diff --git a/Makefile b/Makefile index dd1457b..fdf78ff 100644 --- a/Makefile +++ b/Makefile @@ -35,9 +35,15 @@ VOLUMES = v_wp_site \ CONTAINERS = $(IMAGES:%=my%) +SUDO = # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # +# use 'make' to launch and relaunch the project # +# use 'make re' to relaunch and clean the dungling images # +# use 'make fre' to start all over again (images) # +# use 'make super-clean' if you want to delete all dockers on com- # +# puter even if not related to the project # # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # all: build $(VOLUMES_D) up @@ -46,60 +52,53 @@ $(VOLUMES_D): mkdir -p $(VOLUMES_D) build: - sudo docker-compose -f $(COMPOSE) build + $(SUDO) docker-compose -f $(COMPOSE) build up: $(VOLUMES_D) - sudo docker-compose -f $(COMPOSE) up -d + $(SUDO) docker-compose -f $(COMPOSE) up -d # list images, containers, volumes list: @echo $(B_YELLOW)"\nimages:"$(RESET) - @sudo docker images -a + @$(SUDO) docker images -a @echo $(B_YELLOW)"\ncontainers:"$(RESET) - @sudo docker ps -a + @$(SUDO) docker ps -a @echo $(B_YELLOW)"\nvolumes:"$(RESET) - @sudo docker volume ls + @$(SUDO) docker volume ls @echo "" # remove project images rm-images: - sudo docker image rm -f $(IMAGES) + $(SUDO) docker image rm -f $(IMAGES) # stop project containers stop: - - sudo docker stop $(CONTAINERS) + - $(SUDO) docker stop $(CONTAINERS) -# remove project containers -rm-containers: stop - - sudo docker rm $(CONTAINERS) - -# close nginx -close-nginx: - - sudo nginx -s quit +# remove all stopped containers and dangling images (dangling images, see : https://projectatomic.io/blog/2015/07/what-are-docker-none-none-images/) +prune: + $(SUDO) docker system prune -f # remove project images and containers -clean: stop rm-containers close-nginx +clean: stop prune # remove project volumes rm-volumes: - - sudo docker volume rm -f $(VOLUMES) + - $(SUDO) docker volume rm -f $(VOLUMES) /bin/rm -rf $(VOLUMES_D) # remove project fclean: rm-images clean rm-volumes -# remove all containers and related files that are not runnings -prune: - sudo docker system prune -af --volumes +# remove all dockers, even not related to the project +super-clean: + - $(SUDO) docker stop $(sudo docker ps -q) + $(SUDO) docker system prune -af --volumes /bin/rm -rf $(VOLUMES_D) -# remove all containers and related files -fprune: - sudo docker stop $(sudo docker ps -q) - sudo docker system prune -af --volumes - /bin/rm -rf $(VOLUMES_D) +re: clean all -re: fclean all +fre: fclean all -.PHONY : all build up $(VOLUMES_D) list rm-images stop rm-containers close-nginx clean rm-volumes fclean prune fprune re +.PHONY : all build up $(VOLUMES_D) list rm-images stop rm-containers close-nginx prune clean rm-volumes fclean super-clean re fre diff --git a/README.md b/README.md index 90d6404..8bd9f01 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,8 @@ - [download alpine linux](https://alpinelinux.org/downloads/) - [dockerhub alpine image](https://hub.docker.com/_/alpine) - [run without sudo on linux](https://docs.docker.com/engine/install/linux-postinstall/) +- [run docker deamon rootless](https://docs.docker.com/engine/security/rootless/) +- [dangling images ''](https://projectatomic.io/blog/2015/07/what-are-docker-none-none-images/) #### docker : - [docker starter guide](https://docs.docker.com/get-started/) diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index 31af7c5..add7715 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -9,7 +9,7 @@ version: "3.8" services: -#--------------------------------- +# --------------------------------- test: build: @@ -18,16 +18,18 @@ services: image: test container_name: mytest -#--------------------------------- +# --------------------------------- nginx: +# restart: on-failure ports: - "80:80" + - "443:443" build: context: ./requirements/nginx dockerfile: Dockerfile image: nginx container_name: mynginx -#--------------------------------- +# --------------------------------- diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile index 2072c53..0b9e432 100644 --- a/srcs/requirements/nginx/Dockerfile +++ b/srcs/requirements/nginx/Dockerfile @@ -4,7 +4,7 @@ RUN apt update && apt install -y nginx openssl # create ssl certificate RUN openssl req -newkey rsa:2048 -nodes -x509 \ - -keyout /etc/nginx/cert/hulamy.42.fr.key -out /etc/nginx/cert/hulamy.42.fr.crt \ + -keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \ -subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr" # import sites conf files @@ -49,4 +49,4 @@ CMD [ "nginx", "-g", "daemon off;" ] # - `nodes` create a private key without encryption (no passphrase needed) # # SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl - +# diff --git a/srcs/requirements/nginx/conf/inception_nginx.conf b/srcs/requirements/nginx/conf/inception_nginx.conf index 1047b3f..5395f57 100644 --- a/srcs/requirements/nginx/conf/inception_nginx.conf +++ b/srcs/requirements/nginx/conf/inception_nginx.conf @@ -6,19 +6,19 @@ server { location /images/ { root /data; } } -server { - listen 443 ssl; # for ipv4, on port 443, specifying that accepted connections should works in ssl mode - listen [::]:443 ssl; # for ipv6 - server_name hulamy.42.fr; - ssl_certificate /etc/nginx/cert/hulamy.42.fr.crt # specifies the file with the ssl certificate (self signed here) generated by openssl - ssl_certificate-key /etc/nginx/cert/hulamy.42.fr.key # specifies the file with the secret key of the certificate - - root /var/www/html; # contains default nginx index.nginx-debian.html - index index.html index.htm index.nginx-debian.html index.php; # defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html) - - location / { - try_files $uri $uri/ =404; # from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404 - # test - root /data/www; - } -} +#server { +# listen 443 ssl; # for ipv4, on port 443, specifying that accepted connections should works in ssl mode +# listen [::]:443 ssl; # for ipv6 +# server_name hulamy.42.fr; +# ssl_certificate /etc/ssl/certs/hulamy.42.fr.crt # specifies the file with the ssl certificate (self signed here) generated by openssl +# ssl_certificate_key /etc/ssl/private/hulamy.42.fr.key # specifies the file with the secret key of the certificate +# +# root /var/www/html; # contains default nginx index.nginx-debian.html +# index index.html index.htm index.nginx-debian.html index.php; # defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html) +# +# location / { +# try_files $uri $uri/ =404; # from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404 +# # test +# root /data/www; +# } +#} diff --git a/srcs/requirements/nginx/conf/nginx.conf b/srcs/requirements/nginx/conf/nginx.conf index 67efc4f..03eb7ed 100644 --- a/srcs/requirements/nginx/conf/nginx.conf +++ b/srcs/requirements/nginx/conf/nginx.conf @@ -32,7 +32,7 @@ http { # section for http server directives # SSL Settings ## - ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE # enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used + ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE # enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used ssl_prefer_server_ciphers on; # Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols (a cipher is "an algorithm for performing encryption or decryption, a series of [...] steps that can be followed as a procedure" https://en.wikipedia.org/wiki/Cipher_suite) ##