STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

add nginx proxy

This commit is contained in:
Yann Autissier 2022-12-10 17:58:25 +00:00
parent 92dcf23fdd
commit 9b37383bba
31 changed files with 299 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
docker/http/alpine/Dockerfile → docker/httpd/alpine/Dockerfile
View File

0
docker/http/alpine/docker-entrypoint.sh → docker/httpd/alpine/docker-entrypoint.sh
View File

4
docker/http/alpine/httpd-vhosts.ctmpl → docker/httpd/alpine/httpd-vhosts.ctmpl
View File

@ -1,5 +1,5 @@
{{ $serverName := printf "%s.%s.%s" (env "APP") (env "ENV") (env "USER") }}
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "ENV") (env "APP") }}
{{ $serverName := printf "%s.%s.%s" (env "ENV") (env "APP") (env "USER") }}
{{ $serviceName := printf "%s-%s-%s-php-9000" (env "USER") (env "APP") (env "ENV") }}
<VirtualHost *:80>
ServerAdmin support+apache@asycn.io
DocumentRoot "/var/www/web"

10
docker/nginx/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM pinidh/nginx-proxy:alpine
ARG DOCKER_BUILD_DIR
RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \
&& sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
&& awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/
COPY ${DOCKER_BUILD_DIR}/nginx* /app
HEALTHCHECK CMD curl -sk https://localhost > /dev/null && echo OK

15
docker/nginx/nginx-config.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
set -eu
##
# CONFIG
sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param SERVER_SOFTWARE nginx;/' /etc/nginx/fastcgi_params
##
# DEFAULT
mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d
[ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default
[ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default
[ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location

1
docker/nginx/nginx_default Normal file
View File

@ -0,0 +1 @@
root /var/www/$host;

19
docker/nginx/nginx_default_location Normal file
View File

@ -0,0 +1,19 @@
index index.php index.html index.htm;
try_files $uri $uri/ index.php$uri =404;
location ~ ^(.+\.php)(.*)$ {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi_params;
try_files $uri index.php =404;
}
location ~ /\.ht {
deny all;
}
location ~ /ip(f|n)s {
proxy_pass http://$host:8080;
}

2
make/apps/def.docker.mk
View File

@ -26,7 +26,7 @@ DOCKER_BUILD_TARGET ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS))
DOCKER_BUILD_TARGET_DEFAULT ?= master
DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1;}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
DOCKER_COMPOSE ?= $(or $(shell docker-compose --version 2>/dev/null |awk '$$4 != "v'"$(COMPOSE_VERSION)"'" {exit 1} END {if (NR == 0) exit 1}' && printf 'docker-compose\n'),$(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'))
DOCKER_COMPOSE_ARGS ?= --ansi=auto
DOCKER_COMPOSE_DOWN_OPTIONS ?=
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(STACK_HOST),$(HOST_COMPOSE_PROJECT_NAME),$(if $(STACK_USER),$(USER_COMPOSE_PROJECT_NAME)))

8
make/apps/def.mk
View File

@ -29,9 +29,9 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
NFS_HOST ?= host.docker.internal
SERVICES ?= $(DOCKER_SERVICES)
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pat,$(wordlist 2,16,$(3)),$(comma)$(space)$(patsubst $(1),$(2),$(pat)))
urlprefix = $(call patsublist,%,urlprefix-%$(1),$(or $(2),$(APP_URIS)))
urlprefixs = $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(space)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix))))
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1),$(or $(2),$(APP_URIS))))
urlprefixs = $(strip $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(prefix)))))
## urlprefix tests (x APP_URI)
# $(call urlprefix)
# urlprefix-app.domain/
@ -41,4 +41,4 @@ urlprefixs = $(call urlprefix,$(1))$(foreach prefix,$(subst $(space),$(dollar),$
# urlprefix-app.domain:443/ proto=https
## urlprefixs tests (x prefix)
# $(call urlprefixs,admin strip=/admin,images)
# urlprefix-app.domain/admin strip=/admin, urlprefix-app.domain/images
# urlprefix-app.domain/admin strip=/admin,urlprefix-app.domain/images

2
make/def.app.mk
View File

@ -52,7 +52,7 @@ define app-docker
$(eval service := $(or $(DOCKER_SERVICE),$(subst .,,$(call LOWERCASE,$(lastword $(subst /, ,$(patsubst %/Dockerfile,%,$(dockerfile)))))),undefined))
$(eval docker := ${COMPOSE_SERVICE_NAME}-$(service))
$(eval DOCKER_IMAGE := $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG))
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)/)
$(eval DOCKER_LABELS := SERVICE_NAME=$(docker) SERVICE_TAGS=$(call urlprefix,$(APP_PATH),$(service).$(APP_HOST)/))
$(eval DOCKER_NAME := $(docker))
$(eval DOCKER_RUN_NAME := --name $(DOCKER_NAME))
, $(call ERROR,Unable to find Dockerfile,$(dockerfile))

5
make/def.mk
View File

@ -107,7 +107,6 @@ SUDO ?= $(if $(filter-out 0,$(UID)),$(shell type -p s
TAG ?= $(GIT_TAG)
UID ?= $(shell id -u 2>/dev/null)
USER ?= $(shell id -nu 2>/dev/null)
VERBOSE ?= $(if $(DEBUG),true)
VERSION ?= $(GIT_VERSION)
ifneq ($(DEBUG),)
@ -172,8 +171,8 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
# macro RESU: Print USER associated to MAIL
RESU = $(strip \
$(if $(findstring @,$(MAIL)), \
$(eval user := $(subst +,,$(subst -,,$(call LOWERCASE,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
$(eval domain := $(call LOWERCASE,$(call subst,_,,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}')))) \
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
$(if $(domain), \
$(eval mail := $(MAIL)) \
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \

1
stack/User/User.mk
View File

@ -1,7 +1,6 @@
ENV_VARS += USER_DOMAIN user_domain
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
USER_DOMAIN ?= $(USER).$(DOMAIN)
User ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/User/*.yml)))
# target start-stack-User: Fire ssh-add
.PHONY: start-stack-User

6
stack/User/ipfs.mk
View File

@ -1,7 +1,9 @@
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
USER_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(patsubst %,$(RESU).%,$(DOMAIN))/)
USER_IPFS_SERVICE_5001_TAGS ?= $(filter %.localhost/api,$(call urlprefix,api,$(USER_IPFS_SERVICE_5001_URIS)))
USER_IPFS_SERVICE_5001_URIS ?= $(USER_IPFS_SERVICE_URIS)
USER_IPFS_SERVICE_URIS_USER ?= $(USER_IPFS_SERVICE_URIS)
USER_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(USER_IPFS_SERVICE_5001_URIS))
USER_IPFS_SERVICE_5001_URIS ?= $(filter %.localhost/,$(USER_IPFS_SERVICE_URIS)) $(foreach env,$(call UPPERCASE,$(USER_IPFS_SERVICE_5001_URIS_ENV)),$(USER_IPFS_SERVICE_URIS_$(env)))
USER_IPFS_SERVICE_5001_URIS_ENV ?=
USER_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(USER_IPFS_SERVICE_8080_URIS))
USER_IPFS_SERVICE_8080_URIS ?= $(USER_IPFS_SERVICE_URIS)

2
stack/host/acme.mk Normal file
View File

@ -0,0 +1,2 @@
ENV_VARS += HOST_ACME_POST_HOOK
HOST_ACME_POST_HOOK ?= echo $${domain}

37
stack/host/acme.yml Normal file
View File

@ -0,0 +1,37 @@
version: '3.6'
services:
acme:
depends_on:
- nginx
environment:
- ACME_CA_URI=${HOST_ACME_CA_URI:-https://acme-v02.api.letsencrypt.org/directory}
- ACME_POST_HOOK=${HOST_ACME_POST_HOOK:-}
- ACME_PRE_HOOK=${HOST_ACME_PRE_HOOK:-}
- DEFAULT_EMAIL=${HOST_ACME_DEFAULT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-acme@localhost}}}
- LETSENCRYPT_TEST=${HOST_ACME_LETSENCRYPT_TEST:-}
image: pinidh/acme-companion:latest
networks:
- public
restart: unless-stopped
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- acme:/etc/acme.sh
- certs:/etc/nginx/certs
- html:/usr/share/nginx/html
- host:/certs
volumes:
acme:
certs:
html:
host:
external: true
name: ${HOST_DOCKER_VOLUME}
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

5
stack/host/certbot.yml
View File

@ -19,8 +19,3 @@ volumes:
host:
external: true
name: ${HOST_DOCKER_VOLUME}
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

5
stack/host/consul.yml
View File

@ -43,8 +43,3 @@ services:
volumes:
consul:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

2
stack/host/fabio.yml
View File

@ -12,7 +12,7 @@ services:
dockerfile: docker/fabio/Dockerfile
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=certs" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/etc/letsencrypt/certs;refresh=60s"
depends_on:
- consul
extra_hosts:

2
stack/host/host.mk
View File

@ -1,7 +1,7 @@
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
MAKECMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
SETUP_LETSENCRYPT ?=
host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
host ?= host/consul host/fabio host/registrator
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
.PHONY: bootstrap-stack-host

6
stack/host/ipfs.mk
View File

@ -1,8 +1,10 @@
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(HOST_IPFS_SERVICE_8080_URIS))]
HOST_IPFS_SERVICE_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS))
HOST_IPFS_SERVICE_URIS_HOST ?= */ipfs */ipns
HOST_IPFS_SERVICE_5001_TAGS ?= $(call urlprefix,api,$(HOST_IPFS_SERVICE_5001_URIS))
HOST_IPFS_SERVICE_5051_URIS ?= $(HOST_IPFS_SERVICE_URIS)
HOST_IPFS_SERVICE_5001_URIS ?= $(HOST_IPFS_SERVICE_URIS)
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,$(HOST_IPFS_SERVICE_8080_URIS))
HOST_IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
HOST_IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS)) $(foreach env,$(call UPPERCASE,$(HOST_IPFS_SERVICE_8080_URIS_ENV)),$(HOST_IPFS_SERVICE_URIS_$(env)))
HOST_IPFS_SERVICE_8080_URIS_ENV ?= host
HOST_IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080

4
stack/host/mail/mailserver.yml
View File

@ -131,7 +131,6 @@ services:
- SERVICE_4190_CHECK_TCP=true
- SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190
networks:
- private
- public
ports:
- "25:25"
@ -158,9 +157,6 @@ volumes:
name: ${HOST_DOCKER_VOLUME}
networks:
private:
external: true
name: ${DOCKER_NETWORK_PRIVATE}
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

13
stack/host/nginx.mk Normal file
View File

@ -0,0 +1,13 @@
ENV_VARS += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
HOST_NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
HOST_NGINX_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))))
HOST_NGINX_SERVICE_URIS_ACME ?= *:80/.well-known/acme-challenge
HOST_NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))
HOST_NGINX_SERVICE_80_HOST ?= $(HOST_NGINX_SERVICE_HOST)
HOST_NGINX_SERVICE_80_TAGS ?= $(call urlprefix,,$(HOST_NGINX_SERVICE_80_URIS))
HOST_NGINX_SERVICE_80_URIS ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST)) $(foreach env,$(call UPPERCASE,$(HOST_NGINX_SERVICE_80_URIS_ENV)),$(HOST_NGINX_SERVICE_URIS_$(env)))
HOST_NGINX_SERVICE_80_URIS_ENV ?= $(if $(SETUP_LETSENCRYPT),acme)
HOST_NGINX_SERVICE_443_HOST ?= $(HOST_NGINX_SERVICE_HOST)
HOST_NGINX_SERVICE_443_TAGS ?= $(call urlprefix, proto=https tlsskipverify=true,$(HOST_NGINX_SERVICE_443_URIS))
HOST_NGINX_SERVICE_443_URIS ?= $(patsubst %,%:443/,$(HOST_NGINX_SERVICE_443_HOST))
HOST_NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))

52
stack/host/nginx.yml Normal file
View File

@ -0,0 +1,52 @@
version: '3.6'
services:
nginx:
build:
args:
- DOCKER_BUILD_DIR=docker/nginx
context: ../..
dockerfile: docker/nginx/Dockerfile
environment:
- DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost}
- LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}}
- LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}}
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
- LETSENCRYPT_TEST=${HOST_NGINX_LETSENCRYPT_TEST:-${LETSENCRYPT_TEST:-}}
- SSL_POLICY=${HOST_NGINX_SSL_POLICY:-Mozilla-Modern}
- VIRTUAL_HOST=${HOST_NGINX_VIRTUAL_HOST:-localhost}
- VIRTUAL_PATH=${HOST_NGINX_VIRTUAL_PATH:-/}
- VIRTUAL_PROTO=${HOST_NGINX_VIRTUAL_PROTO:-local}
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
labels:
- SERVICE_80_CHECK_TCP=${HOST_NGINX_SERVICE_80_CHECK_TCP:-true}
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
- SERVICE_80_TAGS=${HOST_NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/}
- SERVICE_443_CHECK_TCP=${HOST_NGINX_SERVICE_443_CHECK_TCP:-true}
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
- SERVICE_443_TAGS=${HOST_NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/ proto=https tlsskipverify=true}
networks:
- public
ports:
- 80
- 443
restart: unless-stopped
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- log:/var/log/nginx
- vhost:/etc/nginx/vhost.d
- www:/var/www
volumes:
certs:
html:
log:
vhost:
www:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

20
stack/host/php.yml Normal file
View File

@ -0,0 +1,20 @@
version: '3.6'
services:
php:
image: php:fpm-alpine
environment:
- VIRTUAL_HOST=php
- VIRTUAL_PROTO=fastcgi
networks:
- public
volumes:
- www:/var/www
volumes:
www:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

4
stack/host/static.mk Normal file
View File

@ -0,0 +1,4 @@
ENV_VARS += HOST_STATIC_SERVICE_80_TAGS
HOST_STATIC_SERVICE_URIS ?= $(patsubst %,static.%,$(APP_URIS))
HOST_STATIC_SERVICE_80_TAGS ?= $(call urlprefix,,$(HOST_STATIC_SERVICE_80_URIS))
HOST_STATIC_SERVICE_80_URIS ?= $(HOST_STATIC_SERVICE_URIS)

25
stack/host/static.yml Normal file
View File

@ -0,0 +1,25 @@
version: '3.6'
services:
static:
image: nginx:alpine
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
labels:
- SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80
- SERVICE_80_TAGS=${HOST_STATIC_SERVICE_80_TAGS:-urlprefix-localhost/}
networks:
- public
ports:
- 80
restart: always
volumes:
- static:/usr/share/nginx/html:ro
volumes:
static:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

8
stack/host/volumes.log.local.yml Normal file
View File

@ -0,0 +1,8 @@
version: '3.6'
volumes:
log:
driver: local
driver_opts:
type: none
device: /var/log

9
stack/host/volumes.www.local.yml Normal file
View File

@ -0,0 +1,9 @@
version: '3.6'
volumes:
www:
driver: local
driver_opts:
type: none
device: /var/www
o: bind

5
stack/nginx/nginx.mk Normal file
View File

@ -0,0 +1,5 @@
ENV_VARS += NGINX_DEFAULT_HOST NGINX_SERVICE_80_TAGS NGINX_SERVICE_443_TAGS NGINX_VIRTUAL_HOST
NGINX_SERVICE_80_TAGS ?= $(call urlprefix,:80/,$(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST)))
NGINX_SERVICE_443_TAGS ?= $(call urlprefix,:443/ proto=https tlsskipverity=true,$(subst $(comma),$(space),$(NGINX_VIRTUAL_HOST)))
NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
NGINX_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))

55
stack/nginx/nginx.yml Normal file
View File

@ -0,0 +1,55 @@
version: '3.6'
services:
nginx:
build:
args:
- DOCKER_BUILD_DIR=docker/nginx
context: ../..
dockerfile: docker/nginx/Dockerfile
environment:
- DEFAULT_HOST=${NGINX_DEFAULT_HOST:-${NGINX_VIRTUAL_HOST:-localhost}}
- LETSENCRYPT_HOST=${NGINX_LETSENCRYPT_HOST:-${NGINX_VIRTUAL_HOST:-}}
- LETSENCRYPT_EMAIL=${NGINX_LETSENCRYPT_EMAIL:-${MAIL:-nginx@localhost}}
- VIRTUAL_HOST=${NGINX_VIRTUAL_HOST:-localhost}
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
labels:
- SERVICE_80_CHECK_TCP=${NGINX_SERVICE_80_CHECK_TCP:-true}
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-80
- SERVICE_80_TAGS=${NGINX_SERVICE_80_TAGS:-urlprefix-localhost:80/}
- SERVICE_443_CHECK_TCP=${NGINX_SERVICE_443_CHECK_TCP:-true}
- SERVICE_443_NAME=${COMPOSE_SERVICE_NAME:-docker}-nginx-443
- SERVICE_443_TAGS=${NGINX_SERVICE_443_TAGS:-urlprefix-localhost:443/ proto=https tlsskipverify=true}
networks:
- private
- public
ports:
- 80
- 443
restart: unless-stopped
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs
- html:/usr/share/nginx/html
- log:/var/log/nginx
- vhost:/etc/nginx/vhost.d
volumes:
certs:
html:
log:
vhost:
www:
driver: local
driver_opts:
type: none
device: ${MONOREPO_DIR}
o: bind
networks:
private:
external: true
name: ${DOCKER_NETWORK_PRIVATE:-docker}
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC:-localhost}

8
stack/nginx/static.yml
View File

@ -6,8 +6,8 @@ services:
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
labels:
- SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-static-80
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS:-urlprefix-static.localhost/}
networks:
- private
- public
@ -23,7 +23,7 @@ volumes:
networks:
private:
external: true
name: ${DOCKER_NETWORK_PRIVATE}
name: ${DOCKER_NETWORK_PRIVATE:-docker}
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}
name: ${DOCKER_NETWORK_PUBLIC:-static.localhost}