modified: README.md
modified: docker-compose.yaml new file: serv_nginx/docker-compose.yml renamed: nginx/Dockerfile -> serv_nginx/nginx/Dockerfile renamed: nginx/nginx-http.conf -> serv_nginx/nginx/nginx-http.conf renamed: nginx/nginx-ssl.conf -> serv_nginx/nginx/nginx-ssl.conf renamed: nginx/switch-config.sh -> serv_nginx/nginx/switch-config.sh divide nginx service
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
context: ./nginx
|
||||
dockerfile: Dockerfile
|
||||
env_file: .env
|
||||
container_name: nginx
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- certbot_data:/etc/letsencrypt
|
||||
- certbot_www:/var/www/certbot
|
||||
- ./spa/vue/dist:/usr/share/nginx/html
|
||||
- ./valitovgaziz/html:/usr/share/nginx/valitovgaziz/html
|
||||
- ./easysite/easysite/build:/usr/share/nginx/easysite/html
|
||||
networks:
|
||||
- web-network
|
||||
- internal
|
||||
depends_on:
|
||||
- certbot
|
||||
|
||||
volumes:
|
||||
certbot_data:
|
||||
certbot_www:
|
||||
|
||||
networks:
|
||||
web-network:
|
||||
driver: bridge
|
||||
internal:
|
||||
@@ -0,0 +1,18 @@
|
||||
FROM nginx:alpine
|
||||
|
||||
# Установка зависимостей
|
||||
RUN apk add --no-cache bash
|
||||
|
||||
# Копируем обе конфигурации
|
||||
COPY nginx-http.conf /etc/nginx/nginx-http.conf
|
||||
COPY nginx-ssl.conf /etc/nginx/nginx-ssl.conf
|
||||
|
||||
# Создаем симлинк по умолчанию на HTTP конфиг
|
||||
RUN ln -sf /etc/nginx/nginx-http.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Скрипт для проверки сертификатов и переключения конфига
|
||||
COPY switch-config.sh /docker-entrypoint.d/40-switch-config.sh
|
||||
RUN chmod +x /docker-entrypoint.d/40-switch-config.sh
|
||||
|
||||
# Создаем необходимые директории
|
||||
RUN mkdir -p /var/www/certbot
|
||||
@@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name yalarba.ru;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,82 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name yalarba.ru www.yalarba.ru;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem;
|
||||
|
||||
# Дополнительные SSL настройки
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
||||
location /auth {
|
||||
proxy_pass http://0.0.0.0:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_connect_timeout 600;
|
||||
proxy_send_timeout 600;
|
||||
proxy_read_timeout 600;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name valitovgaziz.ru www.valitovgaziz.ru;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
|
||||
|
||||
# Те же SSL настройки, что и выше
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/valitovgaziz/html;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name easysite102.ru www.easysite102.ru;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
|
||||
|
||||
# Те же SSL настройки
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/easysite102/html;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Проверяем наличие сертификатов
|
||||
if [ -f "/etc/letsencrypt/live/yalarba.ru/fullchain.pem" ]; then
|
||||
echo "SSL certificates found, switching to HTTPS configuration"
|
||||
ln -sf /etc/nginx/nginx-ssl.conf /etc/nginx/conf.d/default.conf
|
||||
else
|
||||
echo "SSL certificates not found, using HTTP only configuration"
|
||||
ln -sf /etc/nginx/nginx-http.conf /etc/nginx/conf.d/default.conf
|
||||
fi
|
||||
|
||||
# Проверяем конфигурацию nginx
|
||||
nginx -t
|
||||
Reference in New Issue
Block a user