added certbot for https

amthorn · amthorn · commit e87c1196bcad · 2021-10-26T03:40:20.000-04:00
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
-.PHONY: build
+.PHONY: build $(SERVICE)
 build:
-	docker compose -f docker-compose.yml -f docker-compose.dev.yml build
+	docker compose -f docker-compose.yml -f docker-compose.dev.yml build $(SERVICE)
 
 .PHONY: up
 up:
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -10,6 +10,11 @@ services:
         image: qutex_nginx:latest
         build:
             context: services/nginx
+        environment:
+            CERTBOT_EMAIL: avatheavian@gmail.com
+            STAGING: "1"
+            DEBUG: "1"
+            RENEWAL_INTERVAL: 8d
     bot:
         <<: *interactive
         image: qutex_bot:latest
@@ -78,6 +83,19 @@ services:
         env_file: *env_files
         ports:
             - 27017:27017
+    ####################
+    ## -- DEV ONLY -- ## ( FOR NOW )
+    ####################
+    mongo_ui:
+        image: mongo-express:latest
+        environment:
+            ME_CONFIG_MONGODB_SERVER: mongo
+            ME_CONFIG_MONGODB_ADMINUSERNAME: root
+            ME_CONFIG_MONGODB_ADMINPASSWORD_FILE: /run/secrets/mongoPassword
+        ports:
+            - 8081:8081
+        secrets:
+            - mongoPassword
 volumes:
     # ignore all css from the docker container and do not mount to my local dir
     # This is because the CSS files shouldn't be modified. Only the sass files
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -10,13 +10,23 @@ services:
         <<: *common
         image: ghcr.io/amthorn/qutex/qutex_nginx:${QUTEX_VERSION:-latest}
         depends_on:
-            - web
+            - ui
             - auth
             - projects
+            - users
+        environment:
+            CERTBOT_EMAIL: avatheavian@gmail.com
+            RENEWAL_INTERVAL: 8d
+        volumes:
+            - cert_files:/etc/letsencrypt
         ports:
             -   target: 80
                 published: 80
                 mode: host
+            -   target: 443
+                published: 443
+                mode: host
+        restart: always
     bot:
         <<: *common
         image: ghcr.io/amthorn/qutex/qutex_bot:${QUTEX_VERSION:-latest}
@@ -94,3 +104,4 @@ secrets:
         file: secrets/prod/privateKey
 volumes:
     mongo_volume:
+    cert_files:
diff --git a/services/nginx/Dockerfile b/services/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx
-COPY ./default.conf /etc/nginx/conf.d/default.conf
+FROM jonasal/nginx-certbot:latest
+COPY ./default.conf /etc/nginx/user_conf.d/default.conf
 
 HEALTHCHECK --interval=30s --start-period=5s --timeout=10s --retries=3 CMD service --status-all |& grep "\[ + \]  nginx$"
diff --git a/services/nginx/default.conf b/services/nginx/default.conf
@@ -13,8 +13,21 @@ upstream projects {
 upstream users {
     server users:4000;
 }
+
 server {
     listen 80;
+    server_name qutexbot.com www.qutexbot.com;
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name qutexbot.com www.qutexbot.com;
+    ssl_certificate /etc/letsencrypt/live/qutex/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/qutex/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/qutex/chain.pem;
 
     # React's hot reload feature requires this to work properly
     # Only necessary for development
