From 33a2253e3db66a1ebea7599c09e3653b78d81106 Mon Sep 17 00:00:00 2001 From: mohd Date: Tue, 14 May 2024 16:59:00 +0300 Subject: [PATCH] added https support --- docker-compose.yml | 1 + docker_ctl.sh | 2 +- hm_nginx/conf/hm_nginx.conf | 128 +++++++++++++----------------------- 3 files changed, 48 insertions(+), 83 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ec26165..c185082 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,5 +21,6 @@ services: - 1119:1119 - 3724:3724 - 80:80 + - 443:443 - 9002:9002 - 8081:8081 diff --git a/docker_ctl.sh b/docker_ctl.sh index d06a643..6af1900 100644 --- a/docker_ctl.sh +++ b/docker_ctl.sh @@ -13,7 +13,7 @@ case $1 in $CMD /bin/bash -c 'cd /app/hm_stud && make && rm -rf cert/test* && cd cert && sh gen_cert.sh' $CMD make -C /app/hm_gameserver $CMD make -C /app/hm_lobbyserver - $CMD /bin/bash -c 'cd /app/hm_nginx && sed "s@\/usr\/local\/web@$(pwd)\/..\/hm_web\/@" conf/hm_nginx.conf > conf/nginx.conf && ./configure && make && make install' + $CMD /bin/bash -c 'cd /app/hm_nginx && sed "s@\/usr\/local\/web@$(pwd)\/..\/hm_web\/@" conf/hm_nginx.conf > conf/nginx.conf && ./configure --with-http_ssl_module && make && make install' $CMD /bin/bash -c 'cd /app/hm_sunwell/examples && npm install' ;; build_client) diff --git a/hm_nginx/conf/hm_nginx.conf b/hm_nginx/conf/hm_nginx.conf index 7de12b2..c405167 100644 --- a/hm_nginx/conf/hm_nginx.conf +++ b/hm_nginx/conf/hm_nginx.conf @@ -32,76 +32,14 @@ http { #gzip on; - server { - listen 80; - server_name localhost; + server { + listen 80; + server_name hsmod.xyz www.hsmod.xyz; # Change to your actual domain - #charset koi8-r; - - #access_log logs/host.access.log main; - - location / { - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param CONTENT_TYPE $content_type; - fastcgi_param CONTENT_LENGTH $content_length; - fastcgi_param GATEWAY_INTERFACE CGI/1.1; - fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - fastcgi_param REMOTE_ADDR $remote_addr; - fastcgi_param REMOTE_PORT $remote_port; - fastcgi_param SERVER_ADDR $server_addr; - fastcgi_param SERVER_PORT $server_port; - fastcgi_param SERVER_NAME $server_name; - fastcgi_param SERVER_PROTOCOL $server_protocol; - fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_script_name; - fastcgi_pass 127.0.0.1:9002; - } - - location /static/ { - root /usr/local/web; - if (-f $request_filename) { - rewrite ^/static/(.*)$ /static/$1 break; - } - } - #location / { - # root html; - # index index.html index.htm; - #} - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} + location / { + return 301 https://$host$request_uri; } - +} # another virtual host using mix of IP-, name-, and port-based configuration # @@ -119,23 +57,49 @@ http { # HTTPS server # - #server { - # listen 443 ssl; - # server_name localhost; +server { + listen 443 ssl; + server_name hsmod.xyx www.hsmod.xyz; # Change to your actual domain - # ssl_certificate cert.pem; - # ssl_certificate_key cert.key; + ssl_certificate /app/letsencrypt/fullchain.pem; # Path to fullchain.pem + ssl_certificate_key /app/letsencrypt/privkey.pem; # Path to privkey.pem - # ssl_session_cache shared:SSL:1m; - # ssl_session_timeout 5m; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; - # ssl_ciphers HIGH:!aNULL:!MD5; - # ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + ssl_dhparam /app/letsencrypt/ssl-dhparams.pem; - # location / { - # root html; - # index index.html index.htm; - # } - #} + # FastCGI settings retained from your original config + location / { + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_script_name; + fastcgi_pass 127.0.0.1:9002; + } + # Setup for serving static files + location /static/ { + root /app/hm_nginx/../hm_web/; + try_files $uri $uri/ =404; + } + + # Error pages configuration + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } } +} \ No newline at end of file