Improve working locally

README.md

@@ -423,6 +423,7 @@ ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "docker exec
 - To remove all unused volumes: `docker volume prune`
 - To upgrade all images first run `docker-compose pull` followed by `docker-compose up -d --build`. Be careful this usually breaks something.
 - To connect to the database you can run the command `docker run -it --network scarif_db --rm mariadb mysql -hostname scarif_db_1 -p`
+- To get an interactive shell for a container run `docker exec -it {container} /bin/sh`
 
 # TODO
 - [x] Set up docker  

docker-compose.yml

@@ -407,10 +407,13 @@ services:
     restart: always
     volumes:
       - /opt/ssl:/etc/nginx/certs:ro
-      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/nginx.conf.template:/etc/nginx/conf.d/nginx.conf.template
+      - ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
       - monica-public:/var/www/html/monica/public:ro
       - monica-data:/var/www/html/monica/storage:ro
       - nextcloud:/var/www/html/nextcloud:ro
+    environment:
+      - DOMAIN=${DOMAIN}
     depends_on:
       - dashboard
       - monica

nginx/generate_conf.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+
+set -eu
+
+envsubst '${DOMAIN}' < /etc/nginx/conf.d/nginx.conf.template > /etc/nginx/nginx.conf
+
+# exec "$@"

nginx/nginx.conf.template

@@ -75,10 +75,10 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name personel.scarif.space;
+        server_name personel.${DOMAIN};
 
         ## HSTS ##
         # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -211,10 +211,10 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name tower.scarif.space;
+        server_name tower.${DOMAIN};
 
         ## HSTS ##
         # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -346,10 +346,10 @@ http {
 
     server {
         listen 443 ssl;
-        server_name office.scarif.space;
+        server_name office.${DOMAIN};
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         # static files
         location ^~ /loleaflet {
@@ -405,13 +405,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name labs.scarif.space;
+        server_name labs.${DOMAIN};
 
         location / {
             proxy_pass http://gitea-handler;
@@ -425,10 +425,10 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name rec.scarif.space;
+        server_name rec.${DOMAIN};
 
         client_max_body_size 300M;
 
@@ -454,13 +454,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name command.scarif.space scarif.space;
+        server_name command.${DOMAIN} ${DOMAIN};
 
         location / {
             proxy_pass http://dashboard-handler;
@@ -478,13 +478,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name research.scarif.space;
+        server_name research.${DOMAIN};
 
         location / {
             proxy_pass http://pinry-handler;
@@ -498,13 +498,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name comms.scarif.space;
+        server_name comms.${DOMAIN};
 
         location / {
             proxy_pass http://jitsi-handler;