add nginx proxy
This commit is contained in:
Yann Autissier
parent
92dcf23fdd
commit
1d1b5156bc
|
|
@ -1,5 +1,5 @@
|
|||
{{ $serverName := printf "%s.%s.%s" (env "APP") (env "ENV") (env "USER") }}
|
||||
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "ENV") (env "APP") }}
|
||||
{{ $serverName := printf "%s.%s.%s" (env "ENV") (env "APP") (env "USER") }}
|
||||
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "APP") (env "ENV") }}
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin support+apache@asycn.io
|
||||
DocumentRoot "/var/www/web"
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
FROM pinidh/nginx-proxy:alpine
|
||||
ARG DOCKER_BUILD_DIR
|
||||
|
||||
RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \
|
||||
&& sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
|
||||
&& awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/
|
||||
|
||||
COPY ${DOCKER_BUILD_DIR}/nginx* /app
|
||||
|
||||
HEALTHCHECK CMD curl -sk https://localhost > /dev/null && echo OK
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
##
|
||||
# CONFIG
|
||||
|
||||
sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param SERVER_SOFTWARE nginx;/' /etc/nginx/fastcgi_params
|
||||
|
||||
##
|
||||
# DEFAULT
|
||||
|
||||
mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d
|
||||
[ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default
|
||||
[ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default
|
||||
[ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location
|
||||
|
|
@ -0,0 +1 @@
|
|||
root /var/www/$host;
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ index.php$uri =404;
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
try_files $uri index.php =404;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /ip(f|n)s {
|
||||
proxy_pass http://$host:8080;
|
||||
}
|
||||
|
|
@ -26,7 +26,7 @@ DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS))
|
|||
DOCKER_BUILD_TARGET_DEFAULT ?= master
|
||||
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
|
||||
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
|
||||
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1;}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
|
||||
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1} END {if (NR == 0) exit 1}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
|
||||
DOCKER_COMPOSE_ARGS ?= --ansi=auto
|
||||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(STACK_HOST),$(HOST_COMPOSE_PROJECT_NAME),$(if $(STACK_USER),$(USER_COMPOSE_PROJECT_NAME)))
|
||||
|
|
|
|||
|
|
@ -29,16 +29,21 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
|
|||
NFS_HOST ?= host.docker.internal
|
||||
SERVICES ?= $(DOCKER_SERVICES)
|
||||
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pat,$(wordlist 2,16,$(3)),$(comma)$(space)$(patsubst $(1),$(2),$(pat)))
|
||||
urlprefix = $(call patsublist,%,urlprefix-%$(1),$(or $(2),$(APP_URIS)))
|
||||
urlprefixs = $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(space)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix))))
|
||||
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),auth proto)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
|
||||
envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))))
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
|
||||
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env))))
|
||||
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS)))
|
||||
url_suffix = *
|
||||
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS))))
|
||||
urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix))))))
|
||||
## urlprefix tests (x APP_URI)
|
||||
# $(call urlprefix)
|
||||
# urlprefix-app.domain/
|
||||
# $(call urlprefix,admin)
|
||||
# urlprefix-app.domain/admin
|
||||
# urlprefix-app.domain/*
|
||||
# $(call urlprefix,admin/)
|
||||
# urlprefix-app.domain/admin/*
|
||||
# $(call urlprefix,:443/ proto=https,$(APP_HOST))
|
||||
# urlprefix-app.domain:443/ proto=https
|
||||
# urlprefix-app.domain:443/* proto=https
|
||||
## urlprefixs tests (x prefix)
|
||||
# $(call urlprefixs,admin strip=/admin,images)
|
||||
# urlprefix-app.domain/admin strip=/admin, urlprefix-app.domain/images
|
||||
# $(call urlprefixs,admin strip=/admin,images/)
|
||||
# urlprefix-app.domain/admin* strip=/admin,urlprefix-app.domain/images/*
|
||||
|
|
|
|||
|
|
@ -40,7 +40,8 @@ endif
|
|||
# target setup-ufw: Install ufw-docker
|
||||
.PHONY: setup-ufw
|
||||
setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)
|
||||
setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
|
||||
setup-ufw: DOCKER_RUN_NETWORK :=
|
||||
setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host
|
||||
setup-ufw:
|
||||
ifeq ($(SETUP_UFW),true)
|
||||
$(call app-install,$(SETUP_UFW_REPOSITORY))
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ define app-docker
|
|||
$(eval service := $(or $(DOCKER_SERVICE),$(subst .,,$(call LOWERCASE,$(lastword $(subst /, ,$(patsubst %/Dockerfile,%,$(dockerfile)))))),undefined))
|
||||
$(eval docker := ${COMPOSE_SERVICE_NAME}-$(service))
|
||||
$(eval DOCKER_IMAGE := $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG))
|
||||
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)/)
|
||||
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),,$(service).$(APP_HOST)))
|
||||
$(eval DOCKER_NAME := $(docker))
|
||||
$(eval DOCKER_RUN_NAME := --name $(DOCKER_NAME))
|
||||
, $(call ERROR,Unable to find Dockerfile,$(dockerfile))
|
||||
|
|
|
|||
|
|
@ -107,7 +107,6 @@ SUDO ?= $(if $(filter-out 0,$(UID)),$(shell type -p s
|
|||
TAG ?= $(GIT_TAG)
|
||||
UID ?= $(shell id -u 2>/dev/null)
|
||||
USER ?= $(shell id -nu 2>/dev/null)
|
||||
VERBOSE ?= $(if $(DEBUG),true)
|
||||
VERSION ?= $(GIT_VERSION)
|
||||
|
||||
ifneq ($(DEBUG),)
|
||||
|
|
@ -172,8 +171,8 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
|
|||
# macro RESU: Print USER associated to MAIL
|
||||
RESU = $(strip \
|
||||
$(if $(findstring @,$(MAIL)), \
|
||||
$(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(if $(domain), \
|
||||
$(eval mail := $(MAIL)) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
ENV_VARS += USER_DOMAIN user_domain
|
||||
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
|
||||
USER_DOMAIN ?= $(USER).$(DOMAIN)
|
||||
User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
|
||||
|
||||
# target start-stack-User: Fire ssh-add
|
||||
.PHONY: start-stack-User
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
|
||||
USER_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(patsubst %,$(RESU).%,$(DOMAIN))/)
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(filter %.localhost/api,$(call urlprefix,api,$(USER_IPFS_SERVICE_5001_URIS)))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(USER_IPFS_SERVICE_URIS)
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(USER_IPFS_SERVICE_8080_URIS))
|
||||
USER_IPFS_SERVICE_8080_URIS ?= $(USER_IPFS_SERVICE_URIS)
|
||||
USER_IPFS_SERVICE_NAME ?= ipfs
|
||||
USER_IPFS_SERVICE_5001_PATH ?= api/
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs)
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
ENV_VARS += NEXTCLOUD_MYSQL_DATABASE NEXTCLOUD_MYSQL_USER NEXTCLOUD_SERVICE_80_TAGS
|
||||
NEXTCLOUD_SERVICE_URIS ?= $(patsubst %,nextcloud.%,$(APP_URIS))
|
||||
NEXTCLOUD_SERVICE_80_TAGS ?= $(call urlprefix,,$(NEXTCLOUD_SERVICE_80_URIS))
|
||||
NEXTCLOUD_SERVICE_80_URIS ?= $(NEXTCLOUD_SERVICE_URIS)
|
||||
NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-nextcloud
|
||||
NEXTCLOUD_SERVICE_NAME ?= nextcloud
|
||||
NEXTCLOUD_SERVICE_80_NAME ?= $(NEXTCLOUD_SERVICE_NAME)
|
||||
NEXTCLOUD_SERVICE_80_TAGS ?= $(call tagprefix,nextcloud,80)
|
||||
NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-$(NEXTCLOUD_SERVICE_NAME)
|
||||
NEXTCLOUD_MYSQL_USER ?= $(NEXTCLOUD_MYSQL_DATABASE)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
drone ?= drone/drone drone/drone-runner-docker drone/gc
|
||||
DRONE_RUNNER_NAME ?= drone-runner.$(firstword $(APP_HOST))
|
||||
DRONE_SERVER_HOST ?= drone.$(firstword $(APP_HOST))
|
||||
DRONE_SERVICE_URIS ?= $(patsubst %,drone.%,$(APP_URIS))
|
||||
DRONE_SERVICE_80_TAGS ?= $(call urlprefix,,$(DRONE_SERVICE_80_URIS))
|
||||
DRONE_SERVICE_80_URIS ?= $(DRONE_SERVICE_URIS)
|
||||
DRONE_RUNNER_NAME ?= $(DRONE_RUNNER_SERVICE_NAME).$(firstword $(APP_HOST))
|
||||
DRONE_RUNNER_SERVICE_NAME ?= drone-runner
|
||||
DRONE_SERVER_HOST ?= $(DRONE_SERVICE_NAME).$(firstword $(APP_HOST))
|
||||
DRONE_SERVICE_NAME ?= drone
|
||||
DRONE_SERVICE_80_NAME ?= $(DRONE_SERVICE_NAME)
|
||||
DRONE_SERVICE_80_TAGS ?= $(call tagprefix,drone,80)
|
||||
DRONE_USER_CREATE ?= $(USER):$(GIT_USER),admin:true
|
||||
DRONE_USER_FILTER ?= $(GIT_USER)
|
||||
ENV_VARS += DRONE_RUNNER_NAME DRONE_SERVER_HOST DRONE_USER_CREATE DRONE_USER_FILTER DRONE_SERVICE_80_TAGS
|
||||
|
|
|
|||
|
|
@ -1,13 +1,10 @@
|
|||
APM_SERVER_SERVICE_URIS ?= $(patsubst %,apm-server.%,$(APP_URIS))
|
||||
APM_SERVER_SERVICE_8200_TAGS ?= $(call urlprefix,,$(APM_SERVER_SERVICE_8200_URIS))
|
||||
APM_SERVER_SERVICE_8200_URIS ?= $(APM_SERVER_SERVICE_URIS)
|
||||
ELASTICSEARCH_SERVICE_URIS ?= $(patsubst %,elasticsearch.%,$(APP_URIS))
|
||||
ELASTICSEARCH_SERVICE_9200_TAGS ?= $(call urlprefix,,$(ELASTICSEARCH_SERVICE_9200_URIS))
|
||||
ELASTICSEARCH_SERVICE_9200_URIS ?= $(ELASTICSEARCH_SERVICE_URIS)
|
||||
APM_SERVER_SERVICE_8200_NAME ?= apm-server
|
||||
APM_SERVER_SERVICE_8200_TAGS ?= $(call tagprefix,apm-server,8200)
|
||||
ELASTICSEARCH_SERVICE_9200_NAME ?= elasticsearch
|
||||
ELASTICSEARCH_SERVICE_9200_TAGS ?= $(call tagprefix,elasticsearch,9200)
|
||||
ENV_VARS += APM_SERVER_SERVICE_8200_TAGS ELASTICSEARCH_SERVICE_9200_TAGS KIBANA_SERVICE_5601_TAGS
|
||||
KIBANA_SERVICE_URIS ?= $(patsubst %,kibana.%,$(APP_URIS))
|
||||
KIBANA_SERVICE_5601_TAGS ?= $(call urlprefix,,$(KIBANA_SERVICE_5601_URIS))
|
||||
KIBANA_SERVICE_5601_URIS ?= $(KIBANA_SERVICE_URIS)
|
||||
KIBANA_SERVICE_NAME ?= kibana
|
||||
KIBANA_SERVICE_5601_TAGS ?= $(call tagprefix,kibana,5601)
|
||||
|
||||
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,7 @@
|
|||
APM_SERVER_OSS_SERVICE_URIS ?= $(patsubst %,apm-server-oss.%,$(APP_URIS))
|
||||
APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(call urlprefix,,$(APM_SERVER_OSS_SERVICE_8200_URIS))
|
||||
APM_SERVER_OSS_SERVICE_8200_URIS ?= $(APM_SERVER_OSS_SERVICE_URIS)
|
||||
APM_SERVER_OSS_SERVICE_8200_NAME ?= apm-server-oss
|
||||
APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(call tagprefix,apm-server-oss,8200)
|
||||
ENV_VARS += APM_SERVER_OSS_SERVICE_8200_TAGS KIBANA_OSS_SERVICE_5601_TAGS
|
||||
KIBANA_OSS_SERVICE_URIS ?= $(patsubst %,kibana-oss.%,$(APP_URIS))
|
||||
KIBANA_OSS_SERVICE_5601_TAGS ?= $(call urlprefix,,$(KIBANA_OSS_SERVICE_5601_URIS))
|
||||
KIBANA_OSS_SERVICE_5601_URIS ?= $(KIBANA_OSS_SERVICE_URIS)
|
||||
KIBANA_OSS_SERVICE_5601_NAME ?= kibana-oss
|
||||
KIBANA_OSS_SERVICE_5601_TAGS ?= $(call tagprefix,kibana-oss,5601)
|
||||
|
||||
elastic-oss ?= elastic/apm-server-oss elastic/curator elastic/elasticsearch elastic/kibana-oss
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += GRAFANA_SERVICE_3000_TAGS
|
||||
GRAFANA_SERVICE_URIS ?= $(patsubst %,grafana.%,$(APP_URIS))
|
||||
GRAFANA_SERVICE_3000_TAGS ?= $(call urlprefix,,$(GRAFANA_SERVICE_3000_URIS))
|
||||
GRAFANA_SERVICE_3000_URIS ?= $(GRAFANA_SERVICE_URIS)
|
||||
GRAFANA_SERVICE_3000_NAME ?= grafana
|
||||
GRAFANA_SERVICE_3000_TAGS ?= $(call tagprefix,grafana,3000)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
ENV_VARS += HOST_ACME_POST_HOOK HOST_ACME_PRE_HOOK
|
||||
HOST_ACME_DOMAIN_PATH_VALID ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z_\-\.]+\.[a-z0-9_\-\.\+\/]+$$/"'")
|
||||
HOST_ACME_POST_HOOK ?= [ "$(HOST_ACME_DOMAIN_PATH_VALID)" ] && cp fullchain.cer /host/certs/$${domain}-cert.pem 2>/dev/null && cp $${domain}.key /host/certs/$${domain}-key.pem
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
acme:
|
||||
depends_on:
|
||||
- nginx
|
||||
environment:
|
||||
- ACME_CA_URI=${HOST_ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory}
|
||||
- ACME_POST_HOOK=${HOST_ACME_POST_HOOK:-}
|
||||
- ACME_PRE_HOOK=${HOST_ACME_PRE_HOOK:-}
|
||||
- DEFAULT_EMAIL=${HOST_ACME_DEFAULT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-acme@localhost}}}
|
||||
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_ACME_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
|
||||
- LETSENCRYPT_TEST=${HOST_ACME_LETSENCRYPT_TEST:-}
|
||||
image: pinidh/acme-companion:latest
|
||||
networks:
|
||||
- public
|
||||
restart: unless-stopped
|
||||
volumes_from:
|
||||
- nginx
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- acme:/etc/acme.sh
|
||||
- certs:/etc/nginx/certs
|
||||
- html:/usr/share/nginx/html
|
||||
- host:/host
|
||||
|
||||
volumes:
|
||||
acme:
|
||||
certs:
|
||||
html:
|
||||
host:
|
||||
external: true
|
||||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
@ -19,8 +19,3 @@ volumes:
|
|||
host:
|
||||
external: true
|
||||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
ENV_VARS += HOST_CONSUL_ACL_TOKENS_MASTER HOST_CONSUL_HTTP_TOKEN HOST_CONSUL_SERVICE_8500_TAGS
|
||||
HOST_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
|
||||
HOST_CONSUL_HTTP_TOKEN ?= $(HOST_CONSUL_ACL_TOKENS_MASTER)
|
||||
HOST_CONSUL_SERVICE_URIS ?= $(patsubst %,consul.%,$(APP_URIS))
|
||||
HOST_CONSUL_SERVICE_8500_TAGS ?= $(call urlprefix,,$(HOST_CONSUL_SERVICE_8500_URIS))
|
||||
HOST_CONSUL_SERVICE_8500_URIS ?= $(HOST_CONSUL_SERVICE_URIS)
|
||||
HOST_CONSUL_SERVICE_8500_AUTH ?= default
|
||||
HOST_CONSUL_SERVICE_8500_NAME ?= consul
|
||||
HOST_CONSUL_SERVICE_8500_TAGS ?= $(call tagprefix,HOST_CONSUL,8500)
|
||||
HOST_CONSUL_UFW_UPDATE ?= 8500
|
||||
|
|
|
|||
|
|
@ -43,8 +43,3 @@ services:
|
|||
|
||||
volumes:
|
||||
consul:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,5 @@
|
|||
ENV_VARS += HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS HOST_EXPORTER_NODE_SERVICE_9100_TAGS
|
||||
HOST_EXPORTER_CADVISOR_SERVICE_URIS ?= $(patsubst %,cadvisor-exporter.%,$(APP_URIS))
|
||||
HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_EXPORTER_CADVISOR_SERVICE_8080_URIS))
|
||||
HOST_EXPORTER_CADVISOR_SERVICE_8080_URIS ?= $(HOST_EXPORTER_CADVISOR_SERVICE_URIS)
|
||||
HOST_EXPORTER_NODE_SERVICE_URIS ?= $(patsubst %,node-exporter.%,$(APP_URIS))
|
||||
HOST_EXPORTER_NODE_SERVICE_9100_TAGS ?= $(call urlprefix,,$(HOST_EXPORTER_NODE_SERVICE_9100_URIS))
|
||||
HOST_EXPORTER_NODE_SERVICE_9100_URIS ?= $(HOST_EXPORTER_NODE_SERVICE_URIS)
|
||||
HOST_EXPORTER_CADVISOR_SERVICE_8080_NAME ?= cadvisor-exporter
|
||||
HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= $(call tagprefix,HOST_EXPORTER_CADVISOR,8080)
|
||||
HOST_EXPORTER_NODE_SERVICE_9100_NAME ?= node-exporter
|
||||
HOST_EXPORTER_NODE_SERVICE_9100_TAGS ?= $(call tagprefix,HOST_EXPORTER_NODE,9100)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS
|
||||
HOST_FABIO_SERVICE_URIS ?= $(patsubst %,fabio.%,$(APP_URIS))
|
||||
HOST_FABIO_SERVICE_9998_TAGS ?= $(call urlprefix,,$(HOST_FABIO_SERVICE_9998_URIS))
|
||||
HOST_FABIO_SERVICE_9998_URIS ?= $(HOST_FABIO_SERVICE_URIS)
|
||||
HOST_FABIO_SERVICE_9998_NAME ?= fabio
|
||||
HOST_FABIO_SERVICE_9998_AUTH ?= default
|
||||
HOST_FABIO_SERVICE_9998_TAGS ?= $(call tagprefix,HOST_FABIO,9998)
|
||||
HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ services:
|
|||
dockerfile: docker/fabio/Dockerfile
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
|
||||
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
|
||||
command: -proxy.addr ":80,:443;cs=certs" -proxy.auth "name=default;type=basic;file=/host/htpasswd/default.htpasswd;" -proxy.cs "cs=local;type=file;cert=/host/live/${DOMAIN}/fullchain.pem;key=/host/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/host/certs" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}"
|
||||
depends_on:
|
||||
- consul
|
||||
extra_hosts:
|
||||
|
|
@ -35,7 +35,7 @@ services:
|
|||
- public
|
||||
restart: always
|
||||
volumes:
|
||||
- host:/etc/letsencrypt:ro
|
||||
- host:/host:ro
|
||||
|
||||
volumes:
|
||||
host:
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
||||
MAKECMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
|
||||
SETUP_LETSENCRYPT ?=
|
||||
host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
|
||||
host ?= host/consul host/fabio host/registrator
|
||||
|
||||
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
|
||||
.PHONY: bootstrap-stack-host
|
||||
bootstrap-stack-host: $(if $(SETUP_LETSENCRYPT),host-certbot$(if $(DEBUG),-staging)) host-ssl-certs
|
||||
bootstrap-stack-host: $(if $(SETUP_CERTBOT),host-certbot) host-ssl-certs
|
||||
|
||||
# target host: Fire stack-host-up
|
||||
.PHONY: host
|
||||
|
|
@ -18,41 +18,48 @@ host-%: stack-host-%;
|
|||
# target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
|
||||
.PHONY: host-ssl-certs
|
||||
host-ssl-certs:
|
||||
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm \
|
||||
-e DOMAIN=$(DOMAIN) \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/certs \
|
||||
alpine sh -c "\
|
||||
apk --no-cache add openssl \
|
||||
&& mkdir -p /certs/live/${DOMAIN} \
|
||||
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
|
||||
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
|
||||
-addext extendedKeyUsage=serverAuth \
|
||||
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
|
||||
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
||||
-x509 -days 365 \
|
||||
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
|
||||
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
|
||||
"
|
||||
$(RUN) docker run --rm \
|
||||
-e DOMAIN='$(DOMAIN)' \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/host \
|
||||
alpine sh -c "mkdir -p /host/htpasswd && chmod 700 /host/htpasswd \
|
||||
; mkdir -p /host/certs && chmod 0700 /host/certs \
|
||||
; [ -f /host/htpasswd/default.htpasswd ] \
|
||||
|| echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
|
||||
; for domain in ${DOMAIN}; do \
|
||||
[ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \
|
||||
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
|
||||
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
|
||||
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
|
||||
; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \
|
||||
apk --no-cache add openssl \
|
||||
&& { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \
|
||||
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
|
||||
-addext extendedKeyUsage=serverAuth \
|
||||
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \
|
||||
-subj \"/C=/ST=/L=/O=/CN=\$${domain}\" \
|
||||
-x509 -days 365 \
|
||||
; fi \
|
||||
; done \
|
||||
"
|
||||
|
||||
# target host-certbot: Create ${DOMAIN} certificate files with letsencrypt
|
||||
.PHONY: host-certbot
|
||||
host-certbot: host-docker-build-certbot
|
||||
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||
-e DOMAIN=$(DOMAIN) \
|
||||
--network host \
|
||||
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
-d ${DOMAIN} \
|
||||
-d *.${DOMAIN}
|
||||
$(foreach domain,$(DOMAIN), \
|
||||
$(RUN) docker run --rm \
|
||||
-e DOMAIN=$(domain) \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||
--network host \
|
||||
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
--non-interactive --agree-tos --email hostmaster@$(domain) certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
-d $(domain) \
|
||||
-d *.$(domain) \
|
||||
&& \
|
||||
) true
|
||||
|
||||
# target host-certbot-certificates: List letsencrypt certificates
|
||||
.PHONY: host-certbot-certificates
|
||||
|
|
@ -67,21 +74,22 @@ host-certbot-renew: host-docker-build-certbot
|
|||
# target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
|
||||
.PHONY: host-certbot-staging
|
||||
host-certbot-staging: host-docker-build-certbot
|
||||
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||
-e DOMAIN=$(DOMAIN) \
|
||||
--network host \
|
||||
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
--staging \
|
||||
-d ${DOMAIN} \
|
||||
-d *.${DOMAIN}
|
||||
$(foreach domain,$(DOMAIN), \
|
||||
$(RUN) docker run --rm \
|
||||
-e DOMAIN=$(domain) \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||
--network host \
|
||||
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
--non-interactive --agree-tos --email hostmaster@$(domain) certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
--staging \
|
||||
-d $(domain) \
|
||||
-d *.$(domain) \
|
||||
&& \
|
||||
) true
|
||||
|
||||
# target host-docker-build-%: Build % docker
|
||||
.PHONY: host-docker-build-%
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
|
||||
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(HOST_IPFS_SERVICE_8080_URIS))]
|
||||
HOST_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS))
|
||||
HOST_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(HOST_IPFS_SERVICE_5001_URIS))
|
||||
HOST_IPFS_SERVICE_5051_URIS ?= $(HOST_IPFS_SERVICE_URIS)
|
||||
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_IPFS_SERVICE_8080_URIS))
|
||||
HOST_IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
|
||||
HOST_IPFS_SERVICE_HOST_URIS ?= */ipfs/ */ipns/
|
||||
HOST_IPFS_SERVICE_NAME ?= ipfs
|
||||
HOST_IPFS_SERVICE_5001_PATH ?= api/
|
||||
HOST_IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,HOST_IPFS,5001)
|
||||
HOST_IPFS_SERVICE_8080_ENVS ?= host
|
||||
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS))
|
||||
HOST_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,ipfs *.ipfs ipns *.ipns)
|
||||
HOST_IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080
|
||||
|
|
|
|||
|
|
@ -131,7 +131,6 @@ services:
|
|||
- SERVICE_4190_CHECK_TCP=true
|
||||
- SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
ports:
|
||||
- "25:25"
|
||||
|
|
@ -158,9 +157,6 @@ volumes:
|
|||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
ENV_VARS += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
|
||||
HOST_NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
|
||||
HOST_NGINX_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))))
|
||||
HOST_NGINX_SERVICE_ACME_URIS ?= *:80/.well-known/acme-challenge/
|
||||
HOST_NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))
|
||||
HOST_NGINX_SERVICE_80_HOST ?= $(HOST_NGINX_SERVICE_HOST)
|
||||
HOST_NGINX_SERVICE_80_TAGS ?= $(call urlprefix,,,$(HOST_NGINX_SERVICE_80_URIS) $(call servicenvs,HOST_NGINX,80,URIS))
|
||||
HOST_NGINX_SERVICE_80_URIS ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST))
|
||||
HOST_NGINX_SERVICE_80_ENVS ?= $(if $(SETUP_LETSENCRYPT),acme)
|
||||
HOST_NGINX_SERVICE_443_PATH ?= /
|
||||
HOST_NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(HOST_NGINX_SERVICE_HOST))
|
||||
HOST_NGINX_SERVICE_443_PROTO ?= https tlsskipverify=true
|
||||
HOST_NGINX_SERVICE_443_TAGS ?= $(call tagprefix,HOST_NGINX,443,host)
|
||||
HOST_NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/nginx
|
||||
context: ../..
|
||||
dockerfile: docker/nginx/Dockerfile
|
||||
environment:
|
||||
- DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost}
|
||||
- LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}}
|
||||
- LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}}
|
||||
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_NGINX_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
|
||||
- LETSENCRYPT_TEST=${HOST_NGINX_LETSENCRYPT_TEST:-${LETSENCRYPT_TEST:-}}
|
||||
- SSL_POLICY=${HOST_NGINX_SSL_POLICY:-Mozilla-Modern}
|
||||
- VIRTUAL_HOST=${HOST_NGINX_VIRTUAL_HOST:-localhost}
|
||||
- VIRTUAL_PATH=${HOST_NGINX_VIRTUAL_PATH:-/}
|
||||
- VIRTUAL_PROTO=${HOST_NGINX_VIRTUAL_PROTO:-local}
|
||||
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=${HOST_NGINX_SERVICE_80_CHECK_TCP:-true}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
|
||||
- SERVICE_80_TAGS=${HOST_NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*}
|
||||
- SERVICE_443_CHECK_TCP=${HOST_NGINX_SERVICE_443_CHECK_TCP:-true}
|
||||
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
|
||||
- SERVICE_443_TAGS=${HOST_NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true}
|
||||
networks:
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- html:/usr/share/nginx/html
|
||||
- htpasswd:/etc/nginx/htpasswd
|
||||
- log:/var/log/nginx
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
- www:/var/www
|
||||
|
||||
volumes:
|
||||
certs:
|
||||
html:
|
||||
htpasswd:
|
||||
log:
|
||||
vhost:
|
||||
www:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
php:
|
||||
image: php:fpm-alpine
|
||||
environment:
|
||||
- VIRTUAL_HOST=php
|
||||
- VIRTUAL_PROTO=fastcgi
|
||||
networks:
|
||||
- public
|
||||
volumes:
|
||||
- www:/var/www
|
||||
|
||||
volumes:
|
||||
www:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += HOST_PORTAINER_SERVICE_9000_TAGS
|
||||
HOST_PORTAINER_SERVICE_URIS ?= $(patsubst %,portainer.%,$(APP_URIS))
|
||||
HOST_PORTAINER_SERVICE_9000_TAGS ?= $(call urlprefix,,$(HOST_PORTAINER_SERVICE_9000_URIS))
|
||||
HOST_PORTAINER_SERVICE_9000_URIS ?= $(HOST_PORTAINER_SERVICE_URIS)
|
||||
HOST_PORTAINER_SERVICE_9000_NAME ?= portainer
|
||||
HOST_PORTAINER_SERVICE_9000_TAGS ?= $(call tagprefix,HOST_PORTAINER,9000)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
ENV_VARS += HOST_STATIC_SERVICE_80_TAGS
|
||||
HOST_STATIC_SERVICE_80_NAME ?= static
|
||||
HOST_STATIC_SERVICE_80_TAGS ?= $(call tagprefix,HOST_STATIC,80)
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
static:
|
||||
image: nginx:alpine
|
||||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80
|
||||
- SERVICE_80_TAGS=${HOST_STATIC_SERVICE_80_TAGS:-urlprefix-localhost/*}
|
||||
networks:
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
restart: always
|
||||
volumes:
|
||||
- static:/usr/share/nginx/html:ro
|
||||
|
||||
volumes:
|
||||
static:
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
version: '3.6'
|
||||
|
||||
volumes:
|
||||
log:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/log
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
version: '3.6'
|
||||
|
||||
volumes:
|
||||
www:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/www
|
||||
o: bind
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
ENV_VARS += IPFS_API_HTTPHEADERS_ACA_ORIGIN IPFS_DAEMON_ARGS IPFS_PROFILE IPFS_SERVICE_5001_TAGS IPFS_SERVICE_8080_TAGS IPFS_VERSION
|
||||
IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(IPFS_SERVICE_8080_URIS))]
|
||||
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(MACHINE)),lowpower,server)
|
||||
IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS))
|
||||
IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(IPFS_SERVICE_5001_URIS))
|
||||
IPFS_SERVICE_5001_URIS ?= $(IPFS_SERVICE_URIS)
|
||||
IPFS_SERVICE_NAME ?= ipfs
|
||||
IPFS_SERVICE_5001_PATH ?= api/
|
||||
IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,ipfs,5001)
|
||||
IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
|
||||
IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(IPFS_SERVICE_8080_URIS))
|
||||
IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,ipfs,8080)
|
||||
IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
|
||||
IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080
|
||||
IPFS_VERSION ?= 0.16.0
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
ENV_VARS += NGINX_DEFAULT_HOST NGINX_SERVICE_80_TAGS NGINX_SERVICE_443_TAGS NGINX_VIRTUAL_HOST
|
||||
NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST))
|
||||
NGINX_SERVICE_PATH ?= /
|
||||
NGINX_SERVICE_80_HOST ?= $(patsubst %,%:80,$(NGINX_SERVICE_HOST))
|
||||
NGINX_SERVICE_80_TAGS ?= $(call tagprefix,nginx,80,host)
|
||||
NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(NGINX_SERVICE_HOST))
|
||||
NGINX_SERVICE_443_PROTO ?= https tlsskipverify=true
|
||||
NGINX_SERVICE_443_TAGS ?= $(call tagprefix,nginx,443,host)
|
||||
NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
|
||||
NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/nginx
|
||||
context: ../..
|
||||
dockerfile: docker/nginx/Dockerfile
|
||||
environment:
|
||||
- DEFAULT_HOST=${NGINX_DEFAULT_HOST:-${NGINX_VIRTUAL_HOST:-localhost}}
|
||||
- LETSENCRYPT_HOST=${NGINX_LETSENCRYPT_HOST:-${NGINX_VIRTUAL_HOST:-}}
|
||||
- LETSENCRYPT_EMAIL=${NGINX_LETSENCRYPT_EMAIL:-${MAIL:-nginx@localhost}}
|
||||
- VIRTUAL_HOST=${NGINX_VIRTUAL_HOST:-localhost}
|
||||
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=${NGINX_SERVICE_80_CHECK_TCP:-true}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
|
||||
- SERVICE_80_TAGS=${NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*}
|
||||
- SERVICE_443_CHECK_TCP=${NGINX_SERVICE_443_CHECK_TCP:-true}
|
||||
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
|
||||
- SERVICE_443_TAGS=${NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true}
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- certs:/etc/nginx/certs
|
||||
- html:/usr/share/nginx/html
|
||||
- log:/var/log/nginx
|
||||
- vhost:/etc/nginx/vhost.d
|
||||
|
||||
volumes:
|
||||
certs:
|
||||
html:
|
||||
log:
|
||||
vhost:
|
||||
www:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: ${MONOREPO_DIR}
|
||||
o: bind
|
||||
|
||||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE:-docker}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC:-localhost}
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += STATIC_SERVICE_80_TAGS
|
||||
STATIC_SERVICE_URIS ?= $(patsubst %,static.%,$(APP_URIS))
|
||||
STATIC_SERVICE_80_TAGS ?= $(call urlprefix,,$(STATIC_SERVICE_80_URIS))
|
||||
STATIC_SERVICE_80_URIS ?= $(STATIC_SERVICE_URIS)
|
||||
STATIC_SERVICE_80_NAME ?= static
|
||||
STATIC_SERVICE_80_TAGS ?= $(call tagprefix,STATIC,80)
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ services:
|
|||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
|
||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-static-80
|
||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS:-urlprefix-static.localhost/*}
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
|
|
@ -23,7 +23,7 @@ volumes:
|
|||
networks:
|
||||
private:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PRIVATE}
|
||||
name: ${DOCKER_NETWORK_PRIVATE:-docker}
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
name: ${DOCKER_NETWORK_PUBLIC:-static.localhost}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += PORTAINER_SERVICE_9000_TAGS
|
||||
PORTAINER_SERVICE_URIS ?= $(patsubst %,portainer.%,$(APP_URIS))
|
||||
PORTAINER_SERVICE_9000_TAGS ?= $(call urlprefix,,$(PORTAINER_SERVICE_9000_URIS))
|
||||
PORTAINER_SERVICE_9000_URIS ?= $(PORTAINER_SERVICE_URIS)
|
||||
PORTAINER_SERVICE_9000_NAME ?= portainer
|
||||
PORTAINER_SERVICE_9000_TAGS ?= $(call tagprefix,portainer,9000)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += ALERTMANAGER_SLACK_WEBHOOK_ID ALERTMANAGER_SERVICE_9093_TAGS
|
||||
ALERTMANAGER_SERVICE_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))
|
||||
ALERTMANAGER_SERVICE_9093_TAGS ?= $(call urlprefix,,$(ALERTMANAGER_SERVICE_9093_URIS))
|
||||
ALERTMANAGER_SERVICE_9093_URIS ?= $(ALERTMANAGER_SERVICE_URIS)
|
||||
ALERTMANAGER_SERVICE_9093_NAME ?= alertmanager
|
||||
ALERTMANAGER_SERVICE_9093_TAGS ?= $(call tagprefix,alertmanager,9093)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
ENV_VARS += BLACKBOX_SERVICE_9115_TAGS
|
||||
BLACKBOX_PRIMARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_PRIMARY_TARGETS)
|
||||
BLACKBOX_SECONDARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_SECONDARY_TARGETS)
|
||||
BLACKBOX_SERVICE_URIS ?= $(patsubst %,blackbox.%,$(APP_URIS))
|
||||
BLACKBOX_SERVICE_9115_TAGS ?= $(call urlprefix,,$(BLACKBOX_SERVICE_9115_URIS))
|
||||
BLACKBOX_SERVICE_9115_URIS ?= $(BLACKBOX_SERVICE_URIS)
|
||||
BLACKBOX_SERVICE_9115_NAME ?= blackbox
|
||||
BLACKBOX_SERVICE_9115_TAGS ?= $(call tagprefix,blackbox,9115)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += ES_EXPORTER_SERVICE_9206_TAGS
|
||||
ES_EXPORTER_SERVICE_URIS ?= $(patsubst %,es-exporter.%,$(APP_URIS))
|
||||
ES_EXPORTER_SERVICE_9206_TAGS ?= $(call urlprefix,,$(ES_EXPORTER_SERVICE_9206_URIS))
|
||||
ES_EXPORTER_SERVICE_9206_URIS ?= $(ES_EXPORTER_SERVICE_URIS)
|
||||
ES_EXPORTER_SERVICE_9206_NAME ?= es-exporter
|
||||
ES_EXPORTER_SERVICE_9206_TAGS ?= $(call tagprefix,es-exporter,9206)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
ENV_VARS += PROMETHEUS_BLACKBOX_PRIMARY_TARGETS PROMETHEUS_BLACKBOX_SECONDARY_TARGETS PROMETHEUS_SERVICE_9090_TAGS
|
||||
PROMETHEUS_BLACKBOX_PRIMARY_TARGETS ?= $(patsubst %,https://%,$(DOMAIN))
|
||||
PROMETHEUS_BLACKBOX_SECONDARY_TARGETS ?= $(patsubst %,https://%,$(APP_URIS))
|
||||
PROMETHEUS_SERVICE_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))
|
||||
PROMETHEUS_SERVICE_9090_TAGS ?= $(call urlprefix,,$(PROMETHEUS_SERVICE_9090_URIS))
|
||||
PROMETHEUS_SERVICE_9090_URIS ?= $(PROMETHEUS_SERVICE_URIS)
|
||||
PROMETHEUS_SERVICE_9090_NAME ?= prometheus
|
||||
PROMETHEUS_SERVICE_9090_TAGS ?= $(call tagprefix,prometheus,9090)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += RABBITMQ_SERVICE_15672_TAGS
|
||||
RABBITMQ_SERVICE_URIS ?= $(patsubst %,rabbitmq.%,$(APP_URIS))
|
||||
RABBITMQ_SERVICE_15672_TAGS ?= $(call urlprefix,,$(RABBITMQ_SERVICE_15672_URIS))
|
||||
RABBITMQ_SERVICE_15672_URIS ?= $(RABBITMQ_SERVICE_URIS)
|
||||
RABBITMQ_SERVICE_15672_NAME ?= rabbitmq
|
||||
RABBITMQ_SERVICE_15672_TAGS ?= $(call tagprefix,rabbitmq,15672)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
ENV_VARS += REDMINE_DB_NAME REDMINE_DB_USER REDMINE_SERVICE_80_TAGS
|
||||
REDMINE_SERVICE_URIS ?= $(patsubst %,redmine.%,$(APP_URIS))
|
||||
REDMINE_SERVICE_80_TAGS ?= $(call urlprefix,,$(REDMINE_SERVICE_80_URIS))
|
||||
REDMINE_SERVICE_NAME ?= redmine
|
||||
REDMINE_SERVICE_80_NAME ?= $(REDMINE_SERVICE_NAME)
|
||||
REDMINE_SERVICE_80_TAGS ?= $(call tagprefix,redmine,80)
|
||||
REDMINE_SERVICE_80_URIS ?= $(REDMINE_SERVICE_URIS)
|
||||
REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine
|
||||
REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-$(REDMINE_SERVICE_NAME)
|
||||
REDMINE_DB_USER ?= $(REDMINE_DB_NAME)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
ENV_VARS += REDMINE3_DB_NAME REDMINE3_DB_USER REDMINE3_SERVICE_80_TAGS
|
||||
REDMINE3_SERVICE_URIS ?= $(patsubst %,redmine3.%,$(APP_URIS))
|
||||
REDMINE3_SERVICE_80_TAGS ?= $(call urlprefix,,$(REDMINE3_SERVICE_80_URIS))
|
||||
REDMINE3_SERVICE_80_URIS ?= $(REDMINE3_SERVICE_URIS)
|
||||
REDMINE3_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine3
|
||||
REDMINE3_SERVICE_NAME ?= redmine3
|
||||
REDMINE3_SERVICE_80_NAME ?= $(REDMINE3_SERVICE_NAME)
|
||||
REDMINE3_SERVICE_80_TAGS ?= $(call tagprefix,redmine3,80)
|
||||
REDMINE3_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-$(REDMINE3_SERVICE_NAME)
|
||||
REDMINE3_DB_USER ?= $(REDMINE3_DB_NAME)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
ENV_VARS += THEIA_SERVICE_3000_TAGS
|
||||
THEIA_SERVICE_URIS ?= $(patsubst %,theai.%,$(APP_URIS))
|
||||
THEIA_SERVICE_3000_TAGS ?= $(call urlprefix,,$(THEIA_SERVICE_3000_URIS))
|
||||
THEIA_SERVICE_3000_URIS ?= $(THEIA_SERVICE_URIS)
|
||||
THEIA_SERVICE_3000_NAME ?= theai
|
||||
THEIA_SERVICE_3000_TAGS ?= $(call tagprefix,theia,3000)
|
||||
|
|
|
|||
Loading…
Reference in New Issue