jude/reminder-bot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 3 Wiki Activity

WIP Use nginx to serve a self-signed cert

Browse Source
This commit is contained in:
jude
2025-11-05 18:52:36 +00:00
parent 901cf575c4
commit c3536b49c8
2 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
compose.yaml
View File

@@ -39,5 +39,32 @@ services:
ports:
- "18920:18920"
nginx:
image: nginx:alpine
restart: always
depends_on:
- bot
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/selfsigned.conf:/etc/nginx/conf.d/default.conf:ro
- nginx_certs:/etc/nginx/certs
entrypoint:
- "/bin/sh"
- "-c"
command: |
set -e
apk add --no-cache openssl
mkdir -p /etc/nginx/certs
if [ ! -f /etc/nginx/certs/selfsigned.key ] || [ ! -f /etc/nginx/certs/selfsigned.crt ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/nginx/certs/selfsigned.key \
-out /etc/nginx/certs/selfsigned.crt \
-subj "/CN=localhost"
fi
exec nginx -g 'daemon off;'
volumes:
reminders:
nginx_certs:

40
nginx/selfsigned.conf Normal file
View File

@@ -0,0 +1,40 @@
# Nginx configuration for local development with self-signed TLS
# Proxies HTTPS traffic to the Rocket dashboard running in the `bot` service.
# Redirect all HTTP to HTTPS
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/certs/selfsigned.crt;
ssl_certificate_key /etc/nginx/certs/selfsigned.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_max_body_size 10M;
location / {
proxy_pass http://bot:18920;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static {
proxy_pass http://bot:18920/static;
expires 30d;
}
}