Added reverse-proxy default config and added LOCAL_STACK_DIR variable

.env.example

@@ -1,4 +1,5 @@
-VOLUMES_FOLDER=/srv/docker/volumes
+LOCAL_VOLUMES_DIR=/srv/docker/volumes
+LOCAL_STACK_DIR=${LOCAL_VOLUMES_DIR}/irc
 
 TZ=Europe/Berlin
 

docker-compose.yml

@@ -6,8 +6,8 @@ services:
     container_name: znc
     restart: unless-stopped
     volumes:
-      - ${VOLUMES_FOLDER}/irc/znc/config:/config
+      - ${LOCAL_STACK_DIR}/znc/config:/config
-      - ${VOLUMES_FOLDER}/irc/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf
+      - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf
     ports:
       - "6501:6501"
     environment:
@@ -16,11 +16,12 @@ services:
       - TZ=${TZ}
 
   nginx-reverseproxy-irc:
-    image: nginx:stable-alpine
+    build:
+      context: reverseproxy/
     container_name: nginx-reverseproxy-irc
     restart: unless-stopped
     volumes:
-      - ${VOLUMES_FOLDER}/irc/nginx/data/conf.d:/etc/nginx/conf.d
+      - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d
     expose:
       - 80
     environment:
@@ -36,7 +37,7 @@ services:
     container_name: webircgateway
     restart: unless-stopped
     volumes:
-      - ${VOLUMES_FOLDER}/irc/webircgateway/config.conf:/app/config.conf:ro
+      - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro
     expose:
       - 80
     environment:
@@ -50,10 +51,10 @@ services:
     container_name: kiwiirc
     restart: unless-stopped
     volumes:
-      - ${VOLUMES_FOLDER}/irc/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro
-      - ${VOLUMES_FOLDER}/irc/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro
-      - ${VOLUMES_FOLDER}/irc/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro
-      - ${VOLUMES_FOLDER}/irc/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro
     expose:
       - 80
     environment:
@@ -64,7 +65,7 @@ services:
     image: httpd:alpine
     restart: unless-stopped
     volumes:
-      - ${VOLUMES_FOLDER}/irc/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro
+      - ${LOCAL_STACK_DIR}/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro
     expose:
       - "80"
     environment:

reverseproxy/Dockerfile

@@ -0,0 +1,5 @@
+FROM nginx:stable-alpine
+
+COPY root/ /
+
+CMD ["./start.sh"]

reverseproxy/root/defaults/default.conf

@@ -0,0 +1,87 @@
+# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
+# scheme used to connect to this server
+map $http_x_forwarded_proto $proxy_x_forwarded_proto {
+  default $http_x_forwarded_proto;
+  ''      $scheme;
+}
+# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
+# server port the client connected to
+map $http_x_forwarded_port $proxy_x_forwarded_port {
+  default $http_x_forwarded_port;
+  ''      $server_port;
+}
+# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
+# Connection header that may have been passed to this server
+map $http_upgrade $proxy_connection {
+  default upgrade;
+  '' close;
+}
+# Apply fix for very long server names
+server_names_hash_bucket_size 128;
+# Default dhparam
+# Set appropriate X-Forwarded-Ssl header
+map $scheme $proxy_x_forwarded_ssl {
+  default off;
+  https on;
+}
+gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+                 '"$request" $status $body_bytes_sent '
+                 '"$http_referer" "$http_user_agent"';
+access_log off;
+# HTTP 1.1 support
+proxy_http_version 1.1;
+proxy_buffering off;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $proxy_connection;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
+proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
+# Mitigate httpoxy attack
+proxy_set_header Proxy "";
+
+server {
+        server_name _; # This is just an invalid value which will never trigger on a real hostname.
+        listen 80;
+        access_log /var/log/nginx/access.log vhost;
+        return 503;
+}
+
+upstream kiwiirc {
+        # Cannot connect to network of this container
+        server 127.0.0.1 down;
+        ## Can be connected with the network
+        server kiwiirc:80;
+}
+
+upstream znc {
+        # Cannot connect to network of this container
+        server 127.0.0.1 down;
+        ## Can be connected with the network
+        server znc:8080;
+}
+
+upstream webircgateway {
+        # Cannot connect to network of this container
+        server 127.0.0.1 down;
+        ## Can be connected with the network
+        server webircgateway:80;
+}
+
+server {
+        server_name irc.eracolatore.tk;
+        listen 80 ;
+        access_log /var/log/nginx/access.log vhost;
+        location / {
+                proxy_pass http://kiwiirc;
+        }
+        location /znc/ {
+                proxy_pass http://znc/znc/;
+        }
+        location /webirc/ {
+                proxy_pass http://webircgateway/webirc/;
+        }
+}

reverseproxy/root/start.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ ! -e /etc/nginx/conf.d/default.conf ]; then
+    echo "Configuration file not found. Generating it..."
+    cp /defaults/nginx-default.conf /etc/nginx/conf.d/default.conf
+else
+    echo "Configuration file found. Not touching it..."
+fi
+
+nginx -g daemon off;