Benzine/Docker-Swarm-Loadbalancer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions2

ship with working dummy SSL certs for nginx.

Browse source
This commit is contained in:
Greyscale 2021-04-20 18:44:57 +02:00
parent 40d12d4094
commit fea9a1b249
3 changed files with 81 additions and 1 deletions

12
Dockerfile
View file

@ -147,6 +147,14 @@ RUN apt-get -qq update && \
ln -s /app /var/www/html && \
# Move nginx configuration into place
mv /conf/NginxDefault /etc/nginx/sites-enabled/default && \
mv /conf/NginxSSL /etc/nginx/sites-enabled/default-ssl && \
# Generate self-signed certificates
mkdir /certs && \
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 \
-subj "/C=US/ST=Florida/L=Miami/O=Example Group/CN=example.org" \
-keyout /certs/example.key \
-out /certs/example.crt \
&& \
# Create runit service directories
mkdir -p /etc/service/nginx \
/etc/service/php-fpm \
@ -167,6 +175,7 @@ RUN apt-get -qq update && \
rm -R /conf && \
# Write the PHP version into some template locations
sed -i "s/{{PHP}}/$PHP_VERSION/g" /etc/nginx/sites-enabled/default && \
sed -i "s/{{PHP}}/$PHP_VERSION/g" /etc/nginx/sites-enabled/default-ssl && \
sed -i "s/{{PHP}}/$PHP_VERSION/g" /etc/service/php-fpm/run && \
# Enable PHP-FPM status & PHP-FPM ping
sed -i -e "s|;pm.status_path =.*|pm.status_path = /fpm-status|g" /etc/php/*/fpm/pool.d/www.conf && \
@ -177,7 +186,8 @@ RUN apt-get -qq update && \
sed -i '1s;^;daemon off\;\n;' /etc/nginx/nginx.conf
# Expose ports.
EXPOSE 80
EXPOSE 80/tcp
EXPOSE 443/tcp
# Create a healthcheck that makes sure our httpd is up
HEALTHCHECK --interval=30s --timeout=3s \

2
docker-compose.yml
View file

@ -7,12 +7,14 @@ services:
- ./test-webapp/php:/app/public
ports:
- 127.0.0.73:80:80
- 127.0.0.73:443:443
test-nginx-7.4:
image: gone/php:nginx-7.4
volumes:
- ./test-webapp/php:/app/public
ports:
- 127.0.0.74:80:80
- 127.0.0.74:443:443
environment:
DEBUG_MODE: "on"
XDEBUG_CONFIG: "client_host=172.17.0.1 log=/tmp/xdebug.log"

68
php+nginx/NginxSSL Normal file
View file

@ -0,0 +1,68 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 1024M;
root /app/public;
server_name _;
index index.html index.php index.htm;
ssl_certificate /certs/example.crt;
ssl_certificate_key /certs/example.key;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args;
}
# Pass thru status and ping requests to PHP-FPM
location = /fpm-status {
access_log off;
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location = /fpm-ping {
access_log off;
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# pass PHP scripts to PHP{{PHP}}-FPM server socket
#
location ~ \.php$ {
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/run/php/php{{PHP}}-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 300;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}