Merge pull request #4184 from cdrini/fix/covers-nginx-tls

Add SSL certs to covers_nginx

docker-compose.production.yml

@@ -36,16 +36,22 @@ services:
     volumes:
       - ./docker/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./docker/covers_nginx.conf:/etc/nginx/sites-enabled/covers_nginx.conf:ro
+      # Needed for HTTPS, since this is a public server
+      - ../olsystem/etc/nginx/default-docker.conf:/etc/nginx/sites-enabled/default:ro
       # Needs access to openlibrary for static files
       - .:/openlibrary
       - ../olsystem:/olsystem
       - /1/var/lib/openlibrary/sitemaps/sitemaps:/sitemaps
     ports:
-      - 8081:8081
+      - 80:80
+      - 443:443
     networks:
       - webnet
     secrets:
       - petabox_seed
+      # Needed by default-docker.conf
+      - ssl_certificate
+      - ssl_certificate_key
 
   infobase:
     restart: always
@@ -75,5 +81,11 @@ services:
       - petabox_seed
 
 secrets:
-   petabox_seed:
-     file: /opt/.petabox/seed
+    petabox_seed:
+      file: /opt/.petabox/seed
+
+    # SSL-related secrets
+    ssl_certificate:
+      file: /opt/.petabox/openlibrary.org.combined.crt
+    ssl_certificate_key:
+      file: /opt/.petabox/openlibrary.org.nopassword.key

docker/covers_nginx.conf

@@ -1,5 +1,6 @@
 server {
-      listen 8081;
+      listen 80;
+      listen 443;
       server_name  covers.openlibrary.org;
 
       include /run/secrets/petabox_seed;