update nginx

Signed-off-by: Arvindh <[email protected]>
absmach · Feb 19, 2024 · c7ba984 · c7ba984
1 parent 9ed5921
commit c7ba984
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/docker/README.md b/docker/README.md
@@ -117,3 +117,18 @@ services:
     volumes:
       - magistrala-broker-volume:/data
 ```
+
+## Nginx Configuration
+
+Nginx is the entry point for all traffic to Magistrala.
+By using environment variables file at `docker/.env` you can modify the below given Nginx directive.
+
+`MG_NGINX_SERVER_NAME` environmental variable is used to configure the `server_name` parameter in nginx, It's default value is `localhost`.
+
+`MG_NGINX_SERVER_CERT` environmental variable is used to configure nginx directive `ssl_certificate`. If environmental variable `MG_NGINX_SERVER_CERT` is empty then by default server certificate in the path `docker/ssl/certs/magistrala-server.crt`  will be assigned.
+
+`MG_NGINX_SERVER_KEY` environmental variable is used to configure nginx directive `ssl_certificate_key`. If environmental variable `MG_NGINX_SERVER_KEY` is empty then by default server certificate key in the path `docker/ssl/certs/magistrala-server.key`  will be assigned.
+
+`MG_NGINX_SERVER_CLIENT_CA` environmental variable is used to configure nginx directive `ssl_client_certificate`. If environmental variable `MG_NGINX_SERVER_CLIENT_CA` is empty then by default certificate in the path `docker/ssl/certs/ca.crt` will be assigned.
+
+`MG_NGINX_SERVER_DHPARAM` environmental variable is used to configure nginx directive `ssl_dhparam`. If environmental variable `MG_NGINX_SERVER_DHPARAM` is empty then by default file in the path `docker/ssl/dhparam.pem` will be assigned.
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -234,10 +234,18 @@ services:
       - ./nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh
       - ./nginx/snippets:/etc/nginx/snippets
       - ./ssl/authorization.js:/etc/nginx/authorization.js
-      - ./ssl/certs/magistrala-server.crt:/etc/ssl/certs/magistrala-server.crt
-      - ./ssl/certs/ca.crt:/etc/ssl/certs/ca.crt
-      - ./ssl/certs/magistrala-server.key:/etc/ssl/private/magistrala-server.key
-      - ./ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem
+      - type: bind
+        source: ${MG_NGINX_SERVER_CERT:-./ssl/certs/magistrala-server.crt}
+        target: /etc/ssl/certs/magistrala-server.crt
+      - type: bind
+        source: ${MG_NGINX_SERVER_KEY:-./ssl/certs/magistrala-server.key}
+        target: /etc/ssl/private/magistrala-server.key
+      - type: bind
+        source: ${MG_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt}
+        target: /etc/ssl/certs/ca.crt
+      - type: bind
+        source: ${MG_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem}
+        target: /etc/ssl/certs/dhparam.pem
     ports:
       - ${MG_NGINX_HTTP_PORT}:${MG_NGINX_HTTP_PORT}
       - ${MG_NGINX_SSL_PORT}:${MG_NGINX_SSL_PORT}
@@ -716,7 +724,7 @@ services:
       MG_UI_DB_SSL_MODE: ${MG_UI_DB_SSL_MODE}
       MG_UI_DB_SSL_CERT: ${MG_UI_DB_SSL_CERT}
       MG_UI_DB_SSL_KEY: ${MG_UI_DB_SSL_KEY}
-      MG_UI_DB_SSL_ROOT_CERT: ${MG_UI_DB_SSL_ROOT_CERT}      
+      MG_UI_DB_SSL_ROOT_CERT: ${MG_UI_DB_SSL_ROOT_CERT}
     ports:
       - ${MG_UI_PORT}:${MG_UI_PORT}
     networks: