+ optional ssl for nginx

bash/nginx-ssl-gen.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)"
+
+cd ${DIR}/config/nginx/ssl.d && \
+  openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj \
+  "/C=XX/ST=RU/L=RU/O=WPS/OU=Dev/CN=test"

config/nginx/includes.d/https.conf

@@ -0,0 +1,14 @@
+error_page 419 = @https;
+set $is_https "0";
+if ( $scheme ~* "^https") {
+    set $is_https "${is_https}1";
+}
+if ( $request_uri ~* "api/v") {
+    set $is_https "${is_https}1";
+}
+if ( $is_https = "0" ) {
+    return 419;
+}
+location @https {
+    rewrite ^ https://$http_host$request_uri permanent;
+}

config/nginx/ssl.d/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

docker-compose.base.yml

@@ -6,9 +6,11 @@ services:
       - ${PROJECTS_DIR}:/usr/share/nginx/html
       - ./config/nginx/conf.d:/etc/nginx/conf.d
       - ./config/nginx/includes.d:/etc/nginx/includes.d
+      - ./config/nginx/ssl.d:/etc/nginx/ssl.d
       - ./log/nginx:/var/log/nginx
     ports:
       - "80:80"
+      - "443:443"
   php:
     build:
       context: ./dockerfiles/php-fpm
@@ -57,6 +59,8 @@ services:
       - ./hostfiles:/hostfiles
       - ./log/mariadb:/var/log/mariadb
       - ./config/mariadb:/etc/mysql/conf.d
+    security_opt:
+      - seccomp=unconfined
   pma:
     image: phpmyadmin/phpmyadmin
     restart: always