mirror of https://github.com/nocodb/nocodb
navi
3 years ago
committed by
GitHub
4 changed files with 107 additions and 0 deletions
@ -0,0 +1,6 @@
|
||||
# Certbot Renewal |
||||
location ^~ /.well-known/acme-challenge/ { |
||||
root /usr/share/nginx/html; |
||||
allow all; |
||||
default_type "text/plain"; |
||||
} |
@ -0,0 +1,68 @@
|
||||
version: '3.9' |
||||
|
||||
networks: |
||||
frontend: |
||||
external: false |
||||
backend: |
||||
external: false |
||||
|
||||
# This is an example setup with an Nginx reverse proxy. |
||||
# If you already have an Nginx reverse proxy running, |
||||
# then allow the docker-compose.yml to reference an external network that the reverse proxy container is on |
||||
# (in lieu of the frontend network in this file) and have the NocoDB container connect to it. |
||||
|
||||
services: |
||||
reverse_proxy: |
||||
image: nginx:alpine |
||||
container_name: reverse_proxy |
||||
volumes: |
||||
- ./certbot:/etc/letsencrypt:ro # SSL certs |
||||
- ./nginx:/etc/nginx # Nginx config file |
||||
- path/to/webroot:/usr/share/nginx/html # Mount directory web site files for webroot certificate validation with Certbot |
||||
ports: |
||||
- 80:80 |
||||
- 443:443 |
||||
restart: unless-stopped |
||||
networks: |
||||
- frontend |
||||
|
||||
certbot: |
||||
image: certbot/certbot |
||||
container_name: certbot |
||||
volumes: |
||||
- ./certbot:/etc/letsencrypt |
||||
- path/to/webroot:/var/www/html # For webroot certificate validation |
||||
depends_on: |
||||
- reverse_proxy |
||||
command: certonly --webroot --webroot-path=/var/www/html --email user@example.domain --agree-tos --no-eff-email -d example.domain,www.example.domain,nocodb.example.domain |
||||
|
||||
nocodb_app: |
||||
image: nocodb/nocodb:latest |
||||
container_name: nocodb_app |
||||
restart: unless-stopped |
||||
volumes: |
||||
- ./nocodb/data:/usr/app/data |
||||
networks: |
||||
- backend |
||||
- frontend |
||||
environment: |
||||
NC_DB: mysql2://nocodb_database:3306?u=root&p=${MYSQL_ROOT_PASSWORD}&d=${MYSQL_DATABASE} # While it is not good practice to use the Root user, there were issues with granting privileges to a new user using the Linuxserver MariaDB image. |
||||
NC_PUBLIC_URL: ${NC_PUBLIC_URL} |
||||
NC_AUTH_JWT_SECRET: ${NC_AUTH_JWT_SECRET} |
||||
depends_on: |
||||
- nocodb_database |
||||
|
||||
nocodb_database: |
||||
image: ghcr.io/linuxserver/mariadb:alpine # Using the non-official MariaDB image because it is an alpine distro and has a considerably smaller footprint. |
||||
container_name: nocodb_database |
||||
volumes: |
||||
- ./mariadb/config:/config |
||||
- ./mariadb/data:/var/lib/mysql |
||||
networks: |
||||
- backend |
||||
restart: always |
||||
environment: |
||||
- MYSQL_ROOT_PASSWORD |
||||
- MYSQL_DATABASE |
||||
- MYSQL_USER |
||||
- MYSQL_PASSWORD |
@ -0,0 +1,29 @@
|
||||
upstream nocodb { |
||||
server nocodb_app:8080; |
||||
} |
||||
|
||||
server { |
||||
server_name nocodb.example.domain; |
||||
listen 80; |
||||
listen [::]:80; |
||||
# Redirect to ssl |
||||
return 301 https://$host$request_uri; |
||||
} |
||||
|
||||
server { |
||||
server_name nocodb.example.domain; |
||||
listen 443 ssl http2; |
||||
listen [::]:443 ssl http2; |
||||
|
||||
#SSL configuration |
||||
include /etc/nginx/ssl.conf; |
||||
include /etc/nginx/certbot-challenge.conf; |
||||
|
||||
location / { |
||||
proxy_pass http://nocodb; |
||||
proxy_set_header X-Forwarded-Proto $scheme; |
||||
proxy_set_header Upgrade $http_upgrade; |
||||
proxy_set_header Connection 'upgrade'; |
||||
proxy_set_header Host $host; |
||||
} |
||||
} |
@ -0,0 +1,4 @@
|
||||
ssl_certificate /etc/letsencrypt/live/vsnt.uk/fullchain.pem; # managed by Certbot |
||||
ssl_certificate_key /etc/letsencrypt/live/vsnt.uk/privkey.pem; # managed by Certbot |
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot |
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot |
Loading…
Reference in new issue