Added SSL certificates management for both development and production, gunicorn and nginx.
This commit is contained in:
parent
c7ce5cbdda
commit
ca05c40c74
@ -9,6 +9,7 @@ COPY . .
|
||||
|
||||
# Install any needed packages specified in requirements.txt
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
RUN pip install --no-cache-dir gunicorn
|
||||
|
||||
# Make port 5000 available to the world outside this container
|
||||
EXPOSE 5000
|
||||
@ -18,4 +19,4 @@ ENV FLASK_APP=app.py
|
||||
ENV FLASK_RUN_HOST=0.0.0.0
|
||||
|
||||
# Run app.py when the container launches
|
||||
CMD ["flask", "run"]
|
||||
CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app" ]
|
9
Dockerfile-nginx
Normal file
9
Dockerfile-nginx
Normal file
@ -0,0 +1,9 @@
|
||||
FROM nginx:debian
|
||||
|
||||
# Copy the Nginx configuration
|
||||
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 443
|
||||
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
@ -1,14 +1,30 @@
|
||||
version: '3.8'
|
||||
services:
|
||||
web:
|
||||
build: .
|
||||
ports:
|
||||
- "5000:5000"
|
||||
|
||||
flask-app:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile-app
|
||||
depends_on:
|
||||
- db
|
||||
environment:
|
||||
- FLASK_ENV=development
|
||||
- DATABASE_URL=mysql+mysqlconnector://sarbaseuser:password@db/sarbaseapp
|
||||
volumes:
|
||||
- ./certs:/certs
|
||||
|
||||
nginx:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile-nginx
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- ./certs:/certs
|
||||
depends_on:
|
||||
- flask-app
|
||||
|
||||
|
||||
db:
|
||||
image: mysql:8.0
|
||||
|
19
generate_certs.sh
Executable file
19
generate_certs.sh
Executable file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
ENV=$1 # Pass "prod" or "dev" as an argument
|
||||
DOM=mydomain.com # Replace with your domain
|
||||
MAIL=your-email@mydomain.com # Replace with your email
|
||||
|
||||
if [ "$ENV" == "prod" ]; then
|
||||
# Generate certificates with Let's Encrypt
|
||||
sudo certbot certonly --standalone -d "$DOM" --non-interactive --agree-tos --email "$MAIL"
|
||||
sudo cp /etc/letsencrypt/live/$DOM/fullchain.pem ./certs/cert.pem
|
||||
sudo cp /etc/letsencrypt/live/$DOM/privkey.pem ./certs/key.pem
|
||||
elif [ "$ENV" == "dev" ]; then
|
||||
# Generate certificates with mkcert
|
||||
mkcert -install
|
||||
mkcert -key-file ./certs/key.pem -cert-file ./certs/cert.pem localhost
|
||||
else
|
||||
echo "Please specify 'prod' or 'dev' as an environment."
|
||||
fi
|
||||
ч
|
32
nginx/nginx.conf
Normal file
32
nginx/nginx.conf
Normal file
@ -0,0 +1,32 @@
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate /certs/cert.pem;
|
||||
ssl_certificate_key /certs/key.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user