Merge pull request #158 from TomaszKandula/dev

merge: dev to master

EmailSender.ClientApp/nginx/nginx-gzip.conf

@@ -0,0 +1,9 @@
+gzip on;
+gzip_static on; 
+gzip_disable "msie6";
+gzip_proxied any;
+gzip_buffers 16 8k;
+gzip_http_version 1.1;
+gzip_min_length 256;
+gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
+gunzip on;

EmailSender.ClientApp/nginx/nginx-http.conf

@@ -19,38 +19,16 @@ http {
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log /var/log/nginx/access.log  main;
-
     sendfile on;
-    #tcp_nopush on;
     server_tokens off;
     more_clear_headers Server;
-
     keepalive_timeout 65;
-
-	gzip on;
-    gzip_static on; 
-    gzip_disable "msie6";
-    gzip_proxied any;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_min_length 256;
-    gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
-    gunzip on;
+    include /etc/nginx/nginx-gzip.conf;
 
     server {
         listen 80;
         server_name ${SERVER_NAME};
 
-        error_page  404  /404.html;
-        location = /404.html {
-            root /usr/share/nginx/html;
-        }
-
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root /usr/share/nginx/html;
-        }
-
         location / {
             root /usr/share/nginx/html;
             index index.html index.htm;

EmailSender.ClientApp/nginx/nginx-https.conf

@@ -19,48 +19,18 @@ http {
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log /var/log/nginx/access.log  main;
-
     sendfile on;
-    #tcp_nopush on;
     server_tokens off;
     more_clear_headers Server;
-
     keepalive_timeout 65;
-
-	gzip on;
-    gzip_static on; 
-    gzip_disable "msie6";
-    gzip_proxied any;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_min_length 256;
-    gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
-    gunzip on;
+    include /etc/nginx/nginx-gzip.conf;
 
     server {
         listen 443 ssl;
         server_name ${SERVER_NAME};
 
-        ssl_certificate /etc/nginx/wildcard-emailsender.dev.chain;
-        ssl_certificate_key /etc/nginx/wildcard-emailsender.dev.key;
-        ssl_trusted_certificate /etc/nginx/wildcard-emailsender.dev.ca;
-
-        ssl_session_cache shared:le_nginx_SSL:10m;
-        ssl_session_timeout 1d;
-        ssl_session_cache shared:MozSSL:10m;
-        ssl_session_tickets off;
-
-        ssl_dhparam /etc/nginx/ffdhe2048.txt;
-
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
-        ssl_prefer_server_ciphers off;
-
-        ssl_stapling on;
-        ssl_stapling_verify on;
-
+        include /etc/nginx/nginx-ssl.conf;
         add_header Strict-Transport-Security "max-age=63072000" always;
-        access_log /var/log/nginx/access.log;
 
         location / {
             root /usr/share/nginx/html;

EmailSender.ClientApp/nginx/nginx-ssl.conf

@@ -0,0 +1,13 @@
+ssl_certificate /etc/nginx/wildcard-emailsender.dev.chain;
+ssl_certificate_key /etc/nginx/wildcard-emailsender.dev.key;
+ssl_trusted_certificate /etc/nginx/wildcard-emailsender.dev.ca;
+ssl_session_cache shared:le_nginx_SSL:10m;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+ssl_session_tickets off;
+ssl_dhparam /etc/nginx/ffdhe2048.txt;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+ssl_stapling on;
+ssl_stapling_verify on;

EmailSender.sln

@@ -72,6 +72,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "5. Nginx", "5. Nginx", "{AF
 		EmailSender.ClientApp\nginx\nginx-https.conf = EmailSender.ClientApp\nginx\nginx-https.conf
 		EmailSender.ClientApp\nginx\nginx-http.conf = EmailSender.ClientApp\nginx\nginx-http.conf
 		EmailSender.ClientApp\nginx\nginx-proxy.conf = EmailSender.ClientApp\nginx\nginx-proxy.conf
+		EmailSender.ClientApp\nginx\nginx-ssl.conf = EmailSender.ClientApp\nginx\nginx-ssl.conf
+		EmailSender.ClientApp\nginx\nginx-gzip.conf = EmailSender.ClientApp\nginx\nginx-gzip.conf
 	EndProjectSection
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EmailSender.Backend.Configuration", "EmailSender.Backend\EmailSender.Backend.Configuration\EmailSender.Backend.Configuration.csproj", "{629B3449-C69C-4975-BE7A-3A5AAB2CED00}"

docker-compose-prod.yml

@@ -10,8 +10,8 @@ services:
     hostname: backend
     networks:
       - xnet
-    ports:
-      - "6000:80"
+    expose:
+      - "80"
     volumes:
       - /opt/configs/emailsender-apis-prod.json:/app/appsettings.Production.json:ro
 
@@ -29,6 +29,8 @@ services:
     volumes:
       - ./EmailSender.ClientApp/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./EmailSender.ClientApp/nginx/nginx-proxy.conf:/etc/nginx/nginx-proxy.conf:ro
+      - ./EmailSender.ClientApp/nginx/nginx-ssl.conf:/etc/nginx/nginx-ssl.conf:ro
+      - ./EmailSender.ClientApp/nginx/nginx-gzip.conf:/etc/nginx/nginx-gzip.conf:ro
       - /opt/certs/wildcard-emailsender.dev.chain:/etc/nginx/wildcard-emailsender.dev.chain:ro
       - /opt/certs/wildcard-emailsender.dev.key:/etc/nginx/wildcard-emailsender.dev.key:ro
       - /opt/certs/wildcard-emailsender.dev.ca:/etc/nginx/wildcard-emailsender.dev.ca:ro

docker-compose-test.yml

@@ -10,8 +10,8 @@ services:
     hostname: backend
     networks:
       - xnet
-    ports:
-      - "6001:80"
+    expose:
+      - "80"
     volumes:
       - /Users/tomkandula/.microsoft/usersecrets/424d541b-1da1-451a-ac5c-2431bf0d536c/secrets.json:/app/appsettings.Testing.json:ro
 
@@ -29,6 +29,8 @@ services:
     volumes:
       - ./EmailSender.ClientApp/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./EmailSender.ClientApp/nginx/nginx-proxy.conf:/etc/nginx/nginx-proxy.conf:ro
+      - ./EmailSender.ClientApp/nginx/nginx-ssl.conf:/etc/nginx/nginx-ssl.conf:ro
+      - ./EmailSender.ClientApp/nginx/nginx-gzip.conf:/etc/nginx/nginx-gzip.conf:ro
 
 networks:
   xnet:

docker-compose-up-prod.sh

@@ -4,13 +4,11 @@ cp docker-compose-prod.yml docker-compose-run.yml
 cp EmailSender.ClientApp/nginx/nginx-https.conf EmailSender.ClientApp/nginx/nginx.conf
 
 # SET ENVIRONMENT VARIABLES
-APP_BACKEND="emailsender.dev"
 SERVER_NAME="emailsender.dev"
 
 # APPLY ENVIRONMENT VARIABLES
 sed -i \
 -e "s/\${SERVER_NAME}/${SERVER_NAME}/" \
--e "s/\${APP_BACKEND}/${APP_BACKEND}/" \
 EmailSender.ClientApp/nginx/nginx.conf 
 
 # RUN DOCKER COMPOSE

docker-compose-up-test.sh

@@ -4,13 +4,11 @@ cp docker-compose-test.yml docker-compose-run.yml
 cp EmailSender.ClientApp/nginx/nginx-http.conf EmailSender.ClientApp/nginx/nginx.conf
 
 # SET ENVIRONMENT VARIABLES
-APP_BACKEND="localhost:6000"
 SERVER_NAME="localhost"
 
 # APPLY ENVIRONMENT VARIABLES
 sed -i "" \
 -e "s/\${SERVER_NAME}/${SERVER_NAME}/" \
--e "s/\${APP_BACKEND}/${APP_BACKEND}/" \
 EmailSender.ClientApp/nginx/nginx.conf 
 
 # RUN DOCKER COMPOSE