chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve working locally

Browse Source
This commit is contained in:
Chris
2021-10-08 22:27:02 +01:00
parent f0d662a6a1
commit 5d8de31f25
4 changed files with 38 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -423,6 +423,7 @@ ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "docker exec
- To remove all unused volumes: `docker volume prune` - To remove all unused volumes: `docker volume prune`
- To upgrade all images first run `docker-compose pull` followed by `docker-compose up -d --build`. Be careful this usually breaks something. - To upgrade all images first run `docker-compose pull` followed by `docker-compose up -d --build`. Be careful this usually breaks something.
- To connect to the database you can run the command `docker run -it --network scarif_db --rm mariadb mysql -hostname scarif_db_1 -p` - To connect to the database you can run the command `docker run -it --network scarif_db --rm mariadb mysql -hostname scarif_db_1 -p`
- To get an interactive shell for a container run `docker exec -it {container} /bin/sh`
# TODO # TODO
- [x] Set up docker - [x] Set up docker

5
docker-compose.yml
View File

@@ -407,10 +407,13 @@ services:
restart: always restart: always
volumes: volumes:
- /opt/ssl:/etc/nginx/certs:ro - /opt/ssl:/etc/nginx/certs:ro
- ./nginx.conf:/etc/nginx/nginx.conf - ./nginx/nginx.conf.template:/etc/nginx/conf.d/nginx.conf.template
- ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
- monica-public:/var/www/html/monica/public:ro - monica-public:/var/www/html/monica/public:ro
- monica-data:/var/www/html/monica/storage:ro - monica-data:/var/www/html/monica/storage:ro
- nextcloud:/var/www/html/nextcloud:ro - nextcloud:/var/www/html/nextcloud:ro
environment:
- DOMAIN=${DOMAIN}
depends_on: depends_on:
- dashboard - dashboard
- monica - monica

7
nginx/generate_conf.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env sh
set -eu
envsubst '${DOMAIN}' < /etc/nginx/conf.d/nginx.conf.template > /etc/nginx/nginx.conf
# exec "$@"

48
nginx.conf → nginx/nginx.conf.template
View File

@@ -75,10 +75,10 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name personel.scarif.space; server_name personel.${DOMAIN};
## HSTS ## ## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol. # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -211,10 +211,10 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name tower.scarif.space; server_name tower.${DOMAIN};
## HSTS ## ## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol. # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -346,10 +346,10 @@ http {
server { server {
listen 443 ssl; listen 443 ssl;
server_name office.scarif.space; server_name office.${DOMAIN};
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
# static files # static files
location ^~ /loleaflet { location ^~ /loleaflet {
@@ -405,13 +405,13 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript; text/xml application/xml application/xml+rss text/javascript;
server_name labs.scarif.space; server_name labs.${DOMAIN};
location / { location / {
proxy_pass http://gitea-handler; proxy_pass http://gitea-handler;
@@ -425,10 +425,10 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name rec.scarif.space; server_name rec.${DOMAIN};
client_max_body_size 300M; client_max_body_size 300M;
@@ -454,13 +454,13 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript; text/xml application/xml application/xml+rss text/javascript;
server_name command.scarif.space scarif.space; server_name command.${DOMAIN} ${DOMAIN};
location / { location / {
proxy_pass http://dashboard-handler; proxy_pass http://dashboard-handler;
@@ -478,13 +478,13 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript; text/xml application/xml application/xml+rss text/javascript;
server_name research.scarif.space; server_name research.${DOMAIN};
location / { location / {
proxy_pass http://pinry-handler; proxy_pass http://pinry-handler;
@@ -498,13 +498,13 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt; ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key; ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript; text/xml application/xml application/xml+rss text/javascript;
server_name comms.scarif.space; server_name comms.${DOMAIN};
location / { location / {
proxy_pass http://jitsi-handler; proxy_pass http://jitsi-handler;