Loading docker-compose.dev-override.yml +3 −0 Original line number Diff line number Diff line Loading @@ -19,3 +19,6 @@ services: ports: - 5002:6379 # gateway: # ports: # - "8443:443" docker-compose.yml +10 −0 Original line number Diff line number Diff line Loading @@ -102,6 +102,16 @@ services: networks: - backend gateway: container_name: pwndoc-system-gateway build: ./nginx depends_on: - import-automator - pwndoc-frontend ports: - "8443:443" networks: - backend volumes: mongo-data: Loading nginx/Dockerfile 0 → 100644 +13 −0 Original line number Diff line number Diff line FROM nginx:1.17-alpine # The following commands might fail, when docker is ran inside another docker, or in VM. # https://github.com/gliderlabs/docker-alpine/issues/307 RUN apk update RUN apk add openssl RUN openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/key.pem -out /etc/ssl/private/cert.pem -days 3650 -passout pass:xxxx -subj '/CN=localhost' RUN rm /etc/nginx/conf.d/default.conf COPY nginx.conf /etc/nginx/conf.d/main-proxy.conf COPY keys.pass /etc/ssl/private/keys.pass nginx/keys.pass 0 → 100644 +1 −0 Original line number Diff line number Diff line xxxx nginx/nginx.conf 0 → 100644 +57 −0 Original line number Diff line number Diff line upstream pwndoc { server pwndoc-frontend:8443; } upstream importer { server import-automator:5000; } server { listen 80; # Beware that PwnDoc sends cookies with Secure attr. # They will be passed along, but most likely ignored by client (unless the response is wrapped in HTTPS - see 443 ssl below). location / { proxy_pass https://pwndoc; # Don't validate PwnDocs HTTPS certificate proxy_ssl_verify off; # Support for websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /custom_importer { proxy_pass http://importer; } } server { listen 443 ssl; # Note: this can be changed server_name pwndocimporter.example.com; ssl_certificate /etc/ssl/private/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; ssl_password_file /etc/ssl/private/keys.pass; location / { proxy_pass http://127.0.0.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_redirect off; } } Loading
docker-compose.dev-override.yml +3 −0 Original line number Diff line number Diff line Loading @@ -19,3 +19,6 @@ services: ports: - 5002:6379 # gateway: # ports: # - "8443:443"
docker-compose.yml +10 −0 Original line number Diff line number Diff line Loading @@ -102,6 +102,16 @@ services: networks: - backend gateway: container_name: pwndoc-system-gateway build: ./nginx depends_on: - import-automator - pwndoc-frontend ports: - "8443:443" networks: - backend volumes: mongo-data: Loading
nginx/Dockerfile 0 → 100644 +13 −0 Original line number Diff line number Diff line FROM nginx:1.17-alpine # The following commands might fail, when docker is ran inside another docker, or in VM. # https://github.com/gliderlabs/docker-alpine/issues/307 RUN apk update RUN apk add openssl RUN openssl req -x509 -newkey rsa:4096 -keyout /etc/ssl/private/key.pem -out /etc/ssl/private/cert.pem -days 3650 -passout pass:xxxx -subj '/CN=localhost' RUN rm /etc/nginx/conf.d/default.conf COPY nginx.conf /etc/nginx/conf.d/main-proxy.conf COPY keys.pass /etc/ssl/private/keys.pass
nginx/nginx.conf 0 → 100644 +57 −0 Original line number Diff line number Diff line upstream pwndoc { server pwndoc-frontend:8443; } upstream importer { server import-automator:5000; } server { listen 80; # Beware that PwnDoc sends cookies with Secure attr. # They will be passed along, but most likely ignored by client (unless the response is wrapped in HTTPS - see 443 ssl below). location / { proxy_pass https://pwndoc; # Don't validate PwnDocs HTTPS certificate proxy_ssl_verify off; # Support for websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /custom_importer { proxy_pass http://importer; } } server { listen 443 ssl; # Note: this can be changed server_name pwndocimporter.example.com; ssl_certificate /etc/ssl/private/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem; ssl_password_file /etc/ssl/private/keys.pass; location / { proxy_pass http://127.0.0.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_redirect off; } }
