Use template mechanism of nginx image
diff --git a/nginx/Dockerfile.entrypoint b/nginx/Dockerfile.entrypoint
index 34e10f1..2af13cb 100644
--- a/nginx/Dockerfile.entrypoint
+++ b/nginx/Dockerfile.entrypoint
@@ -14,11 +14,7 @@
cp /etc/ssl/certs/sa-selfsigned.crt ${live}/${domain}/cert.pem
fi
- for f in /etc/nginx/conf.d/sa.conf; do
- sed "s/miau.local/${domain}/" ${f}.template >${f}
- done
+ chmod -R go-w /etc/nginx/certs/live/
}
-chmod -R a-w /etc/nginx/certs/ /etc/nginx/conf.d/sa.conf
-
exec /docker-entrypoint.sh "$@"
diff --git a/nginx/id.sa.conf b/nginx/id.sa.conf
index 9dbac41..b64cc7d 100644
--- a/nginx/id.sa.conf
+++ b/nginx/id.sa.conf
@@ -2,7 +2,7 @@
listen 443 ssl;
listen [::]:443 ssl;
- server_name id.miau.local;
+ server_name id.${SA_PUBLIC_DOMAIN_NAME};
location /auth/ { # Gerrit adds this prefix for Keycloak...
rewrite ^/auth(.*)$ $1 last;
diff --git a/nginx/review.sa.conf b/nginx/review.sa.conf
index b5c826d..f25213c 100644
--- a/nginx/review.sa.conf
+++ b/nginx/review.sa.conf
@@ -4,7 +4,7 @@
listen 443 ssl;
listen [::]:443 ssl;
- server_name review.miau.local;
+ server_name review.${SA_PUBLIC_DOMAIN_NAME};
location / {
proxy_pass http://gerrit:8080;
diff --git a/nginx/sa.conf b/nginx/sa.conf
index f0cb923..56262ae 100644
--- a/nginx/sa.conf
+++ b/nginx/sa.conf
@@ -14,8 +14,8 @@
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
- ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
- ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
+ ssl_certificate /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/fullchain.pem;
+ ssl_certificate_key /etc/nginx/certs/live/${SA_PUBLIC_DOMAIN_NAME}/privkey.pem;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/nginx/dhparam.pem;