강동현 / nodejs-game

Go to a project
Toggle navigation Toggle navigation pinning
강동현
c0693d20 1 parent 88e1d780
Builds for 1 pipeline failed in 1 minute 15 seconds

인증서 파일을 환경변수를 사용하도록 변경

Inline Side-by-side
Showing 4 changed files with 27 additions and 13 deletions
...@@ -10,11 +10,20 @@ services: ...@@ -10,11 +10,20 @@ services:
10 - "3000:3000" 10 - "3000:3000"
11 volumes: 11 volumes:
12 - /etc/letsencrypt:/etc/letsencrypt 12 - /etc/letsencrypt:/etc/letsencrypt
13 + environment:
14 + - SSL_CERT={SSL_CERT}
15 + - SSL_KEY={SSL_KEY}
16 + - SSL_CA={SSL_CA}
13 17
14 web: 18 web:
15 build: 19 build:
16 context: . 20 context: .
17 dockerfile: ./web/Dockerfile 21 dockerfile: ./web/Dockerfile
22 + args:
23 + - HOST={HOST}
24 + - SSL_CERT={SSL_CERT}
25 + - SSL_KEY={SSL_KEY}
26 + - SSL_CA={SSL_CA}
18 restart: unless-stopped 27 restart: unless-stopped
19 ports: 28 ports:
20 - "443:443" 29 - "443:443"
......
...@@ -23,15 +23,9 @@ export class Server { ...@@ -23,15 +23,9 @@ export class Server {
23 } else { 23 } else {
24 server = createServerHttps( 24 server = createServerHttps(
25 { 25 {
26 - cert: readFileSync( 26 + cert: readFileSync(process.env.SSL_CERT as string),
27 - "/etc/letsencrypt/live/2020105578.oss2021.tk/cert.pem" 27 + key: readFileSync(process.env.SSL_KEY as string),
28 - ), 28 + ca: readFileSync(process.env.SSL_CA as string),
29 - key: readFileSync(
30 - "/etc/letsencrypt/live/2020105578.oss2021.tk/privkey.pem"
31 - ),
32 - ca: readFileSync(
33 - "/etc/letsencrypt/live/2020105578.oss2021.tk/fullchain.pem"
34 - ),
35 }, 29 },
36 app 30 app
37 ); 31 );
......
...@@ -16,7 +16,18 @@ RUN yarn build ...@@ -16,7 +16,18 @@ RUN yarn build
16 16
17 FROM nginx:latest 17 FROM nginx:latest
18 18
19 -COPY web/default.conf /etc/nginx/conf.d/default.conf 19 +ARG HOST
20 +ENV HOST ${HOST}
21 +ARG SSL_CERT
22 +ENV SSL_CERT ${SSL_CERT}
23 +ARG SSL_KEY
24 +ENV SSL_KEY ${SSL_KEY}}
25 +ARG SSL_CA
26 +ENV SSL_CA ${SSL_CA}}
27 +
28 +COPY web/default.conf /etc/nginx/conf.d/default_temp
29 +RUN envsubst < /etc/nginx/conf.d/default_temp > /etc/nginx/conf.d/default.conf
30 +
20 COPY --from=build /usr/web/build /usr/web/build 31 COPY --from=build /usr/web/build /usr/web/build
21 32
22 EXPOSE 443 33 EXPOSE 443
......
...@@ -5,10 +5,10 @@ server { ...@@ -5,10 +5,10 @@ server {
5 5
6 server { 6 server {
7 listen 443 ssl default_server; 7 listen 443 ssl default_server;
8 - server_name 2020105578.oss2021.tk; 8 + server_name $HOST;
9 9
10 - ssl_certificate /etc/letsencrypt/live/2020105578.oss2021.tk/fullchain.pem; 10 + ssl_certificate $SSL_CA;
11 - ssl_certificate_key /etc/letsencrypt/live/2020105578.oss2021.tk/privkey.pem; 11 + ssl_certificate_key $SSL_KEY;
12 12
13 location / { 13 location / {
14 root /usr/web/build; 14 root /usr/web/build;
......