diff --git a/.env.dist b/.env.dist index 0710fd6..f3b6e3c 100644 --- a/.env.dist +++ b/.env.dist @@ -1 +1,7 @@ HOST_PORT=8080 +DOMAIN=localhost +DB_NAME=boltium +DB_USER=boltium +DB_PASSWORD=secret +DB_ROOT_PASSWORD=topsecret +# ENABLE_SSL=1 diff --git a/docker-compose.yml b/docker-compose.yml index c76f21d..e1feb18 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - services: # Servicio para la aplicaciĆ³n PHP php: @@ -11,10 +9,10 @@ services: - ./project:/var/www/html - verdor_data:/var/www/html/vendor environment: - - DATABASE_HOST=db - - DATABASE_NAME=bolt - - DATABASE_USER=bolt - - DATABASE_PASSWORD=secret + DATABASE_HOST: db + DATABASE_NAME: ${DB_NAME} + DATABASE_USER: ${DB_USER} + DATABASE_PASSWORD: ${DB_PASSWORD} depends_on: - db @@ -25,23 +23,56 @@ services: volumes: - db_data:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: bolt - MYSQL_USER: bolt - MYSQL_PASSWORD: secret + MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD} + MYSQL_DATABASE: ${DB_NAME} + MYSQL_USER: ${DB_USER} + MYSQL_PASSWORD: ${DB_PASSWORD} # Servicio para Nginx webserver: image: nginx:latest container_name: bolt_webserver_x volumes: - - ./nginx/default.conf:/etc/nginx/conf.d/default.conf + - ./nginx/default.conf.template:/etc/nginx/conf.d/default.conf.template + - ./nginx/ssl.conf.template:/etc/nginx/conf.d/ssl.conf.template + - ./nginx/startup.sh:/var/www/startup.sh - ./project/public:/var/www/html/public + - certbot_certs:/etc/letsencrypt + - certbot_challenges:/var/www/certbot depends_on: - php ports: - "${HOST_PORT}:80" + - 443:443 + environment: + ENABLE_SSL: ${ENABLE_SSL:+1} + DOMAIN: ${DOMAIN} + command: ["/bin/sh", "-c", "/var/www/startup.sh"] + certbot: + image: certbot/certbot + volumes: + - certbot_certs:/etc/letsencrypt + - certbot_challenges:/var/www/certbot + environment: + ENABLE_SSL: ${ENABLE_SSL:+1} + entrypoint: > + /bin/sh -c ' + if [ "${ENABLE_SSL}" = "1" ]; then + trap exit TERM; + while :; do + certbot renew; + sleep 12h & wait $${!}; + done; + else + echo "Certbot is disabled."; + tail -f /dev/null; + fi + ' + depends_on: + - webserver volumes: db_data: verdor_data: + certbot_certs: + certbot_challenges: diff --git a/nginx/default.conf b/nginx/default.conf.template similarity index 81% rename from nginx/default.conf rename to nginx/default.conf.template index cb658ae..3ebeefa 100644 --- a/nginx/default.conf +++ b/nginx/default.conf.template @@ -1,10 +1,14 @@ server { listen 80; - server_name localhost; + server_name ${DOMAIN}; root /var/www/html/public; index index.php index.html index.htm; + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + location / { try_files $uri /index.php$is_args$args; } @@ -20,4 +24,4 @@ server { location ~ /\.ht { deny all; } -} +} \ No newline at end of file diff --git a/nginx/ssl.conf.template b/nginx/ssl.conf.template new file mode 100644 index 0000000..5be98e8 --- /dev/null +++ b/nginx/ssl.conf.template @@ -0,0 +1,51 @@ + server { + listen 80; + server_name ${DOMAIN}; + + root /var/www/html/public; + index index.php index.html index.htm; + + location / { + return 301 https://$host$request_uri; + try_files $uri /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + } + + server { + listen 443 ssl; + server_name ${DOMAIN}; + + ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; + + root /var/www/html/public; + index index.php index.html index.htm; + + location / { + try_files $uri /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + } diff --git a/nginx/startup.sh b/nginx/startup.sh new file mode 100755 index 0000000..c4e082a --- /dev/null +++ b/nginx/startup.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +DEFAULT_CONF="/etc/nginx/conf.d/default.conf" +SSL_CONF="/etc/nginx/conf.d/ssl.conf" + +if [ "$ENABLE_SSL" = "1" ]; then + echo "SSL habilitado, creando ssl.conf con el dominio." + + envsubst '$DOMAIN' < /etc/nginx/conf.d/ssl.conf.template > "$SSL_CONF" + + [ -f "$DEFAULT_CONF" ] && rm "$DEFAULT_CONF" +else + echo "SSL disabled, creating default.conf." + envsubst '$DOMAIN' < /etc/nginx/conf.d/default.conf.template > "$DEFAULT_CONF" + + [ -f "$SSL_CONF" ] && rm "$SSL_CONF" +fi + +nginx -g 'daemon off;'