mirror of
https://github.com/cupcakearmy/cryptgeon.git
synced 2024-12-22 08:16:28 +00:00
examples on deployment
This commit is contained in:
parent
a78ec72687
commit
19cd9b8507
43
README.md
43
README.md
@ -40,6 +40,8 @@ each note has a 512bit generated <i>id</i> that is used to retrieve the note. da
|
||||
|
||||
ℹ️ `https` is required otherwise browsers will not support the cryptographic functions.
|
||||
|
||||
### Docker
|
||||
|
||||
Docker is the easiest way. There is the [official image here](https://hub.docker.com/r/cupcakearmy/cryptgeon).
|
||||
|
||||
```yaml
|
||||
@ -60,6 +62,47 @@ services:
|
||||
- 80:5000
|
||||
```
|
||||
|
||||
### NGINX Proxy
|
||||
|
||||
See the [examples/nginx](https://github.com/cupcakearmy/cryptgeon/tree/main/examples/nginx) folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.
|
||||
|
||||
### Traefik 2
|
||||
|
||||
Assumptions:
|
||||
|
||||
- External proxy docker network `proxy`
|
||||
- A certificate resolver `le`
|
||||
- A https entrypoint `secure`
|
||||
- Domain name `example.org`
|
||||
|
||||
```yaml
|
||||
version: '3.8'
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
services:
|
||||
memcached:
|
||||
image: memcached:1-alpine
|
||||
restart: unless-stopped
|
||||
entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
|
||||
|
||||
app:
|
||||
image: cupcakearmy/cryptgeon:latest
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- memcached
|
||||
networks:
|
||||
- default
|
||||
- proxy
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.cryptgeon.rule=Host(`example.org`)
|
||||
- traefik.http.routers.cryptgeon.entrypoints=secure
|
||||
- traefik.http.routers.cryptgeon.tls.certresolver=le
|
||||
```
|
||||
|
||||
## Development
|
||||
|
||||
1. Clone
|
||||
|
22
examples/nginx/docker-compose.yaml
Normal file
22
examples/nginx/docker-compose.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
version: '3.8'
|
||||
|
||||
services:
|
||||
memcached:
|
||||
image: memcached:1-alpine
|
||||
entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
|
||||
|
||||
app:
|
||||
image: cupcakearmy/cryptgeon:latest
|
||||
depends_on:
|
||||
- memcached
|
||||
|
||||
proxy:
|
||||
image: nginx:alpine
|
||||
depends_on:
|
||||
- app
|
||||
volumes:
|
||||
- ./nginx-plain.conf:/etc/nginx/conf.d/default.conf
|
||||
# Or with tls
|
||||
# - ./nginx-tls.conf:/etc/nginx/conf.d/default.conf
|
||||
ports:
|
||||
- 80:80
|
13
examples/nginx/nginx-plain.conf
Normal file
13
examples/nginx/nginx-plain.conf
Normal file
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
proxy_pass http://app:5000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
29
examples/nginx/nginx-tls.conf
Normal file
29
examples/nginx/nginx-tls.conf
Normal file
@ -0,0 +1,29 @@
|
||||
# You should change the server_name to something sensible.
|
||||
# Also you need to specify the path to the ssl certificates.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
|
||||
# Enforce HTTPS
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name _;
|
||||
|
||||
ssl_certificate /path/to/fullchain.pem;
|
||||
ssl_certificate_key /path/to/privkey.pem;
|
||||
ssl_trusted_certificate /path/to/fullchain.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://app:5000/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user