admin/it-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch reverse-proxy to Caddy and let it handle the certs

Browse Source 
Do this to simply the entire deployment.
This commit is contained in:
Julian Schacher
2024-02-15 14:58:27 +01:00
parent bcd065f42d
commit 89fda37a38
4 changed files with 8 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker_compose_applications/reverse-proxy/Caddyfile Normal file
View File

@@ -0,0 +1,3 @@
pdf.consider-it.de {
reverse_proxy 127.0.0.1:8080
}

9
docker_compose_applications/reverse-proxy/compose.yaml
View File

@@ -1,12 +1,13 @@
# Links & Resources # Links & Resources
# - https://hub.docker.com/_/nginx # - https://hub.docker.com/_/caddy
# - https://caddyserver.com/docs/
services: services:
caddy: caddy:
image: nginx image: caddy
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
- "./nginx.conf:/etc/nginx/nginx.conf:ro" - "./Caddyfile:/etc/caddy/Caddyfile:ro"
- "./conf.d/:/etc/nginx/conf.d/:ro" - "/ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data"

23
docker_compose_applications/reverse-proxy/conf.d/acme_challenge.conf
View File

@@ -1,23 +0,0 @@
map $host $upstream_acme_challenge_host {
pdf.consider-it.de 127.0.0.1:8000;
default "";
}
server {
listen 80 default_server;
location /.well-known/acme-challenge/ {
proxy_pass http://$upstream_acme_challenge_host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is http in any case.
proxy_set_header X-Forwarded-Proto http;
}
# Better safe than sorry.
# Don't do a permanent redirect to avoid acme challenge pain.
location / {
return 307 https://$host$request_uri;
}
}

50
docker_compose_applications/reverse-proxy/nginx.conf
View File

@@ -1,50 +0,0 @@
# Modified nginx.conf from nginx Docker container from 2024-02-07, via the
# following command:
# docker run --rm --pull=always --entrypoint=cat nginx /etc/nginx/nginx.conf > ./nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams.
stream {
map $ssl_preread_server_name $address {
pdf.consider-it.de 127.0.0.1:44300;
}
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}