From 1c0d436f5323ef91fa5e8d4284f32b1bc1605b3f Mon Sep 17 00:00:00 2001
From: Finovy Technology <devops@finovy.tech>
Date: Thu, 12 Oct 2023 14:52:57 +0800
Subject: [PATCH] =?UTF-8?q?opt:=20=E6=94=AF=E6=8C=81=E5=AE=A2=E6=88=B7?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89https=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6,?=
 =?UTF-8?q?=E4=BC=98=E5=8C=96docker=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/docker-compose/docker-compose.yml      |  3 +++
 src/docker-compose/nginx/https.conf        | 31 ++++++++++++++++++++++
 src/docker-compose/nginx/ssl/change-me.crt |  0
 src/docker-compose/nginx/ssl/change-me.key |  0
 src/docker/Dockerfile                      |  3 ++-
 src/docker/http.conf                       | 27 +++++++++++++++++++
 src/docker/nginx.conf                      | 28 -------------------
 7 files changed, 63 insertions(+), 29 deletions(-)
 create mode 100644 src/docker-compose/nginx/https.conf
 create mode 100644 src/docker-compose/nginx/ssl/change-me.crt
 create mode 100644 src/docker-compose/nginx/ssl/change-me.key
 create mode 100644 src/docker/http.conf

diff --git a/src/docker-compose/docker-compose.yml b/src/docker-compose/docker-compose.yml
index 0daa364e6c..c31b2ff15b 100644
--- a/src/docker-compose/docker-compose.yml
+++ b/src/docker-compose/docker-compose.yml
@@ -36,6 +36,7 @@ services:
     container_name: archery
     restart: always
     ports:
+      - "443:443"
       - "9123:9123"
     volumes:
       - "./archery/settings.py:/opt/archery/local_settings.py"
@@ -45,6 +46,8 @@ services:
       - "./archery/sql/migrations:/opt/archery/sql/migrations"
       - "./archery/logs:/opt/archery/logs"
       - "./archery/keys:/opt/archery/keys"
+      - "./nginx/https.conf:/etc/nginx/conf.d/https.conf"
+      - "./nginx/ssl:/etc/nginx/ssl"
     entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s /opt/archery/src/docker/startup.sh"
     env_file:
       - .env
diff --git a/src/docker-compose/nginx/https.conf b/src/docker-compose/nginx/https.conf
new file mode 100644
index 0000000000..84b1a595a1
--- /dev/null
+++ b/src/docker-compose/nginx/https.conf
@@ -0,0 +1,31 @@
+server {
+    listen 443 ssl;
+    server_name  archery.your-project.com;
+    ssl_certificate /etc/nginx/ssl/STAR_internal-project_com.crt;
+    ssl_certificate_key /etc/nginx/ssl/STAR_internal-project_com.key;
+    ssl_session_timeout  5m;
+    client_max_body_size 20M;
+    proxy_read_timeout 600s;
+
+    location / {
+        proxy_pass http://127.0.0.1:8888;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /static {
+      alias /opt/archery/static;
+    }
+
+    error_page 404 /404.html;
+        location = /40x.html {
+    }
+
+    error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+    }
+
+}
\ No newline at end of file
diff --git a/src/docker-compose/nginx/ssl/change-me.crt b/src/docker-compose/nginx/ssl/change-me.crt
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/docker-compose/nginx/ssl/change-me.key b/src/docker-compose/nginx/ssl/change-me.key
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/docker/Dockerfile b/src/docker/Dockerfile
index 236ca05e91..2c71ec26ee 100644
--- a/src/docker/Dockerfile
+++ b/src/docker/Dockerfile
@@ -12,6 +12,7 @@ RUN cd /opt \
     && pip3 install -r /opt/archery/requirements.txt \
     && pip3 install "redis>=4.1.0" \
     && cp -f /opt/archery/src/docker/nginx.conf /etc/nginx/ \
+    && cp -f /opt/archery/src/docker/http.conf /etc/nginx/conf.d/ \
     && cp -f /opt/archery/src/docker/supervisord.conf /etc/ \
     && mv /opt/sqladvisor /opt/archery/src/plugins/ \
     && mv /opt/soar /opt/archery/src/plugins/ \
@@ -21,7 +22,7 @@ RUN cd /opt \
     && rm -rf ~/.cache
 
 #port
-EXPOSE 9123
+EXPOSE 443 9123 8888
 
 #start service
 ENTRYPOINT bash /opt/archery/src/docker/startup.sh && bash
diff --git a/src/docker/http.conf b/src/docker/http.conf
new file mode 100644
index 0000000000..cb06ee55f3
--- /dev/null
+++ b/src/docker/http.conf
@@ -0,0 +1,27 @@
+server{
+    listen 9123; #监听的端口
+    server_name archery;
+    client_max_body_size 20M;
+    proxy_read_timeout 600s;
+
+    location / {
+      proxy_pass http://127.0.0.1:8888;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /static {
+      alias /opt/archery/static;
+    }
+
+    error_page 404 /404.html;
+        location = /40x.html {
+    }
+
+    error_page 500 502 503 504 /50x.html;
+        location = /50x.html {
+    }
+}
\ No newline at end of file
diff --git a/src/docker/nginx.conf b/src/docker/nginx.conf
index fe8a1e6497..be193e2ac1 100644
--- a/src/docker/nginx.conf
+++ b/src/docker/nginx.conf
@@ -36,34 +36,6 @@ http {
     # for more information.
     include /etc/nginx/conf.d/*.conf;
 
-    server{
-        listen 9123; #监听的端口
-        server_name archery;
-        client_max_body_size 20M;
-        proxy_read_timeout 600s;
-
-        location / {
-          proxy_pass http://127.0.0.1:8888;
-          proxy_set_header Host $host;
-          proxy_set_header X-Forwarded-Host  $host:nginx_port;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-        }
-
-        location /static {
-          alias /opt/archery/static;
-        }
-
-        error_page 404 /404.html;
-            location = /40x.html {
-        }
-
-        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
-        }
-    }
-
 # Settings for a TLS enabled server.
 #
 #    server {