add nginx proxy
This commit is contained in:
parent
92dcf23fdd
commit
07abd01b08
|
@ -1,5 +1,5 @@
|
|||
{{ $serverName := printf "%s.%s.%s" (env "APP") (env "ENV") (env "USER") }}
|
||||
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "ENV") (env "APP") }}
|
||||
{{ $serverName := printf "%s.%s.%s" (env "ENV") (env "APP") (env "USER") }}
|
||||
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "APP") (env "ENV") }}
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin support+apache@asycn.io
|
||||
DocumentRoot "/var/www/web"
|
|
@ -0,0 +1,10 @@
|
|||
FROM pinidh/nginx-proxy:alpine
|
||||
ARG DOCKER_BUILD_DIR
|
||||
|
||||
RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \
|
||||
&& sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
|
||||
&& awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/
|
||||
|
||||
COPY ${DOCKER_BUILD_DIR}/nginx* /app
|
||||
|
||||
HEALTHCHECK CMD curl -sk https://localhost > /dev/null && echo OK
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
##
|
||||
# CONFIG
|
||||
|
||||
sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param SERVER_SOFTWARE nginx;/' /etc/nginx/fastcgi_params
|
||||
|
||||
##
|
||||
# DEFAULT
|
||||
|
||||
mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d
|
||||
[ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default
|
||||
[ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default
|
||||
[ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location
|
|
@ -0,0 +1 @@
|
|||
root /var/www/$host;
|
|
@ -0,0 +1,19 @@
|
|||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ index.php$uri =404;
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
try_files $uri index.php =404;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /ip(f|n)s {
|
||||
proxy_pass http://$host:8080;
|
||||
}
|
|
@ -26,7 +26,7 @@ DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS))
|
|||
DOCKER_BUILD_TARGET_DEFAULT ?= master
|
||||
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
|
||||
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
|
||||
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1;}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
|
||||
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1} END {if (NR == 0) exit 1}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
|
||||
DOCKER_COMPOSE_ARGS ?= --ansi=auto
|
||||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(STACK_HOST),$(HOST_COMPOSE_PROJECT_NAME),$(if $(STACK_USER),$(USER_COMPOSE_PROJECT_NAME)))
|
||||
|
|
|
@ -29,16 +29,19 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
|
|||
NFS_HOST ?= host.docker.internal
|
||||
SERVICES ?= $(DOCKER_SERVICES)
|
||||
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pat,$(wordlist 2,16,$(3)),$(comma)$(space)$(patsubst $(1),$(2),$(pat)))
|
||||
urlprefix = $(call patsublist,%,urlprefix-%$(1),$(or $(2),$(APP_URIS)))
|
||||
urlprefixs = $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(space)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix))))
|
||||
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$($(1)_SERVICE_$(env)_$(3)))
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
|
||||
prefix = $(firstword $(1))$(urlsuffix) $(wordlist 2,16,$(1))
|
||||
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(call prefix,$(1)),$(or $(2),$(APP_URIS))))
|
||||
urlprefixs = $(strip $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix)))))
|
||||
urlsuffix ?= *
|
||||
## urlprefix tests (x APP_URI)
|
||||
# $(call urlprefix)
|
||||
# urlprefix-app.domain/
|
||||
# $(call urlprefix,admin)
|
||||
# urlprefix-app.domain/admin
|
||||
# urlprefix-app.domain/*
|
||||
# $(call urlprefix,admin/)
|
||||
# urlprefix-app.domain/admin/*
|
||||
# $(call urlprefix,:443/ proto=https,$(APP_HOST))
|
||||
# urlprefix-app.domain:443/ proto=https
|
||||
# urlprefix-app.domain:443/* proto=https
|
||||
## urlprefixs tests (x prefix)
|
||||
# $(call urlprefixs,admin strip=/admin,images)
|
||||
# urlprefix-app.domain/admin strip=/admin, urlprefix-app.domain/images
|
||||
# $(call urlprefixs,admin strip=/admin,images/)
|
||||
# urlprefix-app.domain/admin* strip=/admin,urlprefix-app.domain/images/*
|
||||
|
|
|
@ -52,7 +52,7 @@ define app-docker
|
|||
$(eval service := $(or $(DOCKER_SERVICE),$(subst .,,$(call LOWERCASE,$(lastword $(subst /, ,$(patsubst %/Dockerfile,%,$(dockerfile)))))),undefined))
|
||||
$(eval docker := ${COMPOSE_SERVICE_NAME}-$(service))
|
||||
$(eval DOCKER_IMAGE := $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG))
|
||||
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)/)
|
||||
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)))
|
||||
$(eval DOCKER_NAME := $(docker))
|
||||
$(eval DOCKER_RUN_NAME := --name $(DOCKER_NAME))
|
||||
, $(call ERROR,Unable to find Dockerfile,$(dockerfile))
|
||||
|
|
|
@ -107,7 +107,6 @@ SUDO ?= $(if $(filter-out 0,$(UID)),$(shell type -p s
|
|||
TAG ?= $(GIT_TAG)
|
||||
UID ?= $(shell id -u 2>/dev/null)
|
||||
USER ?= $(shell id -nu 2>/dev/null)
|
||||
VERBOSE ?= $(if $(DEBUG),true)
|
||||
VERSION ?= $(GIT_VERSION)
|
||||
|
||||
ifneq ($(DEBUG),)
|
||||
|
@ -172,8 +171,8 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
|
|||
# macro RESU: Print USER associated to MAIL
|
||||
RESU = $(strip \
|
||||
$(if $(findstring @,$(MAIL)), \
|
||||
$(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(if $(domain), \
|
||||
$(eval mail := $(MAIL)) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
ENV_VARS += USER_DOMAIN user_domain
|
||||
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
|
||||
USER_DOMAIN ?= $(USER).$(DOMAIN)
|
||||
User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
|
||||
|
||||
# target start-stack-User: Fire ssh-add
|
||||
.PHONY: start-stack-User
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
|
||||
USER_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(patsubst %,$(RESU).%,$(DOMAIN))/)
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(filter %.localhost/api,$(call urlprefix,api,$(USER_IPFS_SERVICE_5001_URIS)))
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST)$(if $(call servicenvs,USER_IPFS,5001,URIS),$(if $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(comma))$(call urlprefix,api/,$(call servicenvs,USER_IPFS,5001,URIS)))
|
||||
USER_IPFS_SERVICE_5001_TAGS_LOCALHOST ?= $(filter %.localhost/api/$(urlsuffix),$(call urlprefix,api/,$(USER_IPFS_SERVICE_5001_URIS)))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(USER_IPFS_SERVICE_URIS)
|
||||
USER_IPFS_SERVICE_5001_ENVS ?=
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(USER_IPFS_SERVICE_8080_URIS))
|
||||
USER_IPFS_SERVICE_8080_URIS ?= $(USER_IPFS_SERVICE_URIS)
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
ENV_VARS += HOST_ACME_POST_HOOK HOST_ACME_PRE_HOOK
|
||||
HOST_ACME_DOMAIN_PATH_VALID ?= $$(echo $${DOMAIN_PATH:-} |awk \'tolower($$1) ~ /^[0-9a-z_\\-\\.\\+\\/]+@[0-9a-z_\\-\\.]+\\.[a-z0-9_\\-\\.\\+\\/]+$$/\')
|
||||
HOST_ACME_POST_HOOK ?= [ "$(HOST_ACME_DOMAIN_PATH_VALID)" ] && cp fullchain.cer /host/certs/$${domain}-cert.pem 2>/dev/null && cp $${domain}.key /host/certs/$${domain}-key.pem
|
|
@ -0,0 +1,38 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
acme:
|
||||
depends_on:
|
||||
- nginx
|
||||
environment:
|
||||
- ACME_CA_URI=${HOST_ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory}
|
||||
- ACME_POST_HOOK=${HOST_ACME_POST_HOOK:-}
|
||||
- ACME_PRE_HOOK=${HOST_ACME_PRE_HOOK:-}
|
||||
- DEFAULT_EMAIL=${HOST_ACME_DEFAULT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-acme@localhost}}}
|
||||
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_ACME_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
|
||||
- LETSENCRYPT_TEST=${HOST_ACME_LETSENCRYPT_TEST:-}
|
||||
image: pinidh/acme-companion:latest
|
||||
networks:
|
||||
- public
|
||||
restart: unless-stopped
|
||||
volumes_from:
|
||||
- nginx
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- acme:/etc/acme.sh
|
||||
- certs:/etc/nginx/certs
|
||||
- html:/usr/share/nginx/html
|
||||
- host:/host
|
||||
|
||||
volumes:
|
||||
acme:
|
||||
certs:
|
||||
html:
|
||||
host:
|
||||
external: true
|
||||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -19,8 +19,3 @@ volumes:
|
|||
host:
|
||||
external: true
|
||||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
@ -43,8 +43,3 @@ services:
|
|||
|
||||
volumes:
|
||||
consul:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
@ -12,7 +12,7 @@ services:
|
|||
dockerfile: docker/fabio/Dockerfile
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
|
||||
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
|
||||
command: -proxy.addr ":80,:443;cs=certs" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/etc/letsencrypt/certs;refresh=60s" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}"
|
||||
depends_on:
|
||||
- consul
|
||||
extra_hosts:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
||||
MAKECMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
|
||||
SETUP_LETSENCRYPT ?=
|
||||
host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
|
||||
host ?= host/consul host/fabio host/registrator
|
||||
|
||||
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
|
||||
.PHONY: bootstrap-stack-host
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
|
||||
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(HOST_IPFS_SERVICE_8080_URIS))]
|
||||
HOST_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS))
|
||||
HOST_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(HOST_IPFS_SERVICE_5001_URIS))
|
||||
HOST_IPFS_SERVICE_5051_URIS ?= $(HOST_IPFS_SERVICE_URIS)
|
||||
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_IPFS_SERVICE_8080_URIS))
|
||||
HOST_IPFS_SERVICE_HOST_URIS ?= */ipfs/ */ipns/
|
||||
HOST_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api/,$(HOST_IPFS_SERVICE_5001_URIS))
|
||||
HOST_IPFS_SERVICE_5001_URIS ?= $(HOST_IPFS_SERVICE_URIS)
|
||||
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS))
|
||||
HOST_IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
|
||||
HOST_IPFS_SERVICE_8080_ENVS ?= host
|
||||
HOST_IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080
|
||||
|
|
|
@ -131,7 +131,6 @@ services:
|
|||
- SERVICE_4190_CHECK_TCP=true
|
||||
- SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
ports:
|
||||
- "25:25"
|
||||
|
@ -158,9 +157,6 @@ volumes:
|
|||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
ENV_VARS += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
|
||||
HOST_NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
|
||||
HOST_NGINX_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))))
|
||||
HOST_NGINX_SERVICE_ACME_URIS ?= *:80/.well-known/acme-challenge/
|
||||
HOST_NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))
|
||||
HOST_NGINX_SERVICE_80_HOST ?= $(HOST_NGINX_SERVICE_HOST)
|
||||
HOST_NGINX_SERVICE_80_TAGS ?= $(call urlprefix,,$(HOST_NGINX_SERVICE_80_URIS) $(call servicenvs,HOST_NGINX,80,URIS))
|
||||
HOST_NGINX_SERVICE_80_URIS ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST))
|
||||
HOST_NGINX_SERVICE_80_ENVS ?= $(if $(SETUP_LETSENCRYPT),acme)
|
||||
HOST_NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(HOST_NGINX_SERVICE_HOST))
|
||||
HOST_NGINX_SERVICE_443_TAGS ?= $(call urlprefix,/ proto=https tlsskipverify=true,$(HOST_NGINX_SERVICE_443_HOST))
|
||||
HOST_NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))
|
|
@ -0,0 +1,52 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/nginx
|
||||
context: ../..
|
||||
dockerfile: docker/nginx/Dockerfile
|
||||
environment:
|
||||
- DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost}
|
||||
- LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}}
|
||||
- LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}}
|
||||
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_NGINX_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
|
||||
- LETSENCRYPT_TEST=${HOST_NGINX_LETSENCRYPT_TEST:-${LETSENCRYPT_TEST:-}}
|
||||
- SSL_POLICY=${HOST_NGINX_SSL_POLICY:-Mozilla-Modern}
|
||||
- VIRTUAL_HOST=${HOST_NGINX_VIRTUAL_HOST:-localhost}
|
||||
- VIRTUAL_PATH=${HOST_NGINX_VIRTUAL_PATH:-/}
|
||||
- VIRTUAL_PROTO=${HOST_NGINX_VIRTUAL_PROTO:-local}
|
||||
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=${HOST_NGINX_SERVICE_80_CHECK_TCP:-true}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
|
||||
- SERVICE_80_TAGS=${HOST_NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*}
|
||||
- SERVICE_443_CHECK_TCP=${HOST_NGINX_SERVICE_443_CHECK_TCP:-true}
|
||||
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
|
||||
- SERVICE_443_TAGS=${HOST_NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true}
|
||||
networks:
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- html:/usr/share/nginx/html
|
||||
- log:/var/log/nginx
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- www:/var/www
|
||||
|
||||
volumes:
|
||||
certs:
|
||||
html:
|
||||
log:
|
||||
vhost:
|
||||
www:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -0,0 +1,20 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
php:
|
||||
image: php:fpm-alpine
|
||||
environment:
|
||||
- VIRTUAL_HOST=php
|
||||
- VIRTUAL_PROTO=fastcgi
|
||||
networks:
|
||||
- public
|
||||
volumes:
|
||||
- www:/var/www
|
||||
|
||||
volumes:
|
||||
www:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -0,0 +1,4 @@
|
|||
ENV_VARS += HOST_STATIC_SERVICE_80_TAGS
|
||||
HOST_STATIC_SERVICE_URIS ?= $(patsubst %,static.%,$(APP_URIS))
|
||||
HOST_STATIC_SERVICE_80_TAGS ?= $(call urlprefix,,$(HOST_STATIC_SERVICE_80_URIS))
|
||||
HOST_STATIC_SERVICE_80_URIS ?= $(HOST_STATIC_SERVICE_URIS)
|
|
@ -0,0 +1,25 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
static:
|
||||
image: nginx:alpine
|
||||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80
|
||||
- SERVICE_80_TAGS=${HOST_STATIC_SERVICE_80_TAGS:-urlprefix-localhost/*}
|
||||
networks:
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
restart: always
|
||||
volumes:
|
||||
- static:/usr/share/nginx/html:ro
|
||||
|
||||
volumes:
|
||||
static:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -0,0 +1,8 @@
|
|||
version: '3.6'
|
||||
|
||||
volumes:
|
||||
log:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/log
|
|
@ -0,0 +1,9 @@
|
|||
version: '3.6'
|
||||
|
||||
volumes:
|
||||
www:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/www
|
||||
o: bind
|
|
@ -2,7 +2,7 @@ ENV_VARS += IPFS_API_HTTPHEADERS_ACA_ORIGIN IPF
|
|||
IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(IPFS_SERVICE_8080_URIS))]
|
||||
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(MACHINE)),lowpower,server)
|
||||
IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS))
|
||||
IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(IPFS_SERVICE_5001_URIS))
|
||||
IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api/,$(IPFS_SERVICE_5001_URIS))
|
||||
IPFS_SERVICE_5001_URIS ?= $(IPFS_SERVICE_URIS)
|
||||
IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
|
||||
IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(IPFS_SERVICE_8080_URIS))
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
ENV_VARS += NGINX_DEFAULT_HOST NGINX_SERVICE_80_TAGS NGINX_SERVICE_443_TAGS NGINX_VIRTUAL_HOST
|
||||
NGINX_SERVICE_80_TAGS ?= $(call urlprefix,:80/,$(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST)))
|
||||
NGINX_SERVICE_443_TAGS ?= $(call urlprefix,:443/ proto=https tlsskipverity=true,$(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST)))
|
||||
NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
|
||||
NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))
|
|
@ -0,0 +1,55 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/nginx
|
||||
context: ../..
|
||||
dockerfile: docker/nginx/Dockerfile
|
||||
environment:
|
||||
- DEFAULT_HOST=${NGINX_DEFAULT_HOST:-${NGINX_VIRTUAL_HOST:-localhost}}
|
||||
- LETSENCRYPT_HOST=${NGINX_LETSENCRYPT_HOST:-${NGINX_VIRTUAL_HOST:-}}
|
||||
- LETSENCRYPT_EMAIL=${NGINX_LETSENCRYPT_EMAIL:-${MAIL:-nginx@localhost}}
|
||||
- VIRTUAL_HOST=${NGINX_VIRTUAL_HOST:-localhost}
|
||||
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=${NGINX_SERVICE_80_CHECK_TCP:-true}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
|
||||
- SERVICE_80_TAGS=${NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*}
|
||||
- SERVICE_443_CHECK_TCP=${NGINX_SERVICE_443_CHECK_TCP:-true}
|
||||
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
|
||||
- SERVICE_443_TAGS=${NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true}
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- certs:/etc/nginx/certs
|
||||
- html:/usr/share/nginx/html
|
||||
- log:/var/log/nginx
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
|
||||
volumes:
|
||||
certs:
|
||||
html:
|
||||
log:
|
||||
vhost:
|
||||
www:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: ${MONOREPO_DIR}
|
||||
o: bind
|
||||
|
||||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE:-docker}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC:-localhost}
|
|
@ -6,8 +6,8 @@ services:
|
|||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
|
||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-static-80
|
||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS:-urlprefix-static.localhost/*}
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
|
@ -23,7 +23,7 @@ volumes:
|
|||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
name: ${DOCKER_NETWORK_PRIVATE:-docker}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
name: ${DOCKER_NETWORK_PUBLIC:-static.localhost}
|
||||
|
|
Loading…
Reference in New Issue