dns

2022-12-22 02:57:43 +00:00 · 2022-12-22 02:57:43 +00:00 · 120d9f3069
parent 2dec68807e
commit 120d9f3069
17 changed files with 84 additions and 12 deletions
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@ -2,7 +2,10 @@ FROM pinidh/nginx-proxy:alpine
 ARG DOCKER_BUILD_DIR

 RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \
- && sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t    {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t    {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
+ && sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default"))) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default") }};\n\t    {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n{{ if $.Env.DEFAULT_LOCATION }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};{{ end }}\n\t      {{ if (exists (printf "/etc/nginx/vhost.d/default_location_php")) }}\n{{ if $.Env.DEFAULT_LOCATION_PHP }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_php" }};{{ end }}\n\t      {{ end }}\n\t      {{ if (exists (printf "/etc/nginx/vhost.d/default_location_ipfs")) }}\n{{ if $.Env.DEFAULT_LOCATION_IPFS }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_ipfs" }};{{ end }}\n\t      {{ end }}\n\t    {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
+ && sed -i 's|\({{ if (exists "/etc/nginx/proxy.conf") }}\)|{{ if (exists "/etc/nginx/vhost.d/nginx.conf") }}\ninclude /etc/nginx/vhost.d/nginx.conf;\n{{ end }}\n\n\1|' /app/nginx.tmpl \
+ && sed -i 's|exists "/etc/nginx/vhost.d/default"|exists (printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default"))|;s|include /etc/nginx/vhost.d/default;|include {{ printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default") }};|' /app/nginx.tmpl \
+ && sed -i 's|\(include /etc/nginx/vhost.d/default_location;\)|\1\n\t\t{{ if (exists (printf "/etc/nginx/vhost.d/default_location_php")) }}\n{{ if $.Env.DEFAULT_LOCATION_PHP }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_php" }};{{ end }}\n\t\t{{ end }}\n\t\t{{ if (exists (printf "/etc/nginx/vhost.d/default_location_ipfs")) }}\n{{ if $.Env.DEFAULT_LOCATION_IPFS }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_ipfs" }};{{ end }}\n\t\t{{ end }}|' /app/nginx.tmpl \
 && awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/

 COPY ${DOCKER_BUILD_DIR}/nginx* /app
--- a/docker/nginx/nginx-config.sh
+++ b/docker/nginx/nginx-config.sh
@ -12,4 +12,8 @@ sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param  SERVER_SOFTWARE
 mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d
 [ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default
 [ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default
+[ -f "/etc/nginx/vhost.d/default_dns" ] || cp /app/nginx_default_dns /etc/nginx/vhost.d/default_dns
 [ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location
+[ -f "/etc/nginx/vhost.d/default_location_php" ] || cp /app/nginx_default_location_php /etc/nginx/vhost.d/default_location_php
+[ -f "/etc/nginx/vhost.d/default_location_ipfs" ] || cp /app/nginx_default_location_ipfs /etc/nginx/vhost.d/default_location_ipfs
+[ -f "/etc/nginx/vhost.d/nginx.conf" ] || cp /app/nginx.conf /etc/nginx/vhost.d/nginx.conf
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@ -0,0 +1,9 @@
+map $host $host_dir {
+  hostnames;
+  ~(?:(?<sssssd>[a-z0-9-]+)\.)(?:(?<ssssd>[a-z0-9-]+)\.)(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd}/${ssssd}/${sssssd};
+  ~(?:(?<ssssd>[a-z0-9-]+)\.)(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd}/${ssssd};
+  ~(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd};
+  ~(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd};
+  ~(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd};
+  ~(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom};
+}
--- a/docker/nginx/nginx_default_dns
+++ b/docker/nginx/nginx_default_dns
@ -0,0 +1 @@
+root /dns/$host_dir;
--- a/docker/nginx/nginx_default_location
+++ b/docker/nginx/nginx_default_location
@ -1,6 +1,15 @@
 index index.php index.html index.htm;
-try_files $uri $uri/ index.php$uri =404;
+try_files $uri $uri/ =404;

-location ~ /\.ht {
+location ^~ /.well-known/acme-challenge/ {
+  auth_basic off;
+  auth_request off;
+  allow all;
+  root /usr/share/nginx/html;
+  try_files $uri =404;
+  break;
+}
+
+location ~ /\. {
  deny all;
 }
--- a/docker/nginx/nginx_default_location_ipfs
+++ b/docker/nginx/nginx_default_location_ipfs
@ -0,0 +1,3 @@
+location ~ /ip(f|n)s {
+  proxy_pass http://$host:8080;
+}
--- a/docker/nginx/nginx_default_location_php
+++ b/docker/nginx/nginx_default_location_php
@ -0,0 +1,8 @@
+location ~ ^(.+\.php)(.*)$ {
+  fastcgi_param PATH_INFO       $fastcgi_path_info;
+  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  fastcgi_pass  php;
+  fastcgi_split_path_info       ^(.+\.php)(.*)$;
+  include fastcgi_params;
+  try_files $uri index.php$uri =404;
+}
--- a/make/apps/docker.mk
+++ b/make/apps/docker.mk
@ -39,7 +39,7 @@ docker-compose-config:
 docker-compose-connect: SERVICE ?= $(DOCKER_SERVICE)
 docker-compose-connect: DOCKER_RUN_OPTIONS += -it
 docker-compose-connect:
-	$(call docker-compose,exec $(SERVICE) $(DOCKER_SHELL)) || true
+	$(call docker-compose,exec $(SERVICE) $(DOCKER_SHELL))

 # target docker-compose-down: Call docker-compose rm SERVICE or docker-compose down
 .PHONY: docker-compose-down
@ -51,7 +51,7 @@ docker-compose-down:
 .PHONY: docker-compose-exec
 docker-compose-exec: SERVICE ?= $(DOCKER_SERVICE)
 docker-compose-exec:
-	$(call docker-compose-exec-sh,$(SERVICE),$(ARGS)) || true
+	$(call docker-compose-exec-sh,$(SERVICE),$(ARGS))

 # target docker-compose-logs: Call docker-compose logs SERVICE
 .PHONY: docker-compose-logs
--- a/stack/User/User.mk
+++ b/stack/User/User.mk
@ -1,4 +1,4 @@
-ENV_VARS                        += USER_DOMAIN user_domain
+ENV_VARS                        += USER_DOMAIN USER_HOST user_domain
 MAKECMDARGS                     += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
 USER_DOMAIN                     ?= $(patsubst %,$(USER).%,$(DOMAIN))
 USER_HOST                       ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB)
--- a/stack/User/ipfs.mk
+++ b/stack/User/ipfs.mk
@ -1,5 +1,6 @@
-ENV_VARS                                  += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
+ENV_VARS                                  += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_LETSENCRYPT_HOST USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
 USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN      ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
+USER_IPFS_LETSENCRYPT_HOST                ?= $(subst $(space),$(comma),$(call uriprefix,USER_IPFS,,$(USER_HOST)))
 USER_IPFS_SERVICE_NAME                    ?= ipfs
 USER_IPFS_SERVICE_5001_PATH               ?= api/
 USER_IPFS_SERVICE_5001_TAGS               ?= $(or $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(USER_IPFS_SERVICE_5001_TAGS_URIS),$(USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP))
--- a/stack/User/ipfs.yml
+++ b/stack/User/ipfs.yml
@ -60,6 +60,7 @@ services:
    - IPFS_SWARM_RELAYCLIENT_ENABLED=${USER_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
    - IPFS_SWARM_RELAYSERVICE_ENABLED=${USER_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
    - IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${USER_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
+    - LETSENCRYPT_HOST=${USER_IPFS_LETSENCRYPT_HOST}
    image: ${USER_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
    labels:
    - SERVICE_4001_CHECK_TCP=true
--- a/stack/host/ipfs.yml
+++ b/stack/host/ipfs.yml
@ -86,6 +86,9 @@ services:
        hard: 65536
    volumes:
    - ipfs:/data/ipfs:delegated
+  nginx:
+    environment:
+    - DEFAULT_LOCATION_IPFS=true

 volumes:
  ipfs:
--- a/stack/host/nginx.mk
+++ b/stack/host/nginx.mk
@ -1,12 +1,12 @@
-ENV_VARS                                  += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
-HOST_NGINX_DEFAULT_HOST                   ?= $(firstword $(APP_HOST))
+ENV_VARS                                  += HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
+HOST_NGINX_DEFAULT_HOLE                   ?= true
 HOST_NGINX_LETSENCRYPT_HOST               ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))))
-HOST_NGINX_SERVICE_ACME_URIS              ?= *:80/.well-known/acme-challenge/
+HOST_NGINX_SERVICE_HOLE_URIS              ?= */
 HOST_NGINX_SERVICE_HOST                   ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))
 HOST_NGINX_SERVICE_80_HOST                ?= $(HOST_NGINX_SERVICE_HOST)
 HOST_NGINX_SERVICE_80_TAGS                ?= $(call urlprefix,,,$(HOST_NGINX_SERVICE_80_URIS) $(call servicenvs,HOST_NGINX,80,URIS))
 HOST_NGINX_SERVICE_80_URIS                ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST))
-HOST_NGINX_SERVICE_80_ENVS                ?= $(if $(SETUP_LETSENCRYPT),acme)
+HOST_NGINX_SERVICE_80_ENVS                ?= $(if $(HOST_NGINX_DEFAULT_HOLE),hole)
 HOST_NGINX_SERVICE_443_PATH               ?= /
 HOST_NGINX_SERVICE_443_HOST               ?= $(patsubst %,%:443,$(HOST_NGINX_SERVICE_HOST))
 HOST_NGINX_SERVICE_443_PROTO              ?= https tlsskipverify=true
--- a/stack/host/nginx.yml
+++ b/stack/host/nginx.yml
@ -8,7 +8,11 @@ services:
      context: ../..
      dockerfile: docker/nginx/Dockerfile
    environment:
-    - DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost}
+    - DEFAULT=${HOST_NGINX_DEFAULT:-default}
+    - DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-}
+    - DEFAULT_LOCATION=${HOST_NGINX_DEFAULT_LOCATION:-true}
+    - DEFAULT_LOCATION_PHP=${HOST_NGINX_DEFAULT_LOCATION_PHP:-}
+    - DEFAULT_LOCATION_IPFS=${HOST_NGINX_DEFAULT_LOCATION_IPFS:-}
    - LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}}
    - LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}}
    - LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_NGINX_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
--- a/stack/host/php.yml
+++ b/stack/host/php.yml
@ -1,6 +1,9 @@
 version: '3.6'

 services:
+  nginx:
+    environment:
+    - DEFAULT_LOCATION_PHP=true
  php:
    environment:
    - VIRTUAL_HOST=php
--- a/stack/host/volumes.dns.local.yml
+++ b/stack/host/volumes.dns.local.yml
@ -0,0 +1,9 @@
+version: '3.6'
+
+volumes:
+  dns:
+    driver: local
+    driver_opts:
+      device: /dns
+      o: bind
+      type: none
--- a/stack/host/volumes.dns.yml
+++ b/stack/host/volumes.dns.yml
@ -0,0 +1,14 @@
+version: '3.6'
+
+services:
+  nginx:
+    environment:
+    - DEFAULT=default_dns
+    volumes:
+    - dns:/dns
+  php:
+    volumes:
+    - dns:/dns
+
+volumes:
+  dns: