adjust to new frontend setup

Dockerfile

@@ -1,6 +1,15 @@
-FROM jonasal/nginx-certbot
+FROM jonasal/nginx-certbot:latest-alpine
-COPY entrypoint.sh site.conf /
+
+RUN apk add --no-cache moreutils
+
+COPY entrypoint.sh /
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY 413.html /var/www
+COPY sites/* /etc/nginx/conf.d/
+
+ENV API_FASTCGI=api:9000
+ENV FRONTEND=frontend
+ENV SYNC=sync
+ENV MAPS=maps
 
 CMD ["/bin/bash", "/entrypoint.sh"]

README.md

@@ -6,8 +6,11 @@ SSL reverse proxy for demos.tf
 
 start the container with the following env variables
 
-- `TARGET`: the hostname of the target container
 - `EMAIL`: the email to use for certbot
 - `HOST`: the base host to get the certificates for
+- `API_FASTCGI`: fastcgi host that the api runs on, defaults to 'api:9000'
+- `FRONTEND`: host the frontend server runs on, defaults to 'frontend'
+- `SYNC`: host the sync server runs on, defaults to 'sync'
+- `MAPS`: host the maps server runs on, defaults to 'maps'
 
-Note that `$HOST`, `api.$HOST` and `static.$HOST` need to point to this container 
+Note that `$HOST`, `api.$HOST`, `sync.$HOST`, `maps.$HOST` and `static.$HOST` need to point to this container 

entrypoint.sh

@@ -1,9 +1,8 @@
 #!/usr/bin/env bash
 
-sed -e "s/\${SOURCE}/$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/$HOST.conf
+for f in /etc/nginx/conf.d/*.conf
-sed -e "s/\${SOURCE}/api.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/api.$HOST.conf
+do
-sed -e "s/\${SOURCE}/static.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/static.$HOST.conf
+     envsubst '${HOST},${API_FASTCGI},${FRONTEND},${SYNC},${MAPS}' < "$f" | sponge "$f"
-sed -e "s/\${SOURCE}/sync.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/sync.$HOST.conf
+done
-sed -e "s/\${SOURCE}/maps.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/maps.$HOST.conf
 
 /scripts/start_nginx_certbot.sh

site.conf

@@ -1,25 +0,0 @@
-server {
-    listen              443 ssl;
-    server_name         ${SOURCE};
-    ssl_certificate     /etc/letsencrypt/live/${SOURCE}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${SOURCE}/privkey.pem;
-
-    root /var/www;
-
-    error_page 413 /413.html;
-
-    location / {
-        proxy_pass http://${TARGET};
-        proxy_set_header Host $host;
-        proxy_connect_timeout 6000;
-        proxy_send_timeout 12000;
-        proxy_read_timeout 12000;
-        send_timeout 12000;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        client_max_body_size 150M;
-        add_header Permissions-Policy interest-cohort=();
-    }
-}

sites/api.conf

@@ -0,0 +1,36 @@
+server {
+    listen              443 ssl;
+    server_name         api.${HOST};
+    ssl_certificate     /etc/letsencrypt/live/demostffullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
+
+	root /usr/share/nginx/html;
+
+    error_page 413 /413.html;
+
+    client_max_body_size 200m;
+
+	index index.php;
+
+	try_files $uri /index.php?$query_string /index.php;
+
+	set_real_ip_from  10.0.0.0/8;
+	set_real_ip_from  172.16.0.0/12;
+	set_real_ip_from  192.168.0.0/16;
+	real_ip_header    X-Forwarded-For;
+
+	location ~ ^(.+?\.php)(/.*)?$ {
+		fastcgi_param  PATH_INFO $2;
+		fastcgi_pass   ${API_FASTCGI};
+		fastcgi_index  index.php;
+		fastcgi_param  SCRIPT_FILENAME /app/src/public/index.php;
+		include        fastcgi_params;
+	}
+
+    location /upload {
+        fastcgi_pass   ${API_FASTCGI};
+        fastcgi_index  index.php;
+        include        fastcgi_params;
+        fastcgi_param  SCRIPT_FILENAME /app/src/public/upload.php;
+    }
+}

sites/frontend.conf

@@ -0,0 +1,39 @@
+server {
+    listen              443 ssl;
+    server_name         ${HOST};
+    ssl_certificate     /etc/letsencrypt/live/demostf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
+
+    root /var/www;
+
+    error_page 413 /413.html;
+
+    client_max_body_size 150m;
+
+    location / {
+        proxy_pass http://${FRONTEND};
+        proxy_set_header Host ${HOST};
+        proxy_connect_timeout 6000;
+        proxy_send_timeout 12000;
+        proxy_read_timeout 12000;
+        send_timeout 12000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 150M;
+        add_header Permissions-Policy interest-cohort=();
+    }
+
+    if ($request_method = POST ) {
+    	rewrite /upload /do_upload last;
+    	break;
+    }
+
+    location /do_upload {
+        fastcgi_pass   ${API_FASTCGI};
+        fastcgi_index  index.php;
+        include        fastcgi_params;
+        fastcgi_param  SCRIPT_FILENAME /app/src/public/upload.php;
+    }
+}

sites/maps.conf

@@ -0,0 +1,15 @@
+server {
+	listen 443 ssl;
+	server_name maps.${HOST};
+    ssl_certificate     /etc/letsencrypt/live/demostffullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
+
+	add_header 'Access-Control-Allow-Origin' '*';
+
+	location / {
+		proxy_pass http://${MAPS};
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}

sites/static.conf

@@ -0,0 +1,10 @@
+server {
+	listen 443 ssl;
+	server_name static.${HOST};
+    ssl_certificate     /etc/letsencrypt/live/demostffullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
+
+	add_header 'Access-Control-Allow-Origin' '*';
+
+	root /demos;
+}

sites/sync.conf

@@ -0,0 +1,15 @@
+server {
+	listen 443 ssl;
+	server_name sync.${HOST};
+    ssl_certificate     /etc/letsencrypt/live/demostffullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
+
+	add_header 'Access-Control-Allow-Origin' '*';
+
+	location / {
+		proxy_pass http://${SYNC};
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+}