dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2026-06-28 01:58:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

further secure containers

Browse Source
This commit is contained in:
Matthew Tran
2025-02-19 22:17:31 -08:00
parent 36c4019c01
commit e7b4e8aa46
15 changed files with 129 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files
website/Dockerfile
+6 -5
View File
@@ -8,11 +8,12 @@ RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y nginx certbot python3-pip
RUN pip3 install sendgrid --break-system-packages
USER ubuntu
WORKDIR /home/ubuntu
RUN groupadd -g 2000 me && useradd -u 2000 -g 2000 -m me
USER me
WORKDIR /home/me
RUN mkdir nginx certbot
# TODO make the website code not terrible ;-;
COPY --chown=ubuntu:ubuntu html ./html
COPY --chown=ubuntu:ubuntu sendgrid.ke[y] ip_update.py ./
COPY --chown=ubuntu:ubuntu server.conf entry.sh ./
COPY --chown=me:me html ./html
COPY --chown=me:me sendgrid.ke[y] ip_update.py ./
COPY --chown=me:me server.conf entry.sh ./
website/server.conf
+9 -9
View File
@@ -1,6 +1,6 @@
# adapted from /etc/nginx/nginx.conf
worker_processes auto;
pid /home/ubuntu/nginx/site.pid;
pid /home/me/nginx/site.pid;
error_log /dev/stderr;
events {
@@ -15,18 +15,18 @@ http {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_certificate /home/ubuntu/certbot/live/matthewtran.com/fullchain.pem;
ssl_certificate_key /home/ubuntu/certbot/live/matthewtran.com/privkey.pem;
ssl_certificate /home/me/certbot/live/matthewtran.com/fullchain.pem;
ssl_certificate_key /home/me/certbot/live/matthewtran.com/privkey.pem;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
client_body_temp_path /home/ubuntu/nginx/body;
proxy_temp_path /home/ubuntu/nginx/proxy;
fastcgi_temp_path /home/ubuntu/nginx/fastcgi;
uwsgi_temp_path /home/ubuntu/nginx/uwsgi;
scgi_temp_path /home/ubuntu/nginx/scgi;
client_body_temp_path /home/me/nginx/body;
proxy_temp_path /home/me/nginx/proxy;
fastcgi_temp_path /home/me/nginx/fastcgi;
uwsgi_temp_path /home/me/nginx/uwsgi;
scgi_temp_path /home/me/nginx/scgi;
# SSL redirect
server {
@@ -50,7 +50,7 @@ http {
listen [::]:8443 ssl;
server_name matthewtran.com www.matthewtran.com;
root /home/ubuntu/html;
root /home/me/html;
index index.html;
location / {
try_files $uri $uri/ =404;