3 files changed, 64 insertions, 0 deletions

diff --git a/devops/nginx/Dockerfile b/devops/nginx/Dockerfile
new file mode 100644
index 0000000..4f2ba9f
--- /dev/null
+++ b/devops/nginx/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:alpine
+
+COPY ssl-cert-snakeoil.pem /etc/ssl/certs/
+COPY ssl-cert-snakeoil.key /etc/ssl/private/
+RUN chown -R nginx:nginx /etc/ssl
+RUN chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
+RUN chmod 750 /etc/ssl/private
+
+COPY default.conf /etc/nginx/conf.d/
diff --git a/devops/nginx/default.conf b/devops/nginx/default.conf
new file mode 100644
index 0000000..ea9980f
--- /dev/null
+++ b/devops/nginx/default.conf
@@ -0,0 +1,22 @@
+server {
+  # Listen on 80 and 443
+  listen 80;
+  listen 443 ssl;
+  # Self-signed certificate.
+  ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+  # Redirect all non-SSL traffic to SSL.
+  if ($ssl_protocol = "") {
+    rewrite ^ https://$host$request_uri? permanent;
+  }
+
+  # Split off traffic to gallifrey, and make sure that websockets
+  # are managed correctly.
+  location / {
+    proxy_pass http://gallifrey:8081;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade websocket;
+    proxy_set_header Connection upgrade;
+  }
+}
diff --git a/devops/nginx/nginx.conf b/devops/nginx/nginx.conf
new file mode 100644
index 0000000..3ebc618
--- /dev/null
+++ b/devops/nginx/nginx.conf
@@ -0,0 +1,33 @@
+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-available/*.conf;
+}