remove HTML_ROOT & update readme

Reviewed-on: #4

.env.sample

@@ -13,7 +13,8 @@ COMPOSE_FILE="compose.yml"
 # Git-pull regularly
 #COMPOSE_FILE="$COMPOSE_FILE:compose.git-pull.yml"
 #GIT_REPO_URL="https://git.coopcloud.tech/dalmationer/hexbomb.gay"
-#CRON_SCHEDULE="*/1 * * * *"
+#GIT_BRANCH=main
+#CRON_SCHEDULE="*/10 * * * *" # Default: every 10 minutes
 
 # Optionally redirect the entire domain or a sub-path:
 # path under which you want to redirect all URLs (with trailing slash):
@@ -25,4 +26,12 @@ COMPOSE_FILE="compose.yml"
 #REDIRECT_TYPE=permanent
 
 # Optionally handle all URL requests using a single file (commonly index.html)
-#SINGLE_PAGE_SITE_HANDLER=/index.html
+#SINGLE_PAGE_SITE_HANDLER=/index.html
+
+# Optionally redirect URL requests if not file is found for the requested path
+# FALLBACK_REDIRECT_URL=https://coopcloud.tech/
+# FALLBACK_REDIRECT_TYPE=302
+
+# Enable an SSH server to allow SFTP uploads to the web root
+#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
+#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate

README.md

@@ -28,5 +28,84 @@ Custom HTML website, served using Nginx.
 abra app cp YOURAPPDOMAIN index.html app:/usr/share/nginx/html
 ```
 
+## Downloading and auto-updating from a Git repository
+
+To automatically pull website contents from a Git repository on a schedule:
+
+1. `abra app config YOURAPPDOMAIN`
+2. Add or uncomment these lines and configure your repository and update schedule:
+```
+COMPOSE_FILE="$COMPOSE_FILE:compose.git-pull.yml"
+GIT_REPO_URL="https://git.coopcloud.tech/yourorg/yourrepo"
+GIT_BRANCH=main
+CRON_SCHEDULE="*/10 * * * *"  # Default: every 10 minutes
+```
+3. `abra app deploy YOURAPPDOMAIN`
+4. As the git-pull service has `replicas: 0` in `compose.git-pull.yml` and doesn't run by itself. It requires either:
+- Deploying an instance of the [`coop-cloud/swarm-cronjob`] recipe on your server, OR
+- A manual cronjob on the server running: `docker service scale <app_domain_tld>_git=1`
+
+## Allowing upload via SSH/SFTP
+To allow management of your site's files using scp, rsync or other SSH-based tools:
+1. If you don't already have one, generate an SSH keypair using `ssh-keygen`
+1. `abra app config YOURAPPDOMAIN`
+2. Uncomment these lines and add your public key:
+```
+#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
+#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate
+```
+3. `abra app undeploy YOURAPPDOMAIN`
+3. `abra app deploy YOURAPPDOMAIN`
+4. Test the SSH connection: `ssh -p 2220 sftp@YOURAPPDOMAIN`
+5. You can copy local files into the server's web root with a command like: `scp -r -P 2220 * sftp@YOURAPPDOMAIN:/content`
+
+## Redirect options
+
+### Full redirect (of all URLs under specific path)
+
+To redirect the entire domain or a specific path to another URL:
+
+1. `abra app config YOURAPPDOMAIN`
+2. Add or uncomment these lines:
+```
+REDIRECT_FROM_PATH=/  # Path to redirect from (with trailing slash)
+REDIRECT_TO_URL=https://example.com/website/  # Target URL (with trailing slash)
+REDIRECT_TYPE=redirect  # Use "redirect" (for HTTP 302) or "permanent" (for 301)
+```
+3. `abra app deploy YOURAPPDOMAIN`
+
+This will redirect all requests matching `REDIRECT_FROM_PATH` to `REDIRECT_TO_URL`, carrying over the path. For example, `/blog/post` would redirect to `https://example.com/website/blog/post`.
+
+### Fallback redirect for paths not matching a file
+
+To serve static files normally but redirect requests for all non-existent paths to a dynamic site:
+
+1. `abra app config YOURAPPDOMAIN`
+2. Add or uncomment these lines:
+```
+FALLBACK_REDIRECT_URL=https://dynamic-site.example.com
+FALLBACK_REDIRECT_TYPE=302
+```
+3. `abra app deploy YOURAPPDOMAIN`
+
+This is useful for serving a static site alongside a dynamic one (that is running on a different [sub]domain) on the same domain. Existing static files are served directly, while missing URLs are redirected to the dynamic site with the full path preserved.
+
+### Single-page application (SPA) handler
+
+Similarly, to serve all non-existent paths with a single HTML file (common for React, Vue, etc.):
+
+1. `abra app config YOURAPPDOMAIN`
+2. Add or uncomment this line:
+```
+SINGLE_PAGE_SITE_HANDLER=/index.html
+```
+3. `abra app deploy YOURAPPDOMAIN`
+
+This will serve the contents `/index.html` (as a rewrite rather than a redirect) for any route that doesn't match an existing file, allowing client-side routing to work properly.
+
+**Note:** `FALLBACK_REDIRECT_URL` and `SINGLE_PAGE_SITE_HANDLER` are mutually exclusive options.
+
+
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
+[`coop-cloud/swarm-cronjob`]: https://git.coopcloud.tech/coop-cloud/swarm-cronjob

abra.sh

@@ -1,2 +1,2 @@
-export NGINX_DEFAULT_CONF_VERSION=v6
-export ENTRYPOINT_CONF_VERSION=v3
+export NGINX_DEFAULT_CONF_VERSION=v11
+export ENTRYPOINT_CONF_VERSION=v4

compose.git-pull.yml

@@ -3,7 +3,7 @@ services:
   git:
     environment:
       - GIT_REPO_URL
-    image: alpine/git:v2.47.2
+    image: alpine/git:v2.49.1
     entrypoint: /docker-entrypoint.sh
     volumes:
       - content:/git

compose.sftp.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  ssh:
+    image: lscr.io/linuxserver/openssh-server:latest
+    networks:
+      - proxy
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - USER_NAME=sftp
+      - PUBLIC_KEY
+    volumes:
+      - content:/content:rw
+    ports:
+      - 2220:2222
+    deploy:
+      restart_policy:
+        condition: on-failure
+  # The following is an admittedly hacky way of setting the owner
+  # of the `content` volume to the unprivileged `sftp` user, so
+  # that content can be transferred through the unprivileged sshd process
+  # using `scp` etc.
+  sshstart:
+    image: lscr.io/linuxserver/openssh-server:latest
+    user: root
+    depends_on:
+      - ssh
+    deploy:
+      restart_policy:
+        condition: none
+    volumes:
+      - content:/content:rw
+    entrypoint: [ "bash", "-c", "sleep 10 && chown -R 1000:1000 /content"]
+
+volumes:
+  content:
+
+networks:
+  proxy:
+    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.28.0
+    image: nginx:1.29.0
     networks:
       - proxy
     deploy:
@@ -19,7 +19,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=1.9.0+1.28.0"
+        - "coop-cloud.${STACK_NAME}.version=1.11.0+1.29.0"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/usr/share/nginx/html"
     environment:
@@ -27,6 +27,8 @@ services:
       - REDIRECT_FROM_PATH
       - REDIRECT_TO_URL
       - REDIRECT_TYPE
+      - FALLBACK_REDIRECT_URL
+      - FALLBACK_REDIRECT_TYPE
     volumes:
       - content:/usr/share/nginx/html
     configs:

default.conf.tmpl

@@ -10,18 +10,32 @@ server {
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
-       
+
         {{ if env "REDIRECT_TO_URL" }}
             rewrite ^{{ env "REDIRECT_FROM_PATH" }}(.*)$ {{ env "REDIRECT_TO_URL" }}$1 {{ env "REDIRECT_TYPE" }}; 
         {{ end }}
 
-        {{ if env "SINGLE_PAGE_SITE_HANDLER" }}
-		try_files $uri $uri/ {{ env "SINGLE_PAGE_SITE_HANDLER" }} =404;
+        {{ if env "FALLBACK_REDIRECT_URL" }}
+            # redirect unknown URLs (no matching files) to other address
+            try_files $uri $uri/ @fallback_redirect;
         {{ else }}
-        try_files $uri $uri/ $uri.html =404;
+            {{ if env "SINGLE_PAGE_SITE_HANDLER" }}
+                # serve SPA handler 
+                try_files $uri $uri/ {{ env "SINGLE_PAGE_SITE_HANDLER" }} =404;
+            {{ else }}
+                # serve static files or regular 404 as usual
+                try_files $uri $uri/ $uri.html =404;
+            {{ end }}
         {{ end }}
     }
 
+    {{ if env "FALLBACK_REDIRECT_URL" }}
+    location @fallback_redirect {
+        return {{ env "FALLBACK_REDIRECT_TYPE" }} {{ env "FALLBACK_REDIRECT_URL" }}$request_uri;
+    }
+    {{ end }}
+
+    # Standard static 404 error page
     error_page  404              /404.html;
     location = /404.html {
         root   /usr/share/nginx/html;

entrypoint.git-pull.sh

@@ -4,7 +4,7 @@ if [ ! -d /git/.git ]; then
 	echo "No repo found, emptying /git/ directory"
 	rm -r /git/*
 	echo "Cloning $GIT_REPO_URL into /git"
-	git clone "$GIT_REPO_URL" /git
+	git clone -b "$GIT_BRANCH" --single-branch "$GIT_REPO_URL" /git
 else
 	echo "Updating /git"
 	git pull

release/1.10.0+1.28.0

@@ -0,0 +1 @@
+Adds optional sftp support