Подключение ssl сертификата к домену

2025-08-14 00:25:46 +02:00 · 2024-12-26 02:00:45 +06:00
parent a1037a645b
commit 1c593c5412
2 changed files with 41 additions and 2 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,7 +23,7 @@ services:
      - "8000:8000"
    volumes:
      - ./backend:/app
-      - ./sql_app.db:/app/sql_app.db:rw  # Изменяем путь к базе данных
+      - ./sql_app.db:/app/sql_app.db:rw
    networks:
      - app-network
    restart: unless-stopped
@@ -36,13 +36,26 @@ services:
    restart: unless-stopped
    ports:
      - "80:80"
+      - "443:443"  # Добавляем порт для HTTPS
    volumes:
      - frontend_build:/usr/share/nginx/html
+      - ./docker/nginx/conf.d:/etc/nginx/conf.d
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
    networks:
      - app-network
    depends_on:
      - frontend
      - backend
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+
+  certbot:
+    image: certbot/certbot
+    container_name: support-certbot
+    volumes:
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

 networks:
  app-network:
--- a/docker/nginx/conf.d/default.conf
+++ b/docker/nginx/conf.d/default.conf
@@ -6,6 +6,22 @@ server {
    listen 80;
    server_name itformhelp.ru www.itformhelp.ru;
    
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name itformhelp.ru www.itformhelp.ru;
+    
+    ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
+    
    root /usr/share/nginx/html;
    index index.html;

@@ -13,6 +29,16 @@ server {
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
    # SPA routes
    location / {
        try_files $uri $uri/ /index.html;
@@ -37,5 +63,5 @@ server {
 server {
    listen 80;
    server_name 185.139.70.62;
-    return 301 $scheme://itformhelp.ru$request_uri;
+    return 301 https://itformhelp.ru$request_uri;
 }