diff --git a/docker-compose.yml b/docker-compose.yml index 2f9ff02..1c88b9e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -201,6 +201,7 @@ services: - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER} - ${NGINX_HOST_LOG_PATH}:/var/log/nginx - ${NGINX_SITES_PATH}:/etc/nginx/sites-available + - ${NGINX_SSL_PATH}:/etc/nginx/ssl ports: - "${NGINX_HOST_HTTP_PORT}:80" - "${NGINX_HOST_HTTPS_PORT}:443" diff --git a/env-example b/env-example index e975f78..e33fea4 100644 --- a/env-example +++ b/env-example @@ -176,6 +176,7 @@ NGINX_HOST_LOG_PATH=./logs/nginx/ NGINX_SITES_PATH=./nginx/sites/ NGINX_PHP_UPSTREAM_CONTAINER=php-fpm NGINX_PHP_UPSTREAM_PORT=9000 +NGINX_SSL_PATH=./nginx/ssl/ ### APACHE ################################################ diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 7af74fc..c648130 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -14,6 +14,7 @@ RUN if [ ${CHANGE_SOURCE} = true ]; then \ RUN apk update \ && apk upgrade \ + && apk add --no-cache openssl \ && apk add --no-cache bash \ && adduser -D -H -u 1000 -s /bin/bash www-data @@ -24,6 +25,7 @@ ARG PHP_UPSTREAM_PORT=9000 RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf \ && rm /etc/nginx/conf.d/default.conf -CMD ["nginx"] +ADD ./startup.sh /opt/startup.sh +CMD ["/bin/bash", "/opt/startup.sh"] EXPOSE 80 443 diff --git a/nginx/sites/app.conf.example b/nginx/sites/app.conf.example index d8f29eb..a0f8357 100644 --- a/nginx/sites/app.conf.example +++ b/nginx/sites/app.conf.example @@ -3,6 +3,12 @@ server { listen 80; listen [::]:80; + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + server_name app.test; root /var/www/app; index index.php index.html index.htm; diff --git a/nginx/sites/default.conf b/nginx/sites/default.conf index 3d1a10e..e02bb83 100644 --- a/nginx/sites/default.conf +++ b/nginx/sites/default.conf @@ -3,6 +3,12 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; + # For https + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + server_name localhost; root /var/www/public; index index.php index.html index.htm; diff --git a/nginx/sites/laravel.conf.example b/nginx/sites/laravel.conf.example index 40cd842..c30bf8a 100644 --- a/nginx/sites/laravel.conf.example +++ b/nginx/sites/laravel.conf.example @@ -3,6 +3,12 @@ server { listen 80; listen [::]:80; + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + server_name laravel.test; root /var/www/laravel/public; index index.php index.html index.htm; diff --git a/nginx/sites/symfony.conf.example b/nginx/sites/symfony.conf.example index acb0aad..2834d74 100644 --- a/nginx/sites/symfony.conf.example +++ b/nginx/sites/symfony.conf.example @@ -3,6 +3,12 @@ server { listen 80; listen [::]:80; + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + server_name symfony.test; root /var/www/projects/symfony/web; index index.php index.html index.htm; diff --git a/nginx/ssl/.gitkeep b/nginx/ssl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/nginx/startup.sh b/nginx/startup.sh new file mode 100644 index 0000000..069d141 --- /dev/null +++ b/nginx/startup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ ! -f /etc/nginx/ssl/default.crt ]; then + openssl genrsa -out "/etc/nginx/ssl/default.key" 2048 + openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK" + openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt" +fi + +nginx