IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to s dot adaszewski at gmail dot com. User accounts are meant only to report issues and/or generate pull requests. This is a purpose-specific Git hosting for ADARED projects. Thank you for your understanding!
Browse Source

Started working on nginx reverse proxy + Letsencrypt gateway example.

master
parent
commit
8bcd9c6eb6
7 changed files with 160 additions and 0 deletions
  1. +1
    -0
      example/gateway/files/cookiecutter.json
  2. +30
    -0
      example/gateway/focker-compose.yml
  3. +37
    -0
      example/gateway/getmetadata.py
  4. +22
    -0
      example/gateway/nginx-http/Fockerfile
  5. +25
    -0
      example/gateway/nginx-http/files/nginx.conf
  6. +22
    -0
      example/gateway/nginx-https/Fockerfile
  7. +23
    -0
      example/gateway/nginx-https/files/nginx.conf

+ 1
- 0
example/gateway/files/cookiecutter.json View File

@@ -0,0 +1 @@
{"directory_name": "nginx_conf", "ips": [["127.0.8.1"]], "domains": [[["xyz.com", "www.xyz.com"]]]}

+ 30
- 0
example/gateway/focker-compose.yml View File

@@ -0,0 +1,30 @@
prebuild:
- python3 getmetadata.py
volumes:
certbot-data: {}
certbot-webroot: {}
images:
nginx-http: ./nginx-http
nginx-https: ./nginx-https
certbot: ./certbot
jails:
nginx-http:
image: nginx-http
mounts:
certbot-webroot: /srv/certbot-webroot
certbot:
image: certbot
depend: nginx-http
mounts:
certbot-data: /
nginx-https:
image: nginx-https
depend: certbot

+ 37
- 0
example/gateway/getmetadata.py View File

@@ -0,0 +1,37 @@
import glob
import yaml
import json
def main():
res_ips = []
res_domains = []
for fname in glob.glob('../**/focker-compose.yml'):
print(fname)
with open(fname, 'r') as f:
spec = yaml.safe_load(f)
if 'jails' not in spec:
continue
for j in spec['jails'].values():
if 'ip4.addr' not in j:
continue
if 'meta' not in j:
continue
if 'domains' not in j['meta']:
continue
if not j['meta']['domains']:
continue
domains = j['meta']['domains']
if not isinstance(domains, list):
domains = [ domains ]
res_ips.append(j['ip4.addr'])
res_domains.append(domains)
res = { 'directory_name': 'nginx_conf',
'ips': [ res_ips ],
'domains': [ res_domains ] }
with open('./files/cookiecutter.json', 'w') as f:
json.dump(res, f)
if __name__ == '__main__':
main()

+ 22
- 0
example/gateway/nginx-http/Fockerfile View File

@@ -0,0 +1,22 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
- copy:
- [ ../files/cookiecutter.json,
/root/cookiecutter.json ]
- [ files/nginx.conf,
/root/nginx.conf ]
- run:
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
- run:
- cookiecutter --no-input /root/nginx_template
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir -p /srv/certbot-webroot

+ 25
- 0
example/gateway/nginx-http/files/nginx.conf View File

@@ -0,0 +1,25 @@
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

{% for i in range(cookiecutter.ips|length) %}
server {
listen 80;
server_name {{ ' '.join(cookiecutter.domains[i]) }};

location /.well-known/ {
root /srv/certbot-webroot;
}

location / {
proxy_pass http://{{ cookiecutter.ips[i] }}/;
}
}
{% endfor %}
}

+ 22
- 0
example/gateway/nginx-https/Fockerfile View File

@@ -0,0 +1,22 @@
base: freebsd-latest
steps:
- run:
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg install python3 nginx py37-cookiecutter
- copy:
- [ ../files/cookiecutter.json,
/root/cookiecutter.json ]
- [ files/nginx.conf,
/root/nginx.conf ]
- run:
- mkdir -p /root/nginx_template/\{\{cookiecutter.directory_name\}\}
- mv -v /root/nginx.conf /root/nginx_template/\{\{cookiecutter.directory_name\}\}/nginx.conf
- mv -v /root/cookiecutter.json /root/nginx_template/cookiecutter.json
- run:
- cookiecutter --no-input /root/nginx_template
- mv -v ./nginx_conf/nginx.conf /usr/local/etc/nginx/nginx.conf
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg remove python3 py37-cookiecutter
- ASSUME_ALWAYS_YES=yes IGNORE_OSVERSION=yes pkg autoremove
- rm -rvf /root/nginx_template
- rm -rvf ./nginx_conf
- mkdir /certbot-data

+ 23
- 0
example/gateway/nginx-https/files/nginx.conf View File

@@ -0,0 +1,23 @@
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

{% for i in range(cookiecutter.ips|length) %}
server {
listen 443 ssl;
server_name {{ ' '.join(cookiecutter.domains[i]) }};
ssl_certificate /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.crt;
ssl_certificate_key /certbot-data/config/live/{{ cookiecutter.domains[i][0] }}/{{ cookiecutter.domains[i][0] }}.key;

location / {
proxy_pass http://{{ cookiecutter.ips[i] }}/;
}
}
{% endfor %}
}

Loading…
Cancel
Save