add certbot + nginx.conf

sahil-sagwekar2652 · Jan 10, 2024 · ee1c989 · ee1c989
1 parent a8250b6
commit ee1c989
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 8 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -2,12 +2,23 @@ services:
   nginx:
     depends_on:
       - flask_blog
-    build:
-      nginx
+      - certbot
+    image: nginx:stable
+    restart: always
     links:
         - flask_blog
     ports:
       - 80:80
+      - 443:443
+    volumes:
+      - ./nginx/:/etc/nginx/conf.d/:ro
+      - ./certbot/www:/var/www/certbot/:ro
+
+  certbot:
+    image: certbot/certbot:latest
+    volumes :
+      - ./certbot/www:/var/www/certbot/:rw 
+      - ./certbot/conf/:/etc/letsencrypt/:rw
 
   db:
     image: postgres:12-bullseye

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -3,14 +3,34 @@ upstream flask_blog {
 }
 
 server {
-
     listen 80;
+    listen [::]:80;
+
+    server_name blog.sahilsagwekar.co;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+      root /var/www/certbot;
+    }
+
+    location / {
+      return 301 https://blog.sahilsagwekar.co$request_uri;
+    }
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name blog.sahilsagwekar.co;
+
+    ssl_certificate /etc/nginx/ssl/live/blog.sahilsagwekar.co/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/blog.sahilsagwekar.co/privkey.pem;
 
     location / {
         proxy_pass http://flask_blog;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $host;
         proxy_redirect off;
     }
-
 }