Commit 6c6be515 authored by Pepijn Boers's avatar Pepijn Boers
Browse files

Checkpoint best setup

parent e75430f8
......@@ -6,6 +6,8 @@ services:
depends_on:
- db
- app
- db-dnt
- app-dnt
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:z
- ./matomo/cert-stuff/ssl:/etc/ssl/private:Z
......@@ -19,6 +21,7 @@ services:
volumes:
- ./data/data:/var/lib/mysql:Z
- ./data/backup:/var/lib/backup:Z
- ./mysqlconf:/etc/mysql/conf.d:z
- ./mysql/setup-db.sql:/docker-entrypoint-initdb.d/setup-db.sql:z
environment:
- MYSQL_ROOT_PASSWORD=admin
......@@ -28,7 +31,7 @@ services:
app:
image: matomo:3.13.6-apache
links:
depends_on:
- db
volumes:
- ./data/app:/var/www/html:z
......@@ -45,6 +48,7 @@ services:
volumes:
- ./data/data_dnt:/var/lib/mysql:Z
- ./data/backup_dnt:/var/lib/backup:Z
- ./mysqlconf:/etc/mysql/conf.d:z
- ./mysql/setup-db.sql:/docker-entrypoint-initdb.d/setup-db.sql:z
environment:
- MYSQL_ROOT_PASSWORD=admin
......@@ -54,12 +58,12 @@ services:
app-dnt:
image: matomo:3.13.6-apache
links:
depends_on:
- db-dnt
volumes:
- ./data/app_dnt:/var/www/html:z
environment:
- MATOMO_DATABASE_HOST=db
- MATOMO_DATABASE_HOST=db-dnt
env_file:
- ./mysql/db.env
ports:
......
# Main context
worker_processes auto;
pid /run/nginx.pid;
error_log logs/error.log;
pid logs/nginx.pid;
events {
# Maximum number of simultaneous connections that can be opened by a worker process.
worker_connections 1000;
}
http {
# Listen to port 80 and redirect to 443 (SSL)
server {
listen 80 default_server;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
......@@ -14,6 +18,7 @@ http {
return 301 https://matomo.science.ru.nl$request_uri;
}
# Listen to port 443 (SSL)
server {
listen 443 ssl;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
......@@ -22,7 +27,9 @@ http {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# Admin page main Matomo server
location / {
# Set proxy headers to compensate for proxy pipe.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
......@@ -33,11 +40,14 @@ http {
proxy_pass http://app;
}
# Redirect /dnt to /dnt/ for consistency
location /dnt {
return 302 https://matomo.science.ru.nl/dnt/;
}
# Admin page of second DNT Matomo server
location /dnt/ {
# Set proxy headers to compensate for proxy pipe.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
......@@ -50,6 +60,7 @@ http {
proxy_pass http://app-dnt;
}
# Javascript snippet requests
location /matomo.php {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......@@ -57,10 +68,12 @@ http {
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# mirror request to /mirror
mirror /mirror;
proxy_pass http://app;
}
# Javascript snippet mirror request location
location = /mirror {
internal;
proxy_set_header X-Real-IP $remote_addr;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment