Added reverse-proxy default config and added LOCAL_STACK_DIR variable

master
Meliurwen 4 years ago
parent 0edc8f3d1e
commit 0c46bea504
Signed by: meliurwen
GPG Key ID: 818A8B35E9F1CE10
  1. 3
      .env.example
  2. 21
      docker-compose.yml
  3. 5
      reverseproxy/Dockerfile
  4. 87
      reverseproxy/root/defaults/default.conf
  5. 10
      reverseproxy/root/start.sh

@ -1,4 +1,5 @@
VOLUMES_FOLDER=/srv/docker/volumes LOCAL_VOLUMES_DIR=/srv/docker/volumes
LOCAL_STACK_DIR=${LOCAL_VOLUMES_DIR}/irc
TZ=Europe/Berlin TZ=Europe/Berlin

@ -6,8 +6,8 @@ services:
container_name: znc container_name: znc
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUMES_FOLDER}/irc/znc/config:/config - ${LOCAL_STACK_DIR}/znc/config:/config
- ${VOLUMES_FOLDER}/irc/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf
ports: ports:
- "6501:6501" - "6501:6501"
environment: environment:
@ -16,11 +16,12 @@ services:
- TZ=${TZ} - TZ=${TZ}
nginx-reverseproxy-irc: nginx-reverseproxy-irc:
image: nginx:stable-alpine build:
context: reverseproxy/
container_name: nginx-reverseproxy-irc container_name: nginx-reverseproxy-irc
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUMES_FOLDER}/irc/nginx/data/conf.d:/etc/nginx/conf.d - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d
expose: expose:
- 80 - 80
environment: environment:
@ -36,7 +37,7 @@ services:
container_name: webircgateway container_name: webircgateway
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUMES_FOLDER}/irc/webircgateway/config.conf:/app/config.conf:ro - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro
expose: expose:
- 80 - 80
environment: environment:
@ -50,10 +51,10 @@ services:
container_name: kiwiirc container_name: kiwiirc
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUMES_FOLDER}/irc/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro
- ${VOLUMES_FOLDER}/irc/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro
- ${VOLUMES_FOLDER}/irc/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro
- ${VOLUMES_FOLDER}/irc/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro
expose: expose:
- 80 - 80
environment: environment:
@ -64,7 +65,7 @@ services:
image: httpd:alpine image: httpd:alpine
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUMES_FOLDER}/irc/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro - ${LOCAL_STACK_DIR}/znc/config/moddata/log:/usr/local/apache2/htdocs/logs:ro
expose: expose:
- "80" - "80"
environment: environment:

@ -0,0 +1,5 @@
FROM nginx:stable-alpine
COPY root/ /
CMD ["./start.sh"]

@ -0,0 +1,87 @@
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
upstream kiwiirc {
# Cannot connect to network of this container
server 127.0.0.1 down;
## Can be connected with the network
server kiwiirc:80;
}
upstream znc {
# Cannot connect to network of this container
server 127.0.0.1 down;
## Can be connected with the network
server znc:8080;
}
upstream webircgateway {
# Cannot connect to network of this container
server 127.0.0.1 down;
## Can be connected with the network
server webircgateway:80;
}
server {
server_name irc.eracolatore.tk;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
location / {
proxy_pass http://kiwiirc;
}
location /znc/ {
proxy_pass http://znc/znc/;
}
location /webirc/ {
proxy_pass http://webircgateway/webirc/;
}
}

@ -0,0 +1,10 @@
#!/bin/sh
if [ ! -e /etc/nginx/conf.d/default.conf ]; then
echo "Configuration file not found. Generating it..."
cp /defaults/nginx-default.conf /etc/nginx/conf.d/default.conf
else
echo "Configuration file found. Not touching it..."
fi
nginx -g daemon off;
Loading…
Cancel
Save