db root localhost only

compose.yaml

@@ -16,6 +16,7 @@ services:
     networks:
       - backnet
     environment:
+      - MARIADB_ROOT_HOST=localhost
       - MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
     expose:
       - 3306
@@ -30,7 +31,7 @@ services:
     #tty: true
     restart: always
     # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
+    command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
     container_name: backend
     environment:
       - MYSQL_USER=flasku
@@ -94,9 +95,9 @@ services:
   proxy:
     build: proxy
     restart: always
-    #volumes:
+    volumes:
-    #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
+      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt:ro
-    #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
+      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt:ro
     ports:
       - 80:80
       - 443:443

compose.yaml.local

@@ -16,6 +16,7 @@ services:
     networks:
       - backnet
     environment:
+      - MARIADB_ROOT_HOST=localhost
       - MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
     expose:
       - 3306

compose.yaml.prod

@@ -16,6 +16,7 @@ services:
     networks:
       - backnet
     environment:
+      - MARIADB_ROOT_HOST=localhost
       - MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
     expose:
       - 3306

proxy/conf

@@ -1,12 +1,52 @@
+#server {
+#    listen       80;
+#    server_name  localhost;
+#    location / {
+#        proxy_pass   http://backend:8000;
+#    }
+
+
+# always redirect to https
 server {
-    listen       80;
+	listen 80 default_server;
-    server_name  localhost;
+	server_name _;
-    location / {
+	return 301 https://$host$request_uri;
-        proxy_pass   http://backend:8000;
-    }
-    location /gutty{
-        proxy_pass   http://gitea:3000;
-    }
-
-
 }
+
+server {
+	listen 443 ssl http2;
+	# use the certificates
+	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
+	server_name oily.dad www.oily.dad;
+	root /var/www/html;
+	index index.php index.html index.htm;
+
+
+	location / {
+		proxy_pass http://backend:8000/;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	# use the certificates
+	ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
+	server_name gut.oily.dad;
+	root /var/www/html;
+	index index.php index.html index.htm;
+
+	location / {
+		client_max_body_size 512M;
+	        #proxy_pass http://localhost:3000;
+	        proxy_set_header Connection $http_connection;
+        	proxy_set_header Upgrade $http_upgrade;
+	        proxy_set_header Host $host;
+	        proxy_set_header X-Real-IP $remote_addr;
+	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	        proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_pass http://gitea:3000/;
+	}
+}
+