Update .woodpecker.yml

.woodpecker.yml

@@ -0,0 +1,55 @@
+# woodpecker.yml
+labels:
+  hostname: "macmini7"
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      partial: false
+      depth: 1
+steps:
+  run-post-deploy-smoke-tests:
+    name: run-post-deploy-smoke-tests
+    image: git.nixc.us/colin/playwright:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]
+  build-push:
+    name: build-push
+    when:
+      - path:
+          include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - echo compose up build
+      - docker compose build
+      - echo compose push
+      - docker compose push
+      - echo docker compose rm -f
+      - docker compose rm -f
+  deploy-config:
+    name: deploy-config
+    when:
+      - path:
+          include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
+    image: woodpeckerci/plugin-docker-buildx
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+    #   - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
+      - docker stack deploy --with-registry-auth -c ./stack.yml lan-to-nginx
+  run-post-deploy-smoke-tests:
+    name: run-post-deploy-smoke-tests
+    image: git.nixc.us/colin/playwright:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    when:
+      - branch: main
+      - path:
+          include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]

Dockerfile

@@ -1,7 +1,5 @@
-# Start from the official Nginx image
 FROM nginx:alpine
-
+COPY nginx.conf /etc/nginx/nginx.conf.template
-# Copy our custom Nginx configuration
+COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY nginx.conf /etc/nginx/nginx.conf
+RUN chmod +x /docker-entrypoint.sh
-
+ENTRYPOINT ["/docker-entrypoint.sh"]
-

README.md

@@ -0,0 +1,38 @@
+Nginx Reverse Proxy Setup
+
+This repository provides a setup to run an Nginx container as a reverse proxy. The backend address and port can be set via environment variables.
+Repository Structure
+
+    Dockerfile: Contains instructions to build the custom Nginx Docker image.
+    nginx.conf: Nginx configuration to set up reverse proxy using environment variables.
+    docker-compose.yml: Docker Compose configuration to build and run the Nginx container.
+
+Setup Instructions
+1. Clone the Repository
+
+To get started, first clone the repository:
+
+bash
+
+git clone https://codeberg.org/Iridium-net/lan-to-nginx.git
+cd lan-to-nginx
+
+2. Modify Environment Variables (Optional)
+
+The docker-compose.yml file has environment variables set for a backend address of 192.168.8.1 and port 80. If you want to point the reverse proxy to a different backend, modify the docker-compose.yml file and adjust the BACKEND_ADDRESS and BACKEND_PORT environment variables.
+3. Build and Run
+
+Using Docker Compose, build and run the setup:
+
+bash
+
+docker-compose up --build -d
+
+The --build flag ensures that the image is built using the provided Dockerfile. The -d flag runs the container in detached mode.
+4. Access
+
+Once the container is running, access any machine where Docker is running on port 80. It will reverse proxy the request to the backend specified (in this example, 192.168.8.1:80).
+Notes
+
+    This setup uses the image from codeberg.org/Iridium-net/lan-to-nginx:latest. If you modify the Dockerfile and wish to use the locally built image, the docker-compose.yml configuration takes care of this by specifying both a build context and an image name.
+    Make sure to adjust firewall or security group settings if you're running this in a cloud environment or behind a firewall.

docker-compose.yml

@@ -1,14 +1,8 @@
 version: '3.9'  
 
 services:
-  nginx-proxy:
+  lan-to-nginx:
     build:  
       context: .  
       dockerfile: Dockerfile  
-    image: codeberg.org/Iridium-net/lan-to-nginx:latest  
+    image: git.nixc.us/colin/lan-to-nginx:latest
-    environment:
-      - BACKEND_ADDRESS=192.168.8.1 # Replace with your backend address
-      - BACKEND_PORT=80  # Replace with your backend port
-    ports:
-      - "80:80"  # Map port 80 from the host to port 80 in the container
-

docker-entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Default to HTTP if PROTOCOL is not set
+PROTOCOL="${PROTOCOL:-http}"
+
+# Replace placeholders with environment variable values
+envsubst '$BACKEND_ADDRESS $BACKEND_PORT $PROTOCOL $MATOMO_URL $MATOMO_SITE_ID' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+
+# Start nginx in the foreground
+curl -k -I $PROTOCOL://$BACKEND_ADDRESS:$BACKEND_PORT
+echo checking nginx modules
+nginx -V 2>&1 | grep -o http_sub_module
+echo /etc/nginx/nginx.conf
+cat /etc/nginx/nginx.conf
+exec nginx -g 'daemon off;'

nginx.conf

@@ -6,23 +6,39 @@ events {
 }
 
 http {
-    include       /etc/nginx/mime.types;
     default_type application/octet-stream;
 
-    # Load environment variables
-    env BACKEND_ADDRESS;
-    env BACKEND_PORT;
-
     server {
         listen 80;
 
+        # Health check location at a secret path
+        location /secret-health-path {
+            add_header Content-Type text/plain;
+            return 200 'Healthy';
+        }
+
         location / {
-            # Use the environment variables for the proxy pass
+            # Proxy pass to the backend using environment variables with HTTP explicitly
-            proxy_pass http://$BACKEND_ADDRESS:$BACKEND_PORT;
+            proxy_pass http://${BACKEND_ADDRESS}:${BACKEND_PORT};
+
+            # General proxy settings
+            proxy_http_version 1.1;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Accept-Encoding "";
+            proxy_buffering off;
+
+            # Remove headers that might hint at HTTPS usage
+            proxy_set_header X-Forwarded-Proto "";
+            proxy_set_header X-Forwarded-Ssl "";
+            proxy_set_header X-Url-Scheme "";
+
+            # Disable proxy_ssl_verify if you're not using HTTPS at all
+            proxy_ssl_verify off;
+
+            # Do not pass through the Connection header from the client
+            proxy_set_header Connection "";
         }
     }
 }
-

stack.yml

@@ -0,0 +1,28 @@
+version: "3.9"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  nginx:
+    image: git.nixc.us/colin/lan-to-nginx:latest
+    environment:
+      - BACKEND_ADDRESS=ingress.nixc.us
+      - BACKEND_PORT=443
+      - PROTOCOL=https
+    networks:
+      - traefik
+    deploy:
+      replicas: 1
+      labels:
+        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.nginx-proxy.tls=true"
+        - "traefik.http.services.nginx-proxy.loadbalancer.server.port=80"
+        - "traefik.http.routers.nginx-proxy.rule=Host(`nginx-proxy.nixc.us`)"
+        - "traefik.http.routers.nginx-proxy.entrypoints=websecure"
+        - "traefik.http.routers.nginx-proxy.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.nginx-proxy.service=nginx-proxy"
+        - "traefik.docker.network=traefik"
+#        - 'traefik.http.routers.nginx-proxy.middlewares=authelia_authelia@docker'

tests/nginx-proxy.nixc.us.test.ts

@@ -0,0 +1,6 @@
+import { test, expect } from '@playwright/test';
+
+test('test', async ({ page }) => {
+  await page.goto('https://nginx-proxy.nixc.us/secret-health-path');
+  await page.getByText('Healthy').click();
+});