From: Clifton Palmer Date: Tue, 31 Oct 2023 19:30:37 +0000 (-0500) Subject: Refactored proxy service X-Git-Url: http://git.purplebirdman.com/proxy.git/commitdiff_plain/af7fabbd7a7736849f97846bdcae2c9dea22b73a?ds=sidebyside Refactored proxy service --- diff --git a/conf.d/gallery.conf b/conf.d/gallery.conf new file mode 100644 index 0000000..ab755a4 --- /dev/null +++ b/conf.d/gallery.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + server_name comics.purplebirdman.com; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/certs/key.pem; + + location / { + proxy_pass http://gallery_server; + proxy_set_header Host $host; + } +} diff --git a/deploy.sh b/deploy.sh index 6e05b3c..9e5489b 100755 --- a/deploy.sh +++ b/deploy.sh @@ -1,2 +1,2 @@ #!/bin/bash -docker stack deploy -c <(docker-compose config) purplebirdman +docker stack deploy -c <(docker-compose config) proxy diff --git a/docker-compose.yml b/docker-compose.yml index c3f14ed..2a45836 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,84 +1,23 @@ # requires variable config loading, such as: -# docker stack deploy -c <(docker-compose config) purplebirdman +# docker stack deploy -c <(docker-compose config) proxy # # also needs an .env file with some variables! version: '3' networks: - go-backend: - driver: overlay -services: proxy: + external: true +services: + web-proxy: image: nginx:1.17 volumes: - - ./proxy/nginx.conf:/etc/nginx/nginx.conf - /etc/ssl/certs/purplebirdman/:/etc/ssl/certs/ + - ./nginx.conf:/etc/nginx/nginx.conf + - ./conf.d/:/etc/nginx/conf.d/ environment: - NGINX_HOST=purplebirdman.com - NGINX_PORT=443 ports: - 443:443 - depends_on: - - purplebirdman - - kanboard - - public - - go-web - purplebirdman: - image: cjpalmer/purplebirdman:1.0.0 - kanboard: - image: kanboard/kanboard:v1.2.26 - volumes: - - kanboard_data:/var/www/app/data - - kanboard_plugins:/var/www/app/plugins - - kanboard_ssl:/etc/nginx/ssl - public: - image: cjpalmer/public:1.2.3 - volumes: - - ${SHARE_ROOT}:/storage - - public_data:/usr/local/apache2/htdocs - - httpd_users:/usr/local/apache2/auth - environment: - - PUBLIC_ROOT_DIR=/storage - - PUBLIC_LINK_DIR=/usr/local/apache2/htdocs - - PUBLIC_FQDN_OVERRIDE=https://public.purplebirdman.com - db: - image: mariadb:10.6 - environment: - MARIADB_ROOT_PASSWORD: admin - MARIADB_DATABASE: go - MARIADB_USER: socket - MARIADB_PASSWORD: socketpw - networks: - - go-backend - socket: - image: cjpalmer/go-socket:1.0.0 - networks: - - go-backend - depends_on: - - db - go-web: - image: cjpalmer/go-web:1.0.0 networks: - - default - - go-backend - depends_on: - - socket -volumes: - kanboard_data: - driver: local - driver_opts: - o: bind - type: none - device: /mnt/kanboard_data - kanboard_plugins: - driver: local - kanboard_ssl: - driver: local - public_data: - driver: local - driver_opts: - o: bind - type: none - device: /mnt/public_data - httpd_users: - driver: local + - proxy diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..6c145ae --- /dev/null +++ b/nginx.conf @@ -0,0 +1,33 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + ssl_password_file /etc/ssl/certs/passphrase.txt; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/proxy/nginx.conf b/proxy/nginx.conf deleted file mode 100644 index 73ba402..0000000 --- a/proxy/nginx.conf +++ /dev/null @@ -1,60 +0,0 @@ -worker_processes auto; - -events { - worker_connections 1024; -} - -http { - ssl_password_file /etc/ssl/certs/passphrase.txt; - - server { - listen 443 ssl; - server_name go.purplebirdman.com; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /etc/ssl/certs/key.pem; - location / { - proxy_pass http://go-web; - proxy_set_header Host $host; - } - location /ws { - proxy_pass http://go-web; - proxy_set_header Host $host; - - # websocket magic - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - } - } - server { - listen 443 ssl; - server_name kanban.purplebirdman.com; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /etc/ssl/certs/key.pem; - client_max_body_size 20M; - location / { - proxy_pass http://kanboard; - proxy_set_header Host $host; - } - } - server { - listen 443 ssl; - server_name public.purplebirdman.com; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /etc/ssl/certs/key.pem; - location / { - proxy_pass http://public; - proxy_set_header Host $host; - } - } - server { - listen 443 ssl; - server_name purplebirdman.com; - ssl_certificate /etc/ssl/certs/cert.pem; - ssl_certificate_key /etc/ssl/certs/key.pem; - location / { - proxy_pass http://purplebirdman; - proxy_set_header Host $host; - } - } -}