From 7defc326ff89e7c69f210b7dd8df82a8c3afec98 Mon Sep 17 00:00:00 2001
From: decentral1se <hi@decentral1.se>
Date: Fri, 11 Jun 2021 13:40:49 +0200
Subject: [PATCH] Init this thing too

---
 README.md          | 18 ++++++++------
 compose.yml        | 62 ++++++++++++++++++++++++++++++----------------
 entrypoint.sh.tmpl | 27 ++++++++++++++++++++
 nginx.conf.tmpl    | 36 +++++++++++++++++++++++++++
 4 files changed, 114 insertions(+), 29 deletions(-)
 create mode 100644 entrypoint.sh.tmpl
 create mode 100644 nginx.conf.tmpl

diff --git a/README.md b/README.md
index 7af47d7..a354392 100644
--- a/README.md
+++ b/README.md
@@ -3,14 +3,16 @@
 Community Keycloak SSO user management.
 
 <!-- metadata -->
-* **Category**:
-* **Status**: 
-* **Image**: [`keycloak-collective-portal`](https://hub.docker.com/r/keycloak-collective-portal/keycloak-collective-portal)
-* **Healthcheck**: 
-* **Backups**: 
-* **Email**: 
-* **Tests**: 
-* **SSO**: 
+
+- **Category**:
+- **Status**:
+- **Image**: [`decentral1se/keycloak-collective-portal`](https://hub.docker.com/r/decentral1se/keycloak-collective-portal)
+- **Healthcheck**:
+- **Backups**:
+- **Email**:
+- **Tests**:
+- **SSO**:
+
 <!-- endmetadata -->
 
 ## Basic usage
diff --git a/compose.yml b/compose.yml
index 662a96c..7749a1f 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,30 +2,50 @@
 version: "3.8"
 
 services:
+  web:
+  image: nginx:1.21.0
+  environment:
+    - STACK_NAME=${STACK_NAME}
+    - DOMAIN=${DOMAIN}
+  configs:
+    - source: nginx_conf
+      target: /etc/nginx/nginx.conf
+  networks:
+    - proxy
+    - internal
+  deploy:
+    update_config:
+      failure_action: rollback
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.wiki.loadbalancer.server.port=80"
+      - "traefik.http.routers.wiki.rule=Host(`${DOMAIN}`)"
+      - "traefik.http.routers.wiki.entrypoints=web-secure"
+      - "traefik.http.routers.wiki.tls.certresolver=production"
+
   app:
-    image: nginx:1.19.2
+    image: "decentral1se/keycloak-collective-portal:latest"
     networks:
-      - proxy
-    deploy:
-      restart_policy:
-        condition: on-failure
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+      - internal
+    configs:
+      - source: entrypoint_sh
+        target: /usr/local/bin/entrypoint.sh
+        mode: 0555
+    entrypoint: /usr/local/bin/entrypoint.sh
+    command: uvivorn --host 0.0.0.0 keycloak_collective_portal:app
 
 networks:
   proxy:
     external: true
+  internal:
+    internal: true
+
+configs:
+  nginx_conf:
+    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
+    file: nginx.conf.tmpl
+    template_driver: golang
+  entrypoint_sh:
+    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
new file mode 100644
index 0000000..9d939dc
--- /dev/null
+++ b/entrypoint.sh.tmpl
@@ -0,0 +1,27 @@
+#! /bin/bash
+
+set -eu
+
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+echo "Passing it back to the upstream ENTRYPOINT/CMD..."
+exec "$@"
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
new file mode 100644
index 0000000..b989873
--- /dev/null
+++ b/nginx.conf.tmpl
@@ -0,0 +1,36 @@
+user www-data;
+
+events {
+    worker_connections 768;
+}
+
+http {
+    upstream backend {
+        server {{ env "STACK_NAME" }}_app:8000;
+    }
+
+    include /etc/nginx/mime.types;
+    client_max_body_size 25M;
+    charset utf-8;
+
+    server {
+        listen      80 default;
+        server_name {{ env "DOMAIN" }};
+
+        location / {
+            try_files $uri @proxy_to_app;
+        }
+
+        location @proxy_to_app {
+          proxy_pass http://backend;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+          proxy_redirect off;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Host $server_name;
+        }
+    }
+}