chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve working locally

Browse Source
This commit is contained in:
Chris
2021-10-08 22:27:02 +01:00
parent f0d662a6a1
commit 5d8de31f25
4 changed files with 38 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -423,6 +423,7 @@ ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "docker exec
- To remove all unused volumes: `docker volume prune`
- To upgrade all images first run `docker-compose pull` followed by `docker-compose up -d --build`. Be careful this usually breaks something.
- To connect to the database you can run the command `docker run -it --network scarif_db --rm mariadb mysql -hostname scarif_db_1 -p`
- To get an interactive shell for a container run `docker exec -it {container} /bin/sh`
# TODO
- [x] Set up docker

5
docker-compose.yml
View File

@@ -407,10 +407,13 @@ services:
restart: always
volumes:
- /opt/ssl:/etc/nginx/certs:ro
- ./nginx.conf:/etc/nginx/nginx.conf
- ./nginx/nginx.conf.template:/etc/nginx/conf.d/nginx.conf.template
- ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
- monica-public:/var/www/html/monica/public:ro
- monica-data:/var/www/html/monica/storage:ro
- nextcloud:/var/www/html/nextcloud:ro
environment:
- DOMAIN=${DOMAIN}
depends_on:
- dashboard
- monica

7
nginx/generate_conf.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env sh
set -eu
envsubst '${DOMAIN}' < /etc/nginx/conf.d/nginx.conf.template > /etc/nginx/nginx.conf
# exec "$@"

52
nginx.conf → nginx/nginx.conf.template
View File

@@ -75,10 +75,10 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name personel.scarif.space;
server_name personel.${DOMAIN};
## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -211,10 +211,10 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name tower.scarif.space;
server_name tower.${DOMAIN};
## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -346,10 +346,10 @@ http {
server {
listen 443 ssl;
server_name office.scarif.space;
server_name office.${DOMAIN};
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
# static files
location ^~ /loleaflet {
@@ -405,13 +405,13 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name labs.scarif.space;
server_name labs.${DOMAIN};
location / {
proxy_pass http://gitea-handler;
@@ -425,15 +425,15 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name rec.scarif.space;
server_name rec.${DOMAIN};
client_max_body_size 300M;
location /foundry {
# Set proxy headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -442,7 +442,7 @@ http {
# These are important to support WebSockets;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://foundry-handler;
}
}
@@ -454,13 +454,13 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name command.scarif.space scarif.space;
server_name command.${DOMAIN} ${DOMAIN};
location / {
proxy_pass http://dashboard-handler;
@@ -478,13 +478,13 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name research.scarif.space;
server_name research.${DOMAIN};
location / {
proxy_pass http://pinry-handler;
@@ -498,13 +498,13 @@ http {
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name comms.scarif.space;
server_name comms.${DOMAIN};
location / {
proxy_pass http://jitsi-handler;