diff --git a/.env.dist b/.env.dist deleted file mode 100644 index d3d1f06..0000000 --- a/.env.dist +++ /dev/null @@ -1,2 +0,0 @@ -DOMAIN=localhost -STACK= diff --git a/docker/nginx/nginx_default_location b/docker/nginx/nginx_default_location index 263702b..e24ee57 100644 --- a/docker/nginx/nginx_default_location +++ b/docker/nginx/nginx_default_location @@ -1,19 +1,6 @@ index index.php index.html index.htm; try_files $uri $uri/ index.php$uri =404; -location ~ ^(.+\.php)(.*)$ { - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass php; - fastcgi_split_path_info ^(.+\.php)(.*)$; - include fastcgi_params; - try_files $uri index.php =404; -} - location ~ /\.ht { deny all; } - -location ~ /ip(f|n)s { - proxy_pass http://$host:8080; -} diff --git a/make/apps/common.mk b/make/apps/common.mk index 341e66f..43b679d 100644 --- a/make/apps/common.mk +++ b/make/apps/common.mk @@ -27,7 +27,7 @@ bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd # target bootstrap-stack: Call bootstrap target of each stack .PHONY: bootstrap-stack -bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(stack)) debug-$(stack)) +bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(firstword $(subst :, ,$(stack)))) debug-$(firstword $(subst :, ,$(stack)))) # target build: Build application docker images to run # on local host diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index 620bfbe..df71fc0 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -45,7 +45,7 @@ DOCKER_PLUGIN_S3FS_OPTIONS ?= allow_other,nonempty,use_path_request_style,u DOCKER_PLUGIN_S3FS_SECRETKEY ?= $(AWS_SECRET_ACCESS_KEY) DOCKER_PLUGIN_S3FS_REGION ?= eu-west-1 DOCKER_PLUGIN_VARS ?= S3FS_ACCESSKEY S3FS_OPTIONS S3FS_SECRETKEY S3FS_REGION -DOCKER_REGISTRY ?= $(DOMAIN) +DOCKER_REGISTRY ?= $(DOMAINNAME) DOCKER_REGISTRY_USERNAME ?= $(USER) DOCKER_REGISTRY_REPOSITORY ?= $(addsuffix /,$(DOCKER_REGISTRY))$(subst $(USER),$(DOCKER_REGISTRY_USERNAME),$(DOCKER_REPOSITORY)) DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME))) diff --git a/make/apps/def.mk b/make/apps/def.mk index 8b58d0e..2fded49 100644 --- a/make/apps/def.mk +++ b/make/apps/def.mk @@ -29,11 +29,11 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime NFS_HOST ?= host.docker.internal SERVICES ?= $(DOCKER_SERVICES) -tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),auth proto)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2)))) +tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),allow auth deny preprend proto register strip)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2)))) envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))))) patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern))) servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env)))) -uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS))) +uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(or $(3),$(APP_URIS)))) url_suffix = * urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS)))) urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix)))))) diff --git a/make/apps/def.ufw.mk b/make/apps/def.ufw.mk index 3599bb8..d0c19fc 100644 --- a/make/apps/def.ufw.mk +++ b/make/apps/def.ufw.mk @@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true) define ufw $(call INFO,ufw,$(1)$(comma)) $(call app-bootstrap,ufw-docker) - $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) + $(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1)) endef @@ -15,7 +15,7 @@ endef define ufw-docker $(call INFO,ufw-docker,$(1)$(comma)) $(call app-bootstrap,ufw-docker) - $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) + $(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1)) endef diff --git a/make/apps/docker.mk b/make/apps/docker.mk index 2cc31b5..5e0902e 100644 --- a/make/apps/docker.mk +++ b/make/apps/docker.mk @@ -56,7 +56,7 @@ docker-compose-exec: # target docker-compose-logs: Call docker-compose logs SERVICE .PHONY: docker-compose-logs docker-compose-logs: - $(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) || true + $(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) # target docker-compose-ps: Call docker-compose ps .PHONY: docker-compose-ps diff --git a/make/def.docker.mk b/make/def.docker.mk index 81fc505..d4ebeb1 100644 --- a/make/def.docker.mk +++ b/make/def.docker.mk @@ -25,11 +25,11 @@ HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJEC HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME) HOST_GID ?= 100 HOST_UID ?= 123 -RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME))) +RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(USER_COMPOSE_PROJECT_NAME)) STACK_HOST ?= $(filter host,$(firstword $(subst /, ,$(STACK)))) STACK_USER ?= $(filter User,$(firstword $(subst /, ,$(STACK)))) -USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU)) -USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME))) +USER_COMPOSE_PROJECT_NAME ?= $(subst .,-,$(RESU)) +USER_COMPOSE_SERVICE_NAME ?= $(USER_COMPOSE_PROJECT_NAME) USER_DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG} USER_DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME) USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER))) diff --git a/make/def.mk b/make/def.mk index 0b188c3..ea1d8ba 100644 --- a/make/def.mk +++ b/make/def.mk @@ -43,7 +43,8 @@ CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\# CONTEXT_DEBUG ?= MAKEFILE_LIST DOCKER_ENV_ARGS ENV_ARGS APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER DEBUG ?= DOCKER ?= $(shell type -p docker) -DOMAIN ?= localhost +DOMAIN ?= $(or $(shell dnsdomainname 2>/dev/null),$(shell hostname -d 2>/dev/null),$(shell hostname -f | sed -n 's/[^\.]*\.\([^/ ]*\).*/\1/p'), localhost) +DOMAINNAME ?= $(firstword $(DOMAIN)) DRONE ?= false DRYRUN ?= false DRYRUN_RECURSIVE ?= false @@ -53,10 +54,10 @@ ENV_ARGS ?= $(env_args) ENV_FILE ?= $(wildcard $(if $(filter-out myos,$(MYOS)),$(MONOREPO_DIR)/.env) $(CONFIG)/$(ENV)/$(APP)/.env .env) ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null) ENV_RESET ?= false -ENV_VARS ?= APP BRANCH DOMAIN ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION +ENV_VARS ?= APP BRANCH DOMAIN DOMAINNAME ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION GID ?= $(shell id -g 2>/dev/null) GIDS ?= $(shell id -G 2>/dev/null) -GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAIN)) +GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAINNAME)) GIT_AUTHOR_NAME ?= $(or $(shell git config user.name 2>/dev/null),$(USER)) GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) GIT_COMMIT ?= $(shell git rev-parse $(BRANCH) 2>/dev/null) @@ -68,7 +69,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO GIT_USER ?= $(USER) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) GROUP ?= $(shell id -ng 2>/dev/null) -HOST ?= $(HOSTNAME).$(DOMAIN) +HOST ?= $(patsubst %,$(HOSTNAME).%,$(DOMAIN)) HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//')) IGNORE_DRYRUN ?= false IGNORE_VERBOSE ?= false @@ -171,21 +172,22 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \ # macro RESU: Print USER associated to MAIL RESU = $(strip \ $(if $(findstring @,$(MAIL)), \ - $(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \ - $(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \ + $(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \ + $(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \ $(if $(domain), \ - $(eval mail := $(MAIL)) \ - $(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \ - $(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \ - $(eval resu_niamod := $(niamod).$(resu)) \ - $(eval resu_path := $(subst .,/,$(resu_niamod))) \ - $(eval user_domain := $(user).$(domain)) \ - $(resu_niamod) \ + $(eval mail := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(MAIL))))) \ + $(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \ + $(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \ + $(eval resu.niamod := $(niamod).$(resu)) \ + $(eval resu.path := $(subst .,/,$(resu_niamod))) \ + $(eval user.domain := $(user).$(domain)) \ + $(user.domain) \ , $(USER) \ ) \ , $(USER) \ ) \ ) + # macro TIME: Print time elapsed since unixtime 1 TIME = awk '{printf "%02d:%02d:%02d\n",int($$1/3600),int(($$1%3600)/60),int($$1%60)}' \ <<< $(shell awk 'BEGIN {current=$(or $(2),$(MAKE_UNIXTIME_CURRENT)); start=$(or $(1),$(MAKE_UNIXTIME_START)); print (current - start)}' 2>/dev/null) diff --git a/stack/User/User.mk b/stack/User/User.mk index 9c28473..3c03762 100644 --- a/stack/User/User.mk +++ b/stack/User/User.mk @@ -1,6 +1,20 @@ ENV_VARS += USER_DOMAIN user_domain MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@% -USER_DOMAIN ?= $(USER).$(DOMAIN) +USER_DOMAIN ?= $(patsubst %,$(USER).%,$(DOMAIN)) +USER_HOST ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB) +USER_HOST_RESU ?= $(patsubst %,$(RESU).%,$(USER_HOST)) +USER_HOST_LB ?= $(if $(USER_LB),$(space)$(HOST)$(if $(HOST_LB),$(space)$(DOMAIN)),$(if $(HOST_LB),$(space)$(USER_DOMAIN))) +USER_PATH ?= $(USER_PATH_PREFIX) +USER_PATH_RESU ?= $(USER_PATH)$(RESU)/ +USER_URIS ?= $(patsubst %,%/$(USER_PATH),$(USER_HOST)) + +ifneq ($(RESU),) +ifeq ($(USER_RESU_HOST),true) +USER_HOST := $(USER_HOST_RESU) +else ifeq ($(USER_RESU_PATH),true) +USER_PATH := $(USER_PATH_RESU) +endif +endif # target start-stack-User: Fire ssh-add .PHONY: start-stack-User diff --git a/stack/User/ipfs.mk b/stack/User/ipfs.mk index e14a75c..42e9e3f 100644 --- a/stack/User/ipfs.mk +++ b/stack/User/ipfs.mk @@ -2,6 +2,12 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGI USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))] USER_IPFS_SERVICE_NAME ?= ipfs USER_IPFS_SERVICE_5001_PATH ?= api/ -USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS)))) -USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs) +USER_IPFS_SERVICE_5001_TAGS ?= $(or $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(USER_IPFS_SERVICE_5001_TAGS_URIS),$(USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP)) +USER_IPFS_SERVICE_5001_TAGS_LOCALHOST ?= $(filter %.localhost/$(USER_PATH)$(USER_IPFS_SERVICE_5001_PATH)$(url_suffix),$(call tagprefix,USER_IPFS,5001)) +USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP ?= $(call patsublist,%,urlprefix-% proxy=tcp,$(USER_IPFS_SERVICE_PROXY_TCP)) +USER_IPFS_SERVICE_5001_TAGS_URIS ?= $(strip $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS)))) +USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,USER_IPFS,5001,$(USER_URIS)) +USER_IPFS_SERVICE_8080_OPTS ?= $(patsubst %/,%,$(if $(USER_PATH),strip=/$(USER_PATH))) +USER_IPFS_SERVICE_8080_PATH ?= ip(f|n)s/ USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080) +USER_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,USER_IPFS,8080,$(USER_URIS)) diff --git a/stack/host/autoheal.yml b/stack/host/autoheal.yml index 2fc890d..3b8ed6d 100644 --- a/stack/host/autoheal.yml +++ b/stack/host/autoheal.yml @@ -3,9 +3,9 @@ version: '3.6' services: autoheal: container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal - image: willfarrell/autoheal:latest environment: - AUTOHEAL_CONTAINER_LABEL=all + image: willfarrell/autoheal:latest restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/stack/host/certbot.yml b/stack/host/certbot.yml index b83ff55..fc07234 100644 --- a/stack/host/certbot.yml +++ b/stack/host/certbot.yml @@ -9,6 +9,11 @@ services: dockerfile: docker/certbot/Dockerfile command: start container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot + domainname: ${DOMAINNAME} + extra_hosts: + - consul:${DOCKER_INTERNAL_DOCKER_HOST} + - ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4} + hostname: ${HOSTNAME} image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG} network_mode: host restart: always diff --git a/stack/host/consul.yml b/stack/host/consul.yml index 3520291..1aa9715 100644 --- a/stack/host/consul.yml +++ b/stack/host/consul.yml @@ -9,23 +9,26 @@ services: context: ../.. dockerfile: docker/consul/Dockerfile container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul - image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} + domainname: ${DOMAINNAME} environment: - CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}' - CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}' - CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}' + CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}' + CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}' + CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}' CONSUL_LOCAL_CONFIG: '{ "log_level": "warn" , "enable_script_checks": true , "acl": { "enabled": true , "default_policy": "deny" , "down_policy": "extend-cache" , "enable_token_persistence": true - , "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}" - , "agent": "${HOST_CONSUL_HTTP_TOKEN}" + , "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER:-01234567-89ab-cdef-0123-456789abcdef}" + , "agent": "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}" } } }' + extra_hosts: + - ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4} hostname: ${HOSTNAME} + image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} labels: - SERVICE_8300_IGNORE=true - SERVICE_8301_IGNORE=true diff --git a/stack/host/fabio.mk b/stack/host/fabio.mk index 63c4bd3..8d14927 100644 --- a/stack/host/fabio.mk +++ b/stack/host/fabio.mk @@ -1,5 +1,13 @@ -ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS +ENV_VARS += HOST_FABIO_PROXY_ADDR HOST_FABIO_PROXY_CS HOST_FABIO_SERVICE_9998_TAGS HOST_FABIO_VERSION +HOST_FABIO_PROXY_ADDR ?= $(call subst,$(space),$(comma),$(HOST_FABIO_SERVICE_PROXY_ADDR)) +HOST_FABIO_SERVICE_HTTP_ADDR ?= :80 +HOST_FABIO_SERVICE_HTTPS_ADDR ?= :443;cs=certs +HOST_FABIO_SERVICE_PROXY_ADDR ?= $(call servicenvs,HOST_FABIO,PROXY,ADDR) +HOST_FABIO_SERVICE_PROXY_ENVS ?= http https tcp +HOST_FABIO_SERVICE_TCP_ADDR ?= $(foreach port,$(HOST_FABIO_SERVICE_TCP_PORT),:$(port);proto=tcp) +HOST_FABIO_SERVICE_TCP_PORT ?= HOST_FABIO_SERVICE_9998_NAME ?= fabio HOST_FABIO_SERVICE_9998_AUTH ?= default HOST_FABIO_SERVICE_9998_TAGS ?= $(call tagprefix,HOST_FABIO,9998) HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp +HOST_FABIO_VERSION ?= 1.6.3 diff --git a/stack/host/fabio.yml b/stack/host/fabio.yml index 095b6c1..302ba47 100644 --- a/stack/host/fabio.yml +++ b/stack/host/fabio.yml @@ -7,17 +7,19 @@ services: - DOCKER_BUILD_DIR=docker/fabio - DOCKER_MACHINE=${DOCKER_MACHINE} - DOCKER_SYSTEM=${DOCKER_SYSTEM} - - FABIO_VERSION=1.6.2 + - FABIO_VERSION=${HOST_FABIO_VERSION:-${FABIO_VERSION:-1.6.0}} context: ../.. dockerfile: docker/fabio/Dockerfile + command: -log.level "${HOST_FABIO_LOG_LEVEL:-INFO}" -proxy.addr "${HOST_FABIO_PROXY_ADDR:-:80,:443;cs=certs}" -proxy.auth "${HOST_FABIO_PROXY_AUTH:-name=default;type=basic;file=/host/htpasswd/default.htpasswd}" -proxy.cs "${HOST_FABIO_PROXY_CS:-cs=local;type=file;cert=/host/live/localhost/fullchain.pem;key=/host/live/localhost/privkey.pem,cs=certs;type=path;cert=/host/certs}" -proxy.matcher "${HOST_FABIO_PROXY_MATCHER:-glob}" -registry.backend "${HOST_FABIO_REGISTRY_BACKEND:-consul}" -registry.consul.addr "${HOST_FABIO_REGISTRY_CONSUL_ADDR:-consul:8500}" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}" container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio - image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} - command: -proxy.addr ":80,:443;cs=certs" -proxy.auth "name=default;type=basic;file=/host/htpasswd/default.htpasswd;" -proxy.cs "cs=local;type=file;cert=/host/live/${DOMAIN}/fullchain.pem;key=/host/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/host/certs" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" + domainname: ${DOMAINNAME} depends_on: - consul extra_hosts: - consul:${DOCKER_INTERNAL_DOCKER_HOST} + - ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4} hostname: ${HOSTNAME} + image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80 @@ -27,12 +29,7 @@ services: - SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998 - SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS} - SERVICE_9999_IGNORE=true - ports: - - 80:80/tcp - - 443:443/tcp - - 9998/tcp - networks: - - public + network_mode: host restart: always volumes: - host:/host:ro @@ -41,8 +38,3 @@ volumes: host: external: true name: ${HOST_DOCKER_VOLUME} - -networks: - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/host.mk b/stack/host/host.mk index 3516817..08c6ed2 100644 --- a/stack/host/host.mk +++ b/stack/host/host.mk @@ -26,13 +26,13 @@ host-ssl-certs: ; [ -f /host/htpasswd/default.htpasswd ] \ || echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \ ; for domain in ${DOMAIN}; do \ - [ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \ + [ -f /host/live/\$${domain}/privkey.pem ] \ && openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \ && cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \ && cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \ - ; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \ + ; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \ apk --no-cache add openssl \ - && { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \ + && openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \ && openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \ -addext extendedKeyUsage=serverAuth \ -addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \ diff --git a/stack/host/mail/mailserver.yml b/stack/host/mail/mailserver.yml index ea64448..435caf9 100644 --- a/stack/host/mail/mailserver.yml +++ b/stack/host/mail/mailserver.yml @@ -6,7 +6,7 @@ services: - NET_ADMIN container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver cpus: 0.5 - domainname: ${DOMAIN} + domainname: ${DOMAINNAME} environment: - OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-} - DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0} diff --git a/stack/host/nginx.yml b/stack/host/nginx.yml index e0dbc3e..b3a84d7 100644 --- a/stack/host/nginx.yml +++ b/stack/host/nginx.yml @@ -33,7 +33,7 @@ services: restart: unless-stopped volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - - certs:/etc/nginx/certs:ro + - certs:/etc/nginx/certs - html:/usr/share/nginx/html - htpasswd:/etc/nginx/htpasswd - log:/var/log/nginx diff --git a/stack/host/php.yml b/stack/host/php.yml index cd305c9..416b7cb 100644 --- a/stack/host/php.yml +++ b/stack/host/php.yml @@ -2,10 +2,10 @@ version: '3.6' services: php: - image: php:fpm-alpine environment: - VIRTUAL_HOST=php - VIRTUAL_PROTO=fastcgi + image: php:fpm-alpine networks: - public volumes: diff --git a/stack/host/registrator.yml b/stack/host/registrator.yml index 4a20606..685f9c7 100644 --- a/stack/host/registrator.yml +++ b/stack/host/registrator.yml @@ -9,23 +9,20 @@ services: - GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL} context: ../.. dockerfile: docker/registrator/Dockerfile - container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator - image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500 + container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator depends_on: - consul + domainname: ${DOMAINNAME} environment: - CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN} - GL_DISABLE_VERSION_CHECK=true extra_hosts: - consul:${DOCKER_INTERNAL_DOCKER_HOST} + - ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4} hostname: ${HOSTNAME} + image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} network_mode: host restart: always volumes: - /var/run/docker.sock:/tmp/docker.sock - -networks: - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/static.yml b/stack/host/static.yml index 7fb2b00..e55bfc9 100644 --- a/stack/host/static.yml +++ b/stack/host/static.yml @@ -2,8 +2,8 @@ version: '3.6' services: static: - image: nginx:alpine command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" + image: nginx:alpine labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80 diff --git a/stack/host/volumes.log.local.yml b/stack/host/volumes.log.local.yml index fef680a..01c9452 100644 --- a/stack/host/volumes.log.local.yml +++ b/stack/host/volumes.log.local.yml @@ -4,5 +4,6 @@ volumes: log: driver: local driver_opts: - type: none device: /var/log + o: bind + type: none diff --git a/stack/host/volumes.www.local.yml b/stack/host/volumes.www.local.yml index da09f0f..28340d3 100644 --- a/stack/host/volumes.www.local.yml +++ b/stack/host/volumes.www.local.yml @@ -4,6 +4,6 @@ volumes: www: driver: local driver_opts: - type: none device: /var/www o: bind + type: none diff --git a/stack/ipfs/ipfs.mk b/stack/ipfs/ipfs.mk index 0367c8f..55f3195 100644 --- a/stack/ipfs/ipfs.mk +++ b/stack/ipfs/ipfs.mk @@ -7,7 +7,6 @@ IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,ipfs,5001) IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,ipfs,8080) IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS)) -IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080 IPFS_VERSION ?= 0.16.0 .PHONY: bootstrap-stack-ipfs