Added SSL certificates management for both development and production, gunicorn and nginx.

This commit is contained in:
Vadim Likholetov 2023-11-26 19:34:24 +02:00
parent c7ce5cbdda
commit ca05c40c74
5 changed files with 82 additions and 5 deletions

View File

@ -9,6 +9,7 @@ COPY . .
# Install any needed packages specified in requirements.txt
RUN pip install --no-cache-dir -r requirements.txt
RUN pip install --no-cache-dir gunicorn
# Make port 5000 available to the world outside this container
EXPOSE 5000
@ -18,4 +19,4 @@ ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
# Run app.py when the container launches
CMD ["flask", "run"]
CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app" ]

9
Dockerfile-nginx Normal file
View File

@ -0,0 +1,9 @@
FROM nginx:debian
# Copy the Nginx configuration
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]

View File

@ -1,14 +1,30 @@
version: '3.8'
services:
web:
build: .
ports:
- "5000:5000"
flask-app:
build:
context: .
dockerfile: Dockerfile-app
depends_on:
- db
environment:
- FLASK_ENV=development
- DATABASE_URL=mysql+mysqlconnector://sarbaseuser:password@db/sarbaseapp
volumes:
- ./certs:/certs
nginx:
build:
context: .
dockerfile: Dockerfile-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./certs:/certs
depends_on:
- flask-app
db:
image: mysql:8.0

19
generate_certs.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
ENV=$1 # Pass "prod" or "dev" as an argument
DOM=mydomain.com # Replace with your domain
MAIL=your-email@mydomain.com # Replace with your email
if [ "$ENV" == "prod" ]; then
# Generate certificates with Let's Encrypt
sudo certbot certonly --standalone -d "$DOM" --non-interactive --agree-tos --email "$MAIL"
sudo cp /etc/letsencrypt/live/$DOM/fullchain.pem ./certs/cert.pem
sudo cp /etc/letsencrypt/live/$DOM/privkey.pem ./certs/key.pem
elif [ "$ENV" == "dev" ]; then
# Generate certificates with mkcert
mkcert -install
mkcert -key-file ./certs/key.pem -cert-file ./certs/cert.pem localhost
else
echo "Please specify 'prod' or 'dev' as an environment."
fi
ч

32
nginx/nginx.conf Normal file
View File

@ -0,0 +1,32 @@
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}