Last active
January 30, 2022 10:05
-
-
Save danielwagn3r/dc41d2e95f378db89dac9986ac7082c8 to your computer and use it in GitHub Desktop.
Nginx and Let’s Encrypt with Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
types { | |
application/x-ns-proxy-autoconfig dat; | |
} | |
server { | |
listen 80; | |
server_name sub.example.com; | |
server_tokens off; | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
location /.well-known/acme-challenge/ { | |
root /var/www/certbot; | |
} | |
} | |
server { | |
listen 80; | |
server_name wpad.example.com; | |
location /wpad.dat { | |
root /var/www/wpad/wpad.dat; | |
} | |
} | |
server { | |
listen 443 ssl; | |
server_name lib.example.com; | |
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
proxy_pass http://lib.myserver.inet:8081; | |
proxy_http_version 1.1; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
proxy_pass_request_headers on; | |
client_max_body_size 200M; | |
} | |
} | |
server { | |
listen 443 ssl; | |
server_name sub.example.com; | |
server_tokens off; | |
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
proxy_pass http://host.docker.internal:8090; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
client_max_body_size 100m; | |
} | |
location /synchrony { | |
proxy_pass http://host.docker.internal:8091/synchrony; | |
proxy_http_version 1.1; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.8" | |
services: | |
nginx: | |
image: nginx:mainline | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- ./data/nginx/conf:/etc/nginx/conf.d | |
- ./data/nginx/wpad:/var/www/wpad | |
- ./data/certbot/conf:/etc/letsencrypt | |
- ./data/certbot/www:/var/www/certbot | |
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" | |
restart: unless-stopped | |
extra_hosts: | |
- "host.docker.internal:host-gateway" | |
certbot: | |
image: certbot/certbot:latest | |
volumes: | |
- ./data/certbot/conf:/etc/letsencrypt | |
- ./data/certbot/www:/var/www/certbot | |
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" | |
restart: unless-stopped |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function FindProxyForURL(url, host) { | |
return "DIRECT"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment