Fully functional release

.env.example

@@ -0,0 +1,8 @@
+# Networks
+NETWORK=
+
+# Reverse Proxy
+MYIP_IMG=
+MYIP_TAG=
+MYIP_CONTAINER_NAME=
+MYIP_RESTART=

.gitignore

@@ -0,0 +1 @@
+*.env

docker-compose.yml

@@ -0,0 +1,20 @@
+version: '3'
+
+services:
+  nginx:
+    build:
+      context: nginx/.
+      args:
+        - IMAGE=${MYIP_IMG:-nginx}
+        - TAG=${MYIP_TAG:-alpine}
+    container_name: ${MYIP_CONTAINER_NAME:-myip-nginx}
+    restart: ${MYIP_RESTART:-unless-stopped}
+    expose:
+      - 80
+    env_file:
+      - nginx.env
+
+networks:
+  default:
+    external:
+      name: ${NETWORK:-webservices}

nginx.env.example

@@ -0,0 +1,13 @@
+# Domain name used for myip (this parameter is required)
+# Note: issue the domain NAME only
+# CORRECT -> sub.domain.tld
+# WRONG   -> http://sub.domain.tld
+MYIP_HOSTNAME=
+
+NGINX_LISTEN_PORT=80
+
+# Reverse-proxy and certbot
+VIRTUAL_HOST=domain.tld
+VIRTUAL_PORT=80
+LETSENCRYPT_HOST=domain.tld
+LETSENCRYPT_EMAIL=user@domain.tld

nginx/Dockerfile

@@ -0,0 +1,13 @@
+ARG IMAGE
+ARG TAG
+
+FROM ${IMAGE}:${TAG}
+
+LABEL maintainer="Meliurwen <meliruwen@gmail.com>"
+
+COPY root/ /
+
+ENV MYIP_HOSTNAME=
+ENV NGINX_LISTEN_PORT=80
+
+ENTRYPOINT ["/entrypoint.sh"]

nginx/root/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Exit at first error
+set -e
+
+# Fill the varibles in myip.template and put the result in default.conf
+envsubst "`env | awk -F = '{printf \" $$%s\", $$1}'`" <  \
+         /etc/nginx/conf.d/myip.template > \
+         /etc/nginx/conf.d/default.conf
+
+cat /etc/nginx/conf.d/default.conf
+
+nginx -g 'daemon off;'

nginx/root/etc/nginx/conf.d/myip.template

@@ -0,0 +1,43 @@
+# Apply fix for very long server names
+server_names_hash_bucket_size 128;
+
+log_format vhost '$host $remote_addr - $remote_user [$time_local] '
+                 '"$request" $status $body_bytes_sent '
+                 '"$http_referer" "$http_user_agent"';
+access_log off;
+
+server {
+    # This is a catch-all hostname (it will never trigger on a real hostname).
+    # If an access by IP or by an unhandled domain linking to this IP is tried,
+    # a 503 response will be issued.
+    # See: https://nginx.org/en/docs/http/server_names.html
+    server_name _;
+    listen 80;
+    access_log /var/log/nginx/access.log vhost;
+    return 503;
+}
+
+server {
+    listen ${NGINX_LISTEN_PORT};
+    server_name ${MYIP_HOSTNAME};
+
+    # Disable uploads
+    # TODO: check if this directive makes sense in this context
+    client_max_body_size 1k;
+
+    # Disable do not add the server version in the header
+    server_tokens off;
+
+    # Disables keepalive connections.
+    # See: https://nginx.org/en/docs/http/ngx_http_core_module.html
+    keepalive_requests 0;
+    keepalive_timeout 0;
+
+    # Disable cache
+    expires -1;
+
+    location / {
+        default_type text/plain;
+        return 200 $remote_addr;
+    }
+}

nginx/root/etc/nginx/conf.d/realip.conf

@@ -0,0 +1,14 @@
+# Real IP Settings
+# This option get user's real ip address
+# to be fowared to your service container
+
+# The option 'set_real_ip_from'
+# must correspont to your docker network address
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 192.168.0.0/16;
+
+# Header for Real IP Address
+real_ip_header X-Forwarded-For;
+#real_ip_header    X-Real-IP;
+real_ip_recursive on;