il y a 4 ans · 17e89295e3
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
 
				
				 /data*
			
 
				
				 
			
 
				
				 /nginx/log*
			
 
				
				-/nginx/ssl*
			
 
				
				 /nginx/sites-available*
			
 
				
				 /nginx/sites-enabled*
			
 
				
				 /nginx/letsencrypt/live/*
			
--- a/README.md
+++ b/README.md
@@ -175,7 +175,7 @@ For more information on what rake commands can be executed, see scalelite docume
 
				
				 
			
 
				
				 #### Build your own image
			
 
				
				 
			
 
				
				-If you don;t have access to the DockerHub registry, you can always build your own image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
			
 
				
				+If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
			
 
				
				 
			
 
				
				 ```
			
 
				
				 cd <YOUR ROOT>/scalelite
			
@@ -190,3 +190,29 @@ cd <YOUR ROOT>/scalelite
 
				
				 ```
			
 
				
				 
			
 
				
				 Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml.
			
 
				
				+
			
 
				
				+#### Setup SSL certificate from a CA other than letsencrypt
			
 
				
				+
			
 
				
				+For adding an SSL certificate from an CA other than letsencrypt,
			
 
				
				+
			
 
				
				+1. DO NOT execute the `./init-letsencrypt.sh` script
			
 
				
				+
			
 
				
				+2. Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as fullchain.pem and privkey.pem.
			
 
				
				+E.g.
			
 
				
				+```
			
 
				
				+cd ~/
			
 
				
				+cat your_domain_name.crt Intermediate.crt >> bundle.crt
			
 
				
				+cp bundle.crt <YOUR ROOT>/scalelite/nginx/ssl/fullchain.pem
			
 
				
				+cp private.key <YOUR ROOT>/scalelite/nginx/ssl/privkey.pem
			
 
				
				+```
			
 
				
				+
			
 
				
				+3. Edit the template for nginx.
			
 
				
				+```
			
 
				
				+cd <YOUR ROOT>/scalelite
			
 
				
				+vi nginx/sites.template
			
 
				
				+```
			
 
				
				+Comment the lines referencing the letsencrypt Certificate and uncomment the other two
			
 
				
				+
			
 
				
				+4. Comment out in `docker-compose.yml` the certbot container.
			
 
				
				+
			
 
				
				+5. Start the containers as usual.
			
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,8 +14,11 @@ services:
 
				
				       - ./nginx/sites.template:/etc/nginx/sites-available/sites.template
			
 
				
				       - ./nginx/default/html:/var/www/html
			
 
				
				       - ./nginx/log/nginx:/var/log/nginx
			
 
				
				+## Configuration for Letsencrypt SSL Certificate
			
 
				
				       - ./data/certbot/conf:/etc/letsencrypt
			
 
				
				       - ./data/certbot/www:/var/www/certbot
			
 
				
				+## Configuration for Letsencrypt SSL Certificate
			
 
				
				+#      - ./nginx/ssl/:/etc/ssl
			
 
				
				     ports:
			
 
				
				       - "80:80"
			
 
				
				       - "443:443"
			
@@ -26,6 +29,8 @@ services:
 
				
				     command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
			
 
				
				 
			
 
				
				 
			
 
				
				+## Configuration for Letsencrypt SSL Certificate
			
 
				
				+## comment out when using an SSL Certificate from a CA other than Letsencrypt
			
 
				
				   certbot:
			
 
				
				     image: certbot/certbot
			
 
				
				     volumes:
			
@@ -35,7 +40,7 @@ services:
 
				
				 
			
 
				
				 
			
 
				
				   redis:
			
 
				
				-    image: redis
			
 
				
				+    image: redis:5.0-alpine
			
 
				
				     restart: "no"
			
 
				
				     ports:
			
 
				
				       - 127.0.0.1:6379:6379
			
@@ -44,17 +49,16 @@ services:
 
				
				 
			
 
				
				 
			
 
				
				   postgres:
			
 
				
				-    image: postgres:9.5
			
 
				
				+    image: postgres:11.7-alpine
			
 
				
				     restart: "no"
			
 
				
				     ports:
			
 
				
				       - 127.0.0.1:5432:5432
			
 
				
				     volumes:
			
 
				
				       - ./data/postgres/:/var/lib/postgresql/data
			
 
				
				     environment:
			
 
				
				-      - PGHOST=postgres
			
 
				
				-      - PGDATABASE=postgres
			
 
				
				-      - PGUSER=postgres
			
 
				
				-      - PGPASSWORD=password
			
 
				
				+      - POSTGRES_DB=postgres
			
 
				
				+      - POSTGRES_USER=postgres
			
 
				
				+      - POSTGRES_PASSWORD=password
			
 
				
				 
			
 
				
				 
			
 
				
				   scalelite.api:
			
--- a/nginx/sites.template
+++ b/nginx/sites.template
@@ -25,9 +25,14 @@ server {
 
				
				     listen 443 ssl;
			
 
				
				     listen [::]:443;
			
 
				
				 
			
 
				
				+    ## Configuration for Letsencrypt SSL Certificate
			
 
				
				     ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
			
 
				
				     ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
			
 
				
				 
			
 
				
				+    ## Configuration for SSL Certificate from a CA other than Letsencrypt
			
 
				
				+    #ssl_certificate /etc/ssl/fullchain.pem;
			
 
				
				+    #ssl_certificate_key /etc/ssl/privkey.pem;
			
 
				
				+
			
 
				
				     location / {
			
 
				
				             proxy_pass  http://docker-scalelite;
			
 
				
				             proxy_read_timeout 60s;
			
--- a/nginx/ssl/.placeholder_for_ssl_certificates
+++ b/nginx/ssl/.placeholder_for_ssl_certificates