/*
* Wolnościowiec / NGINX gateway
* -----------------------------
*
* A docker container with a well support for letsencrypt,
* supervisor, crontab, maintenance mode and with configured permissions
* A part of an anarchist portal - wolnosciowiec.net
*
* Wolnościowiec is a project to integrate the movement
* of people who strive to build a society based on
* solidarity, freedom, equality with a respect for
* individual and cooperation of each other.
*
* We support human rights, animal rights, feminism,
* anti-capitalism (taking over the production by workers),
* anti-racism, and internationalism. We negate
* the political fight and politicians at all.
*
* http://wolnosciowiec.net/en
*
* License: LGPLv3
*/
Includes:
- Nginx
- Supervisor
- production user with uid=1000 and gid=1000
- dcron
- SSL provision
To override supervisord configuration just add a file:
/etc/supervisor/conf.d/supervisord.conf
Add your replacement file to the /var/www/maintenance-page/index.html to replace the default maintenance page.
/ssl-provision/nginx.conf is the place to upload your custom configuration for the maintenance mode.
By default the nginx is running from a production user and production group, so you may need
to run your things in the crontab as the web user - then add your crontab to the /etc/crontab.d/production
Is a light tool that verifies if all SSL certificates are already generated by checking
if they exists in the filesystem. If any key is missing then a maintenance page is showed
and the webserver is configured to allow reading from .well-known directory which is used
for eg. LetsEncrypt to verify domain.
Benefits:
- Instead of crashing nginx with a missing certificate error it creates a maintenance page friendly for LetsEncrypt
- Allows to split deployment and manage certificates by eg. Ansible on host instead of creating a complicated structure of SSL generation inside of the Docker container