cert_cloudflare

.gitignore

@@ -24,4 +24,10 @@ portfolio.session.sql
 psd
 thumb
 sketch
-.vscode
+.vscode
+portfolio/origin_ca.pem
+portfolio/origin_ca.key
+portfolio/nginx/certs/origin_ca.key
+portfolio/nginx/certs/origin_ca.pem
+portfolio/nginx/certs/default.cert
+portfolio/nginx/certs/default.key

portfolio/docker-compose.yml

@@ -40,6 +40,7 @@ services:
       - portfolio
     restart: unless-stopped
   server:
+    # restart: always
     env_file:
       - .env
     environment:
@@ -48,10 +49,10 @@ services:
       context: ./nginx
       dockerfile: Dockerfile
     ports:
-      - ${NGINX_PORT}:${NGINX_PORT}
+      - ${NGINX_PORT_HTTP}:${NGINX_PORT_HTTP}
+      - ${NGINX_PORT_HTTPS}:${NGINX_PORT_HTTPS}
     volumes:
-      - origin_ca.pem:/etc/ssl/origin_ca.pem:ro
-      - origin_ca.key:/etc/ssl/origin_ca.key:ro
+      - ./nginx/certs:/etc/nginx/certs
     #   - certbot-etc:/etc/letsencrypt
     #   - certbot-var:/var/lib/letsencrypt
     depends_on:

portfolio/nginx/Dockerfile

@@ -2,6 +2,13 @@ FROM nginx:bookworm
 
 RUN rm /etc/nginx/conf.d/default.conf
 
+RUN mkdir /etc/nginx/ssl
+RUN chown -R root:root /etc/nginx/ssl
+RUN chmod -R 600 /etc/nginx/ssl
+
+# COPY ./certs/origin_ca.pem /etc/nginx/ssl/default.cert
+# COPY ./certs/origin_ca.key /etc/nginx/ssl/default.key
+
 COPY nginx.conf /etc/nginx/templates/default.conf.conf
 
 # CMD ["nginx", "-g", "daemon off;"]

portfolio/nginx/nginx.conf

@@ -1,10 +1,10 @@
 server {
-  listen ${NGINX_PORT};
-  listen [::]:${NGINX_PORT};
+  listen ${NGINX_PORT_HTTPS} ssl;
+  listen [::]:${NGINX_PORT_HTTPS};
 
-  ssl    on;
-  ssl_certificate    /etc/ssl/origin_ca.pem;
-  ssl_certificate_key    /etc/ssl/origin_ca.key;
+  # ssl    on;
+  ssl_certificate    /etc/nginx/certs/default.cert;
+  ssl_certificate_key    /etc/nginx/certs/default.key;
 
   server_name ${SERVER_NAME};