Skip to content

Commit

Permalink
Обновлён Dockerfile для правильной подстановки переменных в конфиг nginx
Browse files Browse the repository at this point in the history
  • Loading branch information
@devops-from-root
devops-from-root committed Aug 12, 2024
1 parent 7b87dbe commit 44ad271
Showing 1 changed file with 31 additions and 28 deletions.
59 changes: 31 additions & 28 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,43 @@
# docker build -t nginx-proxy . && docker run -d -p 443:443 -e BACK_URI backend:12345 --name nginx-proxy nginx-proxy

FROM ghcr.io/devops-from-root/alpine:main

# Устанавливаем значения переменных
ARG BACK_URI=localhost
ENV BACK_URI=${BACK_URI}
ENV BACK_URI=localhost

# Устанавливаем необходимые пакеты
RUN apk add --no-cache openssl netcat-openbsd nginx
RUN apk add --no-cache openssl curl netcat-openbsd nginx

# Создаем директорию для сертификатов
RUN mkdir -p /etc/nginx/ssl

# Генерируем самоподписанный сертификат
RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/CN=localhost"

# Создаем конфигурацию nginx через echo
RUN cat <<EOF > /etc/nginx/nginx.conf
events {}

http {
server {
listen 443 ssl;
server_name _default;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
proxy_pass http://${BACK_URI};
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
}
EOF

# Запуск Nginx
CMD ["nginx", "-g", "daemon off;"]
# Генерируем конфиг nginx
RUN echo -e "events {}\n\
http {\n\
server {\n\
listen 443 ssl;\n\
ssl_certificate /etc/nginx/ssl/nginx.crt;\n\
ssl_certificate_key /etc/nginx/ssl/nginx.key;\n\
ssl_protocols TLSv1.2 TLSv1.3;\
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';\
ssl_prefer_server_ciphers on;\
location / {\n\
proxy_pass http://localhost;\n\
proxy_set_header Host \$host;\n\
proxy_set_header X-Real-IP \$remote_addr;\n\
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n\
proxy_set_header X-Forwarded-Proto \$scheme;\n\
}\n\
access_log /proc/self/fd/1;\
error_log /proc/self/fd/2;\
}\n\
}" > /etc/nginx/nginx.conf

# Открываем порт 443
EXPOSE 443

# Заменяем в конфиге localhost на значение переменной BACK_URI и запускаем nginx
CMD /bin/sh -c "sed -i 's/localhost/'$BACK_URI'/g' /etc/nginx/nginx.conf && nginx -g 'daemon off;'"

0 comments on commit 44ad271

Please sign in to comment.