Revert "Added certbot for SSL certificate support"

This reverts commit 9fe0a8b.
DNA-BarKeeper · Apr 18, 2023 · fb49faf · fb49faf
1 parent fc5cd24
commit fb49faf
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 63 deletions.
diff --git a/.env-example b/.env-example
@@ -8,7 +8,6 @@ PROJECT_DOMAIN=example.org
 
 # Only change the port if your project has a specific need for this
 PORT=80
-SSL_PORT=443
 
 
 ## Rails configuration

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -58,26 +58,14 @@ services:
         PROJECT_DOMAIN: ${PROJECT_DOMAIN}
         PORT: ${PORT}
         PUMA_PORT: ${PUMA_PORT}
-        SSL_PORT: ${SSL_PORT}
-        RAILS_ENV: ${RAILS_ENV}
     depends_on:
       - app
     env_file:
       - .env
     ports:
       - ${PORT}:${PORT}
-      - ${SSL_PORT}:${SSL_PORT}
-    volumes:
-      - ./certbot/www:/var/www/certbot/:ro
-      - ./certbot/conf/:/etc/nginx/ssl/:ro
     restart: always
 
-  certbot:
-    image: certbot/certbot:latest
-    volumes:
-      - ./certbot/www/:/var/www/certbot/:rw
-      - ./certbot/conf/:/etc/letsencrypt/:rw
-
   mail:
     image: boky/postfix:latest
     environment:

diff --git a/nginx.conf b/nginx.conf
@@ -3,56 +3,47 @@ upstream rails_app {
 }
 
 server {
-    server_name $PROJECT_DOMAIN;
+   server_name $PROJECT_DOMAIN;
 
-    include /etc/nginx/conf.d/ssl*;
+   root   $RAILS_ROOT/public;
+   index  index.html;
 
-    root   $RAILS_ROOT/public;
-    index  index.html;
+   client_max_body_size 1G;
 
-    client_max_body_size 1G;
+   access_log $RAILS_ROOT/log/nginx.access.log;
+   error_log $RAILS_ROOT/log/nginx.error.log;
 
-    access_log $RAILS_ROOT/log/nginx.access.log;
-    error_log $RAILS_ROOT/log/nginx.error.log;
-
-    # serve static (compiled) assets directly if they exist (for rails production)
-    location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/   {
-        try_files $uri @rails;
-        access_log off;
-        gzip_static on;
-        # to serve pre-gzipped version
-        expires max;
-        add_header Cache-Control public;
+   # deny requests for files that should never be accessed
+   location ~ /\. {
+      deny all;
+   }
+   location ~* ^.+\.(rb|log)$ {
+      deny all;
+   }
 
-        add_header Last-Modified "";
-        add_header ETag "";
-        break;
-    }
+   # serve static (compiled) assets directly if they exist (for rails production)
+   location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/   {
+      try_files $uri @rails;
+      access_log off;
+      gzip_static on;
+      # to serve pre-gzipped version
+      expires max;
+      add_header Cache-Control public;
+
+      add_header Last-Modified "";
+      add_header ETag "";
+      break;
+   }
 
    # send non-static file requests to the app server
    location / {
       try_files $uri @rails;
    }
-
-    location @rails {
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header  X-Real-IP  $remote_addr;
-        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
-        proxy_redirect off;
-        proxy_pass http://rails_app;
-    }
-}
-
-server {
-    listen $PORT;
-    server_name $PROJECT_DOMAIN;
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
+   location @rails {
+      proxy_set_header  X-Real-IP  $remote_addr;
+      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+      proxy_pass http://rails_app;
+   }
 }
diff --git a/web.Dockerfile b/web.Dockerfile
@@ -4,23 +4,16 @@ RUN apt-get update -qq && apt-get -y install apache2-utils
 
 ENV RAILS_ROOT /var/www/barkeeper
 ARG PROJECT_DOMAIN
-ARG PORT
-ARG SSL_PORT
 ARG PUMA_PORT
-ARG RAILS_ENV
 
 WORKDIR $RAILS_ROOT
 
 RUN mkdir log
 
 COPY public public/
 COPY nginx.conf /tmp/docker.nginx
-
-COPY ssl /tmp/docker.ssl
-RUN envsubst '${RAILS_ROOT} ${PROJECT_DOMAIN} ${PUMA_PORT} ${PORT}' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf
-RUN if [ "$RAILS_ENV" = "production" ]; then envsubst '${PROJECT_DOMAIN} ${SSL_PORT}' < /tmp/docker.ssl > /etc/nginx/conf.d/ssl; fi
+RUN envsubst '${RAILS_ROOT} ${PROJECT_DOMAIN} ${PUMA_PORT}' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf
 
 EXPOSE ${PORT}
-EXPOSE ${SSL_PORT}
 
 CMD [ "nginx", "-g", "daemon off;" ]
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,6 @@ PROJECT_DOMAIN=example.org @@
     # Only change the port if your project has a specific need for this
     PORT=80
-    SSL_PORT=443
     ## Rails configuration
@@ Expand Down @@