H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Docker and Ghost CMS overhaul

Browse Source
This commit is contained in:
Marwolf
2018-08-18 01:10:09 -04:00
parent 399e5ea342
commit 4dd84332d5
105 changed files with 1289 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
etc/nginx/HTTPS_default.conf.BAK Executable file
View File

@@ -0,0 +1,119 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
# Certbot for HTTPS cert renewal
location ~ ^/.well-known {
root /data/letsencrypt/;
}
}

109
etc/nginx/HTTPS_default.template.conf
View File

@@ -1,109 +0,0 @@
# Nginx configuration for HTTPS
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
upstream dev_tomcat_1 {
server tomcat;
}
upstream dev_ghost_1 {
server ghost:2368;
}
# HTTP
server {
listen 80 default_server;
listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name ${NGINX_HOST};
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
index index.html index.htm index.jsp;
# Redirect all requests to HTTPS on :443
location / {
rewrite ^ https://$host$request_uri? permanent;
}
# Certbot for HTTPS cert renewal
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
index index.php index.html index.jsp;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
####### Proxies #######
# Ghost proxy
location ~ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ghost:2368;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######
# Deny access to files beginning with .ht, such as .htaccess and .htpasswd
location ~ /\.ht {
deny all;
}
# Block accidental directory listing
location / {
try_files $uri $uri/ =404;
}
# Instructs visitor browser to cache files for 1 month
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
# Deny access to version control system directories.
location ~ /\.git {
deny all;
internal;
}
# Certbot for HTTPS cert renewal
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}

70
etc/nginx/default.conf
View File

@@ -1,70 +0,0 @@
# Nginx configuration for HTTP
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
upstream dev_tomcat_1 {
server tomcat;
}
upstream dev_ghost_1 {
server ghost:2368;
}
# HTTP
server {
listen 80 default_server;
listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name localhost;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
index index.html index.htm index.jsp;
####### Proxies #######
# Ghost proxy
location ~ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ghost:2368;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######
# Deny access to files beginning with .ht, such as .htaccess and .htpasswd
location ~ /\.ht {
deny all;
}
# Instructs visitor browser to cache files for 1 month
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
# Deny access to version control system directories.
location ~ /\.git {
deny all;
internal;
}
# Certbot for HTTPS cert renewal
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}

70
etc/nginx/default.template.conf
View File

@@ -1,70 +0,0 @@
# Nginx configuration for HTTP
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
upstream dev_tomcat_1 {
server tomcat;
}
upstream dev_ghost_1 {
server ghost:2368;
}
# HTTP
server {
listen 80 default_server;
listen [::]:80 default_server;
gzip on;
gzip_static on;
gzip_vary on;
gzip_http_version 1.1;
gzip_min_length 700;
gzip_comp_level 6;
server_name ${NGINX_HOST};
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
index index.html index.htm index.jsp;
####### Proxies #######
# Ghost proxy
location ~ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://ghost:2368;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat:8080;
}
####### Protections and efficiencies #######
# Deny access to files beginning with .ht, such as .htaccess and .htpasswd
location ~ /\.ht {
deny all;
}
# Instructs visitor browser to cache files for 1 month
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1M;
}
# Deny access to version control system directories.
location ~ /\.git {
deny all;
internal;
}
# Certbot for HTTPS cert renewal
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}

55
etc/nginx/nginx.conf Executable file
View File

@@ -0,0 +1,55 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
#rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
}