Addresses comments in PR. Fixes typo in docker-compose. Changes mount of static files to RO. Adds example and brief explaination for haproxy certificates. Fixes whitespaces in nginx.conf

This commit is contained in:
muccid 2019-08-26 09:04:47 +03:00
parent 7f0b52e9e1
commit 2793e24b5b
4 changed files with 6 additions and 7 deletions

View File

@ -22,4 +22,5 @@ HAproxy, unlike Apache, Nginx and others, does not provide you with a webserver
* Build the Docker image. `docker build -t local/nginx .` * Build the Docker image. `docker build -t local/nginx .`
* Start the container. `docker-compose up -d`. Note that if you want to run Nginx on a different port, you will have to change the port both in the `docker-compose.yml` and in `haproxy.cfg`. * Start the container. `docker-compose up -d`. Note that if you want to run Nginx on a different port, you will have to change the port both in the `docker-compose.yml` and in `haproxy.cfg`.
* Start HAproxy with the proposed configuration. * If you don't want to use a wildcard certificate, you will need to modify the corresponding line in the HTTPS frontent and add the paths of all the specific certificates (as for the commented example in `haproxy.cfg`).
* Start HAproxy with the proposed configuration.

View File

@ -1,8 +1,8 @@
version: '3' version: '3'
services: services:
neginx: nginx:
image: local/nginx image: local/nginx
ports: ports:
- 40888:80 - 40888:80
volumes: volumes:
- /matrix/static-files:/var/www/:rw - /matrix/static-files:/var/www/:ro

View File

@ -39,6 +39,7 @@ frontend https-frontend
# HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use # HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use
# cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem # cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem
bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem
#bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem
reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Proto:\ https
option httplog option httplog
option http-server-close option http-server-close

View File

@ -1,5 +1,4 @@
worker_processes auto; worker_processes auto;
daemon off; daemon off;
events { events {
@ -12,7 +11,5 @@ http {
listen 80; listen 80;
index index.html; index index.html;
root /var/www; root /var/www;
}
}
} }