mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2025-07-11 00:22:29 +03:00
Merge pull request #636 from mirskiy/master
Changed nginx confs for dockers new networking
This commit is contained in:
commit
043ff3d8dc
|
@ -89,7 +89,7 @@ If you would like to set up autorenewal of your certificates, the following comm
|
||||||
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
cd <project directory>
|
cd <project directory>
|
||||||
docker-compose run certbot bash -c "sleep 6 && certbot certonly --standalone -d {{ cookiecutter.domain_name }} --text --agree-tos --email {{ cookiecutter.email }} --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --standalone-supported-challenges http-01"
|
docker-compose run --rm --name certbot certbot bash -c "sleep 6 && certbot certonly --standalone -d {{ cookiecutter.domain_name }} --text --agree-tos --email {{ cookiecutter.email }} --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --standalone-supported-challenges http-01"
|
||||||
docker exec pearl_nginx_1 nginx -s reload
|
docker exec pearl_nginx_1 nginx -s reload
|
||||||
|
|
||||||
And then set a cronjob by running `crontab -e` and placing in it (period can be adjusted as desired)::
|
And then set a cronjob by running `crontab -e` and placing in it (period can be adjusted as desired)::
|
||||||
|
|
|
@ -5,4 +5,5 @@ ADD nginx.conf /etc/nginx/nginx.conf
|
||||||
ADD start.sh /start.sh
|
ADD start.sh /start.sh
|
||||||
ADD nginx-secure.conf /etc/nginx/nginx-secure.conf
|
ADD nginx-secure.conf /etc/nginx/nginx-secure.conf
|
||||||
ADD dhparams.pem /etc/ssl/private/dhparams.pem
|
ADD dhparams.pem /etc/ssl/private/dhparams.pem
|
||||||
|
CMD /start.sh
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -37,10 +37,12 @@ http {
|
||||||
server_name ___my.example.com___ www.___my.example.com___;
|
server_name ___my.example.com___ www.___my.example.com___;
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
proxy_pass http://___LETSENCRYPT_IP___:___LETSENCRYPT_PORT___;
|
# Since the certbot container isn't up constantly, need to resolve ip dynamically using docker's dns
|
||||||
|
resolver ___NAMESERVER___;
|
||||||
|
set $certbot_addr_port certbot:80;
|
||||||
|
proxy_pass http://$certbot_addr_port;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -66,7 +68,9 @@ http {
|
||||||
ssl_dhparam /etc/ssl/private/dhparams.pem;
|
ssl_dhparam /etc/ssl/private/dhparams.pem;
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
proxy_pass http://___LETSENCRYPT_HTTPS_IP___:___LETSENCRYPT_HTTPS_PORT___;
|
resolver ___NAMESERVER___;
|
||||||
|
set $certbot_addr_port certbot:443;
|
||||||
|
proxy_pass http://$certbot_addr_port;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
|
|
@ -39,7 +39,7 @@ http {
|
||||||
server_name ___my.example.com___ ;
|
server_name ___my.example.com___ ;
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
location /.well-known/acme-challenge {
|
||||||
proxy_pass http://___LETSENCRYPT_IP___:___LETSENCRYPT_PORT___;
|
proxy_pass http://certbot:80;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
|
|
@ -5,18 +5,9 @@ echo build starting nginx config
|
||||||
|
|
||||||
|
|
||||||
echo replacing ___my.example.com___/$MY_DOMAIN_NAME
|
echo replacing ___my.example.com___/$MY_DOMAIN_NAME
|
||||||
echo replacing ___LETSENCRYPT_IP___/$LETSENCRYPT_PORT_80_TCP_ADDR
|
|
||||||
echo replacing ___LETSENCRYPT_PORT___/$LETSENCRYPT_PORT_80_TCP_PORT
|
|
||||||
echo replacing ___APPLICATION_IP___/$APP_PORT_80_TCP_ADDR
|
|
||||||
echo replacing ___APPLICATION_PORT___/$APP_PORT_80_TCP_PORT
|
|
||||||
|
|
||||||
# Put your domain name into the nginx reverse proxy config.
|
# Put your domain name into the nginx reverse proxy config.
|
||||||
sed -i "s/___my.example.com___/$MY_DOMAIN_NAME/g" /etc/nginx/nginx.conf
|
sed -i "s/___my.example.com___/$MY_DOMAIN_NAME/g" /etc/nginx/nginx.conf
|
||||||
# Add your app's container IP and port into config
|
|
||||||
sed -i "s/___APPLICATION_IP___/$APP_PORT_80_TCP_ADDR/g" /etc/nginx/nginx.conf
|
|
||||||
sed -i "s/___APPLICATION_PORT___/$APP_PORT_80_TCP_PORT/g" /etc/nginx/nginx.conf
|
|
||||||
sed -i "s/___LETSENCRYPT_IP___/$LETSENCRYPT_PORT_80_TCP_ADDR/g" /etc/nginx/nginx.conf
|
|
||||||
sed -i "s/___LETSENCRYPT_PORT___/$LETSENCRYPT_PORT_80_TCP_PORT/g" /etc/nginx/nginx.conf
|
|
||||||
|
|
||||||
cat /etc/nginx/nginx.conf
|
cat /etc/nginx/nginx.conf
|
||||||
echo .
|
echo .
|
||||||
|
@ -53,29 +44,19 @@ done
|
||||||
sleep 15
|
sleep 15
|
||||||
|
|
||||||
echo replacing ___my.example.com___/$MY_DOMAIN_NAME
|
echo replacing ___my.example.com___/$MY_DOMAIN_NAME
|
||||||
echo replacing ___LETSENCRYPT_IP___/$LETSENCRYPT_PORT_80_TCP_ADDR
|
|
||||||
echo replacing ___LETSENCRYPT_PORT___/$LETSENCRYPT_PORT_80_TCP_PORT
|
|
||||||
echo replacing ___LETSENCRYPT_HTTPS_IP___/$LETSENCRYPT_PORT_443_TCP_ADDR
|
|
||||||
echo replacing ___LETSENCRYPT_HTTPS_PORT___/$LETSENCRYPT_PORT_443_TCP_PORT
|
|
||||||
echo replacing ___APPLICATION_IP___/$APP_PORT_80_TCP_ADDR
|
|
||||||
echo replacing ___APPLICATION_PORT___/$APP_PORT_80_TCP_PORT
|
|
||||||
|
|
||||||
|
|
||||||
# Put your domain name into the nginx reverse proxy config.
|
# Put your domain name into the nginx reverse proxy config.
|
||||||
sed -i "s/___my.example.com___/$MY_DOMAIN_NAME/g" /etc/nginx/nginx-secure.conf
|
sed -i "s/___my.example.com___/$MY_DOMAIN_NAME/g" /etc/nginx/nginx-secure.conf
|
||||||
|
|
||||||
# Add LE container IP and port into config
|
# Add the system's nameserver (the docker network dns) so we can resolve container names in nginx
|
||||||
sed -i "s/___LETSENCRYPT_IP___/$LETSENCRYPT_PORT_80_TCP_ADDR/g" /etc/nginx/nginx-secure.conf
|
NAMESERVER=`cat /etc/resolv.conf | grep "nameserver" | awk '{print $2}' | tr '\n' ' '`
|
||||||
sed -i "s/___LETSENCRYPT_PORT___/$LETSENCRYPT_PORT_80_TCP_PORT/g" /etc/nginx/nginx-secure.conf
|
echo replacing ___NAMESERVER___/$NAMESERVER
|
||||||
sed -i "s/___LETSENCRYPT_HTTPS_IP___/$LETSENCRYPT_PORT_443_TCP_ADDR/g" /etc/nginx/nginx-secure.conf
|
sed -i "s/___NAMESERVER___/$NAMESERVER/g" /etc/nginx/nginx-secure.conf
|
||||||
sed -i "s/___LETSENCRYPT_HTTPS_PORT___/$LETSENCRYPT_PORT_443_TCP_PORT/g" /etc/nginx/nginx-secure.conf
|
|
||||||
|
|
||||||
# Add your app's container IP and port into config
|
|
||||||
sed -i "s/___APPLICATION_IP___/$APP_PORT_80_TCP_ADDR/g" /etc/nginx/nginx-secure.conf
|
|
||||||
sed -i "s/___APPLICATION_PORT___/$APP_PORT_80_TCP_PORT/g" /etc/nginx/nginx-secure.conf
|
|
||||||
|
|
||||||
#go!
|
#go!
|
||||||
kill $(ps aux | grep 'nginx' | awk '{print $2}')
|
kill $(ps aux | grep 'nginx' | grep -v 'grep' | awk '{print $2}')
|
||||||
cp /etc/nginx/nginx-secure.conf /etc/nginx/nginx.conf
|
cp /etc/nginx/nginx-secure.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
nginx -g 'daemon off;'
|
nginx -g 'daemon off;'
|
||||||
|
|
Loading…
Reference in New Issue
Block a user