Don't clobber Traefik's service name for SSO

[ci skip]

.drone.yml

@@ -3,37 +3,27 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
   - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
     settings:
       host: swarm-test.autonomic.zone
       stack: custom_html
       purge: true
-      networks:
-        - proxy
       deploy_key:
         from_secret: drone_ssh_swarm_test
     environment:
       DOMAIN: custom-html.swarm-test.autonomic.zone
       STACK_NAME: custom_html
       LETS_ENCRYPT_ENV: production
-      NGINX_DEFAULT_CONF_VERSION: v1
-      ENTRYPOINT_CONF_VERSION: v1
 trigger:
   branch:
     - main
 ---
 kind: pipeline
-name: generate recipe catalogue
+name: recipe release
 steps:
   - name: release a new version
-    image: plugins/downstream
+    image: thecoopcloud/drone-abra:latest
     settings:
-      server: https://build.coopcloud.tech
+      command: recipe custom-html release
-      token:
+      deploy_key:
-        from_secret: drone_abra-bot_token
+        from_secret: abra_bot_deploy_key
-      fork: true
-      repositories:
-        - toolshed/auto-recipes-catalogue-json
-
-trigger:
-  event: tag

.env.sample

@@ -9,29 +9,3 @@ COMPOSE_FILE="compose.yml"
 
 # Single Sign On via Traefik "file provider"
 #COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
-
-# Git-pull regularly
-#COMPOSE_FILE="$COMPOSE_FILE:compose.git-pull.yml"
-#GIT_REPO_URL="https://git.coopcloud.tech/dalmationer/hexbomb.gay"
-#GIT_BRANCH=main
-#CRON_SCHEDULE="*/10 * * * *" # Default: every 10 minutes
-
-# Optionally redirect the entire domain or a sub-path:
-# path under which you want to redirect all URLs (with trailing slash):
-#REDIRECT_FROM_PATH=/
-# full URL of target domain (and optionally path) with trailing slash:
-#REDIRECT_TO_URL=https://coopcloud.tech/
-# temporary or permanent redirect? (uncomment one)
-#REDIRECT_TYPE=redirect
-#REDIRECT_TYPE=permanent
-
-# Optionally handle all URL requests using a single file (commonly index.html)
-#SINGLE_PAGE_SITE_HANDLER=/index.html
-
-# Optionally redirect URL requests if not file is found for the requested path
-# FALLBACK_REDIRECT_URL=https://coopcloud.tech/
-# FALLBACK_REDIRECT_TYPE=302
-
-# Enable an SSH server to allow SFTP uploads to the web root
-#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
-#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate

README.md

@@ -1,11 +1,9 @@
 # Custom HTML
 
-[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/custom-html/status.svg)](https://build.coopcloud.tech/coop-cloud/custom-html)
-
 Custom HTML website, served using Nginx.
 
 <!-- metadata -->
-* **Category**: Development
+* **Category**: Apps
 * **Status**: 2, beta
 * **Image**: [`nginx`](https://hub.docker.com/_/nginx), 4, upstream
 * **Healthcheck**: No
@@ -20,92 +18,13 @@ Custom HTML website, served using Nginx.
 1. Set up Docker Swarm and [`abra`]
 2. Deploy [`coop-cloud/traefik`]
 3. `abra app new custom-html`
-4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
+4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app deploy YOURAPPDOMAIN`
+5. `abra app YOURAPPDOMAIN deploy`
 6. Copy your files to the container, using something like
 ```
-abra app cp YOURAPPDOMAIN index.html app:/usr/share/nginx/html
+abra app YOURAPPDOMAIN cp index.html app:/usr/share/nginx/html
 ```
 
-## Downloading and auto-updating from a Git repository
-
-To automatically pull website contents from a Git repository on a schedule:
-
-1. `abra app config YOURAPPDOMAIN`
-2. Add or uncomment these lines and configure your repository and update schedule:
-```
-COMPOSE_FILE="$COMPOSE_FILE:compose.git-pull.yml"
-GIT_REPO_URL="https://git.coopcloud.tech/yourorg/yourrepo"
-GIT_BRANCH=main
-CRON_SCHEDULE="*/10 * * * *"  # Default: every 10 minutes
-```
-3. `abra app deploy YOURAPPDOMAIN`
-4. As the git-pull service has `replicas: 0` in `compose.git-pull.yml` and doesn't run by itself. It requires either:
-- Deploying an instance of the [`coop-cloud/swarm-cronjob`] recipe on your server, OR
-- A manual cronjob on the server running: `docker service scale <app_domain_tld>_git=1`
-
-## Allowing upload via SSH/SFTP
-To allow management of your site's files using scp, rsync or other SSH-based tools:
-1. If you don't already have one, generate an SSH keypair using `ssh-keygen`
-1. `abra app config YOURAPPDOMAIN`
-2. Uncomment these lines and add your public key:
-```
-#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
-#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate
-```
-3. `abra app undeploy YOURAPPDOMAIN`
-3. `abra app deploy YOURAPPDOMAIN`
-4. Test the SSH connection: `ssh -p 2220 sftp@YOURAPPDOMAIN`
-5. You can copy local files into the server's web root with a command like: `scp -r -P 2220 * sftp@YOURAPPDOMAIN:/content`
-
-## Redirect options
-
-### Full redirect (of all URLs under specific path)
-
-To redirect the entire domain or a specific path to another URL:
-
-1. `abra app config YOURAPPDOMAIN`
-2. Add or uncomment these lines:
-```
-REDIRECT_FROM_PATH=/  # Path to redirect from (with trailing slash)
-REDIRECT_TO_URL=https://example.com/website/  # Target URL (with trailing slash)
-REDIRECT_TYPE=redirect  # Use "redirect" (for HTTP 302) or "permanent" (for 301)
-```
-3. `abra app deploy YOURAPPDOMAIN`
-
-This will redirect all requests matching `REDIRECT_FROM_PATH` to `REDIRECT_TO_URL`, carrying over the path. For example, `/blog/post` would redirect to `https://example.com/website/blog/post`.
-
-### Fallback redirect for paths not matching a file
-
-To serve static files normally but redirect requests for all non-existent paths to a dynamic site:
-
-1. `abra app config YOURAPPDOMAIN`
-2. Add or uncomment these lines:
-```
-FALLBACK_REDIRECT_URL=https://dynamic-site.example.com
-FALLBACK_REDIRECT_TYPE=302
-```
-3. `abra app deploy YOURAPPDOMAIN`
-
-This is useful for serving a static site alongside a dynamic one (that is running on a different [sub]domain) on the same domain. Existing static files are served directly, while missing URLs are redirected to the dynamic site with the full path preserved.
-
-### Single-page application (SPA) handler
-
-Similarly, to serve all non-existent paths with a single HTML file (common for React, Vue, etc.):
-
-1. `abra app config YOURAPPDOMAIN`
-2. Add or uncomment this line:
-```
-SINGLE_PAGE_SITE_HANDLER=/index.html
-```
-3. `abra app deploy YOURAPPDOMAIN`
-
-This will serve the contents `/index.html` (as a rewrite rather than a redirect) for any route that doesn't match an existing file, allowing client-side routing to work properly.
-
-**Note:** `FALLBACK_REDIRECT_URL` and `SINGLE_PAGE_SITE_HANDLER` are mutually exclusive options.
-
-
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
-[`coop-cloud/swarm-cronjob`]: https://git.coopcloud.tech/coop-cloud/swarm-cronjob

abra.sh

@@ -1,2 +1 @@
-export NGINX_DEFAULT_CONF_VERSION=v11
+export NGINX_DEFAULT_CONF_VERSION=v1
-export ENTRYPOINT_CONF_VERSION=v4

compose.git-pull.yml

@@ -1,26 +0,0 @@
-version: "3.8"
-services:
-  git:
-    environment:
-      - GIT_REPO_URL
-    image: alpine/git:v2.49.1
-    entrypoint: /docker-entrypoint.sh
-    volumes:
-      - content:/git
-    configs:
-      - source: entrypoint_conf
-        target: /docker-entrypoint.sh
-        mode: 0555
-    deploy:
-      mode: replicated
-      replicas: 0
-      labels:
-        - "swarm.cronjob.enable=true"
-        - "swarm.cronjob.schedule=${CRON_SCHEDULE:-*/5 * * * *}"
-      restart_policy:
-        condition: none
-
-configs:
-  entrypoint_conf:
-    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
-    file: entrypoint.git-pull.sh

compose.sftp.yml

@@ -1,41 +0,0 @@
-version: "3.8"
-services:
-  ssh:
-    image: lscr.io/linuxserver/openssh-server:latest
-    networks:
-      - proxy
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Etc/UTC
-      - USER_NAME=sftp
-      - PUBLIC_KEY
-    volumes:
-      - content:/content:rw
-    ports:
-      - 2220:2222
-    deploy:
-      restart_policy:
-        condition: on-failure
-  # The following is an admittedly hacky way of setting the owner
-  # of the `content` volume to the unprivileged `sftp` user, so
-  # that content can be transferred through the unprivileged sshd process
-  # using `scp` etc.
-  sshstart:
-    image: lscr.io/linuxserver/openssh-server:latest
-    user: root
-    depends_on:
-      - ssh
-    deploy:
-      restart_policy:
-        condition: none
-    volumes:
-      - content:/content:rw
-    entrypoint: [ "bash", "-c", "sleep 10 && chown -R 1000:1000 /content"]
-
-volumes:
-  content:
-
-networks:
-  proxy:
-    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.29.0
+    image: nginx:1.21.3
     networks:
       - proxy
     deploy:
@@ -19,16 +19,9 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=1.11.0+1.29.0"
+        - "coop-cloud.${STACK_NAME}.version=1.1.0+1.21.3"
-        - "backupbot.backup=true"
-        - "backupbot.backup.path=/usr/share/nginx/html"
     environment:
-      - DEFAULT_CONF_FILE=/etc/nginx/conf.d/default.conf
+      DEFAULT_CONF_FILE: /etc/nginx/conf.d/default.conf
-      - REDIRECT_FROM_PATH
-      - REDIRECT_TO_URL
-      - REDIRECT_TYPE
-      - FALLBACK_REDIRECT_URL
-      - FALLBACK_REDIRECT_TYPE
     volumes:
       - content:/usr/share/nginx/html
     configs:
@@ -47,8 +40,7 @@ volumes:
 configs:
   nginx_default_conf:
     name: ${STACK_NAME}_nginx_default_conf_${NGINX_DEFAULT_CONF_VERSION}
-    file: default.conf.tmpl
+    file: default.conf
-    template_driver: golang
 
 networks:
   proxy:

default.conf

@@ -10,36 +10,10 @@ server {
     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
-
+				try_files $uri $uri/ $uri.html;
-        {{ if env "REDIRECT_TO_URL" }}
-            rewrite ^{{ env "REDIRECT_FROM_PATH" }}(.*)$ {{ env "REDIRECT_TO_URL" }}$1 {{ env "REDIRECT_TYPE" }}; 
-        {{ end }}
-
-        {{ if env "FALLBACK_REDIRECT_URL" }}
-            # redirect unknown URLs (no matching files) to other address
-            try_files $uri $uri/ @fallback_redirect;
-        {{ else }}
-            {{ if env "SINGLE_PAGE_SITE_HANDLER" }}
-                # serve SPA handler 
-                try_files $uri $uri/ {{ env "SINGLE_PAGE_SITE_HANDLER" }} =404;
-            {{ else }}
-                # serve static files or regular 404 as usual
-                try_files $uri $uri/ $uri.html =404;
-            {{ end }}
-        {{ end }}
     }
 
-    {{ if env "FALLBACK_REDIRECT_URL" }}
+    #error_page  404              /404.html;
-    location @fallback_redirect {
-        return {{ env "FALLBACK_REDIRECT_TYPE" }} {{ env "FALLBACK_REDIRECT_URL" }}$request_uri;
-    }
-    {{ end }}
-
-    # Standard static 404 error page
-    error_page  404              /404.html;
-    location = /404.html {
-        root   /usr/share/nginx/html;
-    }
 
     # redirect server error pages to the static page /50x.html
     #

entrypoint.git-pull.sh

@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if [ ! -d /git/.git ]; then
-	echo "No repo found, emptying /git/ directory"
-	rm -r /git/*
-	echo "Cloning $GIT_REPO_URL into /git"
-	git clone -b "$GIT_BRANCH" --single-branch "$GIT_REPO_URL" /git
-else
-	echo "Updating /git"
-	git pull
-fi

release/1.10.0+1.28.0

@@ -1 +0,0 @@
-Adds optional sftp support