From d0fdd75ee685714adce422297589a21f8d0f5d7b Mon Sep 17 00:00:00 2001 From: Danilo Hoffmann Date: Mon, 27 Jan 2020 11:23:42 +0100 Subject: [PATCH] feat: use nginx with https upstream (#99) --- nginx/Dockerfile | 8 ++++---- nginx/README.md | 4 ++++ nginx/channel.conf.tmpl | 4 ++-- nginx/entrypoint.sh | 17 +++++++++++++++++ 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 3c689d699a..2ddfb9eadc 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,9 +1,9 @@ FROM ubuntu:latest as buildstep RUN echo "intalling nginx with mod-pagespeed" && \ apt-get update && \ - apt-get install -y curl build-essential zlib1g-dev libpcre3-dev unzip wget uuid-dev sudo && \ + apt-get install -y curl build-essential zlib1g-dev libpcre3-dev unzip wget uuid-dev sudo openssl libssl-dev && \ curl -kfL -sS https://ngxpagespeed.com/install > install.sh && \ - bash install.sh --nginx-version latest + bash install.sh --nginx-version latest --additional-nginx-configure-arguments '--with-http_ssl_module' FROM scratch as configstep COPY --from=nginx:mainline /etc/nginx /etc/nginx @@ -14,7 +14,7 @@ COPY 50x.html /usr/share/nginx/html/ FROM ubuntu:latest RUN apt-get update && \ - apt-get install -y gettext-base && \ + apt-get install -y gettext-base libssl1.1 && \ apt-get -y autoremove && \ apt-get clean && \ rm -r /var/cache/apt /var/lib/apt/lists @@ -22,6 +22,6 @@ COPY --from=buildstep /usr/local/nginx /usr/local/nginx COPY --from=configstep / / ENV NPSC_ENABLE_FILTERS=in_place_optimize_for_browser,prioritize_critical_css,inline_preview_images,lazyload_images,rewrite_images,rewrite_css,remove_comments,local_storage_cache,move_css_to_head,move_css_above_scripts,collapse_whitespace,combine_javascript,extend_cache NPSC_JsPreserveURLs=off NPSC_ImagePreserveURLs=on NPSC_ForceCaching=off -EXPOSE 80 +EXPOSE 80 443 ENTRYPOINT [ "sh", "entrypoint.sh" ] diff --git a/nginx/README.md b/nginx/README.md index 2cee977770..612f94e9f1 100644 --- a/nginx/README.md +++ b/nginx/README.md @@ -21,6 +21,10 @@ Basic environment variables: If you want to use fully qualified names here, do not forget to also add host mappings to your orchestrator name resolution. For `docker run` this can be done with `--add-host`. +If you are using http, the server will run on default port 80. +If you use https as an upstream, it will run on default port 443. +In the latter case you will also have to supply the files `server.key` and `server.crt` in the folder `/etx/nginx` (either by volume mapping with `docker run` or in the image itself by `docker build`). + Setup at least one PWA channel configuration: - use mandatory `PWA_X_SUBDOMAIN` for the channel sub domain diff --git a/nginx/channel.conf.tmpl b/nginx/channel.conf.tmpl index 6ed1bbf783..5f6d1547cf 100644 --- a/nginx/channel.conf.tmpl +++ b/nginx/channel.conf.tmpl @@ -1,12 +1,12 @@ server { - listen 80; server_name ~^$SUBDOMAIN\..+$; + include /etc/nginx/conf.d/listen.conf; location / { proxy_cache my_cache; proxy_cache_use_stale error timeout http_404 http_500 http_502 http_503 http_504; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/nginx/entrypoint.sh b/nginx/entrypoint.sh index 6f10b5c2c3..114db1366a 100644 --- a/nginx/entrypoint.sh +++ b/nginx/entrypoint.sh @@ -5,6 +5,23 @@ set -e [ -z "$UPSTREAM_PWA" ] && echo "UPSTREAM_PWA is not set" && exit 1 +if echo "$UPSTREAM_PWA" | grep -Eq '^https' +then + cat >/etc/nginx/conf.d/listen.conf </etc/nginx/conf.d/listen.conf +fi + [ -f "/etc/nginx/conf.d/default.conf" ] && rm /etc/nginx/conf.d/default.conf if [ -n "$UPSTREAM_ICM" ]