From d1f3fa2d2e7a8f578128cf3535d2807f338a04d7 Mon Sep 17 00:00:00 2001
From: Ubuntu
 <fergalm@dss-container-server.n5jouf1k50pujazlxcjell0s5f.fx.internal.cloudapp.net>
Date: Fri, 3 Mar 2017 19:35:21 +0000
Subject: [PATCH] Added letsencrypt

---
 docker-compose.yml                      | 61 ++++++++++++-------------
 nginx/sites-enabled/deepsouthsounds.com | 22 +++++++--
 2 files changed, 45 insertions(+), 38 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 79c1095..4153950 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ data:
     - /var/lib/postgresql
   command: /bin/true
 
-postgres:
+db:
     restart: "always"
     image: postgres:9.4
     volumes_from:
@@ -14,6 +14,7 @@ postgres:
         - "5432:5432"
 
 rabbitmq:
+    restart: "always"
     image: tutum/rabbitmq
     environment:
         - RABBITMQ_PASS=wZ59kFTJZN8YQ
@@ -23,37 +24,24 @@ rabbitmq:
         - "15672:15672"
 
 redis:
+    restart: "always"
     image: redis
 
-api:
-   image: fergalmoran/dss.api
-   volumes:
-     - /files
-   ports:
-     - "8001:8001"
-   env_file:
-       - ./api_env
-   links:
-       - postgres
-       - redis
-#       - icecast
-       - rabbitmq
-   command: ./run_web.sh
-
-icecast:
-    build: ./icecast/
-    volumes:
-        - ./logs:/var/log/icecast2
-        - /etc/localtime:/etc/localtime:ro
-    environment:
-        - ICECAST_SOURCE_PASSWORD=RDzNlgqmj67vk
-        - ICECAST_ADMIN_PASSWORD=CrVuP5evoJZ0
-        - ICECAST_RELAY_PASSWORD=9PmUbI1mLne9o
-    ports:
-        - 8000:8000
+#icecast:
+#    build: ./icecast/
+#    volumes:
+#        - ./logs:/var/log/icecast2
+#        - /etc/localtime:/etc/localtime:ro
+#    environment:
+#        - ICECAST_SOURCE_PASSWORD=RDzNlgqmj67vk
+#        - ICECAST_ADMIN_PASSWORD=CrVuP5evoJZ0
+#        - ICECAST_RELAY_PASSWORD=9PmUbI1mLne9o
+#    ports:
+#        - 8000:8000
 
 api:
-    image: fergalmoran/dss.api
+    restart: "always"
+    image: fergalmoran/dss.api:latest
     volumes:
         - /files
     ports:
@@ -61,33 +49,37 @@ api:
     env_file:
         - ./api_env
     links:
-        - "postgres:postgres"
+        - "db:db"
         - "redis:redis"
-        - "icecast:icecast"
+        # - "icecast:icecast"
         - "rabbitmq:rabbitmq"
     command: ./run_web.sh
 
 celery:
+    restart: "always"
     image: fergalmoran/dss.api
     env_file:
         - ./api_env
     volumes_from:
         - api
     links:
-        - "postgres:postgres"
+        - "db:db"
         - "redis:redis"
         - "rabbitmq:rabbitmq"
     command: ./run_celery.sh
 
 web:
+    restart: "always"
     image: fergalmoran/dss.web
+    volumes:
+        - /app/dist/public/assets
     env_file:
         - ./web_env
     restart: "always"
     links:
         - "redis:redis"
     ports:
-        - "8080:8080"
+        - "8088:8088"
 
 #icecast:
 #    build: ./icecast/
@@ -122,6 +114,9 @@ nginx:
         - "web:web"
  #       - "icecast:icecast"
  #       - "radio:radio"
+    volumes:
+        - /etc/letsencrypt:/etc/letsencrypt
+    restart: "always"
     volumes_from:
         - api
-
+        - web
diff --git a/nginx/sites-enabled/deepsouthsounds.com b/nginx/sites-enabled/deepsouthsounds.com
index 40d6bd6..cf40247 100644
--- a/nginx/sites-enabled/deepsouthsounds.com
+++ b/nginx/sites-enabled/deepsouthsounds.com
@@ -5,8 +5,11 @@ server {
     server_name deepsouthsounds.com ext-test.deepsouthsounds.com www.deepsouthsounds.com;
     root /files/static/;
 
-    ssl_certificate /etc/nginx/ssl/dss.crt;
-    ssl_certificate_key /etc/nginx/ssl/dss.key;
+    ssl_certificate     /etc/letsencrypt/live/deepsouthsounds.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/deepsouthsounds.com/privkey.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 
     if ($ssl_protocol = "") {
        rewrite ^ https://$server_name$request_uri? permanent;
@@ -25,6 +28,12 @@ server {
     location /media {
         alias /files/media;
     }
+    location /assets {
+        alias /app/dist/public/assets;
+    }
+    location /images {
+        alias /app/dist/public/assets/images;
+    }
     location / {
         if ($request_filename ~* ^.*?/([^/]*?)$) {
             set $filename $1; 
@@ -32,7 +41,7 @@ server {
         if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
             add_header Access-Control-Allow-Origin *;
         }
-        proxy_pass http://web:8080;
+        proxy_pass http://web:8088;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $host;
@@ -47,8 +56,11 @@ server {
     server_name api.deepsouthsounds.com api-test.deepsouthsounds.com;
     client_max_body_size 0;
     
-    ssl_certificate /etc/nginx/ssl/api.crt;
-    ssl_certificate_key /etc/nginx/ssl/api.key;
+    ssl_certificate     /etc/letsencrypt/live/api.deepsouthsounds.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.deepsouthsounds.com/privkey.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 
     if ($ssl_protocol = "") {
        rewrite ^ https://$server_name$request_uri? permanent;