mirror of
https://github.com/azaion/admin.git
synced 2026-04-22 11:26:34 +00:00
add docker, deploy
This commit is contained in:
Alex Bezdieniezhnykh
+92
@@ -0,0 +1,92 @@
|
||||
#!/bin/sh
|
||||
|
||||
apt install -y docker.io apache2-utils certbot python3-certbot-nginx nginx
|
||||
docker run -d -p 5000:5000 --name registry --restart always registry:latest
|
||||
|
||||
# create user for docker auth
|
||||
cd /etc/nginx
|
||||
mkdir auth
|
||||
cd auth
|
||||
htpasswd -c .htpasswd zxsanny
|
||||
chmod 640 .htpasswd
|
||||
chown root:www-data .htpasswd
|
||||
|
||||
# create certs
|
||||
certbot --nginx -d api.mywebsite.com
|
||||
certbot --nginx -d docker.mywebsite.com
|
||||
|
||||
cd /etc/nginx/sites-available
|
||||
tee -a docker.azaion.com << END
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name docker.azaion.com;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/docker.azaion.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/docker.azaion.com/privkey.pem;
|
||||
|
||||
location / {
|
||||
auth_basic "Registry";
|
||||
auth_basic_user_file /etc/nginx/auth/.htpasswd;
|
||||
proxy_pass http://localhost:5000;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name docker.azaion.com;
|
||||
|
||||
location / {
|
||||
auth_basic "Registry";
|
||||
auth_basic_user_file /etc/nginx/auth/.htpasswd;
|
||||
proxy_pass http://localhost:5000;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
}
|
||||
}
|
||||
END
|
||||
ln -s /etc/nginx/sites-available/docker.azaion.com /etc/nginx/sites-enabled/
|
||||
|
||||
tee -a api.azaion.com << END
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name api.azaion.com;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:4000; # API service running on port 4000
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
proxy_set_header X-Forwarded-Port 443;
|
||||
}
|
||||
}
|
||||
|
||||
# server {
|
||||
# listen 80;
|
||||
# server_name api.azaion.com;
|
||||
|
||||
# # Redirect all HTTP requests to HTTPS
|
||||
# return 301 https://\$host\$request_uri;
|
||||
# }
|
||||
END
|
||||
ln -s /etc/nginx/sites-available/api.azaion.com /etc/nginx/sites-enabled/
|
||||
|
||||
rm ../sites-enabled/default
|
||||
nginx -t #check syntax
|
||||
systemctl restart nginx
|
||||
|
||||
|
||||
# and then from the other machine
|
||||
docker login docker.azaion.com
|
||||
# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny
|
||||
Reference in New Issue
Block a user