mirror of https://github.com/nocodb/nocodb
Browse Source
Thanks to an end user who sent this. Signed-off-by: Naveen MR <oof1lab@gmail.com>pull/1298/head
Naveen MR
3 years ago
4 changed files with 107 additions and 0 deletions
@ -0,0 +1,6 @@ |
|||||||
|
# Certbot Renewal |
||||||
|
location ^~ /.well-known/acme-challenge/ { |
||||||
|
root /usr/share/nginx/html; |
||||||
|
allow all; |
||||||
|
default_type "text/plain"; |
||||||
|
} |
@ -0,0 +1,68 @@ |
|||||||
|
version: '3.9' |
||||||
|
|
||||||
|
networks: |
||||||
|
frontend: |
||||||
|
external: false |
||||||
|
backend: |
||||||
|
external: false |
||||||
|
|
||||||
|
# This is an example setup with an Nginx reverse proxy. |
||||||
|
# If you already have an Nginx reverse proxy running, |
||||||
|
# then allow the docker-compose.yml to reference an external network that the reverse proxy container is on |
||||||
|
# (in lieu of the frontend network in this file) and have the NocoDB container connect to it. |
||||||
|
|
||||||
|
services: |
||||||
|
reverse_proxy: |
||||||
|
image: nginx:alpine |
||||||
|
container_name: reverse_proxy |
||||||
|
volumes: |
||||||
|
- ./certbot:/etc/letsencrypt:ro # SSL certs |
||||||
|
- ./nginx:/etc/nginx # Nginx config file |
||||||
|
- path/to/webroot:/usr/share/nginx/html # Mount directory web site files for webroot certificate validation with Certbot |
||||||
|
ports: |
||||||
|
- 80:80 |
||||||
|
- 443:443 |
||||||
|
restart: unless-stopped |
||||||
|
networks: |
||||||
|
- frontend |
||||||
|
|
||||||
|
certbot: |
||||||
|
image: certbot/certbot |
||||||
|
container_name: certbot |
||||||
|
volumes: |
||||||
|
- ./certbot:/etc/letsencrypt |
||||||
|
- path/to/webroot:/var/www/html # For webroot certificate validation |
||||||
|
depends_on: |
||||||
|
- reverse_proxy |
||||||
|
command: certonly --webroot --webroot-path=/var/www/html --email user@example.domain --agree-tos --no-eff-email -d example.domain,www.example.domain,nocodb.example.domain |
||||||
|
|
||||||
|
nocodb_app: |
||||||
|
image: nocodb/nocodb:latest |
||||||
|
container_name: nocodb_app |
||||||
|
restart: unless-stopped |
||||||
|
volumes: |
||||||
|
- ./nocodb/data:/usr/app/data |
||||||
|
networks: |
||||||
|
- backend |
||||||
|
- frontend |
||||||
|
environment: |
||||||
|
NC_DB: mysql2://nocodb_database:3306?u=root&p=${MYSQL_ROOT_PASSWORD}&d=${MYSQL_DATABASE} # While it is not good practice to use the Root user, there were issues with granting privileges to a new user using the Linuxserver MariaDB image. |
||||||
|
NC_PUBLIC_URL: ${NC_PUBLIC_URL} |
||||||
|
NC_AUTH_JWT_SECRET: ${NC_AUTH_JWT_SECRET} |
||||||
|
depends_on: |
||||||
|
- nocodb_database |
||||||
|
|
||||||
|
nocodb_database: |
||||||
|
image: ghcr.io/linuxserver/mariadb:alpine # Using the non-official MariaDB image because it is an alpine distro and has a considerably smaller footprint. |
||||||
|
container_name: nocodb_database |
||||||
|
volumes: |
||||||
|
- ./mariadb/config:/config |
||||||
|
- ./mariadb/data:/var/lib/mysql |
||||||
|
networks: |
||||||
|
- backend |
||||||
|
restart: always |
||||||
|
environment: |
||||||
|
- MYSQL_ROOT_PASSWORD |
||||||
|
- MYSQL_DATABASE |
||||||
|
- MYSQL_USER |
||||||
|
- MYSQL_PASSWORD |
@ -0,0 +1,29 @@ |
|||||||
|
upstream nocodb { |
||||||
|
server nocodb_app:8080; |
||||||
|
} |
||||||
|
|
||||||
|
server { |
||||||
|
server_name nocodb.example.domain; |
||||||
|
listen 80; |
||||||
|
listen [::]:80; |
||||||
|
# Redirect to ssl |
||||||
|
return 301 https://$host$request_uri; |
||||||
|
} |
||||||
|
|
||||||
|
server { |
||||||
|
server_name nocodb.example.domain; |
||||||
|
listen 443 ssl http2; |
||||||
|
listen [::]:443 ssl http2; |
||||||
|
|
||||||
|
#SSL configuration |
||||||
|
include /etc/nginx/ssl.conf; |
||||||
|
include /etc/nginx/certbot-challenge.conf; |
||||||
|
|
||||||
|
location / { |
||||||
|
proxy_pass http://nocodb; |
||||||
|
proxy_set_header X-Forwarded-Proto $scheme; |
||||||
|
proxy_set_header Upgrade $http_upgrade; |
||||||
|
proxy_set_header Connection 'upgrade'; |
||||||
|
proxy_set_header Host $host; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,4 @@ |
|||||||
|
ssl_certificate /etc/letsencrypt/live/vsnt.uk/fullchain.pem; # managed by Certbot |
||||||
|
ssl_certificate_key /etc/letsencrypt/live/vsnt.uk/privkey.pem; # managed by Certbot |
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot |
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot |
Loading…
Reference in new issue