Nginx, certbot and build context with docker-compose.yml

Dockerfile

@@ -1,7 +1,7 @@
 # This file is the main docker file configurations
 
 # Official Node JS runtime as a parent image
-FROM node:10.16.0-alpine
+FROM node:18-alpine
 
 # Set the working directory to ./app
 WORKDIR /app
@@ -17,7 +17,7 @@ RUN apk add --no-cache git
 RUN npm install
 
 # Audit fix npm packages
-RUN npm audit fix
+# RUN npm audit fix
 
 # Bundle app source
 COPY . /app

docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3'
+
+services:
+  portfolio:
+    build:
+      dockerfile: Dockerfile
+      context: . 
+    ports:
+      - "3000:3000"
+    container_name: portfolio
+    restart: unless-stopped
+
+  nginx:
+    image: nginx:1.24.0-alpine
+    restart: always
+    user: root
+    volumes:
+      - ./nginx/https.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/proxy_params:/etc/nginx/proxy_params:ro
+      - ./nginx/logs/:/var/log/nginx/:rw
+      - ./certbot/www:/var/www/certbot/:ro
+      - ./certbot/conf/:/etc/letsencrypt/:ro
+    ports:
+      - "80:80"
+      - "443:443"
+
+  certbot:
+    image: certbot/certbot:v1.8.0
+    container_name: certbot
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw

nginx/README.md

@@ -0,0 +1,56 @@
+# Guide to enable SSL on your developerFolio website
+### Requirements:
+1. Docker
+2. docker-compose
+### Procedure
+1. First, change the server name in `https.conf` file.
+2. run the command `docker-compose up -d` to install the `developerFolio`, `nginx` and `certbot`
+3. The webside should be accessible on port 80 of your server FQDN.
+## If you want to enable SSl then follow the below steps:
+1. Run the following command to request certificates of your website, replace the email and `ahsan-raza.com` with your FQDN.
+
+```
+docker run --rm --name temp_certbot     -v ./certbot/conf:/etc/letsencrypt     -v ./certbot/www:/var/www/certbot/     certbot/certbot:v1.8.0     certonly --webroot --agree-tos --renew-by-default     --preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory     --text --email [email protected]     -w /var/www/certbot/ -d ahsan-raza.com
+```
+
+2. Unomment the below lines of code present in https.conf 
+```
+    if ($scheme = "http") {
+        return 301 https://$server_name$request_uri;
+    }
+```
+3. Uncomment the server block of SSL i.e. running on 443. replace the `ahsan-raza.com` in the `ssl_certificate` path and `server_name` with your FQDN {check below lines which are to change for reference}
+
+```
+server {
+   server_name ahsan-raza.com; # managed by Certbot
+
+   access_log  /var/log/nginx/access.log  main;
+
+   gzip on;
+   gzip_types text/plain application/json;
+
+
+
+   add_header X-Frame-Options "SAMEORIGIN";
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+   location / {
+       proxy_pass http://portfolio:3000;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection 'upgrade';
+       proxy_set_header Host $host;
+       proxy_cache_bypass $http_upgrade;
+   }
+   listen 443 ssl;# managed by Certbot
+   ssl_certificate /etc/letsencrypt/live/ahsan-raza.com/fullchain.pem; # managed by Certbot
+   ssl_certificate_key /etc/letsencrypt/live/ahsan-raza.com/privkey.pem; # managed by Certbot
+
+
+}
+
+```
+
+4. Remove the nginx container and run `docker-compose up -d` again to reflect the changes.

nginx/https.conf

@@ -0,0 +1,39 @@
+# server {
+#    server_name ahsan-raza.com; # managed by Certbot
+
+#    access_log  /var/log/nginx/access.log  main;
+
+#    gzip on;
+#    gzip_types text/plain application/json;
+
+
+
+#    add_header X-Frame-Options "SAMEORIGIN";
+#     location /.well-known/acme-challenge/ {
+#         root /var/www/certbot;
+#     }
+#    location / {
+#        proxy_pass http://portfolio:3000;
+#        proxy_http_version 1.1;
+#        proxy_set_header Upgrade $http_upgrade;
+#        proxy_set_header Connection 'upgrade';
+#        proxy_set_header Host $host;
+#        proxy_cache_bypass $http_upgrade;
+#    }
+#    listen 443 ssl;# managed by Certbot
+#    ssl_certificate /etc/letsencrypt/live/ahsan-raza.com/fullchain.pem; # managed by Certbot
+#    ssl_certificate_key /etc/letsencrypt/live/ahsan-raza.com/privkey.pem; # managed by Certbot
+# }
+
+server {
+    # if ($scheme = "http") {
+    #     return 301 https://$server_name$request_uri;
+    # }
+
+    listen       80 ;
+    server_name ahsan-raza.com;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+}

nginx/nginx.conf

@@ -0,0 +1,46 @@
+
+
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    ssl_session_cache    shared:SSL:20m;
+    ssl_session_timeout  480m;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+}
+
+

nginx/proxy_params

@@ -0,0 +1,13 @@
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+client_max_body_size 1M;
+client_body_buffer_size 1m;
+proxy_intercept_errors on;
+proxy_buffering on;
+proxy_buffer_size 128k;
+proxy_buffers 256 16k;
+proxy_busy_buffers_size 256k;
+proxy_temp_file_write_size 256k;
+proxy_max_temp_file_size 0;
+proxy_read_timeout 300;