Ghost | Blogging Platfotm
docker-compose.yml
YAML
version: "3.7"
services:
prod:
image: ghost:alpine
volumes:
- ./content/images:/var/lib/ghost/content/images
- ./content/themes:/var/lib/ghost/content/themes
- ./content/apps:/var/lib/ghost/content/apps
- ./content/data:/var/lib/ghost/content/data
environment:
- url=https://some.urdomain.com
- database__client=mysql
- database__connection__host=mysql8_prod # mysql (container name)
- database__connection__user=mysql-user
- database__connection__password=password
- database__connection__database=mysql-database
- database__pool__min=0
- VIRTUAL_PORT=2368
networks:
- durbok-net
deploy:
placement:
constraints:
- node.role == manager
replicas: 1
restart_policy:
condition: on-failure
networks:
durbok-net:
external: true
nginx *.conf
Nginx Configuration File
server {
listen 80;
listen [::]:80;
server_name blog.urdomain.com;
rewrite ^ https://$http_host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.urdomain.com;
error_log /var/log/nginx/blog.urdomain.com_error.log;
access_log /var/log/nginx/blog.urdomain.com_access.log;
location ^~ {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 256M;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://blog_prod:2368; # container name
proxy_read_timeout 90;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
}
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
add_header Content-Security-Policy upgrade-insecure-requests;
ssl_certificate /etc/nginx/ssl/sslcert.pem;
ssl_certificate_key /etc/nginx/ssl/sslcert.key;
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
#SSL Security
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#XP and IE6 support
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
proxy_set_header X-Forwarded-For $remote_addr;
#Compress and optimize delivery of files
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
}