lot of small changes in makefile and conf files, but ssl doesnt work so far

Makefile

@@ -35,9 +35,15 @@ VOLUMES		=	v_wp_site \
 
 CONTAINERS	=	$(IMAGES:%=my%)
 
+SUDO		=
 
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
+# use 'make'             to launch and relaunch the project           #
+# use 'make re'          to relaunch and clean the dungling images    #
+# use 'make fre'         to start all over again (images)             #
+# use 'make super-clean' if you want to delete all dockers on com-    #
+#                        puter even if not related to the project     #
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
 
 all: build $(VOLUMES_D) up
@@ -46,60 +52,53 @@ $(VOLUMES_D):
 	mkdir -p $(VOLUMES_D)
 
 build:
-	sudo docker-compose -f $(COMPOSE) build
+	$(SUDO) docker-compose -f $(COMPOSE) build
 
 up: $(VOLUMES_D)
-	sudo docker-compose -f $(COMPOSE) up -d
+	$(SUDO) docker-compose -f $(COMPOSE) up -d
 
 # list images, containers, volumes
 list:
 	@echo $(B_YELLOW)"\nimages:"$(RESET)
-	@sudo docker images -a
+	@$(SUDO) docker images -a
 	@echo $(B_YELLOW)"\ncontainers:"$(RESET)
-	@sudo docker ps -a
+	@$(SUDO) docker ps -a
 	@echo $(B_YELLOW)"\nvolumes:"$(RESET)
-	@sudo docker volume ls
+	@$(SUDO) docker volume ls
 	@echo ""
 
 # remove project images
 rm-images:
-	sudo docker image rm -f $(IMAGES)
+	$(SUDO) docker image rm -f $(IMAGES)
 
 # stop project containers
 stop:
-	- sudo docker stop $(CONTAINERS)
+	- $(SUDO) docker stop $(CONTAINERS)
 
-# remove project containers
-rm-containers: stop
-	- sudo docker rm $(CONTAINERS)
-
-# close nginx
-close-nginx:
-	- sudo nginx -s quit
+# remove all stopped containers and dangling images (dangling images, see : https://projectatomic.io/blog/2015/07/what-are-docker-none-none-images/)
+prune:
+	$(SUDO) docker system prune -f
 
 # remove project images and containers
-clean: stop rm-containers close-nginx
+clean: stop prune
 
 # remove project volumes
 rm-volumes:
-	- sudo docker volume rm -f $(VOLUMES)
+	- $(SUDO) docker volume rm -f $(VOLUMES)
 	/bin/rm -rf $(VOLUMES_D)
 
 # remove project
 fclean: rm-images clean rm-volumes
 
-# remove all containers and related files that are not runnings
-prune:
-	sudo docker system prune -af --volumes
+# remove all dockers, even not related to the project
+super-clean:
+	- $(SUDO) docker stop $(sudo docker ps -q)
+	$(SUDO) docker system prune -af --volumes
 	/bin/rm -rf $(VOLUMES_D)
 
-# remove all containers and related files
-fprune:
-	sudo docker stop $(sudo docker ps -q)
-	sudo docker system prune -af --volumes
-	/bin/rm -rf $(VOLUMES_D)
+re: clean all
 
-re: fclean all
+fre: fclean all
 
-.PHONY : all build up $(VOLUMES_D) list rm-images stop rm-containers close-nginx clean rm-volumes fclean prune fprune re
+.PHONY : all build up $(VOLUMES_D) list rm-images stop rm-containers close-nginx prune clean rm-volumes fclean super-clean re fre
 

README.md

@@ -53,6 +53,8 @@
 - [download alpine linux](https://alpinelinux.org/downloads/)
 - [dockerhub alpine image](https://hub.docker.com/_/alpine)
 - [run without sudo on linux](https://docs.docker.com/engine/install/linux-postinstall/)
+- [run docker deamon rootless](https://docs.docker.com/engine/security/rootless/)
+- [dangling images '<none>'](https://projectatomic.io/blog/2015/07/what-are-docker-none-none-images/)
 
 #### docker :
 - [docker starter guide](https://docs.docker.com/get-started/)

srcs/docker-compose.yml

@@ -9,7 +9,7 @@ version: "3.8"
 
 services:
 
-#---------------------------------
+# ---------------------------------
 
   test:
     build:
@@ -18,16 +18,18 @@ services:
     image: test
     container_name: mytest
 
-#---------------------------------
+# ---------------------------------
 
   nginx:
+#    restart: on-failure
     ports:
       - "80:80"
+      - "443:443"
     build:
       context: ./requirements/nginx
       dockerfile: Dockerfile
     image: nginx
     container_name: mynginx
 
-#---------------------------------
+# ---------------------------------
 

srcs/requirements/nginx/Dockerfile

@@ -4,7 +4,7 @@ RUN apt update && apt install -y nginx openssl
 
 # create ssl certificate
 RUN openssl req -newkey rsa:2048 -nodes -x509 \
-	-keyout /etc/nginx/cert/hulamy.42.fr.key -out /etc/nginx/cert/hulamy.42.fr.crt \
+	-keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \
 	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr"
 
 # import sites conf files
@@ -49,4 +49,4 @@ CMD [ "nginx", "-g", "daemon off;" ]
 #     - `nodes` create a private key without encryption (no passphrase needed)
 #
 # SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
-
+#

srcs/requirements/nginx/conf/inception_nginx.conf

@@ -6,19 +6,19 @@ server {
 	location /images/	{ root /data; }
 }
 
-server {
-	listen				443 ssl;										# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
-	listen				[::]:443 ssl;									# for ipv6
-	server_name			hulamy.42.fr;
-	ssl_certificate		/etc/nginx/cert/hulamy.42.fr.crt				# specifies the file with the ssl certificate (self signed here) generated by openssl
-	ssl_certificate-key	/etc/nginx/cert/hulamy.42.fr.key				# specifies the file with the secret key of the certificate
-
-	root /var/www/html;													# contains default nginx index.nginx-debian.html
-	index index.html index.htm index.nginx-debian.html index.php;		# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
-
-	location / {
-		try_files $uri $uri/ =404;										# from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404
-		# test
-		root /data/www;
-	}
-}
+#server {
+#	listen				443 ssl;										# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
+#	listen				[::]:443 ssl;									# for ipv6
+#	server_name			hulamy.42.fr;
+#	ssl_certificate		/etc/ssl/certs/hulamy.42.fr.crt					# specifies the file with the ssl certificate (self signed here) generated by openssl
+#	ssl_certificate_key	/etc/ssl/private/hulamy.42.fr.key				# specifies the file with the secret key of the certificate
+#
+#	root /var/www/html;													# contains default nginx index.nginx-debian.html
+#	index index.html index.htm index.nginx-debian.html index.php;		# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
+#
+#	location / {
+#		try_files $uri $uri/ =404;										# from /etc/nginx/sites-enabled/default : First attempt to serve request as file, then as directory, then fall back to displaying a 404
+#		# test
+#		root /data/www;
+#	}
+#}

srcs/requirements/nginx/conf/nginx.conf

@@ -32,7 +32,7 @@ http {																		# section for http server directives
 	# SSL Settings
 	##
 
-	ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE					# enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used
+	ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE					# enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used
 	ssl_prefer_server_ciphers on;											# Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols (a cipher is "an algorithm for performing encryption or decryption, a series of [...] steps that can be followed as a procedure" https://en.wikipedia.org/wiki/Cipher_suite)
 
 	##