mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 02:19:27 +00:00
Include optional custom nginx config files (#72)
If you want to control e.g. the ssl_protocols or ssl_ciphers settings, create a file named 'custom-ssl.inc' in the /home/labca/nginx_data/conf.d/ directory (or when using the docker-only setup, either add a volume mount or edit the labca_nginx_conf volume to include the file). Similarly, 'custom-base.inc' can be created to e.g. define a custom log format, and 'custom.inc' could be created for any settings on the plain HTTP server context.
This commit is contained in:
Arjan H
@@ -55,7 +55,7 @@ COPY tmp/admin/apply-boulder /opt/labca/
|
||||
COPY tmp/admin/static /opt/staging/static
|
||||
COPY tmp/admin/data /opt/staging/data
|
||||
COPY tmp/nginx.conf /opt/staging/
|
||||
COPY tmp/proxy.conf /opt/staging/
|
||||
COPY tmp/proxy.inc /opt/staging/
|
||||
COPY tmp/admin/apply-nginx /opt/labca/
|
||||
|
||||
COPY tmp/bin/boulder /opt/boulder/bin/
|
||||
|
||||
@@ -40,7 +40,7 @@ BASEDIR=/go/src/github.com/letsencrypt/boulder
|
||||
docker run -v $boulderDir:$BASEDIR:cached -v $TMP_DIR/bin:$BASEDIR/bin -w $BASEDIR -e BUILD_HOST=$BUILD_HOST $BUILD_IMAGE sh -c "git config --global --add safe.directory $BASEDIR && make build"
|
||||
|
||||
cp $cloneDir/nginx.conf $TMP_DIR/
|
||||
cp $cloneDir/proxy.conf $TMP_DIR/
|
||||
cp $cloneDir/proxy.inc $TMP_DIR/
|
||||
cp $cloneDir/utils/nameidtool.go $TMP_DIR/
|
||||
cp -rp $cloneDir/gui/* $TMP_DIR/admin/
|
||||
head -13 $cloneDir/gui/setup.sh > $TMP_DIR/admin/setup.sh
|
||||
|
||||
@@ -46,7 +46,7 @@ setup_boulder_data() {
|
||||
setup_nginx_data() {
|
||||
rm -f /etc/nginx/conf.d/default.conf
|
||||
cp -p /opt/staging/nginx.conf /etc/nginx/conf.d/labca.conf
|
||||
cp -p /opt/staging/proxy.conf /etc/nginx/conf.d/proxy.conf
|
||||
cp -p /opt/staging/proxy.inc /etc/nginx/conf.d/proxy.inc
|
||||
[ -e /opt/boulder/labca/setup_complete ] && perl -i -p0e 's/\n # BEGIN temporary redirect\n location = \/ \{\n return 302 \/admin\/;\n }\n # END temporary redirect\n//igs' /etc/nginx/conf.d/labca.conf || true
|
||||
|
||||
cd /var/www/html
|
||||
|
||||
2
install
2
install
@@ -479,7 +479,7 @@ static_web() {
|
||||
[ -d /home/labca/nginx_data/conf.d ] || mkdir -p /home/labca/nginx_data/conf.d
|
||||
[ -d /home/labca/nginx_data/ssl ] || mkdir -p /home/labca/nginx_data/ssl
|
||||
cp $cloneDir/nginx.conf /home/labca/nginx_data/conf.d/labca.conf
|
||||
cp $cloneDir/proxy.conf /home/labca/nginx_data/conf.d/proxy.conf
|
||||
cp $cloneDir/proxy.inc /home/labca/nginx_data/conf.d/proxy.inc
|
||||
if [ -f "$boulderLabCADir/setup_complete" ]; then
|
||||
perl -i -p0e 's/\n # BEGIN temporary redirect\n location = \/ \{\n return 302 \/admin\/;\n }\n # END temporary redirect\n//igs' /home/labca/nginx_data/conf.d/labca.conf
|
||||
fi
|
||||
|
||||
29
nginx.conf
29
nginx.conf
@@ -1,3 +1,6 @@
|
||||
# Include any custom http context settings from custom-base.inc if that file exists
|
||||
include conf.d/custom-base[.]inc;
|
||||
|
||||
server {
|
||||
listen [::]:80 default_server ipv6only=off;
|
||||
server_name _;
|
||||
@@ -6,6 +9,9 @@ server {
|
||||
root /var/www/html;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
# Include any custom plain-HTTP server context settings from custom.inc if that file exists
|
||||
include conf.d/custom[.]inc;
|
||||
|
||||
location /admin/ {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
@@ -15,7 +21,7 @@ server {
|
||||
}
|
||||
|
||||
location /aia/issuer {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4001;
|
||||
}
|
||||
|
||||
@@ -24,7 +30,7 @@ server {
|
||||
}
|
||||
|
||||
location /ocsp {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4002/;
|
||||
}
|
||||
|
||||
@@ -48,6 +54,9 @@ server {
|
||||
root /var/www/html;
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
# Include any custom HTTPS server context settings from custom-ssl.inc if that file exists
|
||||
include conf.d/custom-ssl[.]inc;
|
||||
|
||||
location ~ ^/admin/static/(.+) {
|
||||
alias /var/www/html/$1;
|
||||
}
|
||||
@@ -57,14 +66,14 @@ server {
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_set_header X-Request-Base "/admin";
|
||||
proxy_pass http://gui:3000/;
|
||||
error_page 502 504 /502.html;
|
||||
}
|
||||
|
||||
location /admin/ws {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_set_header X-Request-Base "/admin";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
@@ -72,27 +81,27 @@ server {
|
||||
}
|
||||
|
||||
location /acme/ {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4001;
|
||||
}
|
||||
|
||||
location /directory {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4001;
|
||||
}
|
||||
|
||||
location /build {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4001;
|
||||
}
|
||||
|
||||
location /aia/issuer {
|
||||
include conf.d/proxy.conf;
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4001;
|
||||
}
|
||||
|
||||
location /ocsp/ {
|
||||
include conf.d/proxy.conf;
|
||||
location /ocsp {
|
||||
include conf.d/proxy.inc;
|
||||
proxy_pass http://boulder:4002/;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user