added ssl example

docker-compose.yml

@@ -9,6 +9,10 @@ services:
       - backend
     ports:
       - "80:80"
+  # add these lines for https
+  #      - "443:443"
+  #    volumes:
+  #      - ./nginx:/etc/nginx/conf.d
 
   frontend:
     image: openmrs/openmrs-reference-application-3-frontend:${TAG:-qa}
@@ -19,7 +23,7 @@ services:
       SPA_CONFIG_URLS: /openmrs/spa/config-core_demo.json
       SPA_DEFAULT_LOCALE:
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/"]
+      test: [ "CMD", "curl", "-f", "http://localhost/" ]
       timeout: 5s
     depends_on:
       - backend
@@ -38,7 +42,7 @@ services:
       OMRS_CONFIG_CONNECTION_USERNAME: ${OPENMRS_DB_USER:-openmrs}
       OMRS_CONFIG_CONNECTION_PASSWORD: ${OPENMRS_DB_PASSWORD:-openmrs}
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/openmrs"]
+      test: [ "CMD", "curl", "-f", "http://localhost:8080/openmrs" ]
       timeout: 5s
     volumes:
       - openmrs-data:/openmrs/data

gateway/ssl.conf

@@ -0,0 +1,93 @@
+# to run the openmrs application using ssl certificates
+# modify the 'your.server.name' to your domainname in this file
+# create a 'nginx' directory where your docker.compose.yaml file is located
+# copy into this directory:
+#   1. this file
+#   2. certificate.crt
+#   3. private.key
+#
+# un-comment the lines in docker.compose under the gateway service
+# restart with: docker compose up
+
+server {
+        listen 80;
+        server_name your.server.name;
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+
+server {
+  listen       443 ssl;
+  server_name your.server.name;
+
+	ssl_certificate /etc/nginx/conf.d/certificate.crt;
+        ssl_certificate_key /etc/nginx/conf.d/private.key;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers HIGH:!aNULL:!MD5;
+
+
+  add_header X-XSS-Protection "1; mode=block";
+  add_header Content-Security-Policy $csp_header;
+  add_header X-Content-Type-Options nosniff;
+
+  proxy_set_header      HOST $host;
+  proxy_set_header      X-Forwarded-Proto $forwarded_proto;
+  proxy_set_header      X-Real-IP $forwarded_ip;
+  proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+  # if serving this via HTTPS, the following is recommended
+  # proxy_cookie_flags      $var_proxy_cookie_flags;
+  proxy_http_version    1.1;
+
+  gzip on;
+  gzip_vary on;
+  # 1 KiB
+  gzip_min_length 1024;
+  gzip_proxied any;
+  gzip_http_version 1.0;
+  gzip_types  font/eot
+              font/otf
+              font/ttf
+              image/svg+xml
+              text/css
+              text/html
+              text/javascript
+              text/plain
+              text/xml
+              application/atom+xml
+              application/geo+json
+              application/importmap+json
+              application/javascript
+              application/x-javascript
+              application/json
+              application/ld+json
+              application/fhir+json
+              application/fhir+xml
+              application/manifest+json
+              application/rdf+xml
+              application/rss+xml
+              application/xhtml+xml
+              application/xml;
+
+  # all redirects are relative to the gateway
+  absolute_redirect off;
+
+  location = /openmrs/spa {
+    return 301 /openmrs/spa/;
+  }
+
+  location /openmrs/spa/ {
+    proxy_pass http://frontend/;
+    proxy_redirect http://$host/ /openmrs/spa/;
+  }
+
+  location /openmrs {
+    proxy_pass http://backend;
+  }
+
+  location = / {
+    return 301 /openmrs/spa/;
+  }
+}