diff options
Diffstat (limited to 'devops/nginx')
| -rw-r--r-- | devops/nginx/Dockerfile | 9 | ||||
| -rw-r--r-- | devops/nginx/default.conf | 23 | ||||
| -rw-r--r-- | devops/nginx/nginx.conf | 33 |
3 files changed, 65 insertions, 0 deletions
diff --git a/devops/nginx/Dockerfile b/devops/nginx/Dockerfile new file mode 100644 index 0000000..4f2ba9f --- /dev/null +++ b/devops/nginx/Dockerfile @@ -0,0 +1,9 @@ +FROM nginx:alpine + +COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ +COPY ssl-cert-snakeoil.key /etc/ssl/private/ +RUN chown -R nginx:nginx /etc/ssl +RUN chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key +RUN chmod 750 /etc/ssl/private + +COPY default.conf /etc/nginx/conf.d/ diff --git a/devops/nginx/default.conf b/devops/nginx/default.conf new file mode 100644 index 0000000..541f5db --- /dev/null +++ b/devops/nginx/default.conf @@ -0,0 +1,23 @@ + +server { +# Listen on 80 and 443 +listen 80; +listen 443 ssl; +# Self-signed certificate. +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + +# Redirect all non-SSL traffic to SSL. +if ($ssl_protocol = "") { +rewrite ^ https://$host$request_uri? permanent; +} + +# Split off traffic to chameleon, and make sure that websockets +# are managed correctly. +location / { +proxy_pass http://chameleon:8082; +proxy_http_version 1.1; +proxy_set_header Upgrade websocket; +proxy_set_header Connection upgrade; +} +} diff --git a/devops/nginx/nginx.conf b/devops/nginx/nginx.conf new file mode 100644 index 0000000..3ebc618 --- /dev/null +++ b/devops/nginx/nginx.conf @@ -0,0 +1,33 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-available/*.conf; +} |