rename long name to short name

2025-10-23 02:48:42 +05:00
parent df18d2083d
commit fd7a55f626
229 changed files with 39 additions and 40 deletions
@@ -0,0 +1,28 @@
+FROM nginx:alpine
+
+# Установка зависимостей
+RUN apk add --no-cache bash openssl
+
+# Создание директории для сертификатов
+RUN mkdir -p /etc/nginx/ssl
+
+# Генерация самоподписанных сертификатов (действительны 365 дней)
+RUN openssl req -x509 -nodes -days 365 \
+    -newkey rsa:2048 \
+    -keyout /etc/nginx/ssl/dummy.key \
+    -out /etc/nginx/ssl/dummy.crt \
+    -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
+
+# Копируем обе конфигурации
+COPY nginx-http.conf /etc/nginx/nginx-http.conf
+COPY nginx-ssl.conf /etc/nginx/nginx-ssl.conf
+
+# Создаем симлинк по умолчанию на HTTP конфиг
+RUN ln -sf /etc/nginx/nginx-http.conf /etc/nginx/conf.d/default.conf
+
+# Скрипт для проверки сертификатов и переключения конфига
+COPY switch-config.sh /docker-entrypoint.d/switch-config.sh
+RUN chmod +x /docker-entrypoint.d/switch-config.sh
+
+# Создаем необходимые директории
+RUN mkdir -p /var/www/certbot
@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    server_name yalarba.ru \
+        www.yalarba.ru \
+        easysite102.ru \
+        www.easysite102.ru \
+        valitovgaziz.ru \
+        www.valitovgaziz.ru \
+        xn--80abahjtcfl5d0a8di.xn--p1ai \
+        www.xn--80abahjtcfl5d0a8di.xn--p1ai \
+        begushiybashkir.ru \
+        www.begushiybashkir.ru \
+        auth.yalarba.ru;
+
+    location / {
+        root /usr/share/nginx/stub/html;
+        index index.html;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+}
+
+# Блок для HTTPS → HTTP редиректа (порт 443)
+server {
+    listen 443 ssl;
+    server_name yalarba.ru www.yalarba.ru easysite102.ru www.easysite102.ru valitovgaziz.ru www.valitovgaziz.ru xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai begushiybashkir.ru www.begushiybashkir.ru;
+
+    # Указание пустых сертификатов (обязательно для запуска Nginx)
+    ssl_certificate /etc/nginx/ssl/dummy.crt;
+    ssl_certificate_key /etc/nginx/ssl/dummy.key;
+
+    # Редирект всех HTTPS-запросов на HTTP
+    return 301 http://$host$request_uri;
+}
@@ -0,0 +1,168 @@
+upstream api {
+    server api:8080;
+}
+
+upstream api_bb {
+    server api_bb:8080;
+}
+
+server {
+    listen 80;
+    server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /uploads/ {
+        alias /uploads/;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        try_files $uri =404;
+    }
+
+}
+
+server {
+    listen 443 ssl;
+    server_name yalarba.ru www.yalarba.ru;
+
+    ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem;
+
+    # Additional SSL settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    location / {
+        root /usr/share/nginx/yalarba/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+    # REST API
+    location /api/ {
+        proxy_pass http://api/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+    }
+}
+
+# Остальные server блоки остаются без изменений...
+server {
+    listen 443 ssl;
+    server_name valitovgaziz.ru www.valitovgaziz.ru;
+
+    ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    location / {
+        root /usr/share/nginx/valitovgaziz/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name easysite102.ru www.easysite102.ru;
+
+    ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    location / {
+        root /usr/share/nginx/easysite102/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
+
+    ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    location / {
+        root /usr/share/nginx/begushiybashkir/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    location /api/ {
+        proxy_pass http://api_bb/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+    }
+
+    location /uploads/ {
+        alias /uploads/;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name begushiybashkir.ru www.begushiybashkir.ru;
+
+    ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+
+    location / {
+        root /usr/share/nginx/begushiybashkir/html;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    location /api/ {
+        proxy_pass http://api_bb/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
+    }
+
+    location /uploads/ {
+        alias /uploads/;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+}
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Проверяем наличие сертификатов для всех трёх доменов
+if \
+  [ -f "/etc/letsencrypt/live/yalarba.ru/fullchain.pem" ] && \
+  [ -f "/etc/letsencrypt/live/easysite102.ru/fullchain.pem" ] && \
+  [ -f "/etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem" ] && \
+  [ -f "/etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem" ] && \
+  [ -f "/etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem" ]; then
+  echo "SSL certificates found for all domains, switching to HTTPS configuration"
+  ln -sf /etc/nginx/nginx-ssl.conf /etc/nginx/conf.d/default.conf
+else
+  echo "SSL certificates not found, using HTTP only configuration"
+  ln -sf /etc/nginx/nginx-http.conf /etc/nginx/conf.d/default.conf
+fi
+
+# Проверяем конфигурацию nginx
+nginx -t