From 184fc3dc2da77197d84df5b06ee0fa5e32d5ac5f Mon Sep 17 00:00:00 2001 From: qemu-test Date: Fri, 18 Oct 2024 15:33:29 +0300 Subject: [PATCH] + optional ssl for nginx --- bash/nginx-ssl-gen.sh | 6 ++++++ config/nginx/includes.d/https.conf | 14 ++++++++++++++ config/nginx/ssl.d/.gitignore | 2 ++ docker-compose.base.yml | 4 ++++ 4 files changed, 26 insertions(+) create mode 100644 bash/nginx-ssl-gen.sh create mode 100644 config/nginx/includes.d/https.conf create mode 100644 config/nginx/ssl.d/.gitignore diff --git a/bash/nginx-ssl-gen.sh b/bash/nginx-ssl-gen.sh new file mode 100644 index 0000000..c53700c --- /dev/null +++ b/bash/nginx-ssl-gen.sh @@ -0,0 +1,6 @@ +#!/bin/bash +DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)" + +cd ${DIR}/config/nginx/ssl.d && \ + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj \ + "/C=XX/ST=RU/L=RU/O=WPS/OU=Dev/CN=test" \ No newline at end of file diff --git a/config/nginx/includes.d/https.conf b/config/nginx/includes.d/https.conf new file mode 100644 index 0000000..f88990b --- /dev/null +++ b/config/nginx/includes.d/https.conf @@ -0,0 +1,14 @@ +error_page 419 = @https; +set $is_https "0"; +if ( $scheme ~* "^https") { + set $is_https "${is_https}1"; +} +if ( $request_uri ~* "api/v") { + set $is_https "${is_https}1"; +} +if ( $is_https = "0" ) { + return 419; +} +location @https { + rewrite ^ https://$http_host$request_uri permanent; +} diff --git a/config/nginx/ssl.d/.gitignore b/config/nginx/ssl.d/.gitignore new file mode 100644 index 0000000..c96a04f --- /dev/null +++ b/config/nginx/ssl.d/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/docker-compose.base.yml b/docker-compose.base.yml index 90d5a02..2f75f28 100755 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -6,9 +6,11 @@ services: - ${PROJECTS_DIR}:/usr/share/nginx/html - ./config/nginx/conf.d:/etc/nginx/conf.d - ./config/nginx/includes.d:/etc/nginx/includes.d + - ./config/nginx/ssl.d:/etc/nginx/ssl.d - ./log/nginx:/var/log/nginx ports: - "80:80" + - "443:443" php: build: context: ./dockerfiles/php-fpm @@ -57,6 +59,8 @@ services: - ./hostfiles:/hostfiles - ./log/mariadb:/var/log/mariadb - ./config/mariadb:/etc/mysql/conf.d + security_opt: + - seccomp=unconfined pma: image: phpmyadmin/phpmyadmin restart: always