+ optional ssl for nginx

2024-10-18 15:33:29 +03:00
parent 2db44cb74e
commit 184fc3dc2d
4 changed files with 26 additions and 0 deletions
--- a/bash/nginx-ssl-gen.sh
+++ b/bash/nginx-ssl-gen.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+DIR="$(realpath $(dirname "$(readlink -f "$0")")/..)"
+
+cd ${DIR}/config/nginx/ssl.d && \
+  openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj \
+  "/C=XX/ST=RU/L=RU/O=WPS/OU=Dev/CN=test"
--- a/config/nginx/includes.d/https.conf
+++ b/config/nginx/includes.d/https.conf
@ -0,0 +1,14 @@
+error_page 419 = @https;
+set $is_https "0";
+if ( $scheme ~* "^https") {
+    set $is_https "${is_https}1";
+}
+if ( $request_uri ~* "api/v") {
+    set $is_https "${is_https}1";
+}
+if ( $is_https = "0" ) {
+    return 419;
+}
+location @https {
+    rewrite ^ https://$http_host$request_uri permanent;
+}
--- a/config/nginx/ssl.d/.gitignore
+++ b/config/nginx/ssl.d/.gitignore
@ -0,0 +1,2 @@
+*
+!.gitignore
--- a/docker-compose.base.yml
+++ b/docker-compose.base.yml
@ -6,9 +6,11 @@ services:
      - ${PROJECTS_DIR}:/usr/share/nginx/html
      - ./config/nginx/conf.d:/etc/nginx/conf.d
      - ./config/nginx/includes.d:/etc/nginx/includes.d
+      - ./config/nginx/ssl.d:/etc/nginx/ssl.d
      - ./log/nginx:/var/log/nginx
    ports:
      - "80:80"
+      - "443:443"
  php:
    build:
      context: ./dockerfiles/php-fpm
@ -57,6 +59,8 @@ services:
      - ./hostfiles:/hostfiles
      - ./log/mariadb:/var/log/mariadb
      - ./config/mariadb:/etc/mysql/conf.d
+    security_opt:
+      - seccomp=unconfined
  pma:
    image: phpmyadmin/phpmyadmin
    restart: always