From 0c46bea504a62470a7cad15586fa42238187a86a Mon Sep 17 00:00:00 2001 From: meliurwen Date: Thu, 20 Aug 2020 14:14:52 +0200 Subject: [PATCH] Added reverse-proxy default config and added LOCAL_STACK_DIR variable --- .env.example | 3 +- docker-compose.yml | 21 +++--- reverseproxy/Dockerfile | 5 ++ reverseproxy/root/defaults/default.conf | 87 +++++++++++++++++++++++++ reverseproxy/root/start.sh | 10 +++ 5 files changed, 115 insertions(+), 11 deletions(-) create mode 100644 reverseproxy/Dockerfile create mode 100644 reverseproxy/root/defaults/default.conf create mode 100755 reverseproxy/root/start.sh diff --git a/.env.example b/.env.example index e3a0e90..bc66df5 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,5 @@ -VOLUMES_FOLDER=/srv/docker/volumes +LOCAL_VOLUMES_DIR=/srv/docker/volumes +LOCAL_STACK_DIR=${LOCAL_VOLUMES_DIR}/irc TZ=Europe/Berlin diff --git a/docker-compose.yml b/docker-compose.yml index 579e82c..c4cb733 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,8 +6,8 @@ services: container_name: znc restart: unless-stopped volumes: - - ${VOLUMES_FOLDER}/irc/znc/config:/config - - ${VOLUMES_FOLDER}/irc/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf + - ${LOCAL_STACK_DIR}/znc/config:/config + - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf ports: - "6501:6501" environment: @@ -16,11 +16,12 @@ services: - TZ=${TZ} nginx-reverseproxy-irc: - image: nginx:stable-alpine + build: + context: reverseproxy/ container_name: nginx-reverseproxy-irc restart: unless-stopped volumes: - - ${VOLUMES_FOLDER}/irc/nginx/data/conf.d:/etc/nginx/conf.d + - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d expose: - 80 environment: @@ -36,7 +37,7 @@ services: container_name: webircgateway restart: unless-stopped volumes: - - ${VOLUMES_FOLDER}/irc/webircgateway/config.conf:/app/config.conf:ro + - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro expose: - 80 environment: @@ -50,10 +51,10 @@ services: container_name: kiwiirc restart: unless-stopped volumes: - - ${VOLUMES_FOLDER}/irc/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro - - ${VOLUMES_FOLDER}/irc/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro - - ${VOLUMES_FOLDER}/irc/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro - - ${VOLUMES_FOLDER}/irc/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro + - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro + - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro + - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro + - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro expose: - 80 environment: @@ -64,7 +65,7 @@ services: image: httpd:alpine restart: unless-stopped volumes: - - ${VOLUMES_FOLDER}/irc/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro + - ${LOCAL_STACK_DIR}/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro expose: - "80" environment: diff --git a/reverseproxy/Dockerfile b/reverseproxy/Dockerfile new file mode 100644 index 0000000..8fee600 --- /dev/null +++ b/reverseproxy/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx:stable-alpine + +COPY root/ / + +CMD ["./start.sh"] diff --git a/reverseproxy/root/defaults/default.conf b/reverseproxy/root/defaults/default.conf new file mode 100644 index 0000000..cd651b0 --- /dev/null +++ b/reverseproxy/root/defaults/default.conf @@ -0,0 +1,87 @@ +# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the +# scheme used to connect to this server +map $http_x_forwarded_proto $proxy_x_forwarded_proto { + default $http_x_forwarded_proto; + '' $scheme; +} +# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the +# server port the client connected to +map $http_x_forwarded_port $proxy_x_forwarded_port { + default $http_x_forwarded_port; + '' $server_port; +} +# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any +# Connection header that may have been passed to this server +map $http_upgrade $proxy_connection { + default upgrade; + '' close; +} +# Apply fix for very long server names +server_names_hash_bucket_size 128; +# Default dhparam +# Set appropriate X-Forwarded-Ssl header +map $scheme $proxy_x_forwarded_ssl { + default off; + https on; +} +gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; +log_format vhost '$host $remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; +access_log off; +# HTTP 1.1 support +proxy_http_version 1.1; +proxy_buffering off; +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; +proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; +# Mitigate httpoxy attack +proxy_set_header Proxy ""; + +server { + server_name _; # This is just an invalid value which will never trigger on a real hostname. + listen 80; + access_log /var/log/nginx/access.log vhost; + return 503; +} + +upstream kiwiirc { + # Cannot connect to network of this container + server 127.0.0.1 down; + ## Can be connected with the network + server kiwiirc:80; +} + +upstream znc { + # Cannot connect to network of this container + server 127.0.0.1 down; + ## Can be connected with the network + server znc:8080; +} + +upstream webircgateway { + # Cannot connect to network of this container + server 127.0.0.1 down; + ## Can be connected with the network + server webircgateway:80; +} + +server { + server_name irc.eracolatore.tk; + listen 80 ; + access_log /var/log/nginx/access.log vhost; + location / { + proxy_pass http://kiwiirc; + } + location /znc/ { + proxy_pass http://znc/znc/; + } + location /webirc/ { + proxy_pass http://webircgateway/webirc/; + } +} diff --git a/reverseproxy/root/start.sh b/reverseproxy/root/start.sh new file mode 100755 index 0000000..272848f --- /dev/null +++ b/reverseproxy/root/start.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +if [ ! -e /etc/nginx/conf.d/default.conf ]; then + echo "Configuration file not found. Generating it..." + cp /defaults/nginx-default.conf /etc/nginx/conf.d/default.conf +else + echo "Configuration file found. Not touching it..." +fi + +nginx -g daemon off;