Nginx: added OpenSSL for local development (#1527)

* feature(nginx): add OpenSSL

Nginx: added OpenSSL for local development (#1527)
* feature(nginx): add OpenSSL
7219b354 · Vladyslav Shchepotin · Shao Yu-Lung (Allen) · 1dac3828 · 7219b354 · 7219b354
Commit 7219b354 authored Nov 13, 2018 by Vladyslav Shchepotin Committed by Shao Yu-Lung (Allen) Nov 13, 2018
9 changed files
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -201,6 +201,7 @@ services:
        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
        - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
        - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
+        - ${NGINX_SSL_PATH}:/etc/nginx/ssl
      ports:
        - "${NGINX_HOST_HTTP_PORT}:80"
        - "${NGINX_HOST_HTTPS_PORT}:443"

--- a/env-example
+++ b/env-example
@@ -176,6 +176,7 @@ NGINX_HOST_LOG_PATH=./logs/nginx/
 NGINX_SITES_PATH=./nginx/sites/
 NGINX_PHP_UPSTREAM_CONTAINER=php-fpm
 NGINX_PHP_UPSTREAM_PORT=9000
+NGINX_SSL_PATH=./nginx/ssl/

 ### APACHE ################################################


--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -14,6 +14,7 @@ RUN if [ ${CHANGE_SOURCE} = true ]; then \

 RUN apk update \
    && apk upgrade \
+    && apk add --no-cache openssl \
    && apk add --no-cache bash \
    && adduser -D -H -u 1000 -s /bin/bash www-data

@@ -24,6 +25,7 @@ ARG PHP_UPSTREAM_PORT=9000
 RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf \
    && rm /etc/nginx/conf.d/default.conf

-CMD ["nginx"]
+ADD ./startup.sh /opt/startup.sh
+CMD ["/bin/bash", "/opt/startup.sh"]

 EXPOSE 80 443
--- a/nginx/sites/app.conf.example
+++ b/nginx/sites/app.conf.example
@@ -3,6 +3,12 @@ server {
    listen 80;
    listen [::]:80;

+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
    server_name app.test;
    root /var/www/app;
    index index.php index.html index.htm;

--- a/nginx/sites/default.conf
+++ b/nginx/sites/default.conf
@@ -3,6 +3,12 @@ server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

+    # For https
+    # listen 443 ssl default_server;
+    # listen [::]:443 ssl default_server ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
    server_name localhost;
    root /var/www/public;
    index index.php index.html index.htm;

--- a/nginx/sites/laravel.conf.example
+++ b/nginx/sites/laravel.conf.example
@@ -3,6 +3,12 @@ server {
    listen 80;
    listen [::]:80;

+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
    server_name laravel.test;
    root /var/www/laravel/public;
    index index.php index.html index.htm;

--- a/nginx/sites/symfony.conf.example
+++ b/nginx/sites/symfony.conf.example
@@ -3,6 +3,12 @@ server {
    listen 80;
    listen [::]:80;

+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
    server_name symfony.test;
    root /var/www/projects/symfony/web;
    index index.php index.html index.htm;

--- a/nginx/ssl/.gitkeep
+++ b/nginx/ssl/.gitkeep
--- a/nginx/startup.sh
+++ b/nginx/startup.sh
+#!/bin/bash
+
+if [ ! -f /etc/nginx/ssl/default.crt ]; then
+    openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
+    openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
+    openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt"
+fi
+
+nginx