs --mount source=starbugbackup,target=/opt/starbug.com/backup -v /var/run/docker.sock:/tmp/docker.sock -d -p 80:80 -p 443:443 tls.starbug.com
# to bash: docker exec -it tls.starbug.com_00 bash
#
# log rotation: logrotate -f /etc/logrotate.conf
FROM nginx
LABEL maintainer "lrm@starbug.com"
LABEL service "starbug.com reverse proxy with letsencrypt certification"
RUN apt-get update
RUN apt-get -y install logrotate certbot python-certbot-nginx
# ----------------------
# ----- nginx conf -----
# ----------------------
COPY ./conf/starbug.nginx.conf /etc/nginx/nginx.conf
COPY ./conf/starbug.nginx.tls.conf /etc/nginx/conf.d/starbug.nginx.tls.conf
COPY ./conf/starbug.tls.conf /etc/nginx/conf.d/starbug.tls.conf
# ----------------------------
# ----- letsencrypt conf -----
# ----------------------------
# simple test for https connection, e.g. https://www.starbug.com/.well-known/acme-challenge/ping.txt
COPY ./conf/ping.txt /opt/starbug.com/www/.well-known/acme-challenge/ping.txt
# letsencrypt renew cronjob
COPY ./conf/letsencrypt-renew.cron /etc/cron.daily/letsencrypt-renew
# --------------------------
# ----- logrotate conf -----
# --------------------------
COPY ./conf/logrotate/nginx /etc/logrotate.d/nginx
COPY ./conf/logrotate/aai /etc/logrotate.d/aai
COPY ./conf/logrotate/obsui /etc/logrotate.d/obsui
# --------------------------
# ----- static content -----
# --------------------------
# test cron job
COPY ./conf/nginx_cron_test /etc/cron.d/nginx_cron_test
# starbug.com static content
COPY ./www/ /opt/starbug.com/www/
# --------------------------------
# ----- start cron and nginx -----
# --------------------------------
WORKDIR /root
COPY ./conf/nginx-start.sh .
CMD [ "./nginx-start.sh" ]
You can’t perform that action at this time.