Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 07:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

- Add optional Nginx reverse proxy config to docker-compose.yml and nginx directory.

Browse source 
Thanks to MyTheValentinus !
This commit is contained in:
Lauri Ojansivu 2018-12-28 17:26:30 +02:00
parent 76c5c283b9
commit c61e44d55b
4 changed files with 118 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
CHANGELOG.md
View file

@ -1,10 +1,14 @@
# Upcoming Wekan release
This release fixes the following bugs:
This release adds the following new features:
- docker-compose.yml back to MongoDB 3.2.21 because 3.2.22 MongoDB container does not exist yet.
- Add optional Nginx reverse proxy config to docker-compose.yml and nginx directory. Thanks to MyTheValentinus.
Thanks to GitHub user xet7 for contributions.
and fixes the following bugs:
- docker-compose.yml back to MongoDB 3.2.21 because 3.2.22 MongoDB container does not exist yet. Thanks to xet7.
Thanks to above GitHub users for their contributions.
# v1.97 2018-12-26 Wekan release

18
docker-compose.yml
View file

@ -145,6 +145,7 @@ services:
# Docker outsideport:insideport. Do not add anything extra here.
# For example, if you want to have wekan on port 3001,
# use 3001:8080 . Do not add any extra address etc here, that way it does not work.
# remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network
- 80:8080
environment:
- MONGO_URL=mongodb://wekandb:27017/wekan
@ -492,6 +493,23 @@ services:
# ...COPY CONFIG FROM ABOVE TO HERE...
#---------------------------------------------------------------------------------
# OPTIONAL NGINX CONFIG FOR REVERSE PROXY
# nginx:
# image: nginx
# container_name: nginx
# restart: always
# networks:
# - wekan-tier
# depends_on:
# - wekan
# ports:
# - 80:80
# - 443:443
# volumes:
# - ./nginx/ssl:/etc/nginx/ssl/
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf
volumes:
wekan-db:
driver: local

92
nginx/nginx.conf Normal file
View file

@ -0,0 +1,92 @@
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl;
if ($scheme = http) {
rewrite ^ https://$host$request_uri? permanent;
}
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ecdh_curve sect571r1:secp521r1:brainpoolP512r1:secp384r1;
add_header Strict-Transport-Security "max-age=31536000; preload";
# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy "same-origin";
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
location / {
proxy_pass http://wekan:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}

1
nginx/ssl/.gitkeep Normal file
View file

@ -0,0 +1 @@
PLACE YOUR SSL Certificates in this folder