Add LetsEncrypt certificats

.github/workflows/deploy-int.yml

@@ -68,7 +68,7 @@ jobs:
             docker system prune -af &&
             ([[ $(docker volume ls -q | awk '!/_/' | wc -l) -eq 0 ]] || docker volume rm $(docker volume ls -q | awk '!/_/' | tr '\n' ' ')) &&
             make .env &&
-            POSTGRES_PASSWORD=$POSTGRES_PASSWORD docker compose -f compose.yml -f compose.int.yml start database && 
+            POSTGRES_PASSWORD=$POSTGRES_PASSWORD docker compose -f compose.yml -f compose.int.yml up -d database && 
             docker compose -f compose.yml -f compose.int.yml down &&
             git fetch --all && git reset --hard  && git checkout ${{ env.back_branch }} &&
             [ -d front/gally-admin ] || git clone https://github.com/Elastic-Suite/gally-admin.git front/gally-admin &&
@@ -78,6 +78,5 @@ jobs:
             docker compose run --rm php composer config repositories.gally-premium composer $PACKAGIST_URL &&
             docker compose run --rm -e COMPOSER_AUTH='$COMPOSER_AUTH' php composer require \"gally/gally-standard:${{ env.composer_version }} as ${{ inputs.last_published_version }}\" &&
             docker compose run --rm -e COMPOSER_AUTH='$COMPOSER_AUTH' php composer require \"gally/gally-premium:${{ env.composer_version }}\" &&
-            [ -z ${MEDIA_URL} ] || echo -e \"gally:\n  base_url:\n    media: '$MEDIA_URL'\" > api/config/packages/gally_configuration.yaml &&
-            SERVER_NAME=$HOSTNAME API_ROUTE_PREFIX=api APP_SECRET=$APP_SECRET POSTGRES_PASSWORD=$POSTGRES_PASSWORD COMPOSER_AUTH='$COMPOSER_AUTH' docker compose -f compose.yml -f compose.int.yml up -d --build
+            GALLY_CATALOG_MEDIA_URL=${MEDIA_URL} SERVER_NAME=$HOSTNAME API_ROUTE_PREFIX=api APP_SECRET=$APP_SECRET POSTGRES_PASSWORD=$POSTGRES_PASSWORD COMPOSER_AUTH='$COMPOSER_AUTH' docker compose -f compose.yml -f compose.int.yml up -d --build
           "

compose.override.yaml

@@ -1,5 +1,9 @@
 # Development environment override
 services:
+
+  certbot: # Disable certbot for local env
+    entrypoint: 'true'
+
   router:
     volumes:
       - ./api/public:/app/public

compose.yml

@@ -3,6 +3,7 @@ services:
     build:
       context: ./docker/proxy
     ports:
+      - "80:80"
       - "443:443"
     volumes:
       - ./docker/certs:/etc/nginx/certs
@@ -12,6 +13,16 @@ services:
       - SERVER_NAME=${SERVER_NAME:-gally.localhost}
       - API_SERVER_NAME=${API_SERVER_NAME:-api.gally.localhost}
       - BACKEND_UPSTREAM=varnish:80
+
+  certbot:
+    image: certbot/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do sleep 48h & wait; certbot renew; done;'"
+    command: certonly --webroot --webroot-path=/var/www/certbot --non-interactive --agree-tos --register-unsafely-without-email --agree-tos --no-eff-email -d ${SERVER_NAME:-gally.localhost},${API_SERVER_NAME:-api.gally.localhost}
+    volumes:
+      - ./docker/certs:/etc/letsencrypt 
+      - ./docker/certs/www:/var/www/certbot 
+    depends_on:
+      - proxy
 
   varnish:
     build:
@@ -84,17 +95,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 20
-
-
-#  certbot:
-#    image: certbot/certbot
-#    entrypoint: "/bin/sh -c 'if [ \"${ENVIRONMENT}\" = \"local\" ]; then sleep infinity; else certbot certonly --webroot --webroot-path=/var/www/certbot -d YOUR_DOMAIN_HERE --non-interactive --agree-tos --register-unsafely-without-email; fi'"
-#    volumes:
-#      - ./docker/certs:/etc/letsencrypt
-#      - ./docker/certbot/www:/var/www/certbot
-#    environment:
-#      - ENVIRONMENT=${ENVIRONMENT:-local}
-#      - CERTBOT_DOMAIN=${DOMAIN:-your-generated-domain}
 
   ###> doctrine/doctrine-bundle ###
   database:

docker/proxy/templates/default.conf.template

@@ -1,3 +1,17 @@
+server {
+    listen 80;
+    server_name ${SERVER_NAME} ${API_SERVER_NAME};
+
+    # Rediriger tout le trafic HTTP vers HTTPS
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
 server {
     listen 443 ssl;
     server_name ${SERVER_NAME} ${API_SERVER_NAME};