EvilBeaver · Berckk · Nov 18, 2019 · Nov 18, 2019 · Nov 19, 2019 · Nov 19, 2019
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,8 @@
 tmp/
 .vagrant/
 .env
+certs/
+html/
+htpasswd/
+vhost.d/
+conf.d/default.conf
diff --git a/conf.d/realip.conf b/conf.d/realip.conf
@@ -0,0 +1,57 @@
+#
+# [WARNING] To enable this files you need to uncomment USE_NGINX_CONF_FILES=true in .env file
+#
+# [WARNING] Also, read all the comments in .env about NGINX use special conf files
+#
+
+#
+# Real IP Settings
+#
+# This option get user's real ip address
+# to be fowared to your service container
+
+#
+# Basic settings
+#
+# The option 'set_real_ip_from'
+# must correspont to your docker network address
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 192.168.0.0/16;
+
+#
+# CloudFlare settings
+#
+# If you CloudFlare and want to forward the
+# user's real IP to your app services you 
+# must uncomment all lines below and be sure
+# to comment the lines of the "Basic settings"
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 104.16.0.0/12;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 131.0.72.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 2400:cb00::/32;
+set_real_ip_from 2606:4700::/32;
+set_real_ip_from 2803:f800::/32;
+set_real_ip_from 2405:b500::/32;
+set_real_ip_from 2405:8100::/32;
+set_real_ip_from 2c0f:f248::/32;
+set_real_ip_from 2a06:98c0::/29;
+
+#
+# Header for Real IP Address
+#
+real_ip_header X-Forwarded-For;
+#real_ip_header    X-Real-IP;
+real_ip_recursive on;
+
diff --git a/conf.d/servertokens.conf b/conf.d/servertokens.conf
@@ -0,0 +1,7 @@
+#
+# [WARNING] To enable this files you need to uncomment USE_NGINX_CONF_FILES=true in .env file
+#
+# [WARNING] Also, read all the comments in .env about NGINX use special conf files
+#
+
+server_tokens off;
diff --git a/conf.d/uploadsize.conf b/conf.d/uploadsize.conf
@@ -0,0 +1,7 @@
+#
+# [WARNING] To enable this files you need to uncomment USE_NGINX_CONF_FILES=true in .env file
+#
+# [WARNING] Also, read all the comments in .env about NGINX use special conf files
+#
+
+client_max_body_size 100m;
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,20 +1,73 @@
 version: '3'
 services:
+  nginx-web:
+    image: nginx
+    labels:
+        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    container_name: nginx-web
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - nginx-gen
+      - nginx-letsencrypt
+    volumes:
+      - ./conf.d:/etc/nginx/conf.d
+      - .//vhost.d:/etc/nginx/vhost.d
+      - ./html:/usr/share/nginx/html
+      - ./certs:/etc/nginx/certs:ro
+      - ./htpasswd:/etc/nginx/htpasswd:ro
+
+  nginx-gen:
+    image: jwilder/docker-gen
+    command: -notify-sighup ${NGINX_WEB:-nginx-web} -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
+    container_name: nginx-gen
+    restart: always
+    volumes:
+      - ./conf.d:/etc/nginx/conf.d
+      - ./vhost.d:/etc/nginx/vhost.d
+      - ./html:/usr/share/nginx/html
+      - ./certs:/etc/nginx/certs:ro
+      - ./htpasswd:/etc/nginx/htpasswd:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+
+  nginx-letsencrypt:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    container_name: nginx-letsencrypt
+    restart: always
+    volumes:
+      - ./conf.d:/etc/nginx/conf.d
+      - ./vhost.d:/etc/nginx/vhost.d
+      - ./html:/usr/share/nginx/html
+      - ./certs:/etc/nginx/certs:rw
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      NGINX_DOCKER_GEN_CONTAINER: nginx-gen
+      NGINX_PROXY_CONTAINER: nginx-web
   nginx:
     build: web/nginx
     image: nginx-simple
     links:
       - "jenkins"
     #  - "opm_database"
     ports:
-      - "80:80"
+      - "80"
     volumes:
       - web_content:/var/www/
     depends_on:
       - opm_hub
       - site
       - site-dev
-
+      - nginx-web
+      - nginx-gen
+      - nginx-letsencrypt
+    environment:
+      - VIRTUAL_HOST=oscript.io
+      - LETSENCRYPT_HOST=oscript.io
+      - [email protected]
+
   site:
     build: web/site
     image: site_osweb
@@ -61,6 +114,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - jenkins_home:/var/jenkins_home
       - web_content:/var/www
+
 volumes:
   web_content:
   jenkins_home: