Commit 809da1d0 authored by Toon Claes's avatar Toon Claes 🛍

More fine-grained nginx config

And disable listening to http by default.
parent ab3d30c7
......@@ -27,7 +27,7 @@ rails-background-jobs: exec /usr/bin/env SIDEKIQ_LOG_ARGUMENTS=1 RAILS_ENV=devel
#
webpack: exec /usr/bin/env NODE_ENV=development DEV_SERVER_PORT=<%= config.webpack.port %> DEV_SERVER_HOST=$host support/exec-cd gitlab yarn dev-server
rails-web: exec /usr/bin/env RAILS_ENV=development RAILS_RELATIVE_URL_ROOT=$relative_url_root support/exec-cd gitlab bin/web start_foreground
<%= '#' unless config.gitlab_pages? %>gitlab-pages: exec gitlab-pages/bin/gitlab-pages -listen-http ":<%= config.gitlab_pages.port %>" -artifacts-server <%= config.https ? 'https' : 'http' %>://<%= config.hostname %>:<%= config.port %>/api/v4 -pages-root <%= config.gdk_root %>/gitlab/shared/pages/ -pages-domain 127.0.0.1.xip.io
<%= '#' unless config.gitlab_pages? %>gitlab-pages: exec gitlab-pages/bin/gitlab-pages -listen-http ":<%= config.gitlab_pages.port %>" -artifacts-server <%= config.protocol %>://<%= config.hostname %>:<%= config.port %>/api/v4 -pages-root <%= config.gdk_root %>/gitlab/shared/pages/ -pages-domain 127.0.0.1.xip.io
# Docker
#
......
......@@ -28,11 +28,15 @@ module GDK
read!('port') || 3000
end
https do
next true if config.auto_devops.enabled
read!('https_enabled') || false
https do |h|
h.enabled do
next true if config.auto_devops.enabled
read!('https_enabled') || false
end
end
protocol { config.https? ? 'https' : 'http' }
relative_url_root { read!('relative_url_root') || nil }
username { cmd!('whoami') }
......@@ -101,8 +105,16 @@ module GDK
nginx do |n|
n.enabled false
n.bin { cmd!('which nginx') }
n.bin { find_executable!('nginx') || '/usr/sbin/nginx' }
n.workhorse_port 3333
n.ssl do |s|
s.certificate 'localhost.crt'
s.key 'localhost.key'
end
n.http do |h|
h.enabled false
h.port 80
end
end
postgresql do |p|
......
......@@ -37,12 +37,12 @@ http {
'' close;
}
<% if config.https %>
<% if config.https? %>
server {
listen <%= config.hostname %>:<%= config.port %> ssl;
ssl_certificate <%= config.gdk_root %>/<%= config.hostname %>+3.pem;
ssl_certificate_key <%= config.gdk_root %>/<%= config.hostname %>+3-key.pem;
ssl_certificate <%= config.gdk_root %>/<%= config.nginx.ssl.certificate %>;
ssl_certificate_key <%= config.gdk_root %>/<%= config.nginx.ssl.key %>;
location / {
proxy_set_header Host $http_host;
......@@ -58,10 +58,12 @@ http {
}
}
<% if config.nginx.http? %>
server {
listen <%= config.hostname %>:80;
listen <%= config.hostname %>:<%= config.nginx.http.port %>;
return 301 https://$host$request_uri;
}
<% end %>
<% end %>
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment