From 091fc8bf69b5e9e1157e0f120168850a851e9ab6 Mon Sep 17 00:00:00 2001
From: Dowerent <dowerent@noreply.codeberg.org>
Date: Mon, 25 Sep 2023 16:55:27 +0000
Subject: [PATCH] Update .woodpecker.yml

---
 .woodpecker.yml                   | 55 +++++++++++++++++++++++++++++++
 Dockerfile                        | 10 +++---
 README.md                         | 38 +++++++++++++++++++++
 docker-compose.yml                | 10 ++----
 docker-entrypoint.sh              | 14 ++++++++
 nginx.conf                        | 40 +++++++++++++++-------
 stack.yml                         | 28 ++++++++++++++++
 tests/nginx-proxy.nixc.us.test.ts |  6 ++++
 8 files changed, 175 insertions(+), 26 deletions(-)
 create mode 100644 .woodpecker.yml
 create mode 100644 README.md
 create mode 100644 docker-entrypoint.sh
 create mode 100644 stack.yml
 create mode 100644 tests/nginx-proxy.nixc.us.test.ts

diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..2f8a805
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,55 @@
+# woodpecker.yml
+labels:
+  hostname: "macmini7"
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      partial: false
+      depth: 1
+steps:
+  run-post-deploy-smoke-tests:
+    name: run-post-deploy-smoke-tests
+    image: git.nixc.us/colin/playwright:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]
+  build-push:
+    name: build-push
+    when:
+      - path:
+          include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - echo compose up build
+      - docker compose build
+      - echo compose push
+      - docker compose push
+      - echo docker compose rm -f
+      - docker compose rm -f
+  deploy-config:
+    name: deploy-config
+    when:
+      - path:
+          include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+    #   - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - docker stack deploy --with-registry-auth -c ./stack.yml lan-to-nginx
+  run-post-deploy-smoke-tests:
+    name: run-post-deploy-smoke-tests
+    image: git.nixc.us/colin/playwright:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 7c8976c..ca63a75 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,5 @@
-# Start from the official Nginx image
 FROM nginx:alpine
-
-# Copy our custom Nginx configuration
-COPY nginx.conf /etc/nginx/nginx.conf
-
-
+COPY nginx.conf /etc/nginx/nginx.conf.template
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+ENTRYPOINT ["/docker-entrypoint.sh"]
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..025836e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,38 @@
+Nginx Reverse Proxy Setup
+
+This repository provides a setup to run an Nginx container as a reverse proxy. The backend address and port can be set via environment variables.
+Repository Structure
+
+    Dockerfile: Contains instructions to build the custom Nginx Docker image.
+    nginx.conf: Nginx configuration to set up reverse proxy using environment variables.
+    docker-compose.yml: Docker Compose configuration to build and run the Nginx container.
+
+Setup Instructions
+1. Clone the Repository
+
+To get started, first clone the repository:
+
+bash
+
+git clone https://codeberg.org/Iridium-net/lan-to-nginx.git
+cd lan-to-nginx
+
+2. Modify Environment Variables (Optional)
+
+The docker-compose.yml file has environment variables set for a backend address of 192.168.8.1 and port 80. If you want to point the reverse proxy to a different backend, modify the docker-compose.yml file and adjust the BACKEND_ADDRESS and BACKEND_PORT environment variables.
+3. Build and Run
+
+Using Docker Compose, build and run the setup:
+
+bash
+
+docker-compose up --build -d
+
+The --build flag ensures that the image is built using the provided Dockerfile. The -d flag runs the container in detached mode.
+4. Access
+
+Once the container is running, access any machine where Docker is running on port 80. It will reverse proxy the request to the backend specified (in this example, 192.168.8.1:80).
+Notes
+
+    This setup uses the image from codeberg.org/Iridium-net/lan-to-nginx:latest. If you modify the Dockerfile and wish to use the locally built image, the docker-compose.yml configuration takes care of this by specifying both a build context and an image name.
+    Make sure to adjust firewall or security group settings if you're running this in a cloud environment or behind a firewall.
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index d078b92..637827e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,14 +1,8 @@
 version: '3.9'  
 
 services:
-  nginx-proxy:
+  lan-to-nginx:
     build:  
       context: .  
       dockerfile: Dockerfile  
-    image: codeberg.org/Iridium-net/lan-to-nginx:latest  
-    environment:
-      - BACKEND_ADDRESS=192.168.8.1 # Replace with your backend address
-      - BACKEND_PORT=80  # Replace with your backend port
-    ports:
-      - "80:80"  # Map port 80 from the host to port 80 in the container
-
+    image: git.nixc.us/colin/lan-to-nginx:latest
\ No newline at end of file
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100644
index 0000000..cf74293
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+# Default to HTTP if PROTOCOL is not set
+PROTOCOL="${PROTOCOL:-http}"
+
+# Replace placeholders with environment variable values
+envsubst '$BACKEND_ADDRESS $BACKEND_PORT $PROTOCOL $MATOMO_URL $MATOMO_SITE_ID' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+
+# Start nginx in the foreground
+curl -k -I $PROTOCOL://$BACKEND_ADDRESS:$BACKEND_PORT
+echo checking nginx modules
+nginx -V 2>&1 | grep -o http_sub_module
+echo /etc/nginx/nginx.conf
+cat /etc/nginx/nginx.conf
+exec nginx -g 'daemon off;'
diff --git a/nginx.conf b/nginx.conf
index 2e7df9d..a958c30 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,28 +1,44 @@
-user  nginx;
-worker_processes  1;
+user nginx;
+worker_processes 1;
 
 events {
-    worker_connections  1024;
+    worker_connections 1024;
 }
 
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    # Load environment variables
-    env BACKEND_ADDRESS;
-    env BACKEND_PORT;
+    default_type application/octet-stream;
 
     server {
         listen 80;
 
+        # Health check location at a secret path
+        location /secret-health-path {
+            add_header Content-Type text/plain;
+            return 200 'Healthy';
+        }
+
         location / {
-            # Use the environment variables for the proxy pass
-            proxy_pass http://$BACKEND_ADDRESS:$BACKEND_PORT;
+            # Proxy pass to the backend using environment variables with HTTP explicitly
+            proxy_pass http://${BACKEND_ADDRESS}:${BACKEND_PORT};
+
+            # General proxy settings
+            proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Accept-Encoding "";
+            proxy_buffering off;
+
+            # Remove headers that might hint at HTTPS usage
+            proxy_set_header X-Forwarded-Proto "";
+            proxy_set_header X-Forwarded-Ssl "";
+            proxy_set_header X-Url-Scheme "";
+
+            # Disable proxy_ssl_verify if you're not using HTTPS at all
+            proxy_ssl_verify off;
+
+            # Do not pass through the Connection header from the client
+            proxy_set_header Connection "";
         }
     }
 }
-
diff --git a/stack.yml b/stack.yml
new file mode 100644
index 0000000..48bf1ad
--- /dev/null
+++ b/stack.yml
@@ -0,0 +1,28 @@
+version: "3.9"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  nginx:
+    image: git.nixc.us/colin/lan-to-nginx:latest
+    environment:
+      - BACKEND_ADDRESS=ingress.nixc.us
+      - BACKEND_PORT=443
+      - PROTOCOL=https
+    networks:
+      - traefik
+    deploy:
+      replicas: 1
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.nginx-proxy.tls=true"
+        - "traefik.http.services.nginx-proxy.loadbalancer.server.port=80"
+        - "traefik.http.routers.nginx-proxy.rule=Host(`nginx-proxy.nixc.us`)"
+        - "traefik.http.routers.nginx-proxy.entrypoints=websecure"
+        - "traefik.http.routers.nginx-proxy.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.nginx-proxy.service=nginx-proxy"
+        - "traefik.docker.network=traefik"
+#        - 'traefik.http.routers.nginx-proxy.middlewares=authelia_authelia@docker'
diff --git a/tests/nginx-proxy.nixc.us.test.ts b/tests/nginx-proxy.nixc.us.test.ts
new file mode 100644
index 0000000..71f3194
--- /dev/null
+++ b/tests/nginx-proxy.nixc.us.test.ts
@@ -0,0 +1,6 @@
+import { test, expect } from '@playwright/test';
+
+test('test', async ({ page }) => {
+  await page.goto('https://nginx-proxy.nixc.us/secret-health-path');
+  await page.getByText('Healthy').click();
+});
\ No newline at end of file