feat: Add cron job and SSL configuration in nginx Dockerfile

Armadillidiid · Mar 9, 2024 · f3a54a5 · f3a54a5
1 parent 3816e80
commit f3a54a5
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 8 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -70,6 +70,7 @@ jobs:
             echo 'export DJANGO_CSRF_TRUSTED_ORIGINS="${{ secrets.DJANGO_CSRF_TRUSTED_ORIGINS }}"' >> export-env
             echo 'export SERVER_NAME="${{ vars.SERVER_NAME }}"' >> export-env
             echo 'export CERTBOT_EMAIL="${{ secrets.CERTBOT_EMAIL }}"' >> export-env
+            echo 'export IS_SSL_ACQUIRED="${{ vars.IS_SSL_ACQUIRED }}"' >> export-env
 
             echo 'export ECR_REGISTRY="${{ steps.login-ecr.outputs.registry }}"' > export-ecr
             echo 'export ECR_REPOSITORY="${{ env.ECR_REPOSITORY }}"' >> export-ecr

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -45,21 +45,19 @@ services:
       retries: 5
 
   web-server:
-    # image: nginx:1.25.4
     build: ./nginx/
     container_name: nginx
     ports:
       - "80:80"
       - "443:443"
+    args:
+      - IS_SSL_ACQUIRED=${IS_SSL_ACQUIRED}
     environment:
       - APP_HOST=app
       - APP_PORT=8000
       - SERVER_NAME=${SERVER_NAME}
       - CERTBOT_EMAIL=${CERTBOT_EMAIL}
     volumes:
-      - ./nginx/proxy_params:/etc/nginx/proxy_params
-      - ./nginx/default.conf.template:/etc/nginx/templates/default.conf.template
-      # - ./nginx/start.sh:/docker-entrypoint.d/nginx-start.sh
       - static-data:/app/staticfiles
       - media-data:/app/media
       - ./data/certbot/conf:/etc/letsencrypt

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -1,4 +1,21 @@
 FROM nginx:1.25.4
 
-# COPY ./start.sh /docker-entrypoint.d/
-# RUN chmod +x /docker-entrypoint.d/start.sh
+# Add cron job to reload nginx every 24 hours
+RUN echo "0 0 * * * root docker exec -it nginx nginx -s reload" > /etc/cron.d/nginx-job
+
+# Download extra SSL configuration files
+RUN curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /options-ssl-nginx.conf && \
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /ssl-dhparams.pem
+
+# Set the default environment variable
+ARG IS_SSL_ACQUIRED
+
+# Copy template file based on SSL certificate acquisition
+RUN if [ "$IS_SSL_ACQUIRED" = "true" ]; then \
+  cp ./default.conf.template /etc/nginx/templates/default.conf.template; \
+  else \
+  cp ./default.staging.conf.template /etc/nginx/templates/default.conf.template; \
+  fi
+
+# COPY proxy params
+COPY ./proxy_params /etc/nginx/proxy_params
diff --git a/nginx/default.conf.template b/nginx/default.conf.template
@@ -19,8 +19,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
 
-    include /etc/letsencrypt/options-ssl-nginx.conf;
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    include /options-ssl-nginx.conf;
+    ssl_dhparam /ssl-dhparams.pem;
 
     location /static {
         alias /app/staticfiles/;

diff --git a/nginx/default.staging.conf.template b/nginx/default.staging.conf.template
@@ -0,0 +1,12 @@
+server {
+  listen 80;
+  server_name ${SERVER_NAME};
+
+  location /.well-known/acme-challenge/ {
+    root /var/www/certbot;
+  }
+
+  location / {
+      return 301 https://$host$request_uri;
+  }
+}