bring up brewblogger without nginx
This commit is contained in:
@@ -3,6 +3,8 @@ running in a PHP-FPM container. BrewBlogger can be thought of as kind of an
|
|||||||
online version of ProMash or BeerSmith. (If you're not a homebrewer, those
|
online version of ProMash or BeerSmith. (If you're not a homebrewer, those
|
||||||
names probably mean nothing to you.)
|
names probably mean nothing to you.)
|
||||||
|
|
||||||
|
*TODO:* need to update instructions for caddy-docker-proxy instead of nginx
|
||||||
|
|
||||||
Quick-and-dirty instructions to bring it up:
|
Quick-and-dirty instructions to bring it up:
|
||||||
|
|
||||||
1. ```docker volume create brewblogger-html```
|
1. ```docker volume create brewblogger-html```
|
||||||
|
|||||||
@@ -1,40 +0,0 @@
|
|||||||
server
|
|
||||||
{
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name www.beerandloafing.org;
|
|
||||||
|
|
||||||
root /var/www/html;
|
|
||||||
|
|
||||||
index index.php;
|
|
||||||
|
|
||||||
# add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
# add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
# add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
# add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
||||||
# add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
# enable strict transport security only if you understand the implications
|
|
||||||
|
|
||||||
location /
|
|
||||||
{
|
|
||||||
try_files $uri $uri/ /index.php?$args;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ [^/]\.php(/|$)
|
|
||||||
{
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
if (!-f $document_root$fastcgi_script_name)
|
|
||||||
{
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
||||||
|
|
||||||
fastcgi_pass brewblogger.brewblogger:9000;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -6,9 +6,21 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- brewblogger
|
- brewblogger
|
||||||
|
- www
|
||||||
|
volumes:
|
||||||
|
- brewblogger-html:/var/www/html
|
||||||
depends_on:
|
depends_on:
|
||||||
brewblogger-mariadb:
|
brewblogger-mariadb:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
|
labels:
|
||||||
|
caddy: beerandloafing.org
|
||||||
|
caddy.0_root: /var/www/brewblogger
|
||||||
|
caddy.1_php_fastcgi: brewblogger.www:9000
|
||||||
|
caddy.1_php_fastcgi.root: /var/www/html
|
||||||
|
caddy.1_php_fastcgi.index: index.php
|
||||||
|
caddy.3_log: brewblogger
|
||||||
|
caddy.3_log.format: json
|
||||||
|
caddy.2_file_server:
|
||||||
|
|
||||||
brewblogger-mariadb:
|
brewblogger-mariadb:
|
||||||
image: mariadb
|
image: mariadb
|
||||||
@@ -22,34 +34,14 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- brewblogger
|
- brewblogger
|
||||||
|
|
||||||
brewblogger-nginx:
|
redirect-www-beerandloafing-org:
|
||||||
image: nginx:alpine
|
container_name: redirect-www-beerandloafing-org
|
||||||
container_name: brewblogger-nginx
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes_from:
|
|
||||||
- brewblogger
|
|
||||||
volumes:
|
|
||||||
- ./container-nginx-conf:/etc/nginx/conf.d/brewblogger.conf
|
|
||||||
networks:
|
|
||||||
- brewblogger
|
|
||||||
- www
|
|
||||||
depends_on:
|
|
||||||
brewblogger:
|
|
||||||
condition: service_started
|
|
||||||
labels:
|
|
||||||
caddy: www.beerandloafing.org
|
|
||||||
caddy.reverse_proxy: brewblogger-nginx.www:80
|
|
||||||
caddy.log: brewblogger
|
|
||||||
caddy.log.format: json
|
|
||||||
|
|
||||||
redirect-beerandloafing-org:
|
|
||||||
container_name: redirect-beerandloafing.org
|
|
||||||
image: busybox:uclibc
|
image: busybox:uclibc
|
||||||
network_mode: none
|
network_mode: none
|
||||||
command: [ "tail", "-f", "/dev/null" ]
|
command: [ "tail", "-f", "/dev/null" ]
|
||||||
labels:
|
labels:
|
||||||
caddy: beerandloafing.org
|
caddy: beerandloafing.org
|
||||||
caddy.redir: https://www.beerandloafing.org{uri}
|
caddy.redir: https://beerandloafing.org{uri}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
www:
|
www:
|
||||||
@@ -62,3 +54,5 @@ volumes:
|
|||||||
brewblogger-db:
|
brewblogger-db:
|
||||||
name: brewblogger-db
|
name: brewblogger-db
|
||||||
external: true
|
external: true
|
||||||
|
brewblogger-html:
|
||||||
|
name: brewblogger-html
|
||||||
|
|||||||
34
nginx-conf
34
nginx-conf
@@ -1,34 +0,0 @@
|
|||||||
server
|
|
||||||
{
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name www.beerandloafing.org;
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server
|
|
||||||
{
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name www.beerandloafing.org;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/ssl.inc;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://brewblogger-nginx.www;
|
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host $host:443;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
proxy_set_header X-Forwarded-Port 443;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
|
|
||||||
# Websocket
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "Upgrade";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user