diff --git a/EmailSender.ClientApp/nginx/nginx-gzip.conf b/EmailSender.ClientApp/nginx/nginx-gzip.conf new file mode 100644 index 0000000..493e87e --- /dev/null +++ b/EmailSender.ClientApp/nginx/nginx-gzip.conf @@ -0,0 +1,9 @@ +gzip on; +gzip_static on; +gzip_disable "msie6"; +gzip_proxied any; +gzip_buffers 16 8k; +gzip_http_version 1.1; +gzip_min_length 256; +gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; +gunzip on; diff --git a/EmailSender.ClientApp/nginx/nginx-http.conf b/EmailSender.ClientApp/nginx/nginx-http.conf index bdb1cf5..547296b 100644 --- a/EmailSender.ClientApp/nginx/nginx-http.conf +++ b/EmailSender.ClientApp/nginx/nginx-http.conf @@ -19,38 +19,16 @@ http { '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; server_tokens off; more_clear_headers Server; - keepalive_timeout 65; - - gzip on; - gzip_static on; - gzip_disable "msie6"; - gzip_proxied any; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_min_length 256; - gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; - gunzip on; + include /etc/nginx/nginx-gzip.conf; server { listen 80; server_name ${SERVER_NAME}; - error_page 404 /404.html; - location = /404.html { - root /usr/share/nginx/html; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - location / { root /usr/share/nginx/html; index index.html index.htm; diff --git a/EmailSender.ClientApp/nginx/nginx-https.conf b/EmailSender.ClientApp/nginx/nginx-https.conf index 0d6bfb7..b1566b3 100644 --- a/EmailSender.ClientApp/nginx/nginx-https.conf +++ b/EmailSender.ClientApp/nginx/nginx-https.conf @@ -19,48 +19,18 @@ http { '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; server_tokens off; more_clear_headers Server; - keepalive_timeout 65; - - gzip on; - gzip_static on; - gzip_disable "msie6"; - gzip_proxied any; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_min_length 256; - gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; - gunzip on; + include /etc/nginx/nginx-gzip.conf; server { listen 443 ssl; server_name ${SERVER_NAME}; - ssl_certificate /etc/nginx/wildcard-emailsender.dev.chain; - ssl_certificate_key /etc/nginx/wildcard-emailsender.dev.key; - ssl_trusted_certificate /etc/nginx/wildcard-emailsender.dev.ca; - - ssl_session_cache shared:le_nginx_SSL:10m; - ssl_session_timeout 1d; - ssl_session_cache shared:MozSSL:10m; - ssl_session_tickets off; - - ssl_dhparam /etc/nginx/ffdhe2048.txt; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; - ssl_prefer_server_ciphers off; - - ssl_stapling on; - ssl_stapling_verify on; - + include /etc/nginx/nginx-ssl.conf; add_header Strict-Transport-Security "max-age=63072000" always; - access_log /var/log/nginx/access.log; location / { root /usr/share/nginx/html; diff --git a/EmailSender.ClientApp/nginx/nginx-ssl.conf b/EmailSender.ClientApp/nginx/nginx-ssl.conf new file mode 100644 index 0000000..f5af790 --- /dev/null +++ b/EmailSender.ClientApp/nginx/nginx-ssl.conf @@ -0,0 +1,13 @@ +ssl_certificate /etc/nginx/wildcard-emailsender.dev.chain; +ssl_certificate_key /etc/nginx/wildcard-emailsender.dev.key; +ssl_trusted_certificate /etc/nginx/wildcard-emailsender.dev.ca; +ssl_session_cache shared:le_nginx_SSL:10m; +ssl_session_timeout 1d; +ssl_session_cache shared:MozSSL:10m; +ssl_session_tickets off; +ssl_dhparam /etc/nginx/ffdhe2048.txt; +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; +ssl_prefer_server_ciphers off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/EmailSender.sln b/EmailSender.sln index 94a9716..c5d8a95 100644 --- a/EmailSender.sln +++ b/EmailSender.sln @@ -72,6 +72,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "5. Nginx", "5. Nginx", "{AF EmailSender.ClientApp\nginx\nginx-https.conf = EmailSender.ClientApp\nginx\nginx-https.conf EmailSender.ClientApp\nginx\nginx-http.conf = EmailSender.ClientApp\nginx\nginx-http.conf EmailSender.ClientApp\nginx\nginx-proxy.conf = EmailSender.ClientApp\nginx\nginx-proxy.conf + EmailSender.ClientApp\nginx\nginx-ssl.conf = EmailSender.ClientApp\nginx\nginx-ssl.conf + EmailSender.ClientApp\nginx\nginx-gzip.conf = EmailSender.ClientApp\nginx\nginx-gzip.conf EndProjectSection EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EmailSender.Backend.Configuration", "EmailSender.Backend\EmailSender.Backend.Configuration\EmailSender.Backend.Configuration.csproj", "{629B3449-C69C-4975-BE7A-3A5AAB2CED00}" diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml index 5936a55..fb43bb5 100644 --- a/docker-compose-prod.yml +++ b/docker-compose-prod.yml @@ -10,8 +10,8 @@ services: hostname: backend networks: - xnet - ports: - - "6000:80" + expose: + - "80" volumes: - /opt/configs/emailsender-apis-prod.json:/app/appsettings.Production.json:ro @@ -29,6 +29,8 @@ services: volumes: - ./EmailSender.ClientApp/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./EmailSender.ClientApp/nginx/nginx-proxy.conf:/etc/nginx/nginx-proxy.conf:ro + - ./EmailSender.ClientApp/nginx/nginx-ssl.conf:/etc/nginx/nginx-ssl.conf:ro + - ./EmailSender.ClientApp/nginx/nginx-gzip.conf:/etc/nginx/nginx-gzip.conf:ro - /opt/certs/wildcard-emailsender.dev.chain:/etc/nginx/wildcard-emailsender.dev.chain:ro - /opt/certs/wildcard-emailsender.dev.key:/etc/nginx/wildcard-emailsender.dev.key:ro - /opt/certs/wildcard-emailsender.dev.ca:/etc/nginx/wildcard-emailsender.dev.ca:ro diff --git a/docker-compose-test.yml b/docker-compose-test.yml index d145d32..224568e 100644 --- a/docker-compose-test.yml +++ b/docker-compose-test.yml @@ -10,8 +10,8 @@ services: hostname: backend networks: - xnet - ports: - - "6001:80" + expose: + - "80" volumes: - /Users/tomkandula/.microsoft/usersecrets/424d541b-1da1-451a-ac5c-2431bf0d536c/secrets.json:/app/appsettings.Testing.json:ro @@ -29,6 +29,8 @@ services: volumes: - ./EmailSender.ClientApp/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./EmailSender.ClientApp/nginx/nginx-proxy.conf:/etc/nginx/nginx-proxy.conf:ro + - ./EmailSender.ClientApp/nginx/nginx-ssl.conf:/etc/nginx/nginx-ssl.conf:ro + - ./EmailSender.ClientApp/nginx/nginx-gzip.conf:/etc/nginx/nginx-gzip.conf:ro networks: xnet: diff --git a/docker-compose-up-prod.sh b/docker-compose-up-prod.sh index b816cae..0694cab 100644 --- a/docker-compose-up-prod.sh +++ b/docker-compose-up-prod.sh @@ -4,13 +4,11 @@ cp docker-compose-prod.yml docker-compose-run.yml cp EmailSender.ClientApp/nginx/nginx-https.conf EmailSender.ClientApp/nginx/nginx.conf # SET ENVIRONMENT VARIABLES -APP_BACKEND="emailsender.dev" SERVER_NAME="emailsender.dev" # APPLY ENVIRONMENT VARIABLES sed -i \ -e "s/\${SERVER_NAME}/${SERVER_NAME}/" \ --e "s/\${APP_BACKEND}/${APP_BACKEND}/" \ EmailSender.ClientApp/nginx/nginx.conf # RUN DOCKER COMPOSE diff --git a/docker-compose-up-test.sh b/docker-compose-up-test.sh index 0cdcab1..144a533 100644 --- a/docker-compose-up-test.sh +++ b/docker-compose-up-test.sh @@ -4,13 +4,11 @@ cp docker-compose-test.yml docker-compose-run.yml cp EmailSender.ClientApp/nginx/nginx-http.conf EmailSender.ClientApp/nginx/nginx.conf # SET ENVIRONMENT VARIABLES -APP_BACKEND="localhost:6000" SERVER_NAME="localhost" # APPLY ENVIRONMENT VARIABLES sed -i "" \ -e "s/\${SERVER_NAME}/${SERVER_NAME}/" \ --e "s/\${APP_BACKEND}/${APP_BACKEND}/" \ EmailSender.ClientApp/nginx/nginx.conf # RUN DOCKER COMPOSE