From 6cc7f33f6f80e2f5914c8dbc3a9ef8fc95898187 Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Fri, 24 Feb 2023 18:09:00 -0500 Subject: [PATCH] Still working on Docker Compose --- .../site-enabled_aether_flask_gunicorn.conf | 2 - conf/nginx/site-enabled_oneskyit.conf | 218 +++++++----------- conf/nginx/site.conf | 156 +++++++++---- docker-compose.yml | 8 +- 4 files changed, 191 insertions(+), 193 deletions(-) diff --git a/conf/nginx/site-enabled_aether_flask_gunicorn.conf b/conf/nginx/site-enabled_aether_flask_gunicorn.conf index ca4f0a3..61e1d29 100644 --- a/conf/nginx/site-enabled_aether_flask_gunicorn.conf +++ b/conf/nginx/site-enabled_aether_flask_gunicorn.conf @@ -8,7 +8,6 @@ server { server_name flask_gunicorn.localhost demo.localhost dev.localhost - dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com *.dev-connect.oneskyit.com dev-demo.oneskyit.com *.dev-demo.oneskyit.com @@ -65,7 +64,6 @@ server { server_name flask_gunicorn.localhost demo.localhost dev.localhost - dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com *.dev-connect.oneskyit.com dev-demo.oneskyit.com *.dev-demo.oneskyit.com diff --git a/conf/nginx/site-enabled_oneskyit.conf b/conf/nginx/site-enabled_oneskyit.conf index 248d9c0..714aae5 100644 --- a/conf/nginx/site-enabled_oneskyit.conf +++ b/conf/nginx/site-enabled_oneskyit.conf @@ -1,154 +1,100 @@ server { - listen 80; - listen [::]:80; - - server_name ${DOCKER_OSIT_SERVER_NAME}; - # server_name oneskyit.localhost; + listen 80; + listen [::]:80; + + server_name dev-docker.oneskyit.com test-docker.oneskyit.com prod-docker.oneskyit.com ${DOCKER_OSIT_SERVER_NAME}; + # server_name oneskyit.localhost; - access_log /logs/nginx/access_oneskyit.log; + access_log /logs/nginx/access_oneskyit.log; - # Do not overflow the SSL send buffer (causes extra round trips) - #ssl_buffer_size 8k; + # Do not overflow the SSL send buffer (causes extra round trips) + #ssl_buffer_size 8k; - root /srv/oneskyit_site; - - index index.php index.html; - # index index.html index.htm index.php; - - # include php.conf; - # include brotli.conf; - # include gzip.conf; - # include expires.conf; - - # These two locations remove .html and .php from filenames. - location / { - try_files $uri $uri/ $uri.html $uri.php$is_args$query_string; - } - - location ~ \.php$ { root /srv/oneskyit_site; + index index.php index.html; # index index.html index.htm index.php; - try_files $uri =404; - # try_files $uri $document_root$fastcgi_script_name =404; + # include php.conf; + # include brotli.conf; + # include gzip.conf; + # include expires.conf; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php7:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - -# location ~ \.php$ { -# try_files $uri =404; -# } - -} - - - -# # Redirect http to https -# server { -# listen 80; -# listen [::]:80; -# server_name oneskyit.com; -# return 301 https://oneskyit.com$request_uri; -# } -# -# #upstream oneskyit { -# #least_conn; -# # ip_hash; -# #server localhost:8889; -# #server localhost:8889; -# #} -# - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name ${DOCKER_OSIT_SERVER_NAME}; - # server_name docker.oneskyit.com; - - access_log /logs/nginx/access_oneskyit.log; - error_log /logs/nginx/error_oneskyit.log; - - # Do not overflow the SSL send buffer (causes extra round trips) - #ssl_buffer_size 8k; - - include /etc/nginx/options-ssl-nginx.conf; - - ssl_certificate /etc/certs/fullchain.pem; - ssl_certificate_key /etc/certs/privkey.pem; - ssl_dhparam /etc/certs/ssl-dhparams.pem; - - root /srv/oneskyit_site; - - index index.php index.html; - -# -# root /srv/http/oneskyit.com/; -# index index.php index.html; -# -# include php.conf; -# include brotli.conf; -# include gzip.conf; -# include expires.conf; -# # These two locations remove .html and .php from filenames. location / { - try_files $uri $uri/ $uri.html $uri.php$is_args$query_string; + try_files $uri $uri/ $uri.html $uri.php$is_args$query_string; } - location ~ \.php$ { - root /srv/oneskyit_site; + location ~ \.php$ { + root /srv/oneskyit_site; - # index index.html index.htm index.php; + # index index.html index.htm index.php; - try_files $uri =404; - # try_files $uri $document_root$fastcgi_script_name =404; + try_files $uri =404; + # try_files $uri $document_root$fastcgi_script_name =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php7:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php7:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } } -# location ~ \.php$ { -# try_files $uri =404; -# } -# -# #location / { -# # include uwsgi_params; -# # #uwsgi_pass oneskyit; -# # proxy_pass http://oneskyit; -# # #uwsgi_pass uwsgi://oneskyit.com:8889; -# # -# # #proxy_pass http://apptest; -# # #uwsgi_pass uwsgi://oneskyit.com:8890; -# # #uwsgi_pass uwsgi://oneskyit.com:8889; -# #} -# -# ssl_certificate /etc/letsencrypt/live/oneskyit.com/fullchain.pem; # managed by Certbot -# #ssl_certificate /etc/letsencrypt/live/oneskyit.com-0001/fullchain.pem; # managed by Certbot -# ssl_certificate_key /etc/letsencrypt/live/oneskyit.com/privkey.pem; # managed by Certbot -# #ssl_certificate_key /etc/letsencrypt/live/oneskyit.com-0001/privkey.pem; # managed by Certbot -# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot -# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -# -# #ssl_session_cache shared:SSL:5m; # was 1m (1 MB) -# #ssl_session_timeout 1h; # was 5m (5 minutes) -# -# ssl_buffer_size 8k; -# -# -# if ($scheme != "https"){ -# return 301 https://$host$request_uri; -# } # managed by Certbot -# -# } + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + # server_name docker.oneskyit.com ${DOCKER_OSIT_SERVER_NAME}; + server_name docker.oneskyit.com dev-docker.oneskyit.com test-docker.oneskyit.com prod-docker.oneskyit.com ${DOCKER_OSIT_SERVER_NAME}; + # server_name docker.oneskyit.com dev.oneskyit.com test.oneskyit.com prod.oneskyit.com; + # server_name docker.oneskyit.com; + + access_log /logs/nginx/access_oneskyit.log; + error_log /logs/nginx/error_oneskyit.log; + + # Do not overflow the SSL send buffer (causes extra round trips) + #ssl_buffer_size 8k; + + include /etc/nginx/options-ssl-nginx.conf; + + ssl_certificate /etc/certs/fullchain.pem; + ssl_certificate_key /etc/certs/privkey.pem; + ssl_dhparam /etc/certs/ssl-dhparams.pem; + + root /srv/oneskyit_site; + + index index.php index.html; + + # + # root /srv/http/oneskyit.com/; + # index index.php index.html; + # + # include php.conf; + # include brotli.conf; + # include gzip.conf; + # include expires.conf; + # + # These two locations remove .html and .php from filenames. + location / { + try_files $uri $uri/ $uri.html $uri.php$is_args$query_string; + } + + location ~ \.php$ { + root /srv/oneskyit_site; + + # index index.html index.htm index.php; + + try_files $uri =404; + # try_files $uri $document_root$fastcgi_script_name =404; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php7:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } +} diff --git a/conf/nginx/site.conf b/conf/nginx/site.conf index b7f5b2d..a807df6 100644 --- a/conf/nginx/site.conf +++ b/conf/nginx/site.conf @@ -1,60 +1,114 @@ server { - listen 80; - server_name docker.localhost docker.oneskyit.com; + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; +} +# server { +# listen 80; +# server_name _; +# +# access_log /logs/nginx/access_docker.log; +# error_log /logs/nginx/error_docker.log; +# +# root /srv/html_php; +# +# index index.html index.htm index.php; +# +# # location / { +# # # root /usr/share/nginx/html; +# # index index.html index.htm; +# # } +# +# location ~ \.php$ { +# index index.html index.htm index.php; +# +# try_files $uri =404; +# fastcgi_split_path_info ^(.+\.php)(/.+)$; +# fastcgi_pass php7:9000; +# fastcgi_index index.php; +# include fastcgi_params; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_path_info; +# } +# +# #error_page 404 /404.html; +# +# # redirect server error pages to the static page /50x.html +# # +# # error_page 500 502 503 504 /50x.html; +# # location = /50x.html { +# # root /usr/share/nginx/html; +# # } +# +# # proxy the PHP scripts to Apache listening on 127.0.0.1:80 +# # +# #location ~ \.php$ { +# # proxy_pass http://127.0.0.1; +# #} +# +# # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 +# # +# #location ~ \.php$ { +# # root html; +# # fastcgi_pass 127.0.0.1:9000; +# # fastcgi_index index.php; +# # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; +# # include fastcgi_params; +# #} +# +# # deny access to .htaccess files, if Apache's document root +# # concurs with nginx's one +# # +# #location ~ /\.ht { +# # deny all; +# #} +# } + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name _; + + access_log /logs/nginx/access_docker.log; error_log /logs/nginx/error_docker.log; - access_log /logs/nginx/access_docker.log; - root /srv/html_php; + # Do not overflow the SSL send buffer (causes extra round trips) + # ssl_buffer_size 8k; - index index.html index.htm index.php; + include /etc/nginx/options-ssl-nginx.conf; - # location / { - # # root /usr/share/nginx/html; - # index index.html index.htm; - # } - - location ~ \.php$ { - index index.html index.htm index.php; - - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php7:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; + ssl_certificate /etc/certs/fullchain.pem; + ssl_certificate_key /etc/certs/privkey.pem; + ssl_dhparam /etc/certs/ssl-dhparams.pem; + + location / { + return 404; } - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # root /usr/share/nginx/html; - # } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} +# root /srv/html_php; +# +# index index.php index.html; +# +# # These two locations remove .html and .php from filenames. +# location / { +# try_files $uri $uri/ $uri.html $uri.php$is_args$query_string; +# } +# +# location ~ \.php$ { +# root /srv/html_php; +# +# # index index.html index.htm index.php; +# +# try_files $uri =404; +# # try_files $uri $document_root$fastcgi_script_name =404; +# +# fastcgi_split_path_info ^(.+\.php)(/.+)$; +# fastcgi_pass php7:9000; +# fastcgi_index index.php; +# include fastcgi_params; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_path_info; +# } } diff --git a/docker-compose.yml b/docker-compose.yml index b499b8d..4f07546 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,19 +43,19 @@ services: # - ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf - ./conf/nginx/options-ssl-nginx.conf:/etc/nginx/options-ssl-nginx.conf - - ./conf/nginx/site.conf:/etc/nginx/conf.d/site.conf # - ./conf/nginx/other.conf:/etc/nginx/conf.d/other.conf - # - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/conf.d/site-enabled_aether-phpmyadmin.conf - - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/templates/site-enabled_aether-phpmyadmin.conf.template + - ./conf/nginx/site.conf:/etc/nginx/conf.d/0_site.conf + # - ./conf/nginx/site-enabled_aether-mailman2.conf:/etc/nginx/conf.d/site-enabled_aether-mailman2.conf # - ./conf/nginx/site-enabled_aether-nextcloud.conf:/etc/nginx/conf.d/site-enabled_aether-nextcloud.conf + # - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/conf.d/site-enabled_aether-phpmyadmin.conf + - ./conf/nginx/site-enabled_aether-phpmyadmin.conf:/etc/nginx/templates/site-enabled_aether-phpmyadmin.conf.template # - ./conf/nginx/site-enabled_oneskyit.conf:/etc/nginx/conf.d/site-enabled_oneskyit.conf - ./conf/nginx/site-enabled_oneskyit.conf:/etc/nginx/templates/site-enabled_oneskyit.conf.template - ./conf/nginx/site-enabled_aether_fastapi_gunicorn.conf:/etc/nginx/templates/site-enabled_aether_fastapi_gunicorn.conf.template - # - ./conf/nginx/site-enabled_aether_fastapi_2_gunicorn.conf:/etc/nginx/conf.d/site-enabled_aether_fastapi_2_gunicorn.conf - ./conf/nginx/site-enabled_aether_flask_gunicorn.conf:/etc/nginx/templates/site-enabled_aether_flask_gunicorn.conf.template - ./conf/certs/fullchain.pem:/etc/certs/fullchain.pem