diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 906a171..c90904b 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -1,10 +1,16 @@ # 2022-10-05 Hyperling -# Move config to nginx container. -# This is because nginx image does not play well with Volumes. -# Nextcloud and MariaDB created files in their folders fine, but nginx stays empty. +# Create the nginx environment for a reverse proxy. +# https://docs.docker.com/engine/reference/builder/ FROM nginx +# Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf - COPY ./config/conf.d/* /etc/nginx/conf.d/ + +# Create "working" certificates for the example configuration file. +RUN mkdir -p /etc/nginx/certs/example.com +RUN openssl req -new -x509 -days 5000 -nodes \ + -out /etc/nginx/certs/example.com/cert.crt \ + -keyout /etc/nginx/certs/example.com/cert.key \ + -subj '/CN=example.com/O=Example/C=XX' diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.conf index d8e8487..b578321 100644 --- a/Config/ReverseProxy/config/conf.d/example.conf +++ b/Config/ReverseProxy/config/conf.d/example.conf @@ -2,11 +2,24 @@ # A dummy test file since true scripts are being kept private. # This should help anyone understand how the project is being used. +## Instructions ## +# Add this without the comment to your /etc/hosts to test that it is working, +# YOUR_DOCKER_SERVER_IP example.com +# If testing locally on a workstation, +# 127.0.0.1 example.com +# Then to test, first start the container, +# cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d +# Then from the system with the modified /etc/hosts, +# curl --insecure example.com +# You should a blip in the log of the container as well as the contents of the +# proxied website in the terminal, NOT example.com. If using a browser then you +# should notice that the URL is still example.com but the website is correct. + # Force HTTPS server { listen 80; - server_name example.hyperling.com; + server_name example.com; # Redirect to a more secure protocol. return 301 https://$host$request_uri; @@ -16,13 +29,12 @@ server { # Serve Resource server { - listen 443 ssl http2; - server_name example.hyperling.com; + listen 443 ssl; + server_name example.com; - # These are only necessary if you are redirecting somewhere internal. If you - # paxx the user to a - ssl_certificate /usr/local/etc/letsencrypt/live/example.hyperling.com/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/example.hyperling.com/privkey.pem; + # The certs being used for the website. + ssl_certificate /etc/nginx/certs/example.com/cert.crt; + ssl_certificate_key /etc/nginx/certs/example.com/cert.key; # Send traffic to upstream server location / { @@ -42,8 +54,8 @@ server { # Or alternatively, do it like the force of HTTPS: #return 301 https://website.name/URI; - # So this should forward you from 'example.hyperling.com' to a real site: - proxy_pass https://cahlen.org; + # This should forward you from 'example.com' to a real site: + proxy_pass https://hyperling.com; } } diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index c09b7a6..79f542d 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -4,13 +4,12 @@ # https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ -version: '2' +version: '3' services: app: - image: nginx + build: . restart: always - build: ./ ports: - 80:80 - 443:443