Playing around with a maker setup on docker compose.
Does anyone have a solid Nginx conf file they can share?
This is mine. But, I can’t get the designer to render it yet. I haven’t got it to attach to the SSL port yet either. By changing the upstream gateway port. It doesn’t work.
# Ignition server
upstream gateway {
server gateway:8088;
}
server {
listen 80;
server_name <{DOMAIN-NAME}>; # *** replace with your domain change in ssl paths too ***
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name <{your domain}>;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/<{DOMAIN-NAME}>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<{DOMAIN-NAME}>f/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /system/images/ {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /data/perspective/ {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /res/perspective/ {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /system/perspective-download/ {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /system/pws/ {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
location /system/gwinfo {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://gateway; #Use ignition container ip address
}
}
docker-compose.yml
version: '3.1'
services:
nginx:
image: nginx:1.15-alpine
restart: unless-stopped
volumes:
- ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- "80:80"
- "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
gateway:
image: kcollins/ignition:8.1.4 # You can change `latest` to a specific version, e.g. `8.0.5`
ports:
- "8088:8088"
- "8043:8043"
stop_grace_period: 30s
secrets:
- gateway-password
volumes:
# - ./gateway_backup.gwbk:/restore.gwbk
- gateway_data:/var/lib/ignition/data
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
environment:
- GATEWAY_ADMIN_PASSWORD_FILE=/run/secrets/gateway-password
- IGNITION_EDITION=maker
- IGNITION_LICENSE_KEY=<your key>
- IGNITION_ACTIVATION_TOKEN=<your token>
db:
platform: linux/x86_64
image: mysql:5.7
ports:
# Note that the 3306 port doesn't need to be published here for the gateway container to connect,
# only for external connectivity to the database.
- "3306:3306"
volumes:
- db_data:/var/lib/mysql
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
secrets:
- mysql-root-password
- mysql-password
environment:
# See https://hub.docker.com/_/mysql/ for more information
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mysql-root-password
MYSQL_DATABASE: ignition
MYSQL_USER: ignition
MYSQL_PASSWORD_FILE: /run/secrets/mysql-password
secrets:
mysql-root-password:
file: ./secrets/MYSQL_ROOT_PASSWORD
mysql-password:
file: ./secrets/MYSQL_PASSWORD
gateway-password:
file: ./secrets/GATEWAY_PASSWORD
volumes:
gateway_data:
db_data: