From 53e5c1d8cd6e88cde1ca43bd0f99ff780bee1e2c Mon Sep 17 00:00:00 2001 From: VladislavCR Date: Tue, 12 Mar 2024 23:17:54 +0300 Subject: [PATCH] new try --- infra/docker-compose-prod.yaml | 12 ++++++------ infra/nginx/nginx.conf | 8 +++++++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/infra/docker-compose-prod.yaml b/infra/docker-compose-prod.yaml index 064f4d3..29f8ea2 100644 --- a/infra/docker-compose-prod.yaml +++ b/infra/docker-compose-prod.yaml @@ -53,10 +53,11 @@ services: volumes: - static_volume:/staticfiles/ - media_value:/var/html/media/ - - ./nginx/conf/:/etc/nginx/conf.d/:ro - - ./certbot/www/:/var/www/certbot/:ro + - ./data/certbot/www:/var/www/certbot/:ro + - ./data/nginx/conf/:/etc/nginx/conf.d/:ro + - ./data/certbot/conf/:/etc/nginx/ssl/:ro + - /etc/letsencrypt:/etc/letsencrypt restart: unless-stopped - command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"''' depends_on: - backend - frontend @@ -64,10 +65,9 @@ services: certbot: image: certbot/certbot volumes: - - ./certbot/www/:/var/www/certbot/:rw - - ./certbot/conf/:/etc/letsencrypt/:rw + - ./data/certbot/www/:/var/www/certbot/:rw + - ./data/certbot/conf/:/etc/letsencrypt/:rw restart: unless-stopped - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" depends_on: - backend - frontend diff --git a/infra/nginx/nginx.conf b/infra/nginx/nginx.conf index 7785462..8f23422 100644 --- a/infra/nginx/nginx.conf +++ b/infra/nginx/nginx.conf @@ -17,7 +17,7 @@ server { } location /.well-known/acme-challenge/ { - root /var/www/certbot; + root /var/www/certbot/; } location / { @@ -33,8 +33,11 @@ server { listen 443 default_server ssl http2; listen [::]:443 ssl http2; server_name 89.23.117.80 devcodepet.tw1.ru; + ssl_certificate /etc/nginx/ssl/live/devcodepet.tw1.ru/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/devcodepet.tw1.ru/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; root /staticfiles; @@ -61,8 +64,11 @@ server { listen 443 default_server ssl http2; listen [::]:443 ssl http2; server_name 89.23.117.168 testcodepet.tw1.ru; + ssl_certificate /etc/nginx/ssl/live/testcodepet.tw1.ru/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/testcodepet.tw1.ru/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; root /staticfiles;