Last active
October 12, 2020 00:06
-
-
Save jakubfijalkowski/cbebd432cfbd29de9051a9b265a53ced to your computer and use it in GitHub Desktop.
Reverse-proxy yourself to localhost with SSL/TLS - https://www.codinginfinity.me/post/2019-01-04/reverse_proxy_yourself_to_localhost_with_ssltls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
docker build \ | |
-t proxy-with-ssl \ | |
--build-arg OVH_AK=$OVH_AK \ | |
--build-arg OVH_AS=$OVH_AS \ | |
--build-arg OVH_CK=$OVH_CK \ | |
. | |
docker-compose up |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3" | |
services: | |
backend: | |
image: nginx | |
environment: | |
- VIRTUAL_HOST=backend.local.codinginfinity.xyz | |
# Why would you create separate Dockerfiles when you can abuse the | |
# entrypoint? ;) | |
entrypoint: >- | |
/bin/sh -c 'echo backend > /usr/share/nginx/html/index.html && | |
nginx -g "daemon off;"' | |
frontend: | |
image: nginx | |
environment: | |
- VIRTUAL_HOST=local.codinginfinity.xyz | |
entrypoint: >- | |
/bin/sh -c 'echo frontend > /usr/share/nginx/html/index.html && | |
nginx -g "daemon off;"' | |
proxy: | |
image: proxy-with-ssl | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- /var/run/docker.sock:/tmp/docker.sock:ro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM neilpang/acme.sh AS cert | |
ARG OVH_AK | |
ARG OVH_AS | |
ARG OVH_CK | |
# Re-export args as ENV | |
ENV OVH_AK=${OVH_AK} | |
ENV OVH_AS=${OVH_AS} | |
ENV OVH_CK=${OVH_CK} | |
# Issue & export the certificate | |
# This has to be done in a single RUN statement as the base image marks /acme.sh | |
# as VOLUME so it will be purged after the statement (and we cannot mount | |
# volumes during build phase) | |
RUN mkdir /export | |
RUN acme.sh --issue \ | |
--dns dns_ovh \ | |
-d 'local.codinginfinity.xyz' -d '*.local.codinginfinity.xyz' && \ | |
\ | |
acme.sh --install-cert -d 'local.codinginfinity.xyz' \ | |
--key-file /export/key.pem \ | |
--fullchain-file /export/fullchain.pem | |
# And the final proxy | |
FROM jwilder/nginx-proxy:alpine | |
COPY --from=cert /export/fullchain.pem /etc/nginx/certs/local.codinginfinity.xyz.crt | |
COPY --from=cert /export/key.pem /etc/nginx/certs/local.codinginfinity.xyz.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment