Commit 2a934f44
Changed files (7)
config/nginx.conf
@@ -0,0 +1,78 @@
+user root;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 8096;
+ multi_accept on;
+ use epoll;
+}
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 15;
+
+ upstream backend {
+ server web:3000 fail_timeout=0;
+ }
+
+ server {
+ listen 80 deferred;
+ add_header Strict-Transport-Security max-age=15768000;
+ server_tokens off;
+ rewrite ^ https://$server_name$request_uri? permanent;
+ }
+
+ server {
+ listen 443 default_server ssl;
+ server_tokens off;
+ root /var/www/public;
+ ssl_certificate /etc/nginx/server.crt;
+ ssl_certificate_key /etc/nginx/server.key;
+
+ ssl_session_timeout 5m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+ add_header X-Frame-Options "DENY";
+
+ try_files $uri/index.html $uri @application;
+ location ^~ /assets/ {
+ gzip_static on;
+ expires max;
+ add_header Cache-Control public;
+ }
+ location /cable {
+ proxy_pass https://backend;
+ proxy_set_header X_FORWARDED_PROTO https;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header HOST $http_host;
+ proxy_set_header X-Url-Scheme $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+ location @application {
+ proxy_set_header X_FORWARDED_PROTO https;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header HOST $http_host;
+ proxy_set_header X-Url-Scheme $scheme;
+ proxy_redirect off;
+ proxy_pass https://backend;
+ }
+
+ error_page 500 502 503 504 /500.html;
+ keepalive_timeout 10;
+ }
+}
config/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiYCCQClkhYcdoj8ZjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJB
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMRowGAYDVQQDExFzdHJvbmdsaWZ0ZXJzLmRldjAeFw0xNzAxMTcw
+NDM1MjlaFw0xODAxMTcwNDM1MjlaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
+b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
+BgNVBAMTEXN0cm9uZ2xpZnRlcnMuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAtRNFlGqH+HP0eK/FKLA7/Yn4+67lD3I8dNUgLrc269QEpwO7vb9U
+Z8OZMpkAVoZOn+ueG0CUeHpXUKR6DZ6BZ2qsh10GQaQBub6LT3zsG6giaZlVnqbe
+uX2ZxiqNANvwDHTc5KuQ4iAkYPyMXv0rACADcvVw+3La7vGfE+sLjle4rAqAiXnC
+g8pce6BJ3sUkhQ255OeXepuEHPYyxZCqaulaMA10akQ5TT6JIICpw8skOziICQrx
+u5L8KX1vd6ZXklh0UvRstEYr69a44xCIRQnAmM0K4n9/zwuiZorzvyD92as5dBd7
+lkhfgwbFaZnLKvdusv/b+WEs29X+5QOnrQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCFxIEV5K6s7J5YIxOuGbsiePTEyQGxcOxchuDF/EDpvG6AdfU+hsY5a42d28Pf
+a+2SVH5df89QqaaupeMl6Sb9Yb4IwzNcVccRo0rWX6G4nCbVTi4S3rY5I2dPu1+E
+h7KhzKi8qHKk30m66oqXkRDR0j1mGyEEvA8cMhdKXB9T4x7/bL4qgiky9QunxZEF
+ShMz5k7oBTWWz7i1g9HVSF0DVdOCEpmW3MaX3qezu/e/S6O6ZeG/fXwPzAvTmDX5
+kZWqE3QmQ7kBsoytmXQCJbrfh66cIklKoTWj8Yq+snJvJgBKYPVu6jIdI66XmwzP
+ed8z+iPSl00jLul1rTLjAdLn
+-----END CERTIFICATE-----
config/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICpjCCAY4CAQAwYTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEaMBgGA1UEAxMRc3Ry
+b25nbGlmdGVycy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1
+E0WUaof4c/R4r8UosDv9ifj7ruUPcjx01SAutzbr1ASnA7u9v1Rnw5kymQBWhk6f
+654bQJR4eldQpHoNnoFnaqyHXQZBpAG5votPfOwbqCJpmVWept65fZnGKo0A2/AM
+dNzkq5DiICRg/Ixe/SsAIANy9XD7ctru8Z8T6wuOV7isCoCJecKDylx7oEnexSSF
+Dbnk55d6m4Qc9jLFkKpq6VowDXRqRDlNPokggKnDyyQ7OIgJCvG7kvwpfW93pleS
+WHRS9Gy0Rivr1rjjEIhFCcCYzQrif3/PC6JmivO/IP3Zqzl0F3uWSF+DBsVpmcsq
+926y/9v5YSzb1f7lA6etAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAg7EDHTbo
+HJJ1z/ecGmYmBtwiCqwmFSVqPNDJQHh75aw/FFXFjnpob8Czcn9YF/zzMHWfMDlc
+OaqykWaomsYi0PqoDS/QM7e/GtfmWhwnStC8o1R+soxqaubNakNDh5R5TWfpdkHA
+L2lWchgpbCtOFCbIbIa15GqRrHSKwE30gQ9GPu+lWEzbPEjnYJ2ay5lLl6lRS9K9
+rfokL93Nn4fXzlwmd5H1I7rHHooZzvl2WuHV+Vvq5RMZr7p7AGp5HBcfyt1S4XJn
+E4cLPdhrKNqcXtarNBYZTjV2CxgSdXtX07bncys45Y1Ui6/ylxPiA3bgjjuFqFTB
+5pDUkA5IelINMA==
+-----END CERTIFICATE REQUEST-----
config/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtRNFlGqH+HP0eK/FKLA7/Yn4+67lD3I8dNUgLrc269QEpwO7
+vb9UZ8OZMpkAVoZOn+ueG0CUeHpXUKR6DZ6BZ2qsh10GQaQBub6LT3zsG6giaZlV
+nqbeuX2ZxiqNANvwDHTc5KuQ4iAkYPyMXv0rACADcvVw+3La7vGfE+sLjle4rAqA
+iXnCg8pce6BJ3sUkhQ255OeXepuEHPYyxZCqaulaMA10akQ5TT6JIICpw8skOziI
+CQrxu5L8KX1vd6ZXklh0UvRstEYr69a44xCIRQnAmM0K4n9/zwuiZorzvyD92as5
+dBd7lkhfgwbFaZnLKvdusv/b+WEs29X+5QOnrQIDAQABAoIBACMwW5U8HrBp2Fib
+z/TYStA6v+gpVNprmNQbluV9NW8fBMhwMUvuoriHin4KvcYS07TAVTl2k2PWYqGJ
+VS7QXtV6JY0oxs560NsH7IrF/Bxj0Ew1QC5Uv3PMtNWN71j7ZOsGyualcMKA/JDc
+g2rySCj+D62HhS1YZLOKwR9dziEbFuZ4mPykemGocUIET6J68AgRIhM/S9VO6/x2
+4St+LiNjfsT0Ps2p7nZhyb5r+sV/Ii8HzK/P1uNrbbBbF8p4UlfpMw4LsNXAUABM
+wjaQT8cIV58t1woIrmauUc20V8DxFsXXlCnYAT0ggnpJR0of3X1gbr2L7U0JTYic
+CTkjwQECgYEA7tL7nQeLMQwzhxJD41Ygn04slHi2wQ0sjZESMUKbKjKaPlP9SKvn
+kw+t3a//4r1fViUA0/2DsBHo3aR1W1W6AQicuZIrBgvIJYPLTstSvZsb/EFXY+40
+jSHfm8mV9DEcGvU7TUj2IK+AUA3HbhZg7/Ynz0Ta6LWhTHklZeQsxrMCgYEAwhkR
+ePMwW1BL1yGHyM8vFTwAdbyQsf5DMsem8qt+okdkSqUB8dDW8DQ7wzv3RBnXEVb7
+U7syN6Cc6TerSrGuApf5QgEiL/SwuTVLr35ImU9kyfq6B5ma29rn/vl043f41OyC
+skAcoTsB9TDUiRseVNRe0P+eTNAo1HKT8A4WCB8CgYEAsV2/wD96AFMvcYD/Kjcs
+wyMruJhuIbHHBNxYxnzQ/+XU57U4xl/k/DMIzTuIrrw1saSJmOcOhhTG/NTG0643
+Fc1vl+IWUccuPa5Dr6ERMf+gKRfd7zlZjfc6OljcJR7T4LF/+UXWhS/R+6JAGmJE
+W/JUXnqkmW9K+6B9Rc7P8kECgYA6UWPhjlgKJ58R3V455J5F6AhPV7+16ypvmHM9
+2G8s/PxSPS/PYyshcuA98ceCa60l5ZeP+d/FvPlITVSnFamt19GplkOaWw+6Jhw+
+d1gC0Er9MNsyK2HPCv/HqVYIfmSCPSmruv2fJ+aXr/s70q0TWde/Pf5nH+gUpPR0
+HRdbiwKBgQDJUSgsm4zo8jRjvq5YB7qz4m+6tpayE4x1vfX/dvZphK4pWYEmcqIw
+HPDMA/BaPYnlbMOz8rgahn7VQ0Nhdv0r0cvc8IOKzvfWcbTkaroKWiUiOeChJX8j
+zQdU0bkivMsAJdhr1nBB1Jy+LT187Wt0Quhr3vp3+pGr5TTiPrY5+Q==
+-----END RSA PRIVATE KEY-----
config/server.pem
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiYCCQClkhYcdoj8ZjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJB
+VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMRowGAYDVQQDExFzdHJvbmdsaWZ0ZXJzLmRldjAeFw0xNzAxMTcw
+NDM1MjlaFw0xODAxMTcwNDM1MjlaMGExCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
+b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAY
+BgNVBAMTEXN0cm9uZ2xpZnRlcnMuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAtRNFlGqH+HP0eK/FKLA7/Yn4+67lD3I8dNUgLrc269QEpwO7vb9U
+Z8OZMpkAVoZOn+ueG0CUeHpXUKR6DZ6BZ2qsh10GQaQBub6LT3zsG6giaZlVnqbe
+uX2ZxiqNANvwDHTc5KuQ4iAkYPyMXv0rACADcvVw+3La7vGfE+sLjle4rAqAiXnC
+g8pce6BJ3sUkhQ255OeXepuEHPYyxZCqaulaMA10akQ5TT6JIICpw8skOziICQrx
+u5L8KX1vd6ZXklh0UvRstEYr69a44xCIRQnAmM0K4n9/zwuiZorzvyD92as5dBd7
+lkhfgwbFaZnLKvdusv/b+WEs29X+5QOnrQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCFxIEV5K6s7J5YIxOuGbsiePTEyQGxcOxchuDF/EDpvG6AdfU+hsY5a42d28Pf
+a+2SVH5df89QqaaupeMl6Sb9Yb4IwzNcVccRo0rWX6G4nCbVTi4S3rY5I2dPu1+E
+h7KhzKi8qHKk30m66oqXkRDR0j1mGyEEvA8cMhdKXB9T4x7/bL4qgiky9QunxZEF
+ShMz5k7oBTWWz7i1g9HVSF0DVdOCEpmW3MaX3qezu/e/S6O6ZeG/fXwPzAvTmDX5
+kZWqE3QmQ7kBsoytmXQCJbrfh66cIklKoTWj8Yq+snJvJgBKYPVu6jIdI66XmwzP
+ed8z+iPSl00jLul1rTLjAdLn
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtRNFlGqH+HP0eK/FKLA7/Yn4+67lD3I8dNUgLrc269QEpwO7
+vb9UZ8OZMpkAVoZOn+ueG0CUeHpXUKR6DZ6BZ2qsh10GQaQBub6LT3zsG6giaZlV
+nqbeuX2ZxiqNANvwDHTc5KuQ4iAkYPyMXv0rACADcvVw+3La7vGfE+sLjle4rAqA
+iXnCg8pce6BJ3sUkhQ255OeXepuEHPYyxZCqaulaMA10akQ5TT6JIICpw8skOziI
+CQrxu5L8KX1vd6ZXklh0UvRstEYr69a44xCIRQnAmM0K4n9/zwuiZorzvyD92as5
+dBd7lkhfgwbFaZnLKvdusv/b+WEs29X+5QOnrQIDAQABAoIBACMwW5U8HrBp2Fib
+z/TYStA6v+gpVNprmNQbluV9NW8fBMhwMUvuoriHin4KvcYS07TAVTl2k2PWYqGJ
+VS7QXtV6JY0oxs560NsH7IrF/Bxj0Ew1QC5Uv3PMtNWN71j7ZOsGyualcMKA/JDc
+g2rySCj+D62HhS1YZLOKwR9dziEbFuZ4mPykemGocUIET6J68AgRIhM/S9VO6/x2
+4St+LiNjfsT0Ps2p7nZhyb5r+sV/Ii8HzK/P1uNrbbBbF8p4UlfpMw4LsNXAUABM
+wjaQT8cIV58t1woIrmauUc20V8DxFsXXlCnYAT0ggnpJR0of3X1gbr2L7U0JTYic
+CTkjwQECgYEA7tL7nQeLMQwzhxJD41Ygn04slHi2wQ0sjZESMUKbKjKaPlP9SKvn
+kw+t3a//4r1fViUA0/2DsBHo3aR1W1W6AQicuZIrBgvIJYPLTstSvZsb/EFXY+40
+jSHfm8mV9DEcGvU7TUj2IK+AUA3HbhZg7/Ynz0Ta6LWhTHklZeQsxrMCgYEAwhkR
+ePMwW1BL1yGHyM8vFTwAdbyQsf5DMsem8qt+okdkSqUB8dDW8DQ7wzv3RBnXEVb7
+U7syN6Cc6TerSrGuApf5QgEiL/SwuTVLr35ImU9kyfq6B5ma29rn/vl043f41OyC
+skAcoTsB9TDUiRseVNRe0P+eTNAo1HKT8A4WCB8CgYEAsV2/wD96AFMvcYD/Kjcs
+wyMruJhuIbHHBNxYxnzQ/+XU57U4xl/k/DMIzTuIrrw1saSJmOcOhhTG/NTG0643
+Fc1vl+IWUccuPa5Dr6ERMf+gKRfd7zlZjfc6OljcJR7T4LF/+UXWhS/R+6JAGmJE
+W/JUXnqkmW9K+6B9Rc7P8kECgYA6UWPhjlgKJ58R3V455J5F6AhPV7+16ypvmHM9
+2G8s/PxSPS/PYyshcuA98ceCa60l5ZeP+d/FvPlITVSnFamt19GplkOaWw+6Jhw+
+d1gC0Er9MNsyK2HPCv/HqVYIfmSCPSmruv2fJ+aXr/s70q0TWde/Pf5nH+gUpPR0
+HRdbiwKBgQDJUSgsm4zo8jRjvq5YB7qz4m+6tpayE4x1vfX/dvZphK4pWYEmcqIw
+HPDMA/BaPYnlbMOz8rgahn7VQ0Nhdv0r0cvc8IOKzvfWcbTkaroKWiUiOeChJX8j
+zQdU0bkivMsAJdhr1nBB1Jy+LT187Wt0Quhr3vp3+pGr5TTiPrY5+Q==
+-----END RSA PRIVATE KEY-----
docker-compose.yml
@@ -1,10 +1,20 @@
version: '2'
services:
+ www1:
+ image: nginx:latest
+ volumes:
+ - ./config/nginx.conf:/etc/nginx/nginx.conf
+ - ./public:/var/www/public
+ - ./config/server.crt:/etc/nginx/server.crt
+ - ./config/server.key:/etc/nginx/server.key
+ links:
+ - web
+ ports:
+ - "80:80"
+ - "443:443"
web:
build: .
command: bundle exec foreman start web
- ports:
- - "3000:3000"
volumes:
- .:/app
links:
Procfile
@@ -1,2 +1,2 @@
worker: bundle exec rake jobs:work
-web: bundle exec rails server -b 0.0.0.0
+web: bundle exec puma -b 'ssl://0.0.0.0:3000?key=config/server.key&cert=config/server.crt' config.ru