colin
/
lan-to-nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: colin:master
Branches Tags
colin:master
colin:main
..
compare: colin:main
Branches Tags
colin:master
colin:main

10 Commits
master ... main

Author SHA1 Message Date
root 6271c37603 first commit 2023-11-03 19:54:58 +00:00
root 53783f238e Stream editing working tracking not 2023-10-02 16:16:07 +00:00
root 9fc16fda7e fixup 2023-09-25 13:36:33 -04:00
root bf114b273b fixup 2023-09-25 13:31:48 -04:00
root 5f2bc789c4 fixup 2023-09-25 13:30:40 -04:00
root f40a8697bc fixup 2023-09-25 13:21:09 -04:00
root 4edc4ccd85 fixup 2023-09-25 13:13:04 -04:00
root fa29897d55 fixup 2023-09-25 13:08:21 -04:00
Dowerent a2a4ef19ee adding template stackfile 2023-09-25 17:02:41 +00:00
Dowerent 0ef41ee169 Add README.md 2023-09-25 16:55:27 +00:00
8 changed files with 141 additions and 99 deletions
Show Stats Expand all files Collapse all files

46
.woodpecker.yml
View File

@ -8,48 +8,12 @@ clone:
partial: false partial: false
depth: 1 depth: 1
steps: steps:
run-post-deploy-smoke-tests: deploy:
name: run-post-deploy-smoke-tests name: deploy
image: git.nixc.us/colin/playwright:latest image: docker:latest
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
when:
- branch: main
- path:
include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]
build-push:
name: build-push
when:
- path:
include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
image: woodpeckerci/plugin-docker-buildx
secrets: [REGISTRY_USER, REGISTRY_PASSWORD] secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
commands: commands:
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us # - docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
- echo compose up build - docker stack deploy --with-registry-auth -c ./truenas.yml truenas
- docker compose build
- echo compose push
- docker compose push
- echo docker compose rm -f
- docker compose rm -f
deploy-config:
name: deploy-config
when:
- path:
include: [ 'stack.yml','.woodpecker.yml', 'Dockerfile', 'docker-entrypoint.sh', 'nginx.conf', 'README.md' ]
image: woodpeckerci/plugin-docker-buildx
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
# - echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- docker stack deploy --with-registry-auth -c ./stack.yml lan-to-nginx
run-post-deploy-smoke-tests:
name: run-post-deploy-smoke-tests
image: git.nixc.us/colin/playwright:latest
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
when:
- branch: main
- path:
include: [ 'stack.yml', 'docker-compose.yml', 'Dockerfile.*', '.woodpecker.yml', '*.tests.ts' ]

6
Dockerfile
View File

@ -1,5 +1,11 @@
# Start from the official Nginx image
FROM nginx:alpine FROM nginx:alpine
# Copy our custom Nginx configuration and script
COPY nginx.conf /etc/nginx/nginx.conf.template COPY nginx.conf /etc/nginx/nginx.conf.template
COPY docker-entrypoint.sh /docker-entrypoint.sh COPY docker-entrypoint.sh /docker-entrypoint.sh
# Make the script executable
RUN chmod +x /docker-entrypoint.sh RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"] ENTRYPOINT ["/docker-entrypoint.sh"]

10
docker-compose.yml
View File

@ -1,8 +1,14 @@
version: '3.9' version: '3.9'
services: services:
lan-to-nginx: nginx-proxy:
build: build:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile
image: git.nixc.us/colin/lan-to-nginx:latest image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.1 # Replace with your backend address
- BACKEND_PORT=80 # Replace with your backend port
ports:
- "80:80" # Map port 80 from the host to port 80 in the container

4
docker-entrypoint.sh
View File

@ -4,11 +4,15 @@ PROTOCOL="${PROTOCOL:-http}"
# Replace placeholders with environment variable values # Replace placeholders with environment variable values
envsubst '$BACKEND_ADDRESS $BACKEND_PORT $PROTOCOL $MATOMO_URL $MATOMO_SITE_ID' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf envsubst '$BACKEND_ADDRESS $BACKEND_PORT $PROTOCOL $MATOMO_URL $MATOMO_SITE_ID' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
# Substitute environment variables in matomo.js
envsubst '$MATOMO_URL $MATOMO_SITE_ID' < /matomo.js.template > /matomo.js
# Start nginx in the foreground # Start nginx in the foreground
curl -k -I $PROTOCOL://$BACKEND_ADDRESS:$BACKEND_PORT curl -k -I $PROTOCOL://$BACKEND_ADDRESS:$BACKEND_PORT
echo checking nginx modules echo checking nginx modules
nginx -V 2>&1 | grep -o http_sub_module nginx -V 2>&1 | grep -o http_sub_module
echo /matomo.js
cat /matomo.js
echo /etc/nginx/nginx.conf echo /etc/nginx/nginx.conf
cat /etc/nginx/nginx.conf cat /etc/nginx/nginx.conf
exec nginx -g 'daemon off;' exec nginx -g 'daemon off;'

40
nginx.conf
View File

@ -1,44 +1,44 @@
user nginx; user nginx;
worker_processes 1; worker_processes 1;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
default_type application/octet-stream; default_type application/octet-stream;
server { server {
listen 80; listen 80;
# Health check location at a secret path add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:;";
location /secret-health-path { # add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://ack.nixc.us; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self';";
add_header Content-Type text/plain; # Define MIME type
return 200 'Healthy'; types {
text/html html htm shtml;
} }
location / { location / {
# Proxy pass to the backend using environment variables with HTTP explicitly # Use the placeholders for the proxy pass
proxy_pass http://${BACKEND_ADDRESS}:${BACKEND_PORT}; proxy_pass ${PROTOCOL}://${BACKEND_ADDRESS}:${BACKEND_PORT};
# General proxy settings
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
proxy_buffering off; proxy_buffering off;
proxy_ssl_verify off; # Skip SSL verification, be cautious
# Remove headers that might hint at HTTPS usage # Enable response body filtering
proxy_set_header X-Forwarded-Proto ""; sub_filter_once off;
proxy_set_header X-Forwarded-Ssl "";
proxy_set_header X-Url-Scheme "";
# Disable proxy_ssl_verify if you're not using HTTPS at all # Inject the Matomo content just before </head>
proxy_ssl_verify off; sub_filter '</body>' '<script async src="https://ack.nixc.us/tracker.js" data-ackee-server="https://ack.nixc.us" data-ackee-domain-id="9608c1ff-b08c-4781-ae7e-cee6eb415bf3"></script></body>';
sub_filter_types application/xml application/json text/css text/javascript application/javascript text/plain;
# Do not pass through the Connection header from the client
proxy_set_header Connection "";
} }
} }
} }

28
stack.yml
View File

@ -1,28 +0,0 @@
version: "3.9"
networks:
traefik:
external: true
services:
nginx:
image: git.nixc.us/colin/lan-to-nginx:latest
environment:
- BACKEND_ADDRESS=ingress.nixc.us
- BACKEND_PORT=443
- PROTOCOL=https
networks:
- traefik
deploy:
replicas: 1
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.nginx-proxy.tls=true"
- "traefik.http.services.nginx-proxy.loadbalancer.server.port=80"
- "traefik.http.routers.nginx-proxy.rule=Host(`nginx-proxy.nixc.us`)"
- "traefik.http.routers.nginx-proxy.entrypoints=websecure"
- "traefik.http.routers.nginx-proxy.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.nginx-proxy.service=nginx-proxy"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.nginx-proxy.middlewares=authelia_authelia@docker'

6
tests/nginx-proxy.nixc.us.test.ts
View File

@ -1,6 +0,0 @@
import { test, expect } from '@playwright/test';
test('test', async ({ page }) => {
await page.goto('https://nginx-proxy.nixc.us/secret-health-path');
await page.getByText('Healthy').click();
});

96
truenas.yml Normal file
View File

@ -0,0 +1,96 @@
version: "3.9"
networks:
traefik:
external: true
services:
truenas:
image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.47
- BACKEND_PORT=443
- PROTOCOL=https
- MATOMO_URL=//m.nixc.us/ # Replace with your actual Matomo URL if different.
- MATOMO_SITE_ID=1 # Replace with your actual Site ID if different.
networks:
- traefik
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini7
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-truenas.tls=true"
- "traefik.http.services.truenas-truenas.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-truenas.rule=Host(`truenas.nixc.us`)"
- "traefik.http.routers.truenas-truenas.entrypoints=websecure"
- "traefik.http.routers.truenas-truenas.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-truenas.service=truenas-truenas"
- "traefik.docker.network=traefik"
- 'traefik.http.routers.truenas-truenas.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_truenas"
minio-api:
image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.47
- BACKEND_PORT=9000
- PROTOCOL=http
networks:
- traefik
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini7
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-minio-api.tls=true"
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-minio.rule=Host(`minio.nixc.us`)"
- "traefik.http.routers.truenas-minio.entrypoints=websecure"
- "traefik.http.routers.truenas-minio.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-minio.service=truenas-minio"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.truenas-minio.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_minio"
minio-api:
image: codeberg.org/iridium-net/lan-to-nginx:truenas
environment:
- BACKEND_ADDRESS=192.168.8.47
- BACKEND_PORT=9002
- PROTOCOL=http
networks:
- traefik
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini7
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.truenas-minio-api.tls=true"
- "traefik.http.services.truenas-minio-api.loadbalancer.server.port=80"
- "traefik.http.routers.truenas-minio-api.rule=Host(`minio-api.nixc.us`)"
- "traefik.http.routers.truenas-minio-api.entrypoints=websecure"
- "traefik.http.routers.truenas-minio-api.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.truenas-minio-api.service=truenas-minio-api"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.truenas-minio-api.middlewares=authelia_authelia@docker'
logging:
driver: "gelf"
options:
gelf-address: "udp://log.nixc.us:15124"
tag: "truenas_minio-api"