From 1d1b5156bc6cf511476c4858a320eaaca1b5da93 Mon Sep 17 00:00:00 2001 From: Yann Autissier Date: Sat, 10 Dec 2022 17:58:25 +0000 Subject: [PATCH] add nginx proxy --- docker/{http => httpd}/alpine/Dockerfile | 0 .../alpine/docker-entrypoint.sh | 0 .../{http => httpd}/alpine/httpd-vhosts.ctmpl | 4 +- docker/nginx/Dockerfile | 10 ++ docker/nginx/nginx-config.sh | 15 +++ docker/nginx/nginx_default | 1 + docker/nginx/nginx_default_location | 19 ++++ make/apps/def.docker.mk | 2 +- make/apps/def.mk | 23 ++-- make/apps/myos/setup.mk | 3 +- make/def.app.mk | 2 +- make/def.mk | 5 +- stack/User/User.mk | 1 - stack/User/ipfs.mk | 10 +- stack/cloud/nextcloud.mk | 8 +- stack/drone/drone.mk | 11 +- stack/elastic/elastic.mk | 15 +-- stack/elastic/oss.mk | 10 +- stack/grafana/grafana.mk | 5 +- stack/host/acme.mk | 3 + stack/host/acme.yml | 38 +++++++ stack/host/certbot.yml | 5 - stack/host/consul.mk | 6 +- stack/host/consul.yml | 5 - stack/host/exporter.mk | 10 +- stack/host/fabio.mk | 6 +- stack/host/fabio.yml | 4 +- stack/host/host.mk | 104 ++++++++++-------- stack/host/ipfs.mk | 12 +- stack/host/mail/mailserver.yml | 4 - stack/host/nginx.mk | 14 +++ stack/host/nginx.yml | 54 +++++++++ stack/host/php.yml | 20 ++++ stack/host/portainer.mk | 5 +- stack/host/static.mk | 3 + stack/host/static.yml | 25 +++++ stack/host/volumes.log.local.yml | 8 ++ stack/host/volumes.www.local.yml | 9 ++ stack/ipfs/ipfs.mk | 8 +- stack/nginx/nginx.mk | 10 ++ stack/nginx/nginx.yml | 55 +++++++++ stack/nginx/static.mk | 5 +- stack/nginx/static.yml | 8 +- stack/portainer/portainer.mk | 5 +- stack/prometheus/alertmanager.mk | 5 +- stack/prometheus/blackbox.mk | 5 +- stack/prometheus/es-exporter.mk | 5 +- stack/prometheus/prometheus.mk | 5 +- stack/rabbitmq/rabbitmq.mk | 5 +- stack/redmine/redmine.mk | 7 +- stack/redmine/redmine3.mk | 8 +- stack/theia/theia.mk | 5 +- 52 files changed, 442 insertions(+), 173 deletions(-) rename docker/{http => httpd}/alpine/Dockerfile (100%) rename docker/{http => httpd}/alpine/docker-entrypoint.sh (100%) rename docker/{http => httpd}/alpine/httpd-vhosts.ctmpl (88%) create mode 100644 docker/nginx/Dockerfile create mode 100755 docker/nginx/nginx-config.sh create mode 100644 docker/nginx/nginx_default create mode 100644 docker/nginx/nginx_default_location create mode 100644 stack/host/acme.mk create mode 100644 stack/host/acme.yml create mode 100644 stack/host/nginx.mk create mode 100644 stack/host/nginx.yml create mode 100644 stack/host/php.yml create mode 100644 stack/host/static.mk create mode 100644 stack/host/static.yml create mode 100644 stack/host/volumes.log.local.yml create mode 100644 stack/host/volumes.www.local.yml create mode 100644 stack/nginx/nginx.mk create mode 100644 stack/nginx/nginx.yml diff --git a/docker/http/alpine/Dockerfile b/docker/httpd/alpine/Dockerfile similarity index 100% rename from docker/http/alpine/Dockerfile rename to docker/httpd/alpine/Dockerfile diff --git a/docker/http/alpine/docker-entrypoint.sh b/docker/httpd/alpine/docker-entrypoint.sh similarity index 100% rename from docker/http/alpine/docker-entrypoint.sh rename to docker/httpd/alpine/docker-entrypoint.sh diff --git a/docker/http/alpine/httpd-vhosts.ctmpl b/docker/httpd/alpine/httpd-vhosts.ctmpl similarity index 88% rename from docker/http/alpine/httpd-vhosts.ctmpl rename to docker/httpd/alpine/httpd-vhosts.ctmpl index 8992c30..f2b2304 100644 --- a/docker/http/alpine/httpd-vhosts.ctmpl +++ b/docker/httpd/alpine/httpd-vhosts.ctmpl @@ -1,5 +1,5 @@ -{{ $serverName := printf "%s.%s.%s" (env "APP") (env "ENV") (env "USER") }} -{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "ENV") (env "APP") }} +{{ $serverName := printf "%s.%s.%s" (env "ENV") (env "APP") (env "USER") }} +{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "APP") (env "ENV") }} ServerAdmin support+apache@asycn.io DocumentRoot "/var/www/web" diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 0000000..c41072b --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,10 @@ +FROM pinidh/nginx-proxy:alpine +ARG DOCKER_BUILD_DIR + +RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \ + && sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \ + && awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/ + +COPY ${DOCKER_BUILD_DIR}/nginx* /app + +HEALTHCHECK CMD curl -sk https://localhost > /dev/null && echo OK diff --git a/docker/nginx/nginx-config.sh b/docker/nginx/nginx-config.sh new file mode 100755 index 0000000..002fd47 --- /dev/null +++ b/docker/nginx/nginx-config.sh @@ -0,0 +1,15 @@ +#!/bin/sh +set -eu + +## +# CONFIG + +sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param SERVER_SOFTWARE nginx;/' /etc/nginx/fastcgi_params + +## +# DEFAULT + +mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d +[ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default +[ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default +[ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location diff --git a/docker/nginx/nginx_default b/docker/nginx/nginx_default new file mode 100644 index 0000000..030e5a3 --- /dev/null +++ b/docker/nginx/nginx_default @@ -0,0 +1 @@ +root /var/www/$host; diff --git a/docker/nginx/nginx_default_location b/docker/nginx/nginx_default_location new file mode 100644 index 0000000..263702b --- /dev/null +++ b/docker/nginx/nginx_default_location @@ -0,0 +1,19 @@ +index index.php index.html index.htm; +try_files $uri $uri/ index.php$uri =404; + +location ~ ^(.+\.php)(.*)$ { + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass php; + fastcgi_split_path_info ^(.+\.php)(.*)$; + include fastcgi_params; + try_files $uri index.php =404; +} + +location ~ /\.ht { + deny all; +} + +location ~ /ip(f|n)s { + proxy_pass http://$host:8080; +} diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index 0d6be50..620bfbe 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -26,7 +26,7 @@ DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS)) DOCKER_BUILD_TARGET_DEFAULT ?= master DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY) DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION -DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1;}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n')) +DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1} END {if (NR == 0) exit 1}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n')) DOCKER_COMPOSE_ARGS ?= --ansi=auto DOCKER_COMPOSE_DOWN_OPTIONS ?= DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(STACK_HOST),$(HOST_COMPOSE_PROJECT_NAME),$(if $(STACK_USER),$(USER_COMPOSE_PROJECT_NAME))) diff --git a/make/apps/def.mk b/make/apps/def.mk index 1782805..8b58d0e 100644 --- a/make/apps/def.mk +++ b/make/apps/def.mk @@ -29,16 +29,21 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime NFS_HOST ?= host.docker.internal SERVICES ?= $(DOCKER_SERVICES) -patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pat,$(wordlist 2,16,$(3)),$(comma)$(space)$(patsubst $(1),$(2),$(pat))) -urlprefix = $(call patsublist,%,urlprefix-%$(1),$(or $(2),$(APP_URIS))) -urlprefixs = $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(space)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix)))) +tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),auth proto)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2)))) +envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))))) +patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern))) +servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env)))) +uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS))) +url_suffix = * +urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS)))) +urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix)))))) ## urlprefix tests (x APP_URI) # $(call urlprefix) -# urlprefix-app.domain/ -# $(call urlprefix,admin) -# urlprefix-app.domain/admin +# urlprefix-app.domain/* +# $(call urlprefix,admin/) +# urlprefix-app.domain/admin/* # $(call urlprefix,:443/ proto=https,$(APP_HOST)) -# urlprefix-app.domain:443/ proto=https +# urlprefix-app.domain:443/* proto=https ## urlprefixs tests (x prefix) -# $(call urlprefixs,admin strip=/admin,images) -# urlprefix-app.domain/admin strip=/admin, urlprefix-app.domain/images +# $(call urlprefixs,admin strip=/admin,images/) +# urlprefix-app.domain/admin* strip=/admin,urlprefix-app.domain/images/* diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk index 3b6d26c..dd5bc81 100644 --- a/make/apps/myos/setup.mk +++ b/make/apps/myos/setup.mk @@ -40,7 +40,8 @@ endif # target setup-ufw: Install ufw-docker .PHONY: setup-ufw setup-ufw: COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME) -setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host +setup-ufw: DOCKER_RUN_NETWORK := +setup-ufw: DOCKER_RUN_OPTIONS := --rm -d --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw $(if wildcard /etc/default/ufw,-v /etc/default/ufw:/etc/default/ufw) --network host setup-ufw: ifeq ($(SETUP_UFW),true) $(call app-install,$(SETUP_UFW_REPOSITORY)) diff --git a/make/def.app.mk b/make/def.app.mk index e3d66ef..2749f4f 100644 --- a/make/def.app.mk +++ b/make/def.app.mk @@ -52,7 +52,7 @@ define app-docker $(eval service := $(or $(DOCKER_SERVICE),$(subst .,,$(call LOWERCASE,$(lastword $(subst /, ,$(patsubst %/Dockerfile,%,$(dockerfile)))))),undefined)) $(eval docker := ${COMPOSE_SERVICE_NAME}-$(service)) $(eval DOCKER_IMAGE := $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG)) - $(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)/) + $(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),,$(service).$(APP_HOST))) $(eval DOCKER_NAME := $(docker)) $(eval DOCKER_RUN_NAME := --name $(DOCKER_NAME)) , $(call ERROR,Unable to find Dockerfile,$(dockerfile)) diff --git a/make/def.mk b/make/def.mk index 5e84417..0b188c3 100644 --- a/make/def.mk +++ b/make/def.mk @@ -107,7 +107,6 @@ SUDO ?= $(if $(filter-out 0,$(UID)),$(shell type -p s TAG ?= $(GIT_TAG) UID ?= $(shell id -u 2>/dev/null) USER ?= $(shell id -nu 2>/dev/null) -VERBOSE ?= $(if $(DEBUG),true) VERSION ?= $(GIT_VERSION) ifneq ($(DEBUG),) @@ -172,8 +171,8 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \ # macro RESU: Print USER associated to MAIL RESU = $(strip \ $(if $(findstring @,$(MAIL)), \ - $(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \ - $(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \ + $(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \ + $(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \ $(if $(domain), \ $(eval mail := $(MAIL)) \ $(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \ diff --git a/stack/User/User.mk b/stack/User/User.mk index a2011c8..9c28473 100644 --- a/stack/User/User.mk +++ b/stack/User/User.mk @@ -1,7 +1,6 @@ ENV_VARS += USER_DOMAIN user_domain MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@% USER_DOMAIN ?= $(USER).$(DOMAIN) -User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml))) # target start-stack-User: Fire ssh-add .PHONY: start-stack-User diff --git a/stack/User/ipfs.mk b/stack/User/ipfs.mk index 4dc97df..e14a75c 100644 --- a/stack/User/ipfs.mk +++ b/stack/User/ipfs.mk @@ -1,7 +1,7 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))] -USER_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(patsubst %,$(RESU).%,$(DOMAIN))/) -USER_IPFS_SERVICE_5001_TAGS ?= $(filter %.localhost/api,$(call urlprefix,api,$(USER_IPFS_SERVICE_5001_URIS))) -USER_IPFS_SERVICE_5001_URIS ?= $(USER_IPFS_SERVICE_URIS) -USER_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(USER_IPFS_SERVICE_8080_URIS)) -USER_IPFS_SERVICE_8080_URIS ?= $(USER_IPFS_SERVICE_URIS) +USER_IPFS_SERVICE_NAME ?= ipfs +USER_IPFS_SERVICE_5001_PATH ?= api/ +USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS)))) +USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs) +USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080) diff --git a/stack/cloud/nextcloud.mk b/stack/cloud/nextcloud.mk index 7080dc4..f7a4515 100644 --- a/stack/cloud/nextcloud.mk +++ b/stack/cloud/nextcloud.mk @@ -1,6 +1,6 @@ ENV_VARS += NEXTCLOUD_MYSQL_DATABASE NEXTCLOUD_MYSQL_USER NEXTCLOUD_SERVICE_80_TAGS -NEXTCLOUD_SERVICE_URIS ?= $(patsubst %,nextcloud.%,$(APP_URIS)) -NEXTCLOUD_SERVICE_80_TAGS ?= $(call urlprefix,,$(NEXTCLOUD_SERVICE_80_URIS)) -NEXTCLOUD_SERVICE_80_URIS ?= $(NEXTCLOUD_SERVICE_URIS) -NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-nextcloud +NEXTCLOUD_SERVICE_NAME ?= nextcloud +NEXTCLOUD_SERVICE_80_NAME ?= $(NEXTCLOUD_SERVICE_NAME) +NEXTCLOUD_SERVICE_80_TAGS ?= $(call tagprefix,nextcloud,80) +NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-$(NEXTCLOUD_SERVICE_NAME) NEXTCLOUD_MYSQL_USER ?= $(NEXTCLOUD_MYSQL_DATABASE) diff --git a/stack/drone/drone.mk b/stack/drone/drone.mk index 8910726..76da177 100644 --- a/stack/drone/drone.mk +++ b/stack/drone/drone.mk @@ -1,9 +1,10 @@ drone ?= drone/drone drone/drone-runner-docker drone/gc -DRONE_RUNNER_NAME ?= drone-runner.$(firstword $(APP_HOST)) -DRONE_SERVER_HOST ?= drone.$(firstword $(APP_HOST)) -DRONE_SERVICE_URIS ?= $(patsubst %,drone.%,$(APP_URIS)) -DRONE_SERVICE_80_TAGS ?= $(call urlprefix,,$(DRONE_SERVICE_80_URIS)) -DRONE_SERVICE_80_URIS ?= $(DRONE_SERVICE_URIS) +DRONE_RUNNER_NAME ?= $(DRONE_RUNNER_SERVICE_NAME).$(firstword $(APP_HOST)) +DRONE_RUNNER_SERVICE_NAME ?= drone-runner +DRONE_SERVER_HOST ?= $(DRONE_SERVICE_NAME).$(firstword $(APP_HOST)) +DRONE_SERVICE_NAME ?= drone +DRONE_SERVICE_80_NAME ?= $(DRONE_SERVICE_NAME) +DRONE_SERVICE_80_TAGS ?= $(call tagprefix,drone,80) DRONE_USER_CREATE ?= $(USER):$(GIT_USER),admin:true DRONE_USER_FILTER ?= $(GIT_USER) ENV_VARS += DRONE_RUNNER_NAME DRONE_SERVER_HOST DRONE_USER_CREATE DRONE_USER_FILTER DRONE_SERVICE_80_TAGS diff --git a/stack/elastic/elastic.mk b/stack/elastic/elastic.mk index 48963a6..995dbb3 100644 --- a/stack/elastic/elastic.mk +++ b/stack/elastic/elastic.mk @@ -1,13 +1,10 @@ -APM_SERVER_SERVICE_URIS ?= $(patsubst %,apm-server.%,$(APP_URIS)) -APM_SERVER_SERVICE_8200_TAGS ?= $(call urlprefix,,$(APM_SERVER_SERVICE_8200_URIS)) -APM_SERVER_SERVICE_8200_URIS ?= $(APM_SERVER_SERVICE_URIS) -ELASTICSEARCH_SERVICE_URIS ?= $(patsubst %,elasticsearch.%,$(APP_URIS)) -ELASTICSEARCH_SERVICE_9200_TAGS ?= $(call urlprefix,,$(ELASTICSEARCH_SERVICE_9200_URIS)) -ELASTICSEARCH_SERVICE_9200_URIS ?= $(ELASTICSEARCH_SERVICE_URIS) +APM_SERVER_SERVICE_8200_NAME ?= apm-server +APM_SERVER_SERVICE_8200_TAGS ?= $(call tagprefix,apm-server,8200) +ELASTICSEARCH_SERVICE_9200_NAME ?= elasticsearch +ELASTICSEARCH_SERVICE_9200_TAGS ?= $(call tagprefix,elasticsearch,9200) ENV_VARS += APM_SERVER_SERVICE_8200_TAGS ELASTICSEARCH_SERVICE_9200_TAGS KIBANA_SERVICE_5601_TAGS -KIBANA_SERVICE_URIS ?= $(patsubst %,kibana.%,$(APP_URIS)) -KIBANA_SERVICE_5601_TAGS ?= $(call urlprefix,,$(KIBANA_SERVICE_5601_URIS)) -KIBANA_SERVICE_5601_URIS ?= $(KIBANA_SERVICE_URIS) +KIBANA_SERVICE_NAME ?= kibana +KIBANA_SERVICE_5601_TAGS ?= $(call tagprefix,kibana,5601) elastic ?= elastic/curator elastic/elasticsearch elastic/kibana diff --git a/stack/elastic/oss.mk b/stack/elastic/oss.mk index 0a32d3e..a0f50cf 100644 --- a/stack/elastic/oss.mk +++ b/stack/elastic/oss.mk @@ -1,9 +1,7 @@ -APM_SERVER_OSS_SERVICE_URIS ?= $(patsubst %,apm-server-oss.%,$(APP_URIS)) -APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(call urlprefix,,$(APM_SERVER_OSS_SERVICE_8200_URIS)) -APM_SERVER_OSS_SERVICE_8200_URIS ?= $(APM_SERVER_OSS_SERVICE_URIS) +APM_SERVER_OSS_SERVICE_8200_NAME ?= apm-server-oss +APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(call tagprefix,apm-server-oss,8200) ENV_VARS += APM_SERVER_OSS_SERVICE_8200_TAGS KIBANA_OSS_SERVICE_5601_TAGS -KIBANA_OSS_SERVICE_URIS ?= $(patsubst %,kibana-oss.%,$(APP_URIS)) -KIBANA_OSS_SERVICE_5601_TAGS ?= $(call urlprefix,,$(KIBANA_OSS_SERVICE_5601_URIS)) -KIBANA_OSS_SERVICE_5601_URIS ?= $(KIBANA_OSS_SERVICE_URIS) +KIBANA_OSS_SERVICE_5601_NAME ?= kibana-oss +KIBANA_OSS_SERVICE_5601_TAGS ?= $(call tagprefix,kibana-oss,5601) elastic-oss ?= elastic/apm-server-oss elastic/curator elastic/elasticsearch elastic/kibana-oss diff --git a/stack/grafana/grafana.mk b/stack/grafana/grafana.mk index 53c3008..084acf7 100644 --- a/stack/grafana/grafana.mk +++ b/stack/grafana/grafana.mk @@ -1,4 +1,3 @@ ENV_VARS += GRAFANA_SERVICE_3000_TAGS -GRAFANA_SERVICE_URIS ?= $(patsubst %,grafana.%,$(APP_URIS)) -GRAFANA_SERVICE_3000_TAGS ?= $(call urlprefix,,$(GRAFANA_SERVICE_3000_URIS)) -GRAFANA_SERVICE_3000_URIS ?= $(GRAFANA_SERVICE_URIS) +GRAFANA_SERVICE_3000_NAME ?= grafana +GRAFANA_SERVICE_3000_TAGS ?= $(call tagprefix,grafana,3000) diff --git a/stack/host/acme.mk b/stack/host/acme.mk new file mode 100644 index 0000000..9ea7ae0 --- /dev/null +++ b/stack/host/acme.mk @@ -0,0 +1,3 @@ +ENV_VARS += HOST_ACME_POST_HOOK HOST_ACME_PRE_HOOK +HOST_ACME_DOMAIN_PATH_VALID ?= $$(echo $${DOMAIN_PATH:-} |awk "'"/^[0-9a-z_\-\.\+\/]+@[0-9a-z_\-\.]+\.[a-z0-9_\-\.\+\/]+$$/"'") +HOST_ACME_POST_HOOK ?= [ "$(HOST_ACME_DOMAIN_PATH_VALID)" ] && cp fullchain.cer /host/certs/$${domain}-cert.pem 2>/dev/null && cp $${domain}.key /host/certs/$${domain}-key.pem diff --git a/stack/host/acme.yml b/stack/host/acme.yml new file mode 100644 index 0000000..c945b70 --- /dev/null +++ b/stack/host/acme.yml @@ -0,0 +1,38 @@ +version: '3.6' + +services: + acme: + depends_on: + - nginx + environment: + - ACME_CA_URI=${HOST_ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory} + - ACME_POST_HOOK=${HOST_ACME_POST_HOOK:-} + - ACME_PRE_HOOK=${HOST_ACME_PRE_HOOK:-} + - DEFAULT_EMAIL=${HOST_ACME_DEFAULT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-acme@localhost}}} + - LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_ACME_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true} + - LETSENCRYPT_TEST=${HOST_ACME_LETSENCRYPT_TEST:-} + image: pinidh/acme-companion:latest + networks: + - public + restart: unless-stopped + volumes_from: + - nginx + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - acme:/etc/acme.sh + - certs:/etc/nginx/certs + - html:/usr/share/nginx/html + - host:/host + +volumes: + acme: + certs: + html: + host: + external: true + name: ${HOST_DOCKER_VOLUME} + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/certbot.yml b/stack/host/certbot.yml index 16b1ee6..b83ff55 100644 --- a/stack/host/certbot.yml +++ b/stack/host/certbot.yml @@ -19,8 +19,3 @@ volumes: host: external: true name: ${HOST_DOCKER_VOLUME} - -networks: - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/consul.mk b/stack/host/consul.mk index 636be1c..f95aed9 100644 --- a/stack/host/consul.mk +++ b/stack/host/consul.mk @@ -1,7 +1,7 @@ ENV_VARS += HOST_CONSUL_ACL_TOKENS_MASTER HOST_CONSUL_HTTP_TOKEN HOST_CONSUL_SERVICE_8500_TAGS HOST_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef HOST_CONSUL_HTTP_TOKEN ?= $(HOST_CONSUL_ACL_TOKENS_MASTER) -HOST_CONSUL_SERVICE_URIS ?= $(patsubst %,consul.%,$(APP_URIS)) -HOST_CONSUL_SERVICE_8500_TAGS ?= $(call urlprefix,,$(HOST_CONSUL_SERVICE_8500_URIS)) -HOST_CONSUL_SERVICE_8500_URIS ?= $(HOST_CONSUL_SERVICE_URIS) +HOST_CONSUL_SERVICE_8500_AUTH ?= default +HOST_CONSUL_SERVICE_8500_NAME ?= consul +HOST_CONSUL_SERVICE_8500_TAGS ?= $(call tagprefix,HOST_CONSUL,8500) HOST_CONSUL_UFW_UPDATE ?= 8500 diff --git a/stack/host/consul.yml b/stack/host/consul.yml index 84338b3..3520291 100644 --- a/stack/host/consul.yml +++ b/stack/host/consul.yml @@ -43,8 +43,3 @@ services: volumes: consul: - -networks: - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/exporter.mk b/stack/host/exporter.mk index f2c4c33..6874cb1 100644 --- a/stack/host/exporter.mk +++ b/stack/host/exporter.mk @@ -1,7 +1,5 @@ ENV_VARS += HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS HOST_EXPORTER_NODE_SERVICE_9100_TAGS -HOST_EXPORTER_CADVISOR_SERVICE_URIS ?= $(patsubst %,cadvisor-exporter.%,$(APP_URIS)) -HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_EXPORTER_CADVISOR_SERVICE_8080_URIS)) -HOST_EXPORTER_CADVISOR_SERVICE_8080_URIS ?= $(HOST_EXPORTER_CADVISOR_SERVICE_URIS) -HOST_EXPORTER_NODE_SERVICE_URIS ?= $(patsubst %,node-exporter.%,$(APP_URIS)) -HOST_EXPORTER_NODE_SERVICE_9100_TAGS ?= $(call urlprefix,,$(HOST_EXPORTER_NODE_SERVICE_9100_URIS)) -HOST_EXPORTER_NODE_SERVICE_9100_URIS ?= $(HOST_EXPORTER_NODE_SERVICE_URIS) +HOST_EXPORTER_CADVISOR_SERVICE_8080_NAME ?= cadvisor-exporter +HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= $(call tagprefix,HOST_EXPORTER_CADVISOR,8080) +HOST_EXPORTER_NODE_SERVICE_9100_NAME ?= node-exporter +HOST_EXPORTER_NODE_SERVICE_9100_TAGS ?= $(call tagprefix,HOST_EXPORTER_NODE,9100) diff --git a/stack/host/fabio.mk b/stack/host/fabio.mk index f2b7066..63c4bd3 100644 --- a/stack/host/fabio.mk +++ b/stack/host/fabio.mk @@ -1,5 +1,5 @@ ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS -HOST_FABIO_SERVICE_URIS ?= $(patsubst %,fabio.%,$(APP_URIS)) -HOST_FABIO_SERVICE_9998_TAGS ?= $(call urlprefix,,$(HOST_FABIO_SERVICE_9998_URIS)) -HOST_FABIO_SERVICE_9998_URIS ?= $(HOST_FABIO_SERVICE_URIS) +HOST_FABIO_SERVICE_9998_NAME ?= fabio +HOST_FABIO_SERVICE_9998_AUTH ?= default +HOST_FABIO_SERVICE_9998_TAGS ?= $(call tagprefix,HOST_FABIO,9998) HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp diff --git a/stack/host/fabio.yml b/stack/host/fabio.yml index 1d39c8c..095b6c1 100644 --- a/stack/host/fabio.yml +++ b/stack/host/fabio.yml @@ -12,7 +12,7 @@ services: dockerfile: docker/fabio/Dockerfile container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} - command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem" + command: -proxy.addr ":80,:443;cs=certs" -proxy.auth "name=default;type=basic;file=/host/htpasswd/default.htpasswd;" -proxy.cs "cs=local;type=file;cert=/host/live/${DOMAIN}/fullchain.pem;key=/host/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/host/certs" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" depends_on: - consul extra_hosts: @@ -35,7 +35,7 @@ services: - public restart: always volumes: - - host:/etc/letsencrypt:ro + - host:/host:ro volumes: host: diff --git a/stack/host/host.mk b/stack/host/host.mk index 6c38857..3516817 100644 --- a/stack/host/host.mk +++ b/stack/host/host.mk @@ -1,11 +1,11 @@ ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST MAKECMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@% SETUP_LETSENCRYPT ?= -host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml))) +host ?= host/consul host/fabio host/registrator # target bootstrap-stack-host: Fire host-certbot host-ssl-certs .PHONY: bootstrap-stack-host -bootstrap-stack-host: $(if $(SETUP_LETSENCRYPT),host-certbot$(if $(DEBUG),-staging)) host-ssl-certs +bootstrap-stack-host: $(if $(SETUP_CERTBOT),host-certbot) host-ssl-certs # target host: Fire stack-host-up .PHONY: host @@ -18,41 +18,48 @@ host-%: stack-host-%; # target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl .PHONY: host-ssl-certs host-ssl-certs: - docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - -e DOMAIN=$(DOMAIN) \ - --mount source=$(HOST_DOCKER_VOLUME),target=/certs \ - alpine sh -c "\ - apk --no-cache add openssl \ - && mkdir -p /certs/live/${DOMAIN} \ - && { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \ - && openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \ - -addext extendedKeyUsage=serverAuth \ - -addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \ - -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \ - -x509 -days 365 \ - && rm -f /certs/live/${DOMAIN}/fullchain.pem \ - && ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \ - " + $(RUN) docker run --rm \ + -e DOMAIN='$(DOMAIN)' \ + --mount source=$(HOST_DOCKER_VOLUME),target=/host \ + alpine sh -c "mkdir -p /host/htpasswd && chmod 700 /host/htpasswd \ + ; mkdir -p /host/certs && chmod 0700 /host/certs \ + ; [ -f /host/htpasswd/default.htpasswd ] \ + || echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \ + ; for domain in ${DOMAIN}; do \ + [ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \ + && openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \ + && cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \ + && cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \ + ; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \ + apk --no-cache add openssl \ + && { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \ + && openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \ + -addext extendedKeyUsage=serverAuth \ + -addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \ + -subj \"/C=/ST=/L=/O=/CN=\$${domain}\" \ + -x509 -days 365 \ + ; fi \ + ; done \ + " # target host-certbot: Create ${DOMAIN} certificate files with letsencrypt .PHONY: host-certbot host-certbot: host-docker-build-certbot - docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ - --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ - -e DOMAIN=$(DOMAIN) \ - --network host \ - $(HOST_DOCKER_REPOSITORY)/certbot \ - --non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \ - --preferred-challenges dns --authenticator dns-standalone \ - --dns-standalone-address=0.0.0.0 \ - --dns-standalone-port=53 \ - -d ${DOMAIN} \ - -d *.${DOMAIN} + $(foreach domain,$(DOMAIN), \ + $(RUN) docker run --rm \ + -e DOMAIN=$(domain) \ + --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ + --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ + --network host \ + $(HOST_DOCKER_REPOSITORY)/certbot \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + --non-interactive --agree-tos --email hostmaster@$(domain) certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + -d $(domain) \ + -d *.$(domain) \ + && \ + ) true # target host-certbot-certificates: List letsencrypt certificates .PHONY: host-certbot-certificates @@ -67,21 +74,22 @@ host-certbot-renew: host-docker-build-certbot # target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt .PHONY: host-certbot-staging host-certbot-staging: host-docker-build-certbot - docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ - --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ - -e DOMAIN=$(DOMAIN) \ - --network host \ - $(HOST_DOCKER_REPOSITORY)/certbot \ - --non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \ - --preferred-challenges dns --authenticator dns-standalone \ - --dns-standalone-address=0.0.0.0 \ - --dns-standalone-port=53 \ - --staging \ - -d ${DOMAIN} \ - -d *.${DOMAIN} + $(foreach domain,$(DOMAIN), \ + $(RUN) docker run --rm \ + -e DOMAIN=$(domain) \ + --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ + --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ + --network host \ + $(HOST_DOCKER_REPOSITORY)/certbot \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + --non-interactive --agree-tos --email hostmaster@$(domain) certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + --staging \ + -d $(domain) \ + -d *.$(domain) \ + && \ + ) true # target host-docker-build-%: Build % docker .PHONY: host-docker-build-% diff --git a/stack/host/ipfs.mk b/stack/host/ipfs.mk index 2be3d6b..7896dd1 100644 --- a/stack/host/ipfs.mk +++ b/stack/host/ipfs.mk @@ -1,8 +1,10 @@ ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(HOST_IPFS_SERVICE_8080_URIS))] -HOST_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) -HOST_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(HOST_IPFS_SERVICE_5001_URIS)) -HOST_IPFS_SERVICE_5051_URIS ?= $(HOST_IPFS_SERVICE_URIS) -HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_IPFS_SERVICE_8080_URIS)) -HOST_IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS)) +HOST_IPFS_SERVICE_HOST_URIS ?= */ipfs/ */ipns/ +HOST_IPFS_SERVICE_NAME ?= ipfs +HOST_IPFS_SERVICE_5001_PATH ?= api/ +HOST_IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,HOST_IPFS,5001) +HOST_IPFS_SERVICE_8080_ENVS ?= host +HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS)) +HOST_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,ipfs *.ipfs ipns *.ipns) HOST_IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080 diff --git a/stack/host/mail/mailserver.yml b/stack/host/mail/mailserver.yml index 29dedd7..ea64448 100644 --- a/stack/host/mail/mailserver.yml +++ b/stack/host/mail/mailserver.yml @@ -131,7 +131,6 @@ services: - SERVICE_4190_CHECK_TCP=true - SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190 networks: - - private - public ports: - "25:25" @@ -158,9 +157,6 @@ volumes: name: ${HOST_DOCKER_VOLUME} networks: - private: - external: true - name: ${DOCKER_NETWORK_PRIVATE} public: external: true name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/nginx.mk b/stack/host/nginx.mk new file mode 100644 index 0000000..2663a00 --- /dev/null +++ b/stack/host/nginx.mk @@ -0,0 +1,14 @@ +ENV_VARS += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST +HOST_NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST)) +HOST_NGINX_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST)))) +HOST_NGINX_SERVICE_ACME_URIS ?= *:80/.well-known/acme-challenge/ +HOST_NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST)) +HOST_NGINX_SERVICE_80_HOST ?= $(HOST_NGINX_SERVICE_HOST) +HOST_NGINX_SERVICE_80_TAGS ?= $(call urlprefix,,,$(HOST_NGINX_SERVICE_80_URIS) $(call servicenvs,HOST_NGINX,80,URIS)) +HOST_NGINX_SERVICE_80_URIS ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST)) +HOST_NGINX_SERVICE_80_ENVS ?= $(if $(SETUP_LETSENCRYPT),acme) +HOST_NGINX_SERVICE_443_PATH ?= / +HOST_NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(HOST_NGINX_SERVICE_HOST)) +HOST_NGINX_SERVICE_443_PROTO ?= https tlsskipverify=true +HOST_NGINX_SERVICE_443_TAGS ?= $(call tagprefix,HOST_NGINX,443,host) +HOST_NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST)) diff --git a/stack/host/nginx.yml b/stack/host/nginx.yml new file mode 100644 index 0000000..e0dbc3e --- /dev/null +++ b/stack/host/nginx.yml @@ -0,0 +1,54 @@ +version: '3.6' + +services: + nginx: + build: + args: + - DOCKER_BUILD_DIR=docker/nginx + context: ../.. + dockerfile: docker/nginx/Dockerfile + environment: + - DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost} + - LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}} + - LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}} + - LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_NGINX_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true} + - LETSENCRYPT_TEST=${HOST_NGINX_LETSENCRYPT_TEST:-${LETSENCRYPT_TEST:-}} + - SSL_POLICY=${HOST_NGINX_SSL_POLICY:-Mozilla-Modern} + - VIRTUAL_HOST=${HOST_NGINX_VIRTUAL_HOST:-localhost} + - VIRTUAL_PATH=${HOST_NGINX_VIRTUAL_PATH:-/} + - VIRTUAL_PROTO=${HOST_NGINX_VIRTUAL_PROTO:-local} + image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest} + labels: + - SERVICE_80_CHECK_TCP=${HOST_NGINX_SERVICE_80_CHECK_TCP:-true} + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80 + - SERVICE_80_TAGS=${HOST_NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*} + - SERVICE_443_CHECK_TCP=${HOST_NGINX_SERVICE_443_CHECK_TCP:-true} + - SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443 + - SERVICE_443_TAGS=${HOST_NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true} + networks: + - public + ports: + - 80 + - 443 + restart: unless-stopped + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs:ro + - html:/usr/share/nginx/html + - htpasswd:/etc/nginx/htpasswd + - log:/var/log/nginx + - vhost:/etc/nginx/vhost.d + - www:/var/www + +volumes: + certs: + html: + htpasswd: + log: + vhost: + www: + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/php.yml b/stack/host/php.yml new file mode 100644 index 0000000..cd305c9 --- /dev/null +++ b/stack/host/php.yml @@ -0,0 +1,20 @@ +version: '3.6' + +services: + php: + image: php:fpm-alpine + environment: + - VIRTUAL_HOST=php + - VIRTUAL_PROTO=fastcgi + networks: + - public + volumes: + - www:/var/www + +volumes: + www: + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/portainer.mk b/stack/host/portainer.mk index 3293562..d2ef26f 100644 --- a/stack/host/portainer.mk +++ b/stack/host/portainer.mk @@ -1,4 +1,3 @@ ENV_VARS += HOST_PORTAINER_SERVICE_9000_TAGS -HOST_PORTAINER_SERVICE_URIS ?= $(patsubst %,portainer.%,$(APP_URIS)) -HOST_PORTAINER_SERVICE_9000_TAGS ?= $(call urlprefix,,$(HOST_PORTAINER_SERVICE_9000_URIS)) -HOST_PORTAINER_SERVICE_9000_URIS ?= $(HOST_PORTAINER_SERVICE_URIS) +HOST_PORTAINER_SERVICE_9000_NAME ?= portainer +HOST_PORTAINER_SERVICE_9000_TAGS ?= $(call tagprefix,HOST_PORTAINER,9000) diff --git a/stack/host/static.mk b/stack/host/static.mk new file mode 100644 index 0000000..41d46eb --- /dev/null +++ b/stack/host/static.mk @@ -0,0 +1,3 @@ +ENV_VARS += HOST_STATIC_SERVICE_80_TAGS +HOST_STATIC_SERVICE_80_NAME ?= static +HOST_STATIC_SERVICE_80_TAGS ?= $(call tagprefix,HOST_STATIC,80) diff --git a/stack/host/static.yml b/stack/host/static.yml new file mode 100644 index 0000000..7fb2b00 --- /dev/null +++ b/stack/host/static.yml @@ -0,0 +1,25 @@ +version: '3.6' + +services: + static: + image: nginx:alpine + command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" + labels: + - SERVICE_80_CHECK_TCP=true + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80 + - SERVICE_80_TAGS=${HOST_STATIC_SERVICE_80_TAGS:-urlprefix-localhost/*} + networks: + - public + ports: + - 80 + restart: always + volumes: + - static:/usr/share/nginx/html:ro + +volumes: + static: + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/volumes.log.local.yml b/stack/host/volumes.log.local.yml new file mode 100644 index 0000000..fef680a --- /dev/null +++ b/stack/host/volumes.log.local.yml @@ -0,0 +1,8 @@ +version: '3.6' + +volumes: + log: + driver: local + driver_opts: + type: none + device: /var/log diff --git a/stack/host/volumes.www.local.yml b/stack/host/volumes.www.local.yml new file mode 100644 index 0000000..da09f0f --- /dev/null +++ b/stack/host/volumes.www.local.yml @@ -0,0 +1,9 @@ +version: '3.6' + +volumes: + www: + driver: local + driver_opts: + type: none + device: /var/www + o: bind diff --git a/stack/ipfs/ipfs.mk b/stack/ipfs/ipfs.mk index b568c09..0367c8f 100644 --- a/stack/ipfs/ipfs.mk +++ b/stack/ipfs/ipfs.mk @@ -1,11 +1,11 @@ ENV_VARS += IPFS_API_HTTPHEADERS_ACA_ORIGIN IPFS_DAEMON_ARGS IPFS_PROFILE IPFS_SERVICE_5001_TAGS IPFS_SERVICE_8080_TAGS IPFS_VERSION IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(IPFS_SERVICE_8080_URIS))] IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(MACHINE)),lowpower,server) -IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) -IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(IPFS_SERVICE_5001_URIS)) -IPFS_SERVICE_5001_URIS ?= $(IPFS_SERVICE_URIS) +IPFS_SERVICE_NAME ?= ipfs +IPFS_SERVICE_5001_PATH ?= api/ +IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,ipfs,5001) IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn -IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(IPFS_SERVICE_8080_URIS)) +IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,ipfs,8080) IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS)) IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080 IPFS_VERSION ?= 0.16.0 diff --git a/stack/nginx/nginx.mk b/stack/nginx/nginx.mk new file mode 100644 index 0000000..657fc98 --- /dev/null +++ b/stack/nginx/nginx.mk @@ -0,0 +1,10 @@ +ENV_VARS += NGINX_DEFAULT_HOST NGINX_SERVICE_80_TAGS NGINX_SERVICE_443_TAGS NGINX_VIRTUAL_HOST +NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST)) +NGINX_SERVICE_PATH ?= / +NGINX_SERVICE_80_HOST ?= $(patsubst %,%:80,$(NGINX_SERVICE_HOST)) +NGINX_SERVICE_80_TAGS ?= $(call tagprefix,nginx,80,host) +NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(NGINX_SERVICE_HOST)) +NGINX_SERVICE_443_PROTO ?= https tlsskipverify=true +NGINX_SERVICE_443_TAGS ?= $(call tagprefix,nginx,443,host) +NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST)) +NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST)) diff --git a/stack/nginx/nginx.yml b/stack/nginx/nginx.yml new file mode 100644 index 0000000..01a4e49 --- /dev/null +++ b/stack/nginx/nginx.yml @@ -0,0 +1,55 @@ +version: '3.6' + +services: + nginx: + build: + args: + - DOCKER_BUILD_DIR=docker/nginx + context: ../.. + dockerfile: docker/nginx/Dockerfile + environment: + - DEFAULT_HOST=${NGINX_DEFAULT_HOST:-${NGINX_VIRTUAL_HOST:-localhost}} + - LETSENCRYPT_HOST=${NGINX_LETSENCRYPT_HOST:-${NGINX_VIRTUAL_HOST:-}} + - LETSENCRYPT_EMAIL=${NGINX_LETSENCRYPT_EMAIL:-${MAIL:-nginx@localhost}} + - VIRTUAL_HOST=${NGINX_VIRTUAL_HOST:-localhost} + image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest} + labels: + - SERVICE_80_CHECK_TCP=${NGINX_SERVICE_80_CHECK_TCP:-true} + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80 + - SERVICE_80_TAGS=${NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/*} + - SERVICE_443_CHECK_TCP=${NGINX_SERVICE_443_CHECK_TCP:-true} + - SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443 + - SERVICE_443_TAGS=${NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/* proto=https tlsskipverify=true} + networks: + - private + - public + ports: + - 80 + - 443 + restart: unless-stopped + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - certs:/etc/nginx/certs + - html:/usr/share/nginx/html + - log:/var/log/nginx + - vhost:/etc/nginx/vhost.d + +volumes: + certs: + html: + log: + vhost: + www: + driver: local + driver_opts: + type: none + device: ${MONOREPO_DIR} + o: bind + +networks: + private: + external: true + name: ${DOCKER_NETWORK_PRIVATE:-docker} + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC:-localhost} diff --git a/stack/nginx/static.mk b/stack/nginx/static.mk index 425b215..83eb4b8 100644 --- a/stack/nginx/static.mk +++ b/stack/nginx/static.mk @@ -1,4 +1,3 @@ ENV_VARS += STATIC_SERVICE_80_TAGS -STATIC_SERVICE_URIS ?= $(patsubst %,static.%,$(APP_URIS)) -STATIC_SERVICE_80_TAGS ?= $(call urlprefix,,$(STATIC_SERVICE_80_URIS)) -STATIC_SERVICE_80_URIS ?= $(STATIC_SERVICE_URIS) +STATIC_SERVICE_80_NAME ?= static +STATIC_SERVICE_80_TAGS ?= $(call tagprefix,STATIC,80) diff --git a/stack/nginx/static.yml b/stack/nginx/static.yml index 888d920..a1c88b8 100644 --- a/stack/nginx/static.yml +++ b/stack/nginx/static.yml @@ -6,8 +6,8 @@ services: command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80 - - SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS} + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-static-80 + - SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS:-urlprefix-static.localhost/*} networks: - private - public @@ -23,7 +23,7 @@ volumes: networks: private: external: true - name: ${DOCKER_NETWORK_PRIVATE} + name: ${DOCKER_NETWORK_PRIVATE:-docker} public: external: true - name: ${DOCKER_NETWORK_PUBLIC} + name: ${DOCKER_NETWORK_PUBLIC:-static.localhost} diff --git a/stack/portainer/portainer.mk b/stack/portainer/portainer.mk index 28d3181..67e1c22 100644 --- a/stack/portainer/portainer.mk +++ b/stack/portainer/portainer.mk @@ -1,4 +1,3 @@ ENV_VARS += PORTAINER_SERVICE_9000_TAGS -PORTAINER_SERVICE_URIS ?= $(patsubst %,portainer.%,$(APP_URIS)) -PORTAINER_SERVICE_9000_TAGS ?= $(call urlprefix,,$(PORTAINER_SERVICE_9000_URIS)) -PORTAINER_SERVICE_9000_URIS ?= $(PORTAINER_SERVICE_URIS) +PORTAINER_SERVICE_9000_NAME ?= portainer +PORTAINER_SERVICE_9000_TAGS ?= $(call tagprefix,portainer,9000) diff --git a/stack/prometheus/alertmanager.mk b/stack/prometheus/alertmanager.mk index 90d6d92..34c991f 100644 --- a/stack/prometheus/alertmanager.mk +++ b/stack/prometheus/alertmanager.mk @@ -1,4 +1,3 @@ ENV_VARS += ALERTMANAGER_SLACK_WEBHOOK_ID ALERTMANAGER_SERVICE_9093_TAGS -ALERTMANAGER_SERVICE_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS)) -ALERTMANAGER_SERVICE_9093_TAGS ?= $(call urlprefix,,$(ALERTMANAGER_SERVICE_9093_URIS)) -ALERTMANAGER_SERVICE_9093_URIS ?= $(ALERTMANAGER_SERVICE_URIS) +ALERTMANAGER_SERVICE_9093_NAME ?= alertmanager +ALERTMANAGER_SERVICE_9093_TAGS ?= $(call tagprefix,alertmanager,9093) diff --git a/stack/prometheus/blackbox.mk b/stack/prometheus/blackbox.mk index 1631777..d6958c6 100644 --- a/stack/prometheus/blackbox.mk +++ b/stack/prometheus/blackbox.mk @@ -1,6 +1,5 @@ ENV_VARS += BLACKBOX_SERVICE_9115_TAGS BLACKBOX_PRIMARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_PRIMARY_TARGETS) BLACKBOX_SECONDARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_SECONDARY_TARGETS) -BLACKBOX_SERVICE_URIS ?= $(patsubst %,blackbox.%,$(APP_URIS)) -BLACKBOX_SERVICE_9115_TAGS ?= $(call urlprefix,,$(BLACKBOX_SERVICE_9115_URIS)) -BLACKBOX_SERVICE_9115_URIS ?= $(BLACKBOX_SERVICE_URIS) +BLACKBOX_SERVICE_9115_NAME ?= blackbox +BLACKBOX_SERVICE_9115_TAGS ?= $(call tagprefix,blackbox,9115) diff --git a/stack/prometheus/es-exporter.mk b/stack/prometheus/es-exporter.mk index d383536..a36ce19 100644 --- a/stack/prometheus/es-exporter.mk +++ b/stack/prometheus/es-exporter.mk @@ -1,4 +1,3 @@ ENV_VARS += ES_EXPORTER_SERVICE_9206_TAGS -ES_EXPORTER_SERVICE_URIS ?= $(patsubst %,es-exporter.%,$(APP_URIS)) -ES_EXPORTER_SERVICE_9206_TAGS ?= $(call urlprefix,,$(ES_EXPORTER_SERVICE_9206_URIS)) -ES_EXPORTER_SERVICE_9206_URIS ?= $(ES_EXPORTER_SERVICE_URIS) +ES_EXPORTER_SERVICE_9206_NAME ?= es-exporter +ES_EXPORTER_SERVICE_9206_TAGS ?= $(call tagprefix,es-exporter,9206) diff --git a/stack/prometheus/prometheus.mk b/stack/prometheus/prometheus.mk index a7e1f78..62ac4e9 100644 --- a/stack/prometheus/prometheus.mk +++ b/stack/prometheus/prometheus.mk @@ -1,6 +1,5 @@ ENV_VARS += PROMETHEUS_BLACKBOX_PRIMARY_TARGETS PROMETHEUS_BLACKBOX_SECONDARY_TARGETS PROMETHEUS_SERVICE_9090_TAGS PROMETHEUS_BLACKBOX_PRIMARY_TARGETS ?= $(patsubst %,https://%,$(DOMAIN)) PROMETHEUS_BLACKBOX_SECONDARY_TARGETS ?= $(patsubst %,https://%,$(APP_URIS)) -PROMETHEUS_SERVICE_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS)) -PROMETHEUS_SERVICE_9090_TAGS ?= $(call urlprefix,,$(PROMETHEUS_SERVICE_9090_URIS)) -PROMETHEUS_SERVICE_9090_URIS ?= $(PROMETHEUS_SERVICE_URIS) +PROMETHEUS_SERVICE_9090_NAME ?= prometheus +PROMETHEUS_SERVICE_9090_TAGS ?= $(call tagprefix,prometheus,9090) diff --git a/stack/rabbitmq/rabbitmq.mk b/stack/rabbitmq/rabbitmq.mk index 8699248..aee69c5 100644 --- a/stack/rabbitmq/rabbitmq.mk +++ b/stack/rabbitmq/rabbitmq.mk @@ -1,4 +1,3 @@ ENV_VARS += RABBITMQ_SERVICE_15672_TAGS -RABBITMQ_SERVICE_URIS ?= $(patsubst %,rabbitmq.%,$(APP_URIS)) -RABBITMQ_SERVICE_15672_TAGS ?= $(call urlprefix,,$(RABBITMQ_SERVICE_15672_URIS)) -RABBITMQ_SERVICE_15672_URIS ?= $(RABBITMQ_SERVICE_URIS) +RABBITMQ_SERVICE_15672_NAME ?= rabbitmq +RABBITMQ_SERVICE_15672_TAGS ?= $(call tagprefix,rabbitmq,15672) diff --git a/stack/redmine/redmine.mk b/stack/redmine/redmine.mk index eeabdc3..abd0e0c 100644 --- a/stack/redmine/redmine.mk +++ b/stack/redmine/redmine.mk @@ -1,6 +1,7 @@ ENV_VARS += REDMINE_DB_NAME REDMINE_DB_USER REDMINE_SERVICE_80_TAGS -REDMINE_SERVICE_URIS ?= $(patsubst %,redmine.%,$(APP_URIS)) -REDMINE_SERVICE_80_TAGS ?= $(call urlprefix,,$(REDMINE_SERVICE_80_URIS)) +REDMINE_SERVICE_NAME ?= redmine +REDMINE_SERVICE_80_NAME ?= $(REDMINE_SERVICE_NAME) +REDMINE_SERVICE_80_TAGS ?= $(call tagprefix,redmine,80) REDMINE_SERVICE_80_URIS ?= $(REDMINE_SERVICE_URIS) -REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine +REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-$(REDMINE_SERVICE_NAME) REDMINE_DB_USER ?= $(REDMINE_DB_NAME) diff --git a/stack/redmine/redmine3.mk b/stack/redmine/redmine3.mk index 7bba4da..90935ee 100644 --- a/stack/redmine/redmine3.mk +++ b/stack/redmine/redmine3.mk @@ -1,7 +1,7 @@ ENV_VARS += REDMINE3_DB_NAME REDMINE3_DB_USER REDMINE3_SERVICE_80_TAGS -REDMINE3_SERVICE_URIS ?= $(patsubst %,redmine3.%,$(APP_URIS)) -REDMINE3_SERVICE_80_TAGS ?= $(call urlprefix,,$(REDMINE3_SERVICE_80_URIS)) -REDMINE3_SERVICE_80_URIS ?= $(REDMINE3_SERVICE_URIS) -REDMINE3_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine3 +REDMINE3_SERVICE_NAME ?= redmine3 +REDMINE3_SERVICE_80_NAME ?= $(REDMINE3_SERVICE_NAME) +REDMINE3_SERVICE_80_TAGS ?= $(call tagprefix,redmine3,80) +REDMINE3_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-$(REDMINE3_SERVICE_NAME) REDMINE3_DB_USER ?= $(REDMINE3_DB_NAME) diff --git a/stack/theia/theia.mk b/stack/theia/theia.mk index 21458ae..f08c91e 100644 --- a/stack/theia/theia.mk +++ b/stack/theia/theia.mk @@ -1,4 +1,3 @@ ENV_VARS += THEIA_SERVICE_3000_TAGS -THEIA_SERVICE_URIS ?= $(patsubst %,theai.%,$(APP_URIS)) -THEIA_SERVICE_3000_TAGS ?= $(call urlprefix,,$(THEIA_SERVICE_3000_URIS)) -THEIA_SERVICE_3000_URIS ?= $(THEIA_SERVICE_URIS) +THEIA_SERVICE_3000_NAME ?= theai +THEIA_SERVICE_3000_TAGS ?= $(call tagprefix,theia,3000)