opt: 支持客户定义https配置文件,优化docker配置文件

src/docker-compose/docker-compose.yml

@@ -36,6 +36,7 @@ services:
     container_name: archery
     restart: always
     ports:
+      - "443:443"
       - "9123:9123"
     volumes:
       - "./archery/settings.py:/opt/archery/local_settings.py"
@@ -45,6 +46,8 @@ services:
       - "./archery/sql/migrations:/opt/archery/sql/migrations"
       - "./archery/logs:/opt/archery/logs"
       - "./archery/keys:/opt/archery/keys"
+      - "./nginx/https.conf:/etc/nginx/conf.d/https.conf"
+      - "./nginx/ssl:/etc/nginx/ssl"
     entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s /opt/archery/src/docker/startup.sh"
     env_file:
       - .env

src/docker-compose/nginx/https.conf

@@ -0,0 +1,31 @@
+server {
+    listen 443 ssl;
+    server_name  archery.your-project.com;
+    ssl_certificate /etc/nginx/ssl/STAR_internal-project_com.crt;
+    ssl_certificate_key /etc/nginx/ssl/STAR_internal-project_com.key;
+    ssl_session_timeout  5m;
+    client_max_body_size 20M;
+    proxy_read_timeout 600s;
+
+    location / {
+        proxy_pass http://127.0.0.1:8888;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /static {
+      alias /opt/archery/static;
+    }
+
+    error_page 404 /404.html;
+        location = /40x.html {
+    }
+
+    error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+    }
+
+}

src/docker/Dockerfile

@@ -12,6 +12,7 @@ RUN cd /opt \
     && pip3 install -r /opt/archery/requirements.txt \
     && pip3 install "redis>=4.1.0" \
     && cp -f /opt/archery/src/docker/nginx.conf /etc/nginx/ \
+    && cp -f /opt/archery/src/docker/http.conf /etc/nginx/conf.d/ \
     && cp -f /opt/archery/src/docker/supervisord.conf /etc/ \
     && mv /opt/sqladvisor /opt/archery/src/plugins/ \
     && mv /opt/soar /opt/archery/src/plugins/ \
@@ -21,7 +22,7 @@ RUN cd /opt \
     && rm -rf ~/.cache
 
 #port
-EXPOSE 9123
+EXPOSE 443 9123 8888
 
 #start service
 ENTRYPOINT bash /opt/archery/src/docker/startup.sh && bash

src/docker/http.conf

@@ -0,0 +1,27 @@
+server{
+    listen 9123; #监听的端口
+    server_name archery;
+    client_max_body_size 20M;
+    proxy_read_timeout 600s;
+
+    location / {
+      proxy_pass http://127.0.0.1:8888;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /static {
+      alias /opt/archery/static;
+    }
+
+    error_page 404 /404.html;
+        location = /40x.html {
+    }
+
+    error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+    }
+}

src/docker/nginx.conf

@@ -36,34 +36,6 @@ http {
     # for more information.
     include /etc/nginx/conf.d/*.conf;
 
-    server{
-        listen 9123; #监听的端口
-        server_name archery;
-        client_max_body_size 20M;
-        proxy_read_timeout 600s;
-
-        location / {
-          proxy_pass http://127.0.0.1:8888;
-          proxy_set_header Host $host;
-          proxy_set_header X-Forwarded-Host  $host:nginx_port;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-        }
-
-        location /static {
-          alias /opt/archery/static;
-        }
-
-        error_page 404 /404.html;
-            location = /40x.html {
-        }
-
-        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
-        }
-    }
-
 # Settings for a TLS enabled server.
 #
 #    server {