soroushdes/hamkadr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx vhost: target mirror-nginx container, cert under mounted soroushasadi dir
CI/CD / CI · dotnet build (push) Successful in 3m24s
Details
CI/CD / Deploy · hamkadr (push) Successful in 8s
Details

Browse Source 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-04 05:32:05 +03:30
parent d05b329c7a
commit d828ea9f35
1 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/nginx-hamkadr.ir.conf
+18 -11
View File
@@ -1,13 +1,20 @@
# ============================================================================
# hamkadr.ir — paste these two server{} blocks INTO the http { } block of your
# central nginx.conf (the one with nexus/mirror/gitea/meezi), then:
# nginx -t && nginx -s reload (or: docker exec <nginx> nginx -s reload)
# hamkadr.ir — for the central "mirror-nginx" container (image nginx:alpine).
#
# Prereqs (match your existing pattern):
# • TLS cert placed at /etc/ssl/hamkadr/fullchain.pem + privateKey.pem (manual, like your others)
# • hamkadr.ir + www.hamkadr.ir A records → 171.22.25.73
# • the app published on the host at :2569 (docker-compose.yml) — nginx reaches it via the host IP,
# exactly like meezi (5080), draletaha (5010), etc. $connection_upgrade map is already defined globally.
# Edit the host file: /root/mirror-server/nginx/nginx.conf
# Paste the two server{} blocks below INTO its http { } block (next to meezi), then:
# docker exec mirror-nginx nginx -t && docker exec mirror-nginx nginx -s reload
#
# Cert: mirror-nginx only mounts /etc/ssl/{draletaha,meezi,soroushasadi}. /etc/ssl/hamkadr is
# NOT visible inside the container, so place the hamkadr.ir cert under an already-mounted dir:
# mkdir -p /etc/ssl/soroushasadi/hamkadr
# cp fullchain.pem /etc/ssl/soroushasadi/hamkadr/fullchain.pem
# cp privateKey.pem /etc/ssl/soroushasadi/hamkadr/privateKey.pem
# (Cleaner alternative: add a bind mount /etc/ssl/hamkadr:/etc/ssl/hamkadr to the mirror-server
# compose and recreate mirror-nginx — but that briefly drops all sites; the subdir avoids that.)
#
# Prereqs: hamkadr.ir + www A → 171.22.25.73 ; app published on host :2569 (docker-compose.yml).
# $connection_upgrade map is already defined globally in this nginx.conf.
# ============================================================================
server {
@@ -22,8 +29,8 @@ server {
server_name hamkadr.ir www.hamkadr.ir;
client_max_body_size 25m;
ssl_certificate /etc/ssl/hamkadr/fullchain.pem;
ssl_certificate_key /etc/ssl/hamkadr/privateKey.pem;
ssl_certificate /etc/ssl/soroushasadi/hamkadr/fullchain.pem;
ssl_certificate_key /etc/ssl/soroushasadi/hamkadr/privateKey.pem;
location / {
proxy_pass http://171.22.25.73:2569;
@@ -31,7 +38,7 @@ server {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # app's ForwardedHeaders reads this → knows it's HTTPS
proxy_set_header X-Forwarded-Proto $scheme; # app's ForwardedHeaders reads this → HTTPS-aware
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}