From 56fb54a38e8e8c8403ca90626fc230237dc809b2 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Fri, 24 Feb 2023 14:21:54 -0500 Subject: [PATCH] Work on nginx and server names --- .env.default | 5 ++++ .../nginx/site-enabled_aether-phpmyadmin.conf | 12 +++++++-- .../site-enabled_aether_fastapi_gunicorn.conf | 26 ++++++++++--------- .../site-enabled_aether_flask_gunicorn.conf | 7 +++++ conf/nginx/site-enabled_oneskyit.conf | 8 ++++-- docker-compose.yml | 19 ++++++++++---- 6 files changed, 56 insertions(+), 21 deletions(-) diff --git a/.env.default b/.env.default index fb2ad0b..270a23d 100644 --- a/.env.default +++ b/.env.default @@ -10,6 +10,11 @@ OSIT_WEB_HTTPS_PORT=4443 # For now this extra host variable is important for the AE Flask app to connect to the AE FastAPI API. DOCKER_AE_APP_EXTRA_HOST=dev-api.oneskyit.com:192.168.32.20 +# This needs to be updated for each client's subdomain. +# This is not currently working with the nginx Docker Compose. It uses envsubst with a template conf file. +OSIT_NGINX_SERVER_NAMES=flask_gunicorn.localhost,demo.localhost,dev.localhost,dev.oneskyit.com,dev-app.oneskyit.com,dev-connect.oneskyit.com,*.dev-connect.oneskyit.com,dev-demo.oneskyit.com,*.dev-demo.oneskyit.com,test-app.oneskyit.com + + # Aether general shared config options # For general shared config options like API access and use, database access and use, Redis, and SMTP # home development, live testing, live production, onsite development, onsite testing, onsite production??? diff --git a/conf/nginx/site-enabled_aether-phpmyadmin.conf b/conf/nginx/site-enabled_aether-phpmyadmin.conf index 4695952..202e0da 100644 --- a/conf/nginx/site-enabled_aether-phpmyadmin.conf +++ b/conf/nginx/site-enabled_aether-phpmyadmin.conf @@ -2,7 +2,8 @@ server { listen 80; listen [::]:80; - server_name phpmyadmin-oneskyit.localhost phpmyadmin.oneskyit.com dev-phpmyadmin.oneskyit.com test-phpmyadmin.oneskyit.com; + server_name ${DOCKER_PHPMYADMIN_SERVER_NAME}; + # server_name phpmyadmin-oneskyit.localhost phpmyadmin.oneskyit.com dev-phpmyadmin.oneskyit.com test-phpmyadmin.oneskyit.com; access_log /logs/nginx/access_oneskyit_phpmyadmin.log; @@ -25,9 +26,16 @@ server { listen 443 ssl; listen [::]:443 ssl http2; - server_name phpmyadmin-oneskyit.localhost phpmyadmin.oneskyit.com dev-phpmyadmin.oneskyit.com test-phpmyadmin.oneskyit.com; + server_name ${DOCKER_PHPMYADMIN_SERVER_NAME}; + # server_name phpmyadmin-oneskyit.localhost phpmyadmin.oneskyit.com dev-phpmyadmin.oneskyit.com test-phpmyadmin.oneskyit.com; access_log /logs/nginx/access_oneskyit_phpmyadmin.log; + + include /etc/nginx/options-ssl-nginx.conf; + + ssl_certificate /etc/certs/fullchain.pem; + ssl_certificate_key /etc/certs/privkey.pem; + ssl_dhparam /etc/certs/ssl-dhparams.pem; index index.php; diff --git a/conf/nginx/site-enabled_aether_fastapi_gunicorn.conf b/conf/nginx/site-enabled_aether_fastapi_gunicorn.conf index cd4a271..6ef545d 100644 --- a/conf/nginx/site-enabled_aether_fastapi_gunicorn.conf +++ b/conf/nginx/site-enabled_aether_fastapi_gunicorn.conf @@ -2,12 +2,13 @@ server { listen 80; listen [::]:80; - server_name - fastapi_gunicorn.localhost - dev-api.localhost - dev-api.oneskyit.com - test-api.oneskyit.com - ; + server_name ${DOCKER_AE_API_SERVER_NAME}; + # server_name + # fastapi_gunicorn.localhost + # dev-api.localhost + # dev-api.oneskyit.com + # test-api.oneskyit.com + # ; access_log /logs/nginx/access_fastapi_gunicorn.log; error_log /logs/nginx/error_fastapi_gunicorn.log; @@ -39,12 +40,13 @@ server { listen 443 ssl; listen [::]:443 ssl http2; - server_name - fastapi_gunicorn.localhost - dev-api.localhost - dev-api.oneskyit.com - test-api.oneskyit.com - ; + server_name ${DOCKER_AE_API_SERVER_NAME}; + # server_name + # fastapi_gunicorn.localhost + # dev-api.localhost + # dev-api.oneskyit.com + # test-api.oneskyit.com + # ; access_log /logs/nginx/access_fastapi_gunicorn.log; error_log /logs/nginx/error_fastapi_gunicorn.log; diff --git a/conf/nginx/site-enabled_aether_flask_gunicorn.conf b/conf/nginx/site-enabled_aether_flask_gunicorn.conf index a7dc611..6530d2d 100644 --- a/conf/nginx/site-enabled_aether_flask_gunicorn.conf +++ b/conf/nginx/site-enabled_aether_flask_gunicorn.conf @@ -2,6 +2,9 @@ server { listen 80; listen [::]:80; + # server_name + # ${NGINX_SERVER_NAMES} + # ; server_name flask_gunicorn.localhost demo.localhost dev.localhost @@ -53,6 +56,10 @@ server { listen 443 ssl; listen [::]:443 ssl http2; + # The Docker nginx envsubst with templates does not work for multiple server names. + # server_name + # ${NGINX_SERVER_NAMES} + # ; server_name flask_gunicorn.localhost demo.localhost dev.localhost diff --git a/conf/nginx/site-enabled_oneskyit.conf b/conf/nginx/site-enabled_oneskyit.conf index 2a7e8b4..248d9c0 100644 --- a/conf/nginx/site-enabled_oneskyit.conf +++ b/conf/nginx/site-enabled_oneskyit.conf @@ -1,7 +1,9 @@ server { listen 80; listen [::]:80; - server_name oneskyit.localhost; + + server_name ${DOCKER_OSIT_SERVER_NAME}; + # server_name oneskyit.localhost; access_log /logs/nginx/access_oneskyit.log; @@ -66,7 +68,9 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name docker.oneskyit.com; + + server_name ${DOCKER_OSIT_SERVER_NAME}; + # server_name docker.oneskyit.com; access_log /logs/nginx/access_oneskyit.log; error_log /logs/nginx/error_oneskyit.log; diff --git a/docker-compose.yml b/docker-compose.yml index fee0f30..b499b8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,8 +11,13 @@ services: env_file: - ./.env environment: - # This does not seem to work (yet???) - - AE_DOMAIN_LIST:'dev-aapor.oneskyit.com dev-businessgroup.oneskyt.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com' + # NOTE: This does not seem to work with nginx yet??? + # NOTE: Use the template directory and .template extension for the .conf files. + # - NGINX_SERVER_NAMES="dev-demo.oneskyit.com dev-example.oneskyit.com" + # - NGINX_SERVER_NAMES="dev-idaa.oneskyit.com dev-ishlt.oneskyit.com" + # - AE_DOMAIN_LIST:'dev-aapor.oneskyit.com dev-businessgroup.oneskyt.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com' + # - NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com *.dev-connect.oneskyit.com dev-demo.oneskyit.com *.dev-demo.oneskyit.com dev-aapor.oneskyit.com *.dev-aapor.oneskyit.com dev-businessgroup.oneskyt.com *.dev-businessgroup.oneskyt.com dev-cmsc.oneskyit.com *.dev-cmsc.oneskyit.com dev-idaa.oneskyit.com *.dev-idaa.oneskyit.com dev-ishlt.oneskyit.com *.dev-ishlt.oneskyit.com dev-ncsd.oneskyit.com *.dev-ncsd.oneskyit.com dev-npa.oneskyit.com *.dev-npa.oneskyit.com dev-rli.oneskyit.com *.dev-rli.oneskyit.com test-app.oneskyit.com" + - NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aapor.oneskyit.com dev-businessgroup.oneskyt.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com" ports: - "${OSIT_WEB_HTTP_PORT}:80" - "${OSIT_WEB_HTTPS_PORT}:443" @@ -36,18 +41,22 @@ services: # - ./srv/nextcloud/config:/var/www/html/config # - ./srv/nextcloud/data:/var/www/html/data + # - ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf - ./conf/nginx/options-ssl-nginx.conf:/etc/nginx/options-ssl-nginx.conf - ./conf/nginx/site.conf:/etc/nginx/conf.d/site.conf + # - ./conf/nginx/other.conf:/etc/nginx/conf.d/other.conf # - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/conf.d/site-enabled_aether-phpmyadmin.conf + - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/templates/site-enabled_aether-phpmyadmin.conf.template # - ./conf/nginx/site-enabled_aether-mailman2.conf:/etc/nginx/conf.d/site-enabled_aether-mailman2.conf # - ./conf/nginx/site-enabled_aether-nextcloud.conf:/etc/nginx/conf.d/site-enabled_aether-nextcloud.conf - - ./conf/nginx/site-enabled_oneskyit.conf:/etc/nginx/conf.d/site-enabled_oneskyit.conf + # - ./conf/nginx/site-enabled_oneskyit.conf:/etc/nginx/conf.d/site-enabled_oneskyit.conf + - ./conf/nginx/site-enabled_oneskyit.conf:/etc/nginx/templates/site-enabled_oneskyit.conf.template - - ./conf/nginx/site-enabled_aether_fastapi_gunicorn.conf:/etc/nginx/conf.d/site-enabled_aether_fastapi_gunicorn.conf + - ./conf/nginx/site-enabled_aether_fastapi_gunicorn.conf:/etc/nginx/templates/site-enabled_aether_fastapi_gunicorn.conf.template # - ./conf/nginx/site-enabled_aether_fastapi_2_gunicorn.conf:/etc/nginx/conf.d/site-enabled_aether_fastapi_2_gunicorn.conf - - ./conf/nginx/site-enabled_aether_flask_gunicorn.conf:/etc/nginx/conf.d/site-enabled_aether_flask_gunicorn.conf + - ./conf/nginx/site-enabled_aether_flask_gunicorn.conf:/etc/nginx/templates/site-enabled_aether_flask_gunicorn.conf.template - ./conf/certs/fullchain.pem:/etc/certs/fullchain.pem - ./conf/certs/privkey.pem:/etc/certs/privkey.pem