From ce05fb106a05d05ae33bcbd81465888a198443e4 Mon Sep 17 00:00:00 2001 From: Ahsan Raza Date: Wed, 8 Nov 2023 16:57:16 +0100 Subject: [PATCH 1/3] added docker-compose.yml with nginx and certbot inside --- docker-compose.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000000..60ac514ac4 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3' + +services: + portfolio: + build: + dockerfile: Dockerfile + context: . + ports: + - "3000:3000" + container_name: portfolio + restart: unless-stopped + + nginx: + image: nginx:1.24.0-alpine + restart: always + user: root + volumes: + - ./nginx/https.conf:/etc/nginx/conf.d/default.conf:ro + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx/proxy_params:/etc/nginx/proxy_params:ro + - ./nginx/logs/:/var/log/nginx/:rw + - ./certbot/www:/var/www/certbot/:ro + - ./certbot/conf/:/etc/letsencrypt/:ro + ports: + - "80:80" + - "443:443" + + certbot: + image: certbot/certbot:v1.8.0 + container_name: certbot + volumes: + - ./certbot/www/:/var/www/certbot/:rw + - ./certbot/conf/:/etc/letsencrypt/:rw From b20c62101155f2c4caaedfa8fadc4476dec33a74 Mon Sep 17 00:00:00 2001 From: Ahsan Raza Date: Wed, 8 Nov 2023 17:23:40 +0100 Subject: [PATCH 2/3] added nginx, certbot and build app context --- nginx/README.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++ nginx/https.conf | 39 ++++++++++++++++++++++++++++++++ nginx/nginx.conf | 46 +++++++++++++++++++++++++++++++++++++ nginx/proxy_params | 13 +++++++++++ 4 files changed, 154 insertions(+) create mode 100644 nginx/README.md create mode 100644 nginx/https.conf create mode 100644 nginx/nginx.conf create mode 100644 nginx/proxy_params diff --git a/nginx/README.md b/nginx/README.md new file mode 100644 index 0000000000..58f30e3ac2 --- /dev/null +++ b/nginx/README.md @@ -0,0 +1,56 @@ +# Guide to enable SSL on your developerFolio website +### Requirements: +1. Docker +2. docker-compose +### Procedure +1. First, change the server name in `https.conf` file. +2. run the command `docker-compose up -d` to install the `developerFolio`, `nginx` and `certbot` +3. The webside should be accessible on port 80 of your server FQDN. +## If you want to enable SSl then follow the below steps: +1. Run the following command to request certificates of your website, replace the email and `ahsan-raza.com` with your FQDN. + +``` +docker run --rm --name temp_certbot -v ./certbot/conf:/etc/letsencrypt -v ./certbot/www:/var/www/certbot/ certbot/certbot:v1.8.0 certonly --webroot --agree-tos --renew-by-default --preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory --text --email your-email@gmail.com -w /var/www/certbot/ -d ahsan-raza.com +``` + +2. Unomment the below lines of code present in https.conf +``` + if ($scheme = "http") { + return 301 https://$server_name$request_uri; + } +``` +3. Uncomment the server block of SSL i.e. running on 443. replace the `ahsan-raza.com` in the `ssl_certificate` path and `server_name` with your FQDN {check below lines which are to change for reference} + +``` +server { + server_name ahsan-raza.com; # managed by Certbot + + access_log /var/log/nginx/access.log main; + + gzip on; + gzip_types text/plain application/json; + + + + add_header X-Frame-Options "SAMEORIGIN"; + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + location / { + proxy_pass http://portfolio:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + listen 443 ssl;# managed by Certbot + ssl_certificate /etc/letsencrypt/live/ahsan-raza.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/ahsan-raza.com/privkey.pem; # managed by Certbot + + +} + +``` + +4. Remove the nginx container and run `docker-compose up -d` again to reflect the changes. \ No newline at end of file diff --git a/nginx/https.conf b/nginx/https.conf new file mode 100644 index 0000000000..3583caeb9f --- /dev/null +++ b/nginx/https.conf @@ -0,0 +1,39 @@ +# server { +# server_name ahsan-raza.com; # managed by Certbot + +# access_log /var/log/nginx/access.log main; + +# gzip on; +# gzip_types text/plain application/json; + + + +# add_header X-Frame-Options "SAMEORIGIN"; +# location /.well-known/acme-challenge/ { +# root /var/www/certbot; +# } +# location / { +# proxy_pass http://portfolio:3000; +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection 'upgrade'; +# proxy_set_header Host $host; +# proxy_cache_bypass $http_upgrade; +# } +# listen 443 ssl;# managed by Certbot +# ssl_certificate /etc/letsencrypt/live/ahsan-raza.com/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/ahsan-raza.com/privkey.pem; # managed by Certbot +# } + +server { + # if ($scheme = "http") { + # return 301 https://$server_name$request_uri; + # } + + listen 80 ; + server_name ahsan-raza.com; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000000..447fa6048c --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,46 @@ + + +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 480m; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + +} + + diff --git a/nginx/proxy_params b/nginx/proxy_params new file mode 100644 index 0000000000..7cca5145b1 --- /dev/null +++ b/nginx/proxy_params @@ -0,0 +1,13 @@ +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +client_max_body_size 1M; +client_body_buffer_size 1m; +proxy_intercept_errors on; +proxy_buffering on; +proxy_buffer_size 128k; +proxy_buffers 256 16k; +proxy_busy_buffers_size 256k; +proxy_temp_file_write_size 256k; +proxy_max_temp_file_size 0; +proxy_read_timeout 300; From cdbb6e9852d9276836da56605e22f49737e28151 Mon Sep 17 00:00:00 2001 From: Ahsan Raza Date: Wed, 8 Nov 2023 17:25:58 +0100 Subject: [PATCH 3/3] upgraded node version Dockerfile and commented audit fix --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5a3df105bc..e6dfb13c0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # This file is the main docker file configurations # Official Node JS runtime as a parent image -FROM node:10.16.0-alpine +FROM node:18-alpine # Set the working directory to ./app WORKDIR /app @@ -17,7 +17,7 @@ RUN apk add --no-cache git RUN npm install # Audit fix npm packages -RUN npm audit fix +# RUN npm audit fix # Bundle app source COPY . /app