Created
January 13, 2019 19:41
-
-
Save jakubfijalkowski/983aec848857d018924cf3eeee194b24 to your computer and use it in GitHub Desktop.
Reverse-proxy yourself to the host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HTTP -> HTTPS | |
| server { | |
| server_name api.local.codinginfinity.xyz; | |
| listen 80; | |
| return 301 https://$host$request_uri; | |
| } | |
| server { | |
| server_name api.local.codinginfinity.xyz; | |
| listen 443 ssl http2; | |
| # Some sensible values here, tweak as necessary | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:50m; | |
| # We need to manually specify which certificate/key to use | |
| ssl_certificate /etc/nginx/certs/local.codinginfinity.xyz.crt; | |
| ssl_certificate_key /etc/nginx/certs/local.codinginfinity.xyz.key; | |
| # HSTS | |
| add_header Strict-Transport-Security "max-age=31536000"; | |
| location / { | |
| proxy_pass http://host.docker.internal:5000; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| docker build \ | |
| -t proxy-with-ssl-with-host \ | |
| --build-arg OVH_AK=$OVH_AK \ | |
| --build-arg OVH_AS=$OVH_AS \ | |
| --build-arg OVH_CK=$OVH_CK \ | |
| . | |
| docker-compose up |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| backend: | |
| image: nginx | |
| environment: | |
| - VIRTUAL_HOST=backend.local.codinginfinity.xyz | |
| # Why would you create separate Dockerfiles when you can abuse the | |
| # entrypoint? ;) | |
| entrypoint: >- | |
| /bin/sh -c 'echo backend > /usr/share/nginx/html/index.html && | |
| nginx -g "daemon off;"' | |
| frontend: | |
| image: nginx | |
| environment: | |
| - VIRTUAL_HOST=local.codinginfinity.xyz | |
| entrypoint: >- | |
| /bin/sh -c 'echo frontend > /usr/share/nginx/html/index.html && | |
| nginx -g "daemon off;"' | |
| proxy: | |
| image: proxy-with-ssl-with-host | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| volumes: | |
| - /var/run/docker.sock:/tmp/docker.sock:ro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM neilpang/acme.sh AS cert | |
| ARG OVH_AK | |
| ARG OVH_AS | |
| ARG OVH_CK | |
| # Re-export args as ENV | |
| ENV OVH_AK=${OVH_AK} | |
| ENV OVH_AS=${OVH_AS} | |
| ENV OVH_CK=${OVH_CK} | |
| # Issue & export the certificate | |
| # This has to be done in a single RUN statement as the base image marks /acme.sh | |
| # as VOLUME so it will be purged after the statement (and we cannot mount | |
| # volumes during build phase) | |
| RUN mkdir /export | |
| RUN acme.sh --issue \ | |
| --dns dns_ovh \ | |
| -d 'local.codinginfinity.xyz' -d '*.local.codinginfinity.xyz' && \ | |
| \ | |
| acme.sh --install-cert -d 'local.codinginfinity.xyz' \ | |
| --key-file /export/key.pem \ | |
| --fullchain-file /export/fullchain.pem | |
| # And the final proxy | |
| FROM jwilder/nginx-proxy:alpine | |
| COPY --from=cert /export/fullchain.pem /etc/nginx/certs/local.codinginfinity.xyz.crt | |
| COPY --from=cert /export/key.pem /etc/nginx/certs/local.codinginfinity.xyz.key | |
| COPY api.conf /etc/nginx/conf.d/ | |
| COPY entrypoint.sh /app | |
| ENTRYPOINT ["/app/entrypoint.sh"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment