From 44a6725a8e00c98ee5176cd795d11ac289cd5c79 Mon Sep 17 00:00:00 2001 From: valitovgaziz Date: Wed, 7 May 2025 16:21:30 +0500 Subject: [PATCH] add nginx docer image, add certbote image, set settings for --- .env | 4 ++-- docker-compose.yaml | 25 ++++++++++++++++--------- spa/Dockerfile | 17 ++++++++++------- spa/data/nginx/conf.d/default.conf | 25 +++++++++++++++++++++++++ spa/scripts/init-letsencrypt.sh | 14 ++++++++++++++ 5 files changed, 67 insertions(+), 18 deletions(-) create mode 100644 spa/data/nginx/conf.d/default.conf create mode 100644 spa/scripts/init-letsencrypt.sh diff --git a/.env b/.env index eab48e0..9a210f6 100644 --- a/.env +++ b/.env @@ -17,5 +17,5 @@ GOOSE_DBSTRING='user=postgres dbname=postgres sslmode=disable' GOOSE_MIGRATION_DIR=migrations # FRONTEND SPA -INNERPORT=80 -OUTERPORT=8088 \ No newline at end of file +HTTP=80 # ДЛЯ Certbot +HTTPS=443 \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 3204ecd..7e46d5e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -41,19 +41,26 @@ services: command: goose up spa: - build: - context: ./spa - dockerfile: Dockerfile + build: . env_file: - .env ports: - - "${OUTERPORT}:${INNERPORT}" + - "${HTTP}:${HTTP}" + - "${HTTPS}:${HTTPS}" + volumes: + - ./data/nginx/conf.d:/etc/nginx/conf.d + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot depends_on: - api - db - migrator - -volumes: - api: - postgres-db: - goose: \ No newline at end of file + - certbot + + certbot: + image: certbot/certbot + volumes: + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + restart: unless-stopped \ No newline at end of file diff --git a/spa/Dockerfile b/spa/Dockerfile index be5e572..b5b5316 100644 --- a/spa/Dockerfile +++ b/spa/Dockerfile @@ -1,11 +1,14 @@ -# Используем официальный образ Nginx FROM nginx:alpine -# Копируем index.html в папку Nginx +# Удаляем дефолтный конфиг Nginx +RUN rm /etc/nginx/conf.d/default.conf + +# Копируем наш конфиг +COPY ./data/nginx/conf.d/default.conf /etc/nginx/conf.d/ + +# Копируем index.html COPY index.html /usr/share/nginx/html/ -# (Опционально) Можно заменить конфиг Nginx -# COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf - -# Порт, который будет слушать Nginx -EXPOSE 80 \ No newline at end of file +# Открываем порты +EXPOSE 80 +EXPOSE 443 \ No newline at end of file diff --git a/spa/data/nginx/conf.d/default.conf b/spa/data/nginx/conf.d/default.conf new file mode 100644 index 0000000..c91bd57 --- /dev/null +++ b/spa/data/nginx/conf.d/default.conf @@ -0,0 +1,25 @@ +server { + listen 80; + server_name yalarba.ru www.yalarba.ru; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name yalarba.ru www.yalarba.ru; + + ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem; + + location / { + root /usr/share/nginx/html; + index index.html; + } +} \ No newline at end of file diff --git a/spa/scripts/init-letsencrypt.sh b/spa/scripts/init-letsencrypt.sh new file mode 100644 index 0000000..41f9e79 --- /dev/null +++ b/spa/scripts/init-letsencrypt.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Убедитесь, что домены указаны правильно +domains="yalarba.ru www.yalarba.ru" +email="your-email@example.com" # Замените на реальный email + +# Создаём временный контейнер Nginx для верификации +docker-compose up -d nginx + +# Запускаем Certbot для получения сертификатов +docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot --email $email --agree-tos --no-eff-email -d $domains --force-renewal + +# Перезапускаем Nginx с новыми сертификатами +docker-compose restart nginx \ No newline at end of file