multiple configs depending on wether or not we have cert
This commit is contained in:
@@ -3,11 +3,17 @@ FROM nginx:latest
|
||||
|
||||
# Copy template config
|
||||
COPY nginx.conf.template /etc/nginx/nginx.conf.template
|
||||
COPY nginx_setup.conf.template /etc/nginx/nginx_setup.conf.template
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
# Update package list and install gettext-base
|
||||
RUN apt-get update && apt-get install -y gettext-base
|
||||
|
||||
# Replace variables at build time
|
||||
ENV BACKEND_HOST=backend
|
||||
ENV DOMAIN=example.com
|
||||
ENV CERT_PATH=/etc/letsencrypt/live/$DOMAIN
|
||||
|
||||
CMD /bin/sh -c "envsubst '\$BACKEND_HOST' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && nginx -g 'daemon off;'"
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
14
nginx/entrypoint.sh
Executable file
14
nginx/entrypoint.sh
Executable file
@@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Check if certificate exists
|
||||
if [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then
|
||||
echo "Certificates found. Using production nginx config."
|
||||
envsubst '$BACKEND_HOST $DOMAIN' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
|
||||
else
|
||||
echo "Certificates NOT found. Using setup nginx config."
|
||||
envsubst '$BACKEND_HOST $DOMAIN' < /etc/nginx/nginx_setup.conf.template > /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
# Start nginx
|
||||
nginx -g 'daemon off;'
|
||||
@@ -11,7 +11,7 @@ http {
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name adam-french.co.uk www.adam-french.co.uk;
|
||||
server_name $DOMAIN www.$DOMAIN;
|
||||
|
||||
# Allow Certbot to access the ACME challenge
|
||||
location /.well-known/acme-challenge/ {
|
||||
@@ -28,13 +28,13 @@ http {
|
||||
server {
|
||||
listen 443 ssl;
|
||||
http2 on;
|
||||
server_name adam-french.co.uk www.adam-french.co.uk;
|
||||
server_name $DOMAIN www.$DOMAIN;
|
||||
|
||||
root /etc/nginx/html;
|
||||
index index.html;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/adam-french.co.uk/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/adam-french.co.uk/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
|
||||
23
nginx/nginx_setup.conf.template
Normal file
23
nginx/nginx_setup.conf.template
Normal file
@@ -0,0 +1,23 @@
|
||||
events {
|
||||
worker_connections 1024; # required, can be minimal
|
||||
}
|
||||
|
||||
http {
|
||||
server_tokens off;
|
||||
charset utf-8;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name $DOMAIN www.$DOMAIN;
|
||||
|
||||
# Only allow Certbot ACME challenge access
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
# All other requests should return 404
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user