Started working on nginx reverse proxy + Letsencrypt gateway example.

example/gateway/files/cookiecutter.json

@@ -0,0 +1 @@
+{"directory_name": "nginx_conf", "ips": [["127.0.8.1"]], "domains": [[["xyz.com", "www.xyz.com"]]]}

example/gateway/focker-compose.yml

@@ -0,0 +1,30 @@
+prebuild:
+  - python3 getmetadata.py
+
+
+volumes:
+  certbot-data: {}
+  certbot-webroot: {}
+
+
+images:
+  nginx-http: ./nginx-http
+  nginx-https: ./nginx-https
+  certbot: ./certbot
+
+
+jails:
+  nginx-http:
+    image: nginx-http
+    mounts:
+      certbot-webroot: /srv/certbot-webroot
+
+  certbot:
+    image: certbot
+    depend: nginx-http
+    mounts:
+      certbot-data: /
+
+  nginx-https:
+    image: nginx-https
+    depend: certbot

example/gateway/getmetadata.py

@@ -0,0 +1,37 @@
+import glob
+import yaml
+import json
+
+
+def main():
+    res_ips = []
+    res_domains = []
+    for fname in glob.glob('../**/focker-compose.yml'):
+        print(fname)
+        with open(fname, 'r') as f:
+            spec = yaml.safe_load(f)
+        if 'jails' not in spec:
+            continue
+        for j in spec['jails'].values():
+            if 'ip4.addr' not in j:
+                continue
+            if 'meta' not in j:
+                continue
+            if 'domains' not in j['meta']:
+                continue
+            if not j['meta']['domains']:
+                continue
+            domains = j['meta']['domains']
+            if not isinstance(domains, list):
+                domains = [ domains ]
+            res_ips.append(j['ip4.addr'])
+            res_domains.append(domains)
+    res = { 'directory_name': 'nginx_conf',
+        'ips': [ res_ips ],
+        'domains': [ res_domains ] }
+    with open('./files/cookiecutter.json', 'w') as f:
+        json.dump(res, f)
+
+
+if __name__ == '__main__':
+    main()

example/gateway/nginx-http/Fockerfile

@@ -0,0 +1,22 @@
+base: freebsd-latest
+
+steps:
+  - run:
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
+  - copy:
+      - [ ../files/cookiecutter.json,
+          /root/cookiecutter.json ]
+      - [ files/nginx.conf,
+          /root/nginx.conf ]
+  - run:
+      - mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
+      - mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
+      - mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
+  - run:
+      - cookiecutter --no-input /root/nginx_template
+      - mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
+      - rm -rvf /root/nginx_template
+      - rm -rvf ./nginx_conf
+      - mkdir -p /srv/certbot-webroot

example/gateway/nginx-http/files/nginx.conf

@@ -0,0 +1,25 @@
+worker_processes 1;
+
+events {
+  worker_connections   1024;
+}
+
+http {
+  include              mime.types;
+  default_type         application/octet-stream;
+
+  {% for i in range(cookiecutter.ips|length) %}
+    server {
+      listen 80;
+      server_name {{ ' '.join(cookiecutter.domains[i]) }};
+
+      location /.well-known/ {
+        root /srv/certbot-webroot;
+      }
+
+      location / {
+        proxy_pass http://{{ cookiecutter.ips[i] }}/;
+      }
+    }
+  {% endfor %}
+}

example/gateway/nginx-https/Fockerfile

@@ -0,0 +1,22 @@
+base: freebsd-latest
+
+steps:
+  - run:
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
+  - copy:
+      - [ ../files/cookiecutter.json,
+          /root/cookiecutter.json ]
+      - [ files/nginx.conf,
+          /root/nginx.conf ]
+  - run:
+      - mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
+      - mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
+      - mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
+  - run:
+      - cookiecutter --no-input /root/nginx_template
+      - mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
+      - ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
+      - rm -rvf /root/nginx_template
+      - rm -rvf ./nginx_conf
+      - mkdir /certbot-data

example/gateway/nginx-https/files/nginx.conf

@@ -0,0 +1,23 @@
+worker_processes 1;
+
+events {
+  worker_connections   1024;
+}
+
+http {
+  include              mime.types;
+  default_type         application/octet-stream;
+
+  {% for i in range(cookiecutter.ips|length) %}
+    server {
+      listen 443 ssl;
+      server_name {{ ' '.join(cookiecutter.domains[i]) }};
+      ssl_certificate /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.crt;
+      ssl_certificate_key /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.key;
+
+      location / {
+        proxy_pass http://{{ cookiecutter.ips[i] }}/;
+      }
+    }
+  {% endfor %}
+}