commit 5a220be50cd796616a5ca72730ae4c46bfc64571 Author: meliurwen Date: Wed Mar 17 20:53:18 2021 +0100 Fully functional release diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..cbf5ee6 --- /dev/null +++ b/.env.example @@ -0,0 +1,8 @@ +# Networks +NETWORK= + +# Reverse Proxy +MYIP_IMG= +MYIP_TAG= +MYIP_CONTAINER_NAME= +MYIP_RESTART= diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..03bd412 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.env diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..239daaa --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,20 @@ +version: '3' + +services: + nginx: + build: + context: nginx/. + args: + - IMAGE=${MYIP_IMG:-nginx} + - TAG=${MYIP_TAG:-alpine} + container_name: ${MYIP_CONTAINER_NAME:-myip-nginx} + restart: ${MYIP_RESTART:-unless-stopped} + expose: + - 80 + env_file: + - nginx.env + +networks: + default: + external: + name: ${NETWORK:-webservices} diff --git a/nginx.env.example b/nginx.env.example new file mode 100644 index 0000000..a3d2316 --- /dev/null +++ b/nginx.env.example @@ -0,0 +1,13 @@ +# Domain name used for myip (this parameter is required) +# Note: issue the domain NAME only +# CORRECT -> sub.domain.tld +# WRONG -> http://sub.domain.tld +MYIP_HOSTNAME= + +NGINX_LISTEN_PORT=80 + +# Reverse-proxy and certbot +VIRTUAL_HOST=domain.tld +VIRTUAL_PORT=80 +LETSENCRYPT_HOST=domain.tld +LETSENCRYPT_EMAIL=user@domain.tld diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 0000000..245e926 --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,13 @@ +ARG IMAGE +ARG TAG + +FROM ${IMAGE}:${TAG} + +LABEL maintainer="Meliurwen " + +COPY root/ / + +ENV MYIP_HOSTNAME= +ENV NGINX_LISTEN_PORT=80 + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/nginx/root/entrypoint.sh b/nginx/root/entrypoint.sh new file mode 100755 index 0000000..3f52214 --- /dev/null +++ b/nginx/root/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Exit at first error +set -e + +# Fill the varibles in myip.template and put the result in default.conf +envsubst "`env | awk -F = '{printf \" $$%s\", $$1}'`" < \ + /etc/nginx/conf.d/myip.template > \ + /etc/nginx/conf.d/default.conf + +cat /etc/nginx/conf.d/default.conf + +nginx -g 'daemon off;' diff --git a/nginx/root/etc/nginx/conf.d/myip.template b/nginx/root/etc/nginx/conf.d/myip.template new file mode 100644 index 0000000..4a56715 --- /dev/null +++ b/nginx/root/etc/nginx/conf.d/myip.template @@ -0,0 +1,43 @@ +# Apply fix for very long server names +server_names_hash_bucket_size 128; + +log_format vhost '$host $remote_addr - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; +access_log off; + +server { + # This is a catch-all hostname (it will never trigger on a real hostname). + # If an access by IP or by an unhandled domain linking to this IP is tried, + # a 503 response will be issued. + # See: https://nginx.org/en/docs/http/server_names.html + server_name _; + listen 80; + access_log /var/log/nginx/access.log vhost; + return 503; +} + +server { + listen ${NGINX_LISTEN_PORT}; + server_name ${MYIP_HOSTNAME}; + + # Disable uploads + # TODO: check if this directive makes sense in this context + client_max_body_size 1k; + + # Disable do not add the server version in the header + server_tokens off; + + # Disables keepalive connections. + # See: https://nginx.org/en/docs/http/ngx_http_core_module.html + keepalive_requests 0; + keepalive_timeout 0; + + # Disable cache + expires -1; + + location / { + default_type text/plain; + return 200 $remote_addr; + } +} diff --git a/nginx/root/etc/nginx/conf.d/realip.conf b/nginx/root/etc/nginx/conf.d/realip.conf new file mode 100644 index 0000000..7203bef --- /dev/null +++ b/nginx/root/etc/nginx/conf.d/realip.conf @@ -0,0 +1,14 @@ +# Real IP Settings +# This option get user's real ip address +# to be fowared to your service container + +# The option 'set_real_ip_from' +# must correspont to your docker network address +set_real_ip_from 172.16.0.0/12; +set_real_ip_from 10.0.0.0/8; +set_real_ip_from 192.168.0.0/16; + +# Header for Real IP Address +real_ip_header X-Forwarded-For; +#real_ip_header X-Real-IP; +real_ip_recursive on;