bring up brewblogger without nginx
This commit is contained in:
@@ -3,6 +3,8 @@ running in a PHP-FPM container. BrewBlogger can be thought of as kind of an
|
||||
online version of ProMash or BeerSmith. (If you're not a homebrewer, those
|
||||
names probably mean nothing to you.)
|
||||
|
||||
*TODO:* need to update instructions for caddy-docker-proxy instead of nginx
|
||||
|
||||
Quick-and-dirty instructions to bring it up:
|
||||
|
||||
1. ```docker volume create brewblogger-html```
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
server
|
||||
{
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.beerandloafing.org;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
index index.php;
|
||||
|
||||
# add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
# add_header X-XSS-Protection "1; mode=block" always;
|
||||
# add_header X-Content-Type-Options "nosniff" always;
|
||||
# add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
||||
# add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
# enable strict transport security only if you understand the implications
|
||||
|
||||
location /
|
||||
{
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ [^/]\.php(/|$)
|
||||
{
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name)
|
||||
{
|
||||
return 404;
|
||||
}
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||||
|
||||
fastcgi_pass brewblogger.brewblogger:9000;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
}
|
||||
@@ -6,9 +6,21 @@ services:
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- brewblogger
|
||||
- www
|
||||
volumes:
|
||||
- brewblogger-html:/var/www/html
|
||||
depends_on:
|
||||
brewblogger-mariadb:
|
||||
condition: service_started
|
||||
labels:
|
||||
caddy: beerandloafing.org
|
||||
caddy.0_root: /var/www/brewblogger
|
||||
caddy.1_php_fastcgi: brewblogger.www:9000
|
||||
caddy.1_php_fastcgi.root: /var/www/html
|
||||
caddy.1_php_fastcgi.index: index.php
|
||||
caddy.3_log: brewblogger
|
||||
caddy.3_log.format: json
|
||||
caddy.2_file_server:
|
||||
|
||||
brewblogger-mariadb:
|
||||
image: mariadb
|
||||
@@ -22,34 +34,14 @@ services:
|
||||
networks:
|
||||
- brewblogger
|
||||
|
||||
brewblogger-nginx:
|
||||
image: nginx:alpine
|
||||
container_name: brewblogger-nginx
|
||||
restart: unless-stopped
|
||||
volumes_from:
|
||||
- brewblogger
|
||||
volumes:
|
||||
- ./container-nginx-conf:/etc/nginx/conf.d/brewblogger.conf
|
||||
networks:
|
||||
- brewblogger
|
||||
- www
|
||||
depends_on:
|
||||
brewblogger:
|
||||
condition: service_started
|
||||
labels:
|
||||
caddy: www.beerandloafing.org
|
||||
caddy.reverse_proxy: brewblogger-nginx.www:80
|
||||
caddy.log: brewblogger
|
||||
caddy.log.format: json
|
||||
|
||||
redirect-beerandloafing-org:
|
||||
container_name: redirect-beerandloafing.org
|
||||
redirect-www-beerandloafing-org:
|
||||
container_name: redirect-www-beerandloafing-org
|
||||
image: busybox:uclibc
|
||||
network_mode: none
|
||||
command: [ "tail", "-f", "/dev/null" ]
|
||||
labels:
|
||||
caddy: beerandloafing.org
|
||||
caddy.redir: https://www.beerandloafing.org{uri}
|
||||
caddy.redir: https://beerandloafing.org{uri}
|
||||
|
||||
networks:
|
||||
www:
|
||||
@@ -62,3 +54,5 @@ volumes:
|
||||
brewblogger-db:
|
||||
name: brewblogger-db
|
||||
external: true
|
||||
brewblogger-html:
|
||||
name: brewblogger-html
|
||||
|
||||
34
nginx-conf
34
nginx-conf
@@ -1,34 +0,0 @@
|
||||
server
|
||||
{
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.beerandloafing.org;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.beerandloafing.org;
|
||||
|
||||
include /etc/nginx/conf.d/ssl.inc;
|
||||
|
||||
location / {
|
||||
proxy_pass http://brewblogger-nginx.www;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host:443;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Websocket
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user