mykitserver/docker-limesurvey
1
0
Fork 0
mirror of https://github.com/mykitserver/docker-limesurvey.git synced 2025-12-06 16:39:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added configuration which adds Nginx with Letsencrypt certificate

Browse Source
This commit is contained in:
Christian Lerrahn
2020-04-28 18:45:15 +10:00
parent 4a44c06b6e
commit 51f229262d
4 changed files with 141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docker-compose.fpm-certbot.yml Normal file
View File

@@ -0,0 +1,49 @@
version: "3.0"
services:
limesurvey:
build:
context: 4.0/fpm/
dockerfile: Dockerfile
volumes:
- /tmp/upload/surveys:/var/www/html/upload/surveys
- lime:/var/www/html
links:
- lime-db
depends_on:
- lime-db
environment:
- "DB_HOST=lime-db"
- "DB_PASSWORD=secret"
- "ADMIN_PASSWORD=foobar"
lime-web:
build:
context: nginx-certbot/
dockerfile: Dockerfile
links:
- limesurvey
ports:
- "80:80"
- "443:443"
volumes:
- ./examples/nginx-certbot.conf:/etc/nginx/nginx.conf:ro
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
- lime:/var/www/html
environment:
- "HOSTNAMES=www.example.com example.com"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
lime-db:
image: mysql:5.7
environment:
- "MYSQL_USER=limesurvey"
- "MYSQL_DATABASE=limesurvey"
- "MYSQL_PASSWORD=secret"
- "MYSQL_ROOT_PASSWORD=secret"
volumes:
lime:

57
examples/nginx-certbot.conf Normal file
View File

@@ -0,0 +1,57 @@
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name _;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
index index.php;
set $host_path "/var/www/html";
root /var/www/html;
server_name _;
charset utf-8;
include /etc/nginx/mime.types;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
try_files $uri index.php;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass limesurvey:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
}

10
nginx-certbot/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM nginx
RUN apt-get update && \
apt-get install -y certbot curl python-certbot-nginx && \
apt-get -y autoclean; apt-get -y autoremove; \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh /entrypoint.sh
RUN chmod 700 /entrypoint.sh
CMD ["/entrypoint.sh"]

25
nginx-certbot/entrypoint.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
mkdir -p cert_path
# if there is no certificate yet, get one
email="--email $CERT_EMAIL"
if [ -z $CERT_EMAIL ]
then
email='--register-unsafely-without-email'
fi
if [ ! -e $cert_path/privkey.pem ]
then
names=""
for h in $HOSTNAMES
do
names=$(echo "$names -d $h")
done
echo "Getting new certificate..."
/usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
/usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
/usr/bin/certbot certonly --standalone $names --agree-tos $email
fi
nginx -g "daemon off;"