New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Http20 #6

Merged
merged 2 commits into from Sep 8, 2016
File filter...
Filter file types
Jump to file or symbol
Failed to load files and symbols.
+187 −65
Diff settings

Always

Just for now

Copy path View file
@@ -1,3 +1,4 @@
.git
docker
!docker/app
!docker/app
.sslkey
Copy path View file
@@ -24,4 +24,5 @@
vendor

.data
src
src
.sslkey
Copy path View file
@@ -1,4 +1,4 @@
default:
default: ssl
docker-compose build
@docker-compose up -d rails_db
@docker-compose run --no-deps --rm rails_app bundle install
@@ -13,6 +13,22 @@ migrate:
update-bundle:
@docker-compose run --rm rails_app bundle update

ssl:
mkdir -p .sslkey
openssl genrsa -out .sslkey/server.key 2048
openssl genrsa -out docker/nginx/ssl/localhost.key 2048
openssl rsa -in docker/nginx/ssl/localhost.key -out .sslkey/localhost.key.rsa

openssl req -new -key .sslkey/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out .sslkey/server.csr
openssl req -new -key .sslkey/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out docker/nginx/ssl/localhost.csr -config conf/localhost.conf

openssl x509 -req -days 365 -in docker/nginx/ssl/server.csr -signkey .sslkey/server.key -out .sslkey/server.crt
openssl x509 -req -extensions v3_req -days 365 -in docker/nginx/ssl/localhost.csr -signkey .sslkey/localhost.key.rsa -out docker/nginx/ssl/localhost.crt -extfile conf/localhost.conf

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain docker/nginx/ssl/localhost.crt



clean:
rm -rf tmp

Copy path View file
@@ -19,13 +19,16 @@ Docker Build
$ make
```

途中sudoで実行されるので、passwordの入力が必要

Docker RUN

```
$ make up
```

http://localhost/
https://localhost/

### PHP MY ADMIN

Copy path View file
@@ -0,0 +1,15 @@
[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = *.localhost
Copy path View file
@@ -4,8 +4,10 @@ services:
image: nginx:1.11-alpine
ports:
- 80:80
- 443:443
volumes:
- ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
- ./docker/nginx/ssl:/etc/nginx/ssl:ro
- /etc/localtime:/etc/localtime:ro
volumes_from:
- rails_app
Copy path View file
@@ -1,64 +1,4 @@
proxy_cache_path /tmp/cache
levels=1:2
keys_zone=cache-space:4m
max_size=50m
inactive=120m;

upstream app {
server rails_app:3000;
}

server {
listen 80 default_server;
server_tokens off;
root /work/app/public;

location ~* ^/assets/ {
gzip_static on;

# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;

add_header Last-Modified "";
add_header ETag "";

if (-f $request_filename) {
break;
}

try_files $uri $uri/index.html $uri.html @assets;
}

location / {
gzip_static on;
try_files $uri $uri/index.html $uri.html @app;
}

location @app {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

proxy_pass http://app;
}

location @assets {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

proxy_cache cache-space;
proxy_cache_valid 200 302 60m;

proxy_pass http://app;
}
listen 80;
return 301 https://$host$request_uri;
}
Copy path View file
@@ -0,0 +1,78 @@
proxy_cache_path /tmp/cache
levels=1:2
keys_zone=cache-space:4m
max_size=50m
inactive=120m;

upstream app {
server rails_app:3000;
}


server {
listen 443 ssl http2;

ssl_certificate /etc/nginx/ssl/localhost.crt;
ssl_certificate_key /etc/nginx/ssl/localhost.key;

ssl_session_cache shared:SSL:3m;
ssl_buffer_size 8k;
ssl_session_timeout 10m;

ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

charset utf-8;

server_tokens off;
root /work/app/public;

location ~* ^/assets/ {
gzip_static on;

# Per RFC2616 - 1 year maximum expiry
expires 1y;
add_header Cache-Control public;

add_header Last-Modified "";
add_header ETag "";

if (-f $request_filename) {
break;
}

try_files $uri $uri/index.html $uri.html @assets;
}

location / {
gzip_static on;
try_files $uri $uri/index.html $uri.html @app;
}

location @app {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

proxy_pass http://app;
}

location @assets {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;

proxy_cache cache-space;
proxy_cache_valid 200 302 60m;

proxy_pass http://app;
}
}
Copy path View file
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIJAMYsjg+AYys+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYDVQQHDAZPcmFuZ2UxFTAT
BgNVBAoMDEluZGllV2ViQ2FtcDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE2MDkw
ODEyMzAyMFoXDTE3MDkwODEyMzAyMFowXjELMAkGA1UEBhMCVVMxEzARBgNVBAgM
CkNhbGlmb3JuaWExDzANBgNVBAcMBk9yYW5nZTEVMBMGA1UECgwMSW5kaWVXZWJD
YW1wMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDAbk3U741M9bxFXR0wG6WI1GZ6SWGxLo4+GNRPAByh89NrRYIp2cwX
lQ0JSCqw5FQhaN9la3EiXo+mFcDdwQhAQobho0QPJEYe3IxPLQay9M42gsszem0l
5eZBE0stvZGeYUu+d7cDX6qm5epnsIEH7lJJHhoZ6IQaU+ehNn4pnjpjYe6+qBTO
JhXsHUNU5qahj+whgFbwBhg0BpIJMtYcCjuiChaCzVCzTbwGMm3qtoHTdOrHzaET
b2v9KBUAMsAkrzfbxq0amzjcMJFHxBI+TplMssuNLKzxT2sZUOogLv3mlkKSwiWj
nYvHyXRQXMwcFWgWspx/GQJrY0NQkj+RAgMBAAGjPTA7MAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgXgMCEGA1UdEQQaMBiCCWxvY2FsaG9zdIILKi5sb2NhbGhvc3QwDQYJ
KoZIhvcNAQEFBQADggEBAC95OKsMAqnsBU2GWzqufnp1IGa3ODf6NC8sf1qZCTSO
MBr4fB0Yfdl9ZsAA4d5LiTbaZQQSfvpDVaYhM+kk5/uK7khNPdTeZ2mqxvI+HCY+
3VIB8JaTBcH4jV32H9U+CkFx2ME3LP9M1y/G3HtvoB6VuzYvgRBBQgBHkcWAy450
fAqRWKJSysj2VkwDAAh9EdVIHKmxITVGlCWhL8ERiDdsGUQyi8cqA4tAiXaq0tHR
2x18y4hhwf0rrg9MswsOtydirtUYKS1nEvpvv8rSjgXWblzsZ3THj0qfpQSf3dNo
fTyWV4IwUEMAUsUK7sfKaXTwflEB0FhbDInN+VgcBAs=
-----END CERTIFICATE-----
Copy path View file
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC7zCCAdcCAQAwXjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
DzANBgNVBAcMBk9yYW5nZTEVMBMGA1UECgwMSW5kaWVXZWJDYW1wMRIwEAYDVQQD
DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAbk3U
741M9bxFXR0wG6WI1GZ6SWGxLo4+GNRPAByh89NrRYIp2cwXlQ0JSCqw5FQhaN9l
a3EiXo+mFcDdwQhAQobho0QPJEYe3IxPLQay9M42gsszem0l5eZBE0stvZGeYUu+
d7cDX6qm5epnsIEH7lJJHhoZ6IQaU+ehNn4pnjpjYe6+qBTOJhXsHUNU5qahj+wh
gFbwBhg0BpIJMtYcCjuiChaCzVCzTbwGMm3qtoHTdOrHzaETb2v9KBUAMsAkrzfb
xq0amzjcMJFHxBI+TplMssuNLKzxT2sZUOogLv3mlkKSwiWjnYvHyXRQXMwcFWgW
spx/GQJrY0NQkj+RAgMBAAGgTDBKBgkqhkiG9w0BCQ4xPTA7MAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgXgMCEGA1UdEQQaMBiCCWxvY2FsaG9zdIILKi5sb2NhbGhvc3Qw
DQYJKoZIhvcNAQEFBQADggEBALGaE+a2GaU6hIXTirxvX7ERW0WjyREI6zunhAOW
6+qfm5XAJVtei7AFZx0ljnqyeAMBiZx9dyAv1N9FjQCQ0F7GtJc56oFhydfZE+0U
BOZPa6FRxKfvx3YHcXU1FtM2/6rKNAXR3BLtZAm5alKB7YO7P5ESJtgeIPfVYbHC
JSHMdhHfucv5FjWzXBDYvFnMl4nEG8cDBk1f8+OBFqLJlQEl7oNT2YL3j5vY9dym
Z3qtUYnbUtZxvIfno5yIf58He/vSAgkbEpo0oU+dglmNoNia7Q6AxhYZucB5+x2I
2CE+oXM6w58+rsfih2e3dGTVPfd4+LVNcpyu6iJAcvljdo8=
-----END CERTIFICATE REQUEST-----
Copy path View file
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwG5N1O+NTPW8RV0dMBuliNRmeklhsS6OPhjUTwAcofPTa0WC
KdnMF5UNCUgqsORUIWjfZWtxIl6PphXA3cEIQEKG4aNEDyRGHtyMTy0GsvTONoLL
M3ptJeXmQRNLLb2RnmFLvne3A1+qpuXqZ7CBB+5SSR4aGeiEGlPnoTZ+KZ46Y2Hu
vqgUziYV7B1DVOamoY/sIYBW8AYYNAaSCTLWHAo7ogoWgs1Qs028BjJt6raB03Tq
x82hE29r/SgVADLAJK8328atGps43DCRR8QSPk6ZTLLLjSys8U9rGVDqIC795pZC
ksIlo52Lx8l0UFzMHBVoFrKcfxkCa2NDUJI/kQIDAQABAoIBAGYgpJIkaRu1N6yg
lIMZySrrf0/bbku456kxSEx9RLT3UPeXtlM70kOZyYdpk666H6RzokyTT0HsadS9
qtSGRDjGlgteuRpIKCbs6lKDFREZN/BaTjoN+aupbiCPetDV0Vj7TlXR94GE3m8h
itxpIrHw3B8OKNAjRSkr6rz2zNKMyTaMswr1Ga8VHwQ3D2+0GhFwqbiaipOCUpl0
WXWBx/iJZs+36OSmvVLZLJ+KY5HEHPxhql4ziRk3VlIVU7PePNWq9BJybblDRvI6
gi1l6CCYIOuY8ot7N6Do19LYBL2R0h8HHxTJeFISWzXOVxGJohUC1JgBZJZyYZaf
0fCx/CECgYEA7wnSh20AyWiUEQYX+8zwwsEBUuL/P0xdA2YdDYYcTVR6W+A1NM2J
Df6k+NEUAu6pgdfdQDs8CQC1vCblHlQqGnexTvZCBTwrZ8ydKcoZV21ep25Brw34
9S/+BPmPcZodA406HXYYlbhrU6AZS1PGU9pWW3cQKBR7q3dxh985fRUCgYEAzhXY
/j+PrbKB2wY2mEfi+e52WIZLBCJ0Q6GRWe1rBIfIo+GyFBdlA2lgTHBvGy9Wp5G7
+b68b2VCNLiSywhJPAd2zyP4+VVEHFRDuHP3NHm0Aep/qymXO7ioswopi8up2V6T
lKXlL5A0jOm/o65Qo8Ac7F2GqJYTjstOVUuLr40CgYEAmoKk3Pjue0HoA6EGu7Jb
JegP7P3hs46uyNWmjelUPgAPH3grrDf3EV66UEMFRmfylYVs9GnVgpQ85KPXkeUh
Wf5oU/wF7NBZ1jyCklKaUtLVTjCMsJS9ie89qQWPXQUbIAKXwBdoCM8uQN3Ju9Eo
72bAT1sEzIOA9PK+Je96f4kCgYEAlxSjMLkOLuuXkSb77SV+O3XbIsjIw+4yR8Zx
lXidJQQaTjJOZ7ZC4n5lD4S5nzdUEqKfKNbws8WLBLVvQBMCBVT/f5nCk58zwITx
5I53Yuv50BHGqIdkDG8ylZbUoFydVvKjxKzd2MGiFM/kIy3Ohk13prxl1L+49M0M
zzED5Z0CgYEA7JYHXWv1bmfgc70LifFIzs51Q1mZYpFciOMy5D7mqc1kltUfbiIA
iAUiZR7u8CkcLG6Itcj1KBcZlLPnp5qjUA8iihvqH8syt+HgfIjFtwq/YGqxDDRb
vRN1lpbYjC1EmFurkw2VnlGQnBDbxNTtW83EmjQVgnWskKFLCPNaKT8=
-----END RSA PRIVATE KEY-----
ProTip! Use n and p to navigate between commits in a pull request.