Loading docker-compose.yml +2 −70 Original line number Original line Diff line number Diff line version: "3.9" version: "3.9" volumes: acme: certs: proxy_conf.d: proxy_vhost.d: proxy_html: networks: proxy-tier: net-app: services: services: proxy: image: nginxproxy/nginx-proxy:alpine ports: - 80:80 - 443:443 labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" environment: # this is not necessary since we use the Let's Encrypt companion DHPARAM_SKIP: "true" volumes: - certs:/etc/nginx/certs:ro - proxy_conf.d:/etc/nginx/conf.d - proxy_vhost.d:/etc/nginx/vhost.d - proxy_html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy-tier restart: always userns_mode: "host" acme-companion: image: nginxproxy/acme-companion # NOTE: these env vars do not seem to work, hence we fall back to setting the label on the "proxy" container # maybe these require the three-containers setup from https://github.com/nginx-proxy/acme-companion/wiki/Docker-Compose # environment: # NGINX_PROXY_CONTAINER: "proxy" # NGINX_DOCKER_GEN_CONTAINER: "proxy" volumes: - acme:/etc/acme.sh - certs:/etc/nginx/certs - proxy_conf.d:/etc/nginx/conf.d - proxy_vhost.d:/etc/nginx/vhost.d - proxy_html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier depends_on: - proxy restart: always userns_mode: "host" app: app: build: ./apps/MRI build: ./apps/MRI expose: ports: - 8080 - 8080:8080 networks: - net-app restart: always userns_mode: "host" web: build: ./web volumes_from: - app environment: - VIRTUAL_HOST=vz.fjfi.cvut.cz - LETSENCRYPT_HOST=vz.fjfi.cvut.cz networks: - net-app - proxy-tier restart: always restart: always userns_mode: "host" userns_mode: "host" web/Dockerfiledeleted 100644 → 0 +0 −3 Original line number Original line Diff line number Diff line FROM nginx:alpine COPY nginx.conf /etc/nginx/nginx.conf web/nginx.confdeleted 100644 → 0 +0 −75 Original line number Original line Diff line number Diff line worker_processes auto; worker_cpu_affinity auto; pcre_jit on; events { worker_connections 1024; } worker_rlimit_nofile 2048; error_log /var/log/nginx/error.log warn; http { include mime.types; default_type application/octet-stream; types_hash_max_size 4096; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; client_max_body_size 1G; gzip on; gzip_comp_level 6; gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; set_real_ip_from 192.168.0.0/16; real_ip_header X-Real-IP; upstream app-handler { server app:8080; } server { listen 80; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Path to the root of your installation root /var/www/html; location = /robots.txt { allow all; log_not_found off; access_log off; } location / { proxy_pass http://app-handler; } } } Loading
docker-compose.yml +2 −70 Original line number Original line Diff line number Diff line version: "3.9" version: "3.9" volumes: acme: certs: proxy_conf.d: proxy_vhost.d: proxy_html: networks: proxy-tier: net-app: services: services: proxy: image: nginxproxy/nginx-proxy:alpine ports: - 80:80 - 443:443 labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" environment: # this is not necessary since we use the Let's Encrypt companion DHPARAM_SKIP: "true" volumes: - certs:/etc/nginx/certs:ro - proxy_conf.d:/etc/nginx/conf.d - proxy_vhost.d:/etc/nginx/vhost.d - proxy_html:/usr/share/nginx/html - /var/run/docker.sock:/tmp/docker.sock:ro networks: - proxy-tier restart: always userns_mode: "host" acme-companion: image: nginxproxy/acme-companion # NOTE: these env vars do not seem to work, hence we fall back to setting the label on the "proxy" container # maybe these require the three-containers setup from https://github.com/nginx-proxy/acme-companion/wiki/Docker-Compose # environment: # NGINX_PROXY_CONTAINER: "proxy" # NGINX_DOCKER_GEN_CONTAINER: "proxy" volumes: - acme:/etc/acme.sh - certs:/etc/nginx/certs - proxy_conf.d:/etc/nginx/conf.d - proxy_vhost.d:/etc/nginx/vhost.d - proxy_html:/usr/share/nginx/html - /var/run/docker.sock:/var/run/docker.sock:ro networks: - proxy-tier depends_on: - proxy restart: always userns_mode: "host" app: app: build: ./apps/MRI build: ./apps/MRI expose: ports: - 8080 - 8080:8080 networks: - net-app restart: always userns_mode: "host" web: build: ./web volumes_from: - app environment: - VIRTUAL_HOST=vz.fjfi.cvut.cz - LETSENCRYPT_HOST=vz.fjfi.cvut.cz networks: - net-app - proxy-tier restart: always restart: always userns_mode: "host" userns_mode: "host"
web/Dockerfiledeleted 100644 → 0 +0 −3 Original line number Original line Diff line number Diff line FROM nginx:alpine COPY nginx.conf /etc/nginx/nginx.conf
web/nginx.confdeleted 100644 → 0 +0 −75 Original line number Original line Diff line number Diff line worker_processes auto; worker_cpu_affinity auto; pcre_jit on; events { worker_connections 1024; } worker_rlimit_nofile 2048; error_log /var/log/nginx/error.log warn; http { include mime.types; default_type application/octet-stream; types_hash_max_size 4096; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; client_max_body_size 1G; gzip on; gzip_comp_level 6; gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; set_real_ip_from 192.168.0.0/16; real_ip_header X-Real-IP; upstream app-handler { server app:8080; } server { listen 80; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Path to the root of your installation root /var/www/html; location = /robots.txt { allow all; log_not_found off; access_log off; } location / { proxy_pass http://app-handler; } } }
