diff --git a/nginx/nginx_https/docker-compose.yml b/nginx/nginx_https/docker-compose.yml new file mode 100644 index 00000000..78e4b390 --- /dev/null +++ b/nginx/nginx_https/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3' +services: + nginx: + image: nginx:1.20 + container_name: nginx + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - ./ssl:/etc/nginx/ssl + ports: + - 80:80 + - 443:443 + + app: + image: python:3.7 + container_name: app + expose: + - "80" + command: python3 -m http.server 80 diff --git a/nginx/nginx_https/nginx.conf b/nginx/nginx_https/nginx.conf new file mode 100644 index 00000000..aba04d32 --- /dev/null +++ b/nginx/nginx_https/nginx.conf @@ -0,0 +1,55 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + #include /etc/nginx/conf.d/*.conf; + + upstream backend { + server app:80; + } + + server { + listen 80; + location / { + proxy_pass http://backend; + } + } + + server { + listen 443 ssl; + + ssl_trusted_certificate /etc/nginx/ssl/server.crt; + ssl_certificate /etc/nginx/ssl/server.crt; + ssl_certificate_key /etc/nginx/ssl/server.key; + location / { + proxy_pass http://backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +} \ No newline at end of file diff --git a/nginx/nginx_https/ssl/gen_certs.sh b/nginx/nginx_https/ssl/gen_certs.sh new file mode 100644 index 00000000..6eebb504 --- /dev/null +++ b/nginx/nginx_https/ssl/gen_certs.sh @@ -0,0 +1,9 @@ +openssl req \ + -x509 \ + -nodes \ + -days 3650 \ + -newkey rsa:2048 \ + -keyout /root/server.key \ + -out /root/server.crt + +# Enter "*.com" (without quotes) as "Common Name" diff --git a/nginx/nginx_https/ssl/server.crt b/nginx/nginx_https/ssl/server.crt new file mode 100644 index 00000000..93008b98 --- /dev/null +++ b/nginx/nginx_https/ssl/server.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIURFu7iX8+iLUXefTUMhV5HkviJJ8wDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQowCAYDVQQHDAFPMQowCAYD +VQQKDAFPMQowCAYDVQQLDAFPMQ4wDAYDVQQDDAUqLmNvbTAeFw0yMjAyMDIyMzU0 +MjFaFw0zMjAxMzEyMzU0MjFaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEK +MAgGA1UEBwwBTzEKMAgGA1UECgwBTzEKMAgGA1UECwwBTzEOMAwGA1UEAwwFKi5j +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRVhWlCMpKJAaWVI+U +aOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUdqt1E +gGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubqnqSX +DC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5ndg5+L +OnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe89vN +Cm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+Ojuh +3n2NAgMBAAGjUzBRMB0GA1UdDgQWBBQkfe744BxH3XaZlWvXq54YFmp9MDAfBgNV +HSMEGDAWgBQkfe744BxH3XaZlWvXq54YFmp9MDAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCuH6jvESJQAzBGnKTHNlLmaX5OWJ2tFx78mRkLgbPC +kL1uTwH7aQfga+TjnEPT5rSftnATaR0k8vxLSIT3KEpHrFZ4hHr1UwqikJGkmAYa +TlFXLvX8eX8bo6NxECHz7OBOGzvUxBY9tm7NdojHk7XfOY5gJSbnpFQxNcdpk7jd +y56nqAI/zhaDoCcrdxpvEBT657+NAaBfCJeH8ivudAQffaAJ9/c68HWHCr+tyQQw +Vr6s6QMMKAZWJhUNKFVhNZczT+WcpqbQEuab1LJsut4pm72CUayq92vm7+jwiyCP +TaKrNkcWug74xzzxvZtvtAO8rKRjyI/VZRB8sT6W2ey6 +-----END CERTIFICATE----- diff --git a/nginx/nginx_https/ssl/server.key b/nginx/nginx_https/ssl/server.key new file mode 100644 index 00000000..2b40a12f --- /dev/null +++ b/nginx/nginx_https/ssl/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRVhWlCMpKJAaW +VI+UaOF82vttfGECi28ZdUqgeaQnniOxGC2fQ66pJSmltTiYVTH3IRRbax/pGgUd +qt1EgGB2jLqqbcqMxlzg4mSThO/cT2/3cFjoeOyg6yC2RjB8FjTjFrkWqiEenubq +nqSXDC7XB6icYuimRPhMCLhC6GX/nPwfTMc98vzi9icOVZet84s5pReRQcSEd5nd +g5+LOnCgivwFSXsjVZudpojXmdZ2Izb9fVQAhKZTgHe62rF1RZ2wkAmnOo1Haybe +89vNCm8lbIcoQKgPFlsqt3fa1kL80opHwrj6wDVMZ1dXGLULZ1EdGowymgso29o+ +Ojuh3n2NAgMBAAECggEBAKXxh9b70OBVDqO9BNSxD47aSNXR81UBE2ErCa2MwARn +6ANLF19ZV+vd+dXSgrq/ToyJPIn7saAncEbEXAMhgVZ42MChqB9QX/Alh3UpvLr4 +fdm4xcIDmhE2UwgrO+Qh9mrOaIr+8qJDdOooOHFExxzOhWrzPVoQ8oPTpb3kXHbz +nB9OiTertbw4YHABx9+7Xg+L3d/4+69khYaG369HonnJMc/4YIsgHhomv7x1fWzg +LSSIiUyHMnhPss8hWAL0YBIkfB+XwwEJ1tt45QZCr2GVICZ+AzU1j6DnxM4/V8lF +QWZq2FiwbWvXLo89m4ZrqfhgzxoTK9cuULw37fPv2gECgYEA6aLidpJ6UwvNZRkL +soOV0UfWKAJoAt5L6Uz6J32rg1jIKSKg5qzk7dp2u24iVriCA8chOnVia90bpbQ5 +gTX3zNlpBedly7rZvZQJnbr82xFBkJfRU5AZ90W+RLWPijAZjp5MYKBEuVbs84Q9 +eFpZT/nz563isJo6In5vSay8KHkCgYEA5V++PWbawXQ4x2+PyglQunFTZy6M/Fha +QtdGqL87bK6Xo9my/As2NhvH/2HLGgXcXGxq2ppE2E59NOZIsUpcEj9Hvhyb5e5E +0Rn0kX1Rq417xIVn8zBqgjd8DKQc07ih6JqANNtste0ZIGHQ2xC7xTKNBYTxCXTh +EVc0n0XM4LUCgYBssu7AEdg9qQEPpz5s+JGMg+qcRLpVk00oJzs/glV4z6aYlNbd +W9VK4FhbTZtGU6OR1GSeSRzYaE/DoX0bo5s9wGz/ZTBUQAOsEyMCMowP9BBYEHpA +cYvTIqyqVPqKZWSOmRGZ5xbyUAIALidXRlnFPtp+kMUmOysO/1oRof8MqQKBgQCe +miltQ6WXhsmL/bQrO226vYmyGxoZku42sayGGlT4vXDVNz7v0MDXgTY1fGV3xP2u +Wrk4FtvrxboFzgYNsSEg7OiqqBWUU8D55TybLVA/k0E1jhlmqt+60qrQAtp7+3rY +35wu8FqnIR7yqTBFibiMjnu8iUQyCcNmvioAx7720QKBgQC9pafeUYCRYlz0mYFN +p4S4GPKO7E2s/UVt/c9PLWMFoSqc07VosuY4JgmYLFsB1lnOL3WvxP3A+8If1NEz +xJ7bpLcTIxwvabJBDgkcCVHJo3J46ze/gIMppu7J9SuGYc0Yr4gcZcF9jiPxdFxE +3WTHcQzWfnv1cSEfzWLHk2zAbg== +-----END PRIVATE KEY-----