-
Latest
nginx
image is used in thisDockerfile
-
Domain name is set as an environmental variable. If an
IP
is used then certbot will fail to create certificates andself-signed
ones will be used forHTTPS
-
The execution mode is set as an environmental variable. If
production
mode is used then certbot certificates will be installed, else if,development
mode is used then self-signed ones will be installed -
The cert-staging flag is set as an environmental variable. Set to 1 to test your setup to avoid hitting
Let's enrcypt
's request limit -
certbot
andcron
are installed, to handle the certificates installation and their renewal -
The nginx configuration files are copied to the image
-
The build scripts are copied to docker-entrypoint.d directory to be executed by nginx's entrypoint
-
Change working directory to /etc/nginx
-
The ports 80 and 443 are exposed
-
To ensure the persistence of the database volumes are mounted
-
The nginx configuration is split into multiple
.conf
files to be more clear:
base.conf contains the server blocks that listen to port 80 and 443
base.conf redirects requests from port 80 to 443
base.conf imports upstream_server.config
base.conf imports ssl.conf, with paths to certificates and base SSL parameters
base.conf imports common_headers.conf
common_headers.conf includes basic common headers
base.conf imports locations.conf
locations.conf contains the locations from main.conf
main.conf is renamed to locations.conf by configurate.sh script
main.conf imports common_proxy_headers.conf
common_proxy_headers.conf includes basic proxy headers
base.conf imports errors.conf
errors.conf redirects to error pages in case of an error
-
During the container build the script
environment.sh
is executed first which usesenvsubst
to load environmental variables to nginx config files, likePROJECT_DOMAIN
-
The second script that is executed is named
configurate.sh
and manages the nginx configuration by coping all.conf
files fromCONFIG_DIR
directory to nginx installation directory -
The last script, named
certificates.sh
, installsself-signed
certificates andDiffie Hellman key
in case there are non, to ensure that nginx will start properly (nginx failes to start if certs are missing). Then it tries to create certbot certificates and copy them to SSL directory of nginx. Also startscron
that handles the auto-renewal of them
-
Select a
nginx
image version in case the latest does not meet the project's requirements -
Change
PROJECT_DOMAIN
environmental variable insideDockerfile
to project's domain-name or IP -
Add project's redirections inside main.conf
-
Add the upstream-server inside upstream_servers.conf
-
Set all environmental variables during
docker run
also (or in docker-compose.xml if it is used) -
Modify default and error pages inside
default
directory to match project's needs
- If an
IP
is used forPROJECT_DOMAIN
then certbot will fail to create certificates andself-signed
ones will be used forHTTPS