diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | README.md | 28 | ||||
| -rw-r--r-- | docker-compose.yml | 16 | ||||
| -rw-r--r-- | nginx/sites.template | 5 | ||||
| -rw-r--r-- | nginx/ssl/.placeholder_for_ssl_certificates | 0 |
5 files changed, 42 insertions, 8 deletions
@@ -3,7 +3,6 @@ /data* /nginx/log* -/nginx/ssl* /nginx/sites-available* /nginx/sites-enabled* /nginx/letsencrypt/live/* @@ -175,7 +175,7 @@ For more information on what rake commands can be executed, see scalelite docume #### Build your own image -If you don;t have access to the DockerHub registry, you can always build your own image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number. +If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number. ``` cd <YOUR ROOT>/scalelite @@ -190,3 +190,29 @@ cd <YOUR ROOT>/scalelite ``` Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml. + +#### Setup SSL certificate from a CA other than letsencrypt + +For adding an SSL certificate from an CA other than letsencrypt, + +1. DO NOT execute the `./init-letsencrypt.sh` script + +2. Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as fullchain.pem and privkey.pem. +E.g. +``` +cd ~/ +cat your_domain_name.crt Intermediate.crt >> bundle.crt +cp bundle.crt <YOUR ROOT>/scalelite/nginx/ssl/fullchain.pem +cp private.key <YOUR ROOT>/scalelite/nginx/ssl/privkey.pem +``` + +3. Edit the template for nginx. +``` +cd <YOUR ROOT>/scalelite +vi nginx/sites.template +``` +Comment the lines referencing the letsencrypt Certificate and uncomment the other two + +4. Comment out in `docker-compose.yml` the certbot container. + +5. Start the containers as usual. diff --git a/docker-compose.yml b/docker-compose.yml index f2b9de8..9db35b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,8 +14,11 @@ services: - ./nginx/sites.template:/etc/nginx/sites-available/sites.template - ./nginx/default/html:/var/www/html - ./nginx/log/nginx:/var/log/nginx +## Configuration for Letsencrypt SSL Certificate - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot +## Configuration for Letsencrypt SSL Certificate +# - ./nginx/ssl/:/etc/ssl ports: - "80:80" - "443:443" @@ -26,6 +29,8 @@ services: command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'" +## Configuration for Letsencrypt SSL Certificate +## comment out when using an SSL Certificate from a CA other than Letsencrypt certbot: image: certbot/certbot volumes: @@ -35,7 +40,7 @@ services: redis: - image: redis + image: redis:5.0-alpine restart: "no" ports: - 127.0.0.1:6379:6379 @@ -44,17 +49,16 @@ services: postgres: - image: postgres:9.5 + image: postgres:11.7-alpine restart: "no" ports: - 127.0.0.1:5432:5432 volumes: - ./data/postgres/:/var/lib/postgresql/data environment: - - PGHOST=postgres - - PGDATABASE=postgres - - PGUSER=postgres - - PGPASSWORD=password + - POSTGRES_DB=postgres + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=password scalelite.api: diff --git a/nginx/sites.template b/nginx/sites.template index f3c237d..29e5366 100644 --- a/nginx/sites.template +++ b/nginx/sites.template @@ -25,9 +25,14 @@ server { listen 443 ssl; listen [::]:443; + ## Configuration for Letsencrypt SSL Certificate ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + ## Configuration for SSL Certificate from a CA other than Letsencrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + location / { proxy_pass http://docker-scalelite; proxy_read_timeout 60s; diff --git a/nginx/ssl/.placeholder_for_ssl_certificates b/nginx/ssl/.placeholder_for_ssl_certificates new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/nginx/ssl/.placeholder_for_ssl_certificates |