From 2793e24b5b53f0e0931ebad07559fdf5190ada3e Mon Sep 17 00:00:00 2001 From: muccid Date: Mon, 26 Aug 2019 09:04:47 +0300 Subject: [PATCH] Addresses comments in PR. Fixes typo in docker-compose. Changes mount of static files to RO. Adds example and brief explaination for haproxy certificates. Fixes whitespaces in nginx.conf --- examples/haproxy/README.md | 3 ++- examples/haproxy/docker-compose.yml | 4 ++-- examples/haproxy/haproxy.cfg | 1 + examples/haproxy/nginx.conf | 5 +---- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/examples/haproxy/README.md b/examples/haproxy/README.md index c19bf6d90..c1d20b0f9 100644 --- a/examples/haproxy/README.md +++ b/examples/haproxy/README.md @@ -22,4 +22,5 @@ HAproxy, unlike Apache, Nginx and others, does not provide you with a webserver * Build the Docker image. `docker build -t local/nginx .` * Start the container. `docker-compose up -d`. Note that if you want to run Nginx on a different port, you will have to change the port both in the `docker-compose.yml` and in `haproxy.cfg`. -* Start HAproxy with the proposed configuration. \ No newline at end of file +* If you don't want to use a wildcard certificate, you will need to modify the corresponding line in the HTTPS frontent and add the paths of all the specific certificates (as for the commented example in `haproxy.cfg`). +* Start HAproxy with the proposed configuration. diff --git a/examples/haproxy/docker-compose.yml b/examples/haproxy/docker-compose.yml index ea833c9b1..9177161d2 100644 --- a/examples/haproxy/docker-compose.yml +++ b/examples/haproxy/docker-compose.yml @@ -1,8 +1,8 @@ version: '3' services: - neginx: + nginx: image: local/nginx ports: - 40888:80 volumes: - - /matrix/static-files:/var/www/:rw + - /matrix/static-files:/var/www/:ro diff --git a/examples/haproxy/haproxy.cfg b/examples/haproxy/haproxy.cfg index cf0eea4df..6c75b9a6e 100644 --- a/examples/haproxy/haproxy.cfg +++ b/examples/haproxy/haproxy.cfg @@ -39,6 +39,7 @@ frontend https-frontend # HAproxy wants the full chain and the private key in one file. For Letsencrypt manually generated certs (e.g., wildcard certs) you can use # cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/certs/star-example.com.pem bind *:443 ssl crt /etc/haproxy/certs/star-example.com.pem + #bind *:443 ssl crt /etc/haproxy/certs/riot.example.com.pem /etc/haproxy/certs/matrix.example.com.pem reqadd X-Forwarded-Proto:\ https option httplog option http-server-close diff --git a/examples/haproxy/nginx.conf b/examples/haproxy/nginx.conf index 29807eecc..912e17c6c 100644 --- a/examples/haproxy/nginx.conf +++ b/examples/haproxy/nginx.conf @@ -1,5 +1,4 @@ worker_processes auto; - daemon off; events { @@ -12,7 +11,5 @@ http { listen 80; index index.html; root /var/www; - - } - + } }