feat: nginx conf template

2026-04-02 14:26:53 +02:00
parent 66f115a2e2
commit 321d078167
4 changed files with 62 additions and 44 deletions
--- a/files/inception/srcs/docker-compose.yml
+++ b/files/inception/srcs/docker-compose.yml
@@ -60,15 +60,27 @@ services:

  nginx:
    container_name: nginx
-    build : ./nginx/
-    ports :
-      - 0.0.0.0:443:443
-      - 0.0.0.0:80:80
+    image: nginx:latest
+    restart: unless-stopped
+    env_file:
+      - .env
    networks :
      - inception
+    ports:
+      - 80:80
+      - 443:443
    depends_on:
      - wordpress
-    restart: always
    volumes:
-      - site_data:/var/www/wordpress
-      - ./certs/:/certs/
+      - ./nginx/secure/:/etc/nginx/templates/
+      - /etc/localtime:/etc/localtime:ro
+      - ./nginx/certbot/conf:/etc/letsencrypt
+      - ./nginx/certbot/www:/var/www/certbot
+      - ./nginx/99-autoreload.sh:/docker-entrypoint.d/99-autoreload.sh
+
+  # certbot:
+  #   image: certbot/certbot
+  #   volumes:
+  #     - ./nginx/certbot/conf:/etc/letsencrypt
+  #     - ./nginx/certbot/www:/var/www/certbot
+  #   entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
--- a/files/inception/srcs/nginx/conf/wordpress.conf
+++ b/files/inception/srcs/nginx/conf/wordpress.conf
@@ -1,34 +0,0 @@
-ssl_certificate     /etc/ssl/certs/nginx-selfsigned.crt;
-ssl_certificate_key /etc/ssl/certs/nginx-selfsigned.key;
-ssl_dhparam         /etc/ssl/certs/dhparam.pem;
-
-server
-{
-    listen      80 default_server;
-    server_name _;
-    return      301 https://$host$request_uri;
-}
-
-server
-{
-    listen      443 ssl default_server;
-    return 301  https://rralambo.42.fr$request_uri;
-}
-
-server
-{
-    listen      443 ssl;
-    server_name rralambo.42.fr;
-    index       index.php index.html index.htm;
-    root        /var/www/wordpress;
-
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_split_path_info  ^(.+\.php)(/.+)$;
-        fastcgi_index            index.php;
-        fastcgi_pass             wordpress:9000;
-        include                  fastcgi_params;
-        fastcgi_param   PATH_INFO       $fastcgi_path_info;
-        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    }
-}
--- a/files/inception/srcs/nginx/secure/default.conf.template
+++ b/files/inception/srcs/nginx/secure/default.conf.template
@@ -0,0 +1,39 @@
+
+server {
+    listen 80;
+    server_name ${APP_DOMAIN};
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name ${APP_DOMAIN};
+    server_tokens off;
+    client_max_body_size 20M;
+    index       index.php index.html index.htm;
+    root        /var/www/wordpress;
+
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate /etc/letsencrypt/live/${APP_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${APP_DOMAIN}/privkey.pem;
+    # include /etc/letsencrypt/options-ssl-nginx.conf;
+    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info  ^(.+\.php)(/.+)$;
+        fastcgi_index            index.php;
+        fastcgi_pass             wordpress:9000;
+        include                  fastcgi_params;
+        fastcgi_param   PATH_INFO       $fastcgi_path_info;
+        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}
--- a/templates/.env.j2
+++ b/templates/.env.j2
@@ -7,3 +7,4 @@ WP_EMAIL={{WP_EMAIL}}
 WP_ADMIN={{WP_ADMIN}}
 WP_ADMIN_PWD={{WP_ADMIN_PWD}}
 WP_ADMIN_EMAIL={{WP_ADMIN_EMAIL}}
+APP_DOMAIN={{cert_domain}}