demostf/proxy
1
0
Fork 0
mirror of https://github.com/demostf/proxy synced 2026-06-03 12:04:07 +02:00
Code Issues Releases Wiki Activity

adjust to new frontend setup

Browse source
This commit is contained in:
Robin Appelman 2023-11-26 17:08:25 +01:00
commit 0691b92a49
9 changed files with 135 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Dockerfile
View file

@ -1,6 +1,15 @@
FROM jonasal/nginx-certbot
COPY entrypoint.sh site.conf /
FROM jonasal/nginx-certbot:latest-alpine
RUN apk add --no-cache moreutils
COPY entrypoint.sh /
COPY nginx.conf /etc/nginx/nginx.conf
COPY 413.html /var/www
COPY sites/* /etc/nginx/conf.d/
ENV API_FASTCGI=api:9000
ENV FRONTEND=frontend
ENV SYNC=sync
ENV MAPS=maps
CMD ["/bin/bash", "/entrypoint.sh"]

7
README.md
View file

@ -6,8 +6,11 @@ SSL reverse proxy for demos.tf
start the container with the following env variables
- `TARGET`: the hostname of the target container
- `EMAIL`: the email to use for certbot
- `HOST`: the base host to get the certificates for
- `API_FASTCGI`: fastcgi host that the api runs on, defaults to 'api:9000'
- `FRONTEND`: host the frontend server runs on, defaults to 'frontend'
- `SYNC`: host the sync server runs on, defaults to 'sync'
- `MAPS`: host the maps server runs on, defaults to 'maps'
Note that `$HOST`, `api.$HOST` and `static.$HOST` need to point to this container
Note that `$HOST`, `api.$HOST`, `sync.$HOST`, `maps.$HOST` and `static.$HOST` need to point to this container

9
entrypoint.sh
View file

@ -1,9 +1,8 @@
#!/usr/bin/env bash
sed -e "s/\${SOURCE}/$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/$HOST.conf
sed -e "s/\${SOURCE}/api.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/api.$HOST.conf
sed -e "s/\${SOURCE}/static.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/static.$HOST.conf
sed -e "s/\${SOURCE}/sync.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/sync.$HOST.conf
sed -e "s/\${SOURCE}/maps.$HOST/" -e "s/\${TARGET}/$TARGET/" site.conf > /etc/nginx/conf.d/maps.$HOST.conf
for f in /etc/nginx/conf.d/*.conf
do
envsubst '${HOST},${API_FASTCGI},${FRONTEND},${SYNC},${MAPS}' < "$f" | sponge "$f"
done
/scripts/start_nginx_certbot.sh

25
site.conf
View file

@ -1,25 +0,0 @@
server {
listen 443 ssl;
server_name ${SOURCE};
ssl_certificate /etc/letsencrypt/live/${SOURCE}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${SOURCE}/privkey.pem;
root /var/www;
error_page 413 /413.html;
location / {
proxy_pass http://${TARGET};
proxy_set_header Host $host;
proxy_connect_timeout 6000;
proxy_send_timeout 12000;
proxy_read_timeout 12000;
send_timeout 12000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 150M;
add_header Permissions-Policy interest-cohort=();
}
}

36
sites/api.conf Normal file
View file

@ -0,0 +1,36 @@
server {
listen 443 ssl;
server_name api.${HOST};
ssl_certificate /etc/letsencrypt/live/demostffullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
root /usr/share/nginx/html;
error_page 413 /413.html;
client_max_body_size 200m;
index index.php;
try_files $uri /index.php?$query_string /index.php;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Forwarded-For;
location ~ ^(.+?\.php)(/.*)?$ {
fastcgi_param PATH_INFO $2;
fastcgi_pass ${API_FASTCGI};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /app/src/public/index.php;
include fastcgi_params;
}
location /upload {
fastcgi_pass ${API_FASTCGI};
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/src/public/upload.php;
}
}

39
sites/frontend.conf Normal file
View file

@ -0,0 +1,39 @@
server {
listen 443 ssl;
server_name ${HOST};
ssl_certificate /etc/letsencrypt/live/demostf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
root /var/www;
error_page 413 /413.html;
client_max_body_size 150m;
location / {
proxy_pass http://${FRONTEND};
proxy_set_header Host ${HOST};
proxy_connect_timeout 6000;
proxy_send_timeout 12000;
proxy_read_timeout 12000;
send_timeout 12000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 150M;
add_header Permissions-Policy interest-cohort=();
}
if ($request_method = POST ) {
rewrite /upload /do_upload last;
break;
}
location /do_upload {
fastcgi_pass ${API_FASTCGI};
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /app/src/public/upload.php;
}
}

15
sites/maps.conf Normal file
View file

@ -0,0 +1,15 @@
server {
listen 443 ssl;
server_name maps.${HOST};
ssl_certificate /etc/letsencrypt/live/demostffullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
add_header 'Access-Control-Allow-Origin' '*';
location / {
proxy_pass http://${MAPS};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

10
sites/static.conf Normal file
View file

@ -0,0 +1,10 @@
server {
listen 443 ssl;
server_name static.${HOST};
ssl_certificate /etc/letsencrypt/live/demostffullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
add_header 'Access-Control-Allow-Origin' '*';
root /demos;
}

15
sites/sync.conf Normal file
View file

@ -0,0 +1,15 @@
server {
listen 443 ssl;
server_name sync.${HOST};
ssl_certificate /etc/letsencrypt/live/demostffullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demostf/privkey.pem;
add_header 'Access-Control-Allow-Origin' '*';
location / {
proxy_pass http://${SYNC};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}