Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure SSL connection #30

Merged
merged 1 commit into from
Apr 24, 2024
Merged

Configure SSL connection #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions deploy/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,19 @@ services:
file: ./services/stats.yml
service: stats

certbot:
depends_on:
- backend
extends:
file: ./services/certbot.yml
service: certbot

proxy:
depends_on:
- backend
- frontend
- stats
- certbot
extends:
file: ./services/nginx.yml
service: proxy
29 changes: 20 additions & 9 deletions deploy/proxy/default.conf.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@ map $http_upgrade $connection_upgrade {
}

server {
listen 80;
server_name localhost;
listen 443 ssl;
server_name blockscout.atleta.network;
proxy_http_version 1.1;

ssl_certificate /etc/letsencrypt/live/blockscout.atleta.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blockscout.atleta.network/privkey.pem;

location ~ ^/(api|socket|sitemap.xml|auth/auth0|auth/auth0/callback|auth/logout) {
proxy_pass ${BACK_PROXY_PASS};
proxy_http_version 1.1;
Expand All @@ -33,12 +36,16 @@ server {
}
}
server {
listen 8080;
server_name localhost;
listen 8080 ssl;
server_name blockscout.atleta.network;

ssl_certificate /etc/letsencrypt/live/blockscout.atleta.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blockscout.atleta.network/privkey.pem;

proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
add_header 'Access-Control-Allow-Origin' 'http://localhost' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;

Expand All @@ -55,12 +62,16 @@ server {
}
}
server {
listen 8081;
server_name localhost;
listen 8081 ssl;
server_name blockscout.atleta.network;

ssl_certificate /etc/letsencrypt/live/blockscout.atleta.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blockscout.atleta.network/privkey.pem;

proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
add_header 'Access-Control-Allow-Origin' 'http://localhost' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;
add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token' always;
Expand All @@ -80,7 +91,7 @@ server {
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'http://localhost' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;
add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token' always;
Expand Down
22 changes: 15 additions & 7 deletions deploy/proxy/microservices.conf.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,16 @@ map $http_upgrade $connection_upgrade {
}

server {
listen 8080;
server_name localhost;
listen 8080 ssl;
server_name blockscout.atleta.network;

ssl_certificate /etc/letsencrypt/live/blockscout.atleta.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blockscout.atleta.network/privkey.pem;

proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
add_header 'Access-Control-Allow-Origin' 'http://localhost:3000' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network:3000' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;

Expand All @@ -27,12 +31,16 @@ server {
}
}
server {
listen 8081;
server_name localhost;
listen 8081 ssl;
server_name blockscout.atleta.network;

ssl_certificate /etc/letsencrypt/live/blockscout.atleta.network/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blockscout.atleta.network/privkey.pem;

proxy_http_version 1.1;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
add_header 'Access-Control-Allow-Origin' 'http://localhost:3000' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network:3000' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;
add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token' always;
Expand All @@ -52,7 +60,7 @@ server {
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'http://localhost:3000' always;
add_header 'Access-Control-Allow-Origin' 'https://blockscout.atleta.network:3000' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'PUT, GET, POST, OPTIONS, DELETE, PATCH' always;
add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,x-csrf-token' always;
Expand Down
3 changes: 2 additions & 1 deletion deploy/services/nginx.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,11 @@ services:
- 'host.docker.internal:host-gateway'
volumes:
- "../proxy:/etc/nginx/templates"
- /etc/letsencrypt:/etc/letsencrypt
- /var/log/nginx/:/var/log/nginx
environment:
BACK_PROXY_PASS: ${BACK_PROXY_PASS:-http://backend:4000}
FRONT_PROXY_PASS: ${FRONT_PROXY_PASS:-http://frontend:3000}
ports:
- 80:80
- 8080:8080
- 8081:8081
15 changes: 15 additions & 0 deletions letsencrypt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
version: '3.9'

services:
certbot:
image: certbot/certbot
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; certbot certonly --standalone --preferred-challenges http -d blockscout.atleta.network --email [email protected] --agree-tos --non-interactive --verbose; sleep 12h'"
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:80"
environment:
- [email protected]
- CERTBOT_DOMAIN=blockscout.atleta.network
Loading