-
-
Save alxekb/60670e9440a090ee92bf79d97da1b360 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ruby:2.6.1 | |
| RUN apt-get update -qq && apt-get install -y nodejs postgresql-client | |
| ENV RAILS_ROOT /var/www/astecas | |
| RUN mkdir -p $RAILS_ROOT | |
| WORKDIR $RAILS_ROOT | |
| ENV RAILS_ENV='production' | |
| ENV RACK_ENV='production' | |
| COPY Gemfile $RAILS_ROOT/Gemfile | |
| COPY Gemfile.lock $RAILS_ROOT/Gemfile.lock | |
| RUN bundle install | |
| COPY . . | |
| RUN touch .env | |
| RUN cp -Rf .env-prod .env | |
| COPY /docker/entrypoint.sh /usr/bin/ | |
| RUN chmod +x /usr/bin/entrypoint.sh | |
| ENTRYPOINT ["entrypoint.sh"] | |
| EXPOSE 3000 | |
| CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.4' | |
| volumes: | |
| postgres_data: {} | |
| services: | |
| web: | |
| build: | |
| context: . | |
| dockerfile: ./docker/web/DockerFile | |
| # depends_on: | |
| # - app | |
| volumes: | |
| - ./docker/web:/etc/nginx/conf.d | |
| - ./docker/certbot/conf:/etc/letsencrypt | |
| - ./docker/certbot/www:/var/www/certbot | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" | |
| certbot: | |
| image: certbot/certbot | |
| restart: unless-stopped | |
| volumes: | |
| - ./docker/certbot/conf:/etc/letsencrypt | |
| - ./docker/certbot/www:/var/www/certbot | |
| entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" | |
| db: | |
| image: postgres:latest | |
| env_file: .env | |
| volumes: | |
| - postgres_data:/var/lib/postgresql/data | |
| ports: | |
| - "5432" | |
| app: | |
| build: | |
| context: . | |
| dockerfile: ./docker/app/DockerFile | |
| env_file: .env | |
| depends_on: | |
| - db |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| domains=(staging.astecasdigital.com.br) | |
| rsa_key_size=4096 | |
| data_path="./docker/certbot" | |
| email="[email protected]" | |
| staging=1 # Set to 1 if you're testing your setup to avoid hitting request limits | |
| if [ -d "$data_path" ]; then | |
| read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision | |
| if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then | |
| exit | |
| fi | |
| fi | |
| if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then | |
| echo "### Downloading recommended TLS parameters ..." | |
| mkdir -p "$data_path/conf" | |
| curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" | |
| curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" | |
| echo | |
| fi | |
| echo "### Creating dummy certificate for $domains ..." | |
| path="/etc/letsencrypt/live/$domains" | |
| mkdir -p "$data_path/conf/live/$domains" | |
| docker-compose run --rm --entrypoint "\ | |
| openssl req -x509 -nodes -newkey rsa:1024 -days 1\ | |
| -keyout '$path/privkey.pem' \ | |
| -out '$path/fullchain.pem' \ | |
| -subj '/CN=localhost'" certbot | |
| echo | |
| echo "### Starting nginx ..." | |
| docker-compose up --force-recreate -d web | |
| echo | |
| echo "### Deleting dummy certificate for $domains ..." | |
| docker-compose run --rm --entrypoint "\ | |
| rm -Rf /etc/letsencrypt/live/$domains && \ | |
| rm -Rf /etc/letsencrypt/archive/$domains && \ | |
| rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot | |
| echo | |
| echo "### Requesting Let's Encrypt certificate for $domains ..." | |
| #Join $domains to -d args | |
| domain_args="" | |
| for domain in "${domains[@]}"; do | |
| domain_args="$domain_args -d $domain" | |
| done | |
| # Select appropriate email arg | |
| case "$email" in | |
| "") email_arg="--register-unsafely-without-email" ;; | |
| *) email_arg="--email $email" ;; | |
| esac | |
| # Enable staging mode if needed | |
| if [ $staging != "0" ]; then staging_arg="--staging"; fi | |
| docker-compose run --rm --entrypoint "\ | |
| certbot certonly --webroot -w /var/www/certbot \ | |
| $staging_arg \ | |
| $email_arg \ | |
| $domain_args \ | |
| --rsa-key-size $rsa_key_size \ | |
| --agree-tos \ | |
| --force-renewal" certbot | |
| echo | |
| echo "### Reloading nginx ..." | |
| docker-compose exec web web -s reload |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream app { | |
| server app:3000; | |
| } | |
| server { | |
| server_name staging.astecasdigital.com.br; | |
| root $RAILS_ROOT; | |
| access_log $RAILS_ROOT/log/nginx.access.log; | |
| error_log $RAILS_ROOT/log/nginx.error.log; | |
| location / { | |
| return 301 https://$host$request_uri; | |
| } | |
| location /.well-known/acme-challenge/ { | |
| root /var/www/certbot; | |
| } | |
| } | |
| server { | |
| listen 443 ssl; | |
| server_name staging.astecasdigital.com.br; | |
| server_tokens off; | |
| ssl_certificate /etc/letsencrypt/live/staging.astecasdigital.com.br/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/staging.astecasdigital.com.br/privkey.pem; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
| location / { | |
| proxy_pass http://staging.astecasdigital.com.br; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM nginx:latest | |
| RUN apt-get update -qq && apt-get -y install apache2-utils | |
| ENV RAILS_ROOT /var/www/astecas | |
| WORKDIR $RAILS_ROOT | |
| RUN mkdir log | |
| COPY public public/ | |
| COPY docker/web/nginx.conf /tmp/docker.nginx | |
| RUN envsubst '$RAILS_ROOT' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf | |
| EXPOSE 80 | |
| CMD [ "nginx", "-g", "daemon off;" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ./docker/certbot/init-letsencrypt.sh | |
| Existing data found for staging.astecasdigital.com.br. Continue and replace existing certificate? (y/N) y | |
| ### Creating dummy certificate for staging.astecasdigital.com.br ... | |
| Generating a RSA private key | |
| ...................+++++ | |
| ....+++++ | |
| writing new private key to '/etc/letsencrypt/live/staging.astecasdigital.com.br/privkey.pem' | |
| ----- | |
| ### Starting nginx ... | |
| Recreating astecas-api_db_1 ... done | |
| Recreating astecas-api_app_1 ... done | |
| Recreating astecas-api_web_1 ... done | |
| ### Deleting dummy certificate for staging.astecasdigital.com.br ... | |
| failed to resize tty, using default size | |
| ### Requesting Let's Encrypt certificate for staging.astecasdigital.com.br ... | |
| Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
| Plugins selected: Authenticator webroot, Installer None | |
| Obtaining a new certificate | |
| Performing the following challenges: | |
| http-01 challenge for staging.astecasdigital.com.br | |
| Using the webroot path /var/www/certbot for all unmatched domains. | |
| Waiting for verification... | |
| Challenge failed for domain staging.astecasdigital.com.br | |
| http-01 challenge for staging.astecasdigital.com.br | |
| Cleaning up challenges | |
| Some challenges have failed. | |
| IMPORTANT NOTES: | |
| - The following errors were reported by the server: | |
| Domain: staging.astecasdigital.com.br | |
| Type: connection | |
| Detail: Fetching | |
| http://staging.astecasdigital.com.br/.well-known/acme-challenge/xAxlmutI8RR39xOg-wtcjsBtXDaslhd8BaCcQ7vvia4: | |
| Connection refused | |
| To fix these errors, please make sure that your domain name was | |
| entered correctly and the DNS A/AAAA record(s) for that domain | |
| contain(s) the right IP address. Additionally, please check that | |
| your computer has a publicly routable IP address and that no | |
| firewalls are preventing the server from communicating with the | |
| client. If you're using the webroot plugin, you should also verify | |
| that you are serving files from the webroot path you provided. | |
| ### Reloading nginx ... | |
| ERROR: No container found for web_1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment