diff --git a/files/inception/srcs/docker-compose.yml b/files/inception/srcs/docker-compose.yml index 7950376..b2930ff 100644 --- a/files/inception/srcs/docker-compose.yml +++ b/files/inception/srcs/docker-compose.yml @@ -59,16 +59,28 @@ services: - WP_ADMIN_EMAIL=${WP_ADMIN_EMAIL:-obama@obamail.com} nginx: - container_name : nginx - build : ./nginx/ - ports : - - 0.0.0.0:443:443 - - 0.0.0.0:80:80 + container_name: nginx + image: nginx:latest + restart: unless-stopped + env_file: + - .env networks : - inception - depends_on : + ports: + - 80:80 + - 443:443 + depends_on: - wordpress - restart: always - volumes : - - site_data:/var/www/wordpress - - ./certs/:/certs/ + volumes: + - ./nginx/secure/:/etc/nginx/templates/ + - /etc/localtime:/etc/localtime:ro + - ./nginx/certbot/conf:/etc/letsencrypt + - ./nginx/certbot/www:/var/www/certbot + - ./nginx/99-autoreload.sh:/docker-entrypoint.d/99-autoreload.sh + + # certbot: + # image: certbot/certbot + # volumes: + # - ./nginx/certbot/conf:/etc/letsencrypt + # - ./nginx/certbot/www:/var/www/certbot + # entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" \ No newline at end of file diff --git a/files/inception/srcs/nginx/conf/wordpress.conf b/files/inception/srcs/nginx/conf/wordpress.conf deleted file mode 100644 index 04aaa1a..0000000 --- a/files/inception/srcs/nginx/conf/wordpress.conf +++ /dev/null @@ -1,34 +0,0 @@ -ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; -ssl_certificate_key /etc/ssl/certs/nginx-selfsigned.key; -ssl_dhparam /etc/ssl/certs/dhparam.pem; - -server -{ - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; -} - -server -{ - listen 443 ssl default_server; - return 301 https://rralambo.42.fr$request_uri; -} - -server -{ - listen 443 ssl; - server_name rralambo.42.fr; - index index.php index.html index.htm; - root /var/www/wordpress; - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - fastcgi_pass wordpress:9000; - include fastcgi_params; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } -} diff --git a/files/inception/srcs/nginx/secure/default.conf.template b/files/inception/srcs/nginx/secure/default.conf.template new file mode 100644 index 0000000..0df9713 --- /dev/null +++ b/files/inception/srcs/nginx/secure/default.conf.template @@ -0,0 +1,39 @@ + +server { + listen 80; + server_name ${APP_DOMAIN}; + + location / { + return 301 https://$host$request_uri; + } + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } +} + +server { + listen 443 ssl; + server_name ${APP_DOMAIN}; + server_tokens off; + client_max_body_size 20M; + index index.php index.html index.htm; + root /var/www/wordpress; + + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_certificate /etc/letsencrypt/live/${APP_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${APP_DOMAIN}/privkey.pem; + # include /etc/letsencrypt/options-ssl-nginx.conf; + # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + fastcgi_pass wordpress:9000; + include fastcgi_params; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/templates/.env.j2 b/templates/.env.j2 index c7b62e8..ff13e1e 100644 --- a/templates/.env.j2 +++ b/templates/.env.j2 @@ -7,3 +7,4 @@ WP_EMAIL={{WP_EMAIL}} WP_ADMIN={{WP_ADMIN}} WP_ADMIN_PWD={{WP_ADMIN_PWD}} WP_ADMIN_EMAIL={{WP_ADMIN_EMAIL}} +APP_DOMAIN={{cert_domain}} \ No newline at end of file