Nginx: added OpenSSL for local development (#1527)

* feature(nginx): add OpenSSL

docker-compose.yml

@@ -201,6 +201,7 @@ services:
         - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
         - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
         - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
+        - ${NGINX_SSL_PATH}:/etc/nginx/ssl
       ports:
         - "${NGINX_HOST_HTTP_PORT}:80"
         - "${NGINX_HOST_HTTPS_PORT}:443"

env-example

@@ -176,6 +176,7 @@ NGINX_HOST_LOG_PATH=./logs/nginx/
 NGINX_SITES_PATH=./nginx/sites/
 NGINX_PHP_UPSTREAM_CONTAINER=php-fpm
 NGINX_PHP_UPSTREAM_PORT=9000
+NGINX_SSL_PATH=./nginx/ssl/
 
 ### APACHE ################################################
 

nginx/Dockerfile

@@ -14,6 +14,7 @@ RUN if [ ${CHANGE_SOURCE} = true ]; then \
 
 RUN apk update \
     && apk upgrade \
+    && apk add --no-cache openssl \
     && apk add --no-cache bash \
     && adduser -D -H -u 1000 -s /bin/bash www-data
 
@@ -24,6 +25,7 @@ ARG PHP_UPSTREAM_PORT=9000
 RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf \
     && rm /etc/nginx/conf.d/default.conf
 
-CMD ["nginx"]
+ADD ./startup.sh /opt/startup.sh
+CMD ["/bin/bash", "/opt/startup.sh"]
 
 EXPOSE 80 443

nginx/sites/app.conf.example

@@ -3,6 +3,12 @@ server {
     listen 80;
     listen [::]:80;
 
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
     server_name app.test;
     root /var/www/app;
     index index.php index.html index.htm;

nginx/sites/default.conf

@@ -3,6 +3,12 @@ server {
     listen 80 default_server;
     listen [::]:80 default_server ipv6only=on;
 
+    # For https
+    # listen 443 ssl default_server;
+    # listen [::]:443 ssl default_server ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
     server_name localhost;
     root /var/www/public;
     index index.php index.html index.htm;

nginx/sites/laravel.conf.example

@@ -3,6 +3,12 @@ server {
     listen 80;
     listen [::]:80;
 
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
     server_name laravel.test;
     root /var/www/laravel/public;
     index index.php index.html index.htm;

nginx/sites/symfony.conf.example

@@ -3,6 +3,12 @@ server {
     listen 80;
     listen [::]:80;
 
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
     server_name symfony.test;
     root /var/www/projects/symfony/web;
     index index.php index.html index.htm;

nginx/startup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ ! -f /etc/nginx/ssl/default.crt ]; then
+    openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
+    openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
+    openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt"
+fi
+
+nginx