Letsencrypt, NGINX & Symfony and Docker

[psineur]

Probably should be broken apart into few different issues, but here's the deal:

I have docker container based on nginx, that has auto-update letsencrypt cert.

This link has simple symfony app config for nginx:
https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/

Since we're currently evaluating AWS vs custom rackspace - having our infra in docker may help with migration.

[psineur]

Not started this yet, but TBH it's probably what I should do first

[psineur]

Blocks #12 Deploy Prod

[psineur]

OK, it's a steaming pile of crap, but [gddevbox url] is served through nginx->php-fpm->symfony with https cert from letsencrypt

I had to add php fpm
sudo apt-get install -y php-fpm php-cgi sudo service php7.2-fpm start

/etc/nginx/sites-available/default:

`

    server {
        set $website_host "gundeals.io";
        set $website_root "/home/ubuntu/PostPostmill/public";
        set $default_controller "index.php";
        set $symfony_root "/home/ubuntu/PostPostmill/lib/vendor/symfony";

        listen 443;
        server_name $website_host;

        # Gzip
        gzip on;
        gzip_min_length 1000;
        gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
        gzip_disable "MSIE [1-6]\.";

        access_log /var/log/nginx/$website_host.access.log;
        access_log /var/log/nginx/$website_host.error-fuck.log;

        ssl on;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 5m;

    ssl_certificate /etc/letsencrypt/live/gundeals.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gundeals.io/privkey.pem;

        root $website_root;

        index $default_controller;

        charset utf-8;

        location /sf {
            # path to folder where all symfony assets are located
            alias $symfony_root/data/web/sf;
            expires max;
        }

        location / {
            # If the file exists as a static file serve it directly without
            # running all the other rewrite tests on it
            if (-f $request_filename) {
                expires max;
                break;
            }

            if ($request_filename !~ "\.(js|htc|ico|gif|jpg|png|css)$") {
                rewrite ^(.*) /$default_controller$1 last;
            }
        }

        location ~ "^(.+\.php)($|/)" {

            set $script $uri;
            set $path_info "/";
           
            if ($uri ~ "^(.+\.php)($|/)") {
                set $script $1;
            }

            if ($uri ~ "^(.+\.php)(/.+)") {
                set $script $1;
                set $path_info $2;
            }

            include /etc/nginx/fastcgi_params;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

            fastcgi_param SCRIPT_FILENAME $website_root$script;
            fastcgi_param SCRIPT_NAME $script;
            fastcgi_param PATH_INFO $path_info;
        }
    }

`

[12462940548]

I have some tweaks to make to nginx, what’s the best way for us to do that? I didn’t notice the configuration anywhere obvious.

[psineur]

@12462940548
You can throw it on anywhere in this repo.

Like infra/nginx or whatnot

[psineur]

This is closed in #152
#162 is probably last remaining piece of infra configuration for prod-ready