added installation for if ssl certificate to nginx docker image

BattMoTeam · Jun 14, 2024 · 0aeb06d · 0aeb06d
1 parent d337428
commit 0aeb06d
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 4 deletions.
diff --git a/docker-compose-deploy.yml b/docker-compose-deploy.yml
@@ -19,10 +19,12 @@ services:
     restart: always
     ports:
       - "8001:8001"
-      - "8002:8002"
+      - "80:80"
+      - "443:443"
     depends_on:
       - genie
       - streamlit
+    command: /bin/bash -c "/renew-certs.sh && nginx -g 'daemon off;'"
 
   streamlit:
     image: ghcr.io/battmoteam/battmogui_streamlit:latest

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -1,6 +1,18 @@
 FROM nginx:1.15.8
 
+# Install Certbot and dependencies
+RUN apt-get update && \
+    apt-get install -y certbot python3-certbot-nginx && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Remove default Nginx configuration files
 RUN rm /etc/nginx/nginx.conf
-COPY nginx.conf /etc/nginx/
 RUN rm /etc/nginx/conf.d/default.conf
-COPY project.conf /etc/nginx/conf.d/
+
+# Copy your custom Nginx configuration
+COPY nginx.conf /etc/nginx/
+
+# Copy SSL certificate renewal script
+COPY renew-certs.sh /renew-certs.sh
+RUN chmod +x /renew-certs.sh
diff --git a/nginx/project.conf b/nginx/project.conf
@@ -19,13 +19,38 @@ server {
 }
 
 server {
-    listen 8002;
+    listen 80;
     server_name app.batterymodel.com;  # Replace with your domain name
 
+    location /.well-known/acme-challenge/ {
+        root /usr/share/nginx/html;
+    }
+
     location / {
         proxy_pass http://streamlit:80;  # Assuming Streamlit runs on port 80 inside the container
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name app.batterymodel.com;
+
+    ssl_certificate /etc/letsencrypt/live/app.batterymodel.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/app.batterymodel.com/privkey.pem;
+
+    location /.well-known/acme-challenge/ {
+        root /usr/share/nginx/html;
+    }
+
+    location / {
+        proxy_pass http://streamlit:80;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
diff --git a/nginx/renew-certs.sh b/nginx/renew-certs.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Run Certbot to obtain or renew certificates
+certbot --nginx --non-interactive --agree-tos -d app.batterymodel.com
+
+# Reload Nginx configuration to apply new certificates
+nginx -s reload