Skip to content

Instantly share code, notes, and snippets.

@Maxim-Kolmogorov

Maxim-Kolmogorov/docker-compose.yml

Created January 30, 2024 08:15
Show Gist options
  • Save Maxim-Kolmogorov/39a593634fafe3a4d9e410ac25ff505c to your computer and use it in GitHub Desktop.
Save Maxim-Kolmogorov/39a593634fafe3a4d9e410ac25ff505c to your computer and use it in GitHub Desktop.
Download ZIP
SSL, Nuxt 3, Nginx, Docker
Raw
docker-compose.yml
version: "3.3"
# Указываем раздел со связанными сервисами
services:
nginx:
depends_on:
- nuxt
image: nginx:latest
labels:
proxy_nginx: "Для SSL"
ports:
- '80:80'
- '443:443'
volumes:
# Nginx settings
- ./nginx:/etc/nginx/conf.d
# Logs
- ./logs:/var/log/nginx/
# For letsencrypt (SSL)
- ./certs:/etc/nginx/certs
- /tmp/letsencrypt/www:/tmp/letsencrypt/www
logging:
driver: 'json-file'
options:
max-size: '10m'
max-file: '10'
restart: always
# Наш условный сайт
nuxt:
build: ./nuxt
expose:
- '3000'
restart: always
# Cервис авто-обновления SSL сертификата
letsencrypt:
image: gordonchan/auto-letsencrypt
links:
- nginx
volumes:
- /var/log/letsencrypt/:/var/log/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock
- /etc/letsencrypt:/etc/letsencrypt
- /var/lib/letsencrypt:/var/lib/letsencrypt
- /tmp/letsencrypt/www:/tmp/letsencrypt/www
- ./certs:/etc/nginx/certs
environment:
- EMAIL=my@email.com
- SERVER_CONTAINER=nginx
- WEBROOT_PATH=/tmp/letsencrypt/www
- CERTS_PATH=/etc/nginx/certs
- DOMAINS=site.com
- CHECK_FREQ=1
- SERVER_CONTAINER_LABEL=proxy_nginx
restart: unless-stopped
Raw
nginx.conf
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 80;
server_name site.com www.site.com;
location /.well-known/acme-challenge {
root /tmp/letsencrypt/www;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl default_server;
server_name site.com www.site.com;
root /var/www;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
client_max_body_size 50M;
if ($host ~ "^www\.(.*)$") {
return 301 https://$1$request_uri;
}
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
# C любовью
add_header X-Created-By "VVerh Digital";
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://nuxt:3000;
}
location /.well-known/acme-challenge {
root /tmp/letsencrypt/www;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment