From 5e53a333984e85fc9e5c5f01d05df75dca798780 Mon Sep 17 00:00:00 2001 From: vadik likholetov Date: Sun, 26 Nov 2023 19:34:24 +0200 Subject: [PATCH] Added SSL certificates management for both development and production, gunicorn and nginx. --- Dockerfile => Dockerfile-app | 7 ++----- Dockerfile-nginx | 9 +++++++++ docker-compose.yml | 24 ++++++++++++++++++++---- generate_certs.sh | 20 ++++++++++++++++++++ nginx/nginx.conf | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 9 deletions(-) rename Dockerfile => Dockerfile-app (77%) create mode 100644 Dockerfile-nginx create mode 100755 generate_certs.sh create mode 100644 nginx/nginx.conf diff --git a/Dockerfile b/Dockerfile-app similarity index 77% rename from Dockerfile rename to Dockerfile-app index 8f060f9..85d32a5 100644 --- a/Dockerfile +++ b/Dockerfile-app @@ -9,13 +9,10 @@ COPY . . # Install any needed packages specified in requirements.txt RUN pip install --no-cache-dir -r requirements.txt - -# Make port 5000 available to the world outside this container -EXPOSE 5000 +RUN pip install --no-cache-dir gunicorn # Define environment variable ENV FLASK_APP=app.py -ENV FLASK_RUN_HOST=0.0.0.0 # Run app.py when the container launches -CMD ["flask", "run"] +CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app" ] diff --git a/Dockerfile-nginx b/Dockerfile-nginx new file mode 100644 index 0000000..c969bbe --- /dev/null +++ b/Dockerfile-nginx @@ -0,0 +1,9 @@ +FROM nginx:stable + +# Copy the Nginx configuration +COPY ./nginx/nginx.conf /etc/nginx/nginx.conf + +EXPOSE 80 +EXPOSE 443 + +CMD ["nginx", "-g", "daemon off;"] diff --git a/docker-compose.yml b/docker-compose.yml index ad61597..3ce304c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,30 @@ version: '3.8' services: - web: - build: . - ports: - - "5000:5000" + + flask-app: + build: + context: . + dockerfile: Dockerfile-app depends_on: - db environment: - FLASK_ENV=development - DATABASE_URL=mysql+mysqlconnector://sarbaseuser:password@db/sarbaseapp + volumes: + - ./certs:/certs + + nginx: + build: + context: . + dockerfile: Dockerfile-nginx + ports: + - "80:80" + - "443:443" + volumes: + - ./certs:/certs + depends_on: + - flask-app + db: image: mysql:8.0 diff --git a/generate_certs.sh b/generate_certs.sh new file mode 100755 index 0000000..49fdbf7 --- /dev/null +++ b/generate_certs.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +ENV=$1 # Pass "prod" or "dev" as an argument +DOM=mydomain.com # Replace with your domain +MAIL=your-email@mydomain.com # Replace with your email + +mkdir ./certs + +if [ "$ENV" == "prod" ]; then + # Generate certificates with Let's Encrypt + sudo certbot certonly --standalone -d "$DOM" --non-interactive --agree-tos --email "$MAIL" + sudo cp /etc/letsencrypt/live/$DOM/fullchain.pem ./certs/cert.pem + sudo cp /etc/letsencrypt/live/$DOM/privkey.pem ./certs/key.pem +elif [ "$ENV" == "dev" ]; then + # Generate certificates with mkcert + mkcert -install + mkcert -key-file ./certs/key.pem -cert-file ./certs/cert.pem localhost +else + echo "Please specify 'prod' or 'dev' as an environment." +fi diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..f56746b --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,32 @@ +user nginx; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /certs/cert.pem; + ssl_certificate_key /certs/key.pem; + + location / { + proxy_pass http://flask-app:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +}