From 8671a7005847460f7dfe37769e314a112a0792d2 Mon Sep 17 00:00:00 2001
From: Lorin Hochstein <lhochstein@netflix.com>
Date: Sat, 4 Feb 2017 19:19:12 -0800
Subject: [PATCH] Build nginx image

---
 ch13/Makefile         |  5 ++++-
 ch13/ansible.cfg      |  2 ++
 ch13/ghost.yml        |  9 +++++++++
 ch13/inventory        |  0
 ch13/nginx/Dockerfile |  3 ---
 ch13/nginx/ghost.conf | 30 ++++++++++++++++++++++++++++++
 6 files changed, 45 insertions(+), 4 deletions(-)
 create mode 100644 ch13/ansible.cfg
 create mode 100644 ch13/ghost.yml
 create mode 100644 ch13/inventory
 create mode 100644 ch13/nginx/ghost.conf

diff --git a/ch13/Makefile b/ch13/Makefile
index 4c88fe9..b619d9a 100644
--- a/ch13/Makefile
+++ b/ch13/Makefile
@@ -1,4 +1,7 @@
-.PHONY: build start run stop clean
+.PHONY: start
+
+start:
+	ansible-playbook ghost.yml
 
 # Generate self-signed certs for localhost
 ssl: certs/nginx.crt certs/nginx.key
diff --git a/ch13/ansible.cfg b/ch13/ansible.cfg
new file mode 100644
index 0000000..f8fc6cd
--- /dev/null
+++ b/ch13/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+inventory = inventory
diff --git a/ch13/ghost.yml b/ch13/ghost.yml
new file mode 100644
index 0000000..db2ef64
--- /dev/null
+++ b/ch13/ghost.yml
@@ -0,0 +1,9 @@
+---
+- name: Run Ghost locally
+  hosts: localhost
+  gather_facts: False
+  tasks:
+    - name: create Nginx image
+      docker_image:
+        name: ch13-nginx
+        path: nginx
diff --git a/ch13/inventory b/ch13/inventory
new file mode 100644
index 0000000..e69de29
diff --git a/ch13/nginx/Dockerfile b/ch13/nginx/Dockerfile
index 5c03486..cc6ed32 100644
--- a/ch13/nginx/Dockerfile
+++ b/ch13/nginx/Dockerfile
@@ -1,6 +1,3 @@
 FROM nginx
 RUN rm /etc/nginx/conf.d/default.conf
-RUN rm /etc/nginx/conf.d/examplessl.conf
 COPY ghost.conf /etc/nginx/conf.d/ghost.conf
-
-
diff --git a/ch13/nginx/ghost.conf b/ch13/nginx/ghost.conf
new file mode 100644
index 0000000..e3cf4b5
--- /dev/null
+++ b/ch13/nginx/ghost.conf
@@ -0,0 +1,30 @@
+upstream ghost {
+    server ghost:2368;
+}
+
+server {
+
+    listen 80;
+
+    listen 443 ssl;
+
+    client_max_body_size 10M;
+    keepalive_timeout    15;
+
+    ssl_certificate      /certs/nginx.crt;
+    ssl_certificate_key  /certs/nginx.key;
+    ssl_session_cache    shared:SSL:10m;
+    ssl_session_timeout  10m;
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
+    ssl_prefer_server_ciphers on;
+
+    location / {
+        proxy_redirect      off;
+        proxy_set_header    Host                    $host;
+        proxy_set_header    X-Real-IP               $remote_addr;
+        proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Protocol    $scheme;
+        proxy_pass          http://ghost;
+    }
+}
+
-- 
2.44.0