Compare commits
2 Commits
1d1b5156bc
...
9b68d06ab0
Author | SHA1 | Date |
---|---|---|
Yann Autissier | 9b68d06ab0 | |
Yann Autissier | a257c8184b |
|
@ -1,19 +1,6 @@
|
|||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ index.php$uri =404;
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
try_files $uri index.php =404;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /ip(f|n)s {
|
||||
proxy_pass http://$host:8080;
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@ bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd
|
|||
|
||||
# target bootstrap-stack: Call bootstrap target of each stack
|
||||
.PHONY: bootstrap-stack
|
||||
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(stack)) debug-$(stack))
|
||||
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(firstword $(subst :, ,$(stack)))) debug-$(firstword $(subst :, ,$(stack))))
|
||||
|
||||
# target build: Build application docker images to run
|
||||
# on local host
|
||||
|
|
|
@ -33,7 +33,7 @@ tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$
|
|||
envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))))
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
|
||||
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env))))
|
||||
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS)))
|
||||
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(or $(3),$(APP_URIS))))
|
||||
url_suffix = *
|
||||
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS))))
|
||||
urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix))))))
|
||||
|
|
|
@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true)
|
|||
define ufw
|
||||
$(call INFO,ufw,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
|
||||
endef
|
||||
|
||||
|
@ -15,7 +15,7 @@ endef
|
|||
define ufw-docker
|
||||
$(call INFO,ufw-docker,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
|
||||
endef
|
||||
|
||||
|
|
16
make/def.mk
16
make/def.mk
|
@ -68,7 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
|
|||
GIT_USER ?= $(USER)
|
||||
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
|
||||
GROUP ?= $(shell id -ng 2>/dev/null)
|
||||
HOST ?= $(HOSTNAME).$(DOMAIN)
|
||||
HOST ?= $(patsubst %,$(HOSTNAME).%,$(DOMAIN))
|
||||
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
|
||||
IGNORE_DRYRUN ?= false
|
||||
IGNORE_VERBOSE ?= false
|
||||
|
@ -171,16 +171,16 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
|
|||
# macro RESU: Print USER associated to MAIL
|
||||
RESU = $(strip \
|
||||
$(if $(findstring @,$(MAIL)), \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(if $(domain), \
|
||||
$(eval mail := $(MAIL)) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
|
||||
$(eval mail := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(MAIL))))) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
|
||||
$(eval resu_niamod := $(niamod).$(resu)) \
|
||||
$(eval resu_path := $(subst .,/,$(resu_niamod))) \
|
||||
$(eval resu_path := $(subst .,/,$(resu_niamod))) \
|
||||
$(eval user_domain := $(user).$(domain)) \
|
||||
$(resu_niamod) \
|
||||
$(user_domain) \
|
||||
, $(USER) \
|
||||
) \
|
||||
, $(USER) \
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
ENV_VARS += USER_DOMAIN user_domain
|
||||
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
|
||||
USER_DOMAIN ?= $(USER).$(DOMAIN)
|
||||
USER_DOMAIN ?= $(patsubst %,$(USER).%,$(DOMAIN))
|
||||
USER_HOST ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB)
|
||||
USER_HOST_LB ?= $(if $(USER_LB),$(space)$(HOST)$(if $(HOST_LB),$(space)$(DOMAIN)),$(if $(HOST_LB),$(space)$(USER_DOMAIN)))
|
||||
USER_PATH ?= $(USER_PATH_PREFIX)$(RESU)
|
||||
USER_URIS ?= $(patsubst %,%/$(USER_PATH),$(USER_HOST))
|
||||
|
||||
# target start-stack-User: Fire ssh-add
|
||||
.PHONY: start-stack-User
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
|
||||
USER_IPFS_SERVICE_NAME ?= ipfs
|
||||
USER_IPFS_SERVICE_5001_PATH ?= api/
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs)
|
||||
USER_IPFS_SERVICE_HOST ?= $(USER_HOST)
|
||||
USER_IPFS_SERVICE_PATH ?= $(USER_PATH)
|
||||
USER_IPFS_SERVICE_URIS ?= $(USER_URIS)
|
||||
USER_IPFS_SERVICE_5001_PATH ?= /api/
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/$(USER_IPFS_SERVICE_PATH)$(USER_IPFS_SERVICE_5001_PATH)$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,USER_IPFS,5001,$(USER_IPFS_SERVICE_URIS))
|
||||
USER_IPFS_SERVICE_8080_PATH ?= /
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080)
|
||||
USER_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,USER_IPFS,8080,$(USER_IPFS_SERVICE_URIS))
|
||||
|
|
|
@ -26,13 +26,13 @@ host-ssl-certs:
|
|||
; [ -f /host/htpasswd/default.htpasswd ] \
|
||||
|| echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
|
||||
; for domain in ${DOMAIN}; do \
|
||||
[ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \
|
||||
[ -f /host/live/\$${domain}/privkey.pem ] \
|
||||
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
|
||||
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
|
||||
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
|
||||
; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \
|
||||
; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \
|
||||
apk --no-cache add openssl \
|
||||
&& { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \
|
||||
&& openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
|
||||
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
|
||||
-addext extendedKeyUsage=serverAuth \
|
||||
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \
|
||||
|
|
Loading…
Reference in New Issue