diff --git a/abra.sh b/abra.sh index 6ca5c75..73c61dc 100644 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,3 @@ export CONFIG_WRITEFREELY_VERSION=v1 export CONFIG_ENTRYPOINT_VERSION=v1 +export NGINX_CONFIG_VERSION=v1 diff --git a/compose.yml b/compose.yml index 08c8657..a8070e2 100644 --- a/compose.yml +++ b/compose.yml @@ -2,6 +2,32 @@ version: "3.8" services: + web: + image: nginx:1.20.0 + networks: + - proxy + - internal + environment: + - DOMAIN + - STACK_NAME + configs: + - source: nginx_config + target: /etc/nginx/nginx.conf + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" + app: image: "writeas/writefreely:latest" environment: @@ -26,20 +52,6 @@ services: networks: - internal - proxy - deploy: - update_config: - failure_action: rollback - order: start-first - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=0.1.0+latest" db: image: "mariadb:10.7" @@ -78,3 +90,7 @@ configs: name: ${STACK_NAME}_config_${CONFIG_WRITEFREELY_VERSION} file: config.ini.tmpl template_driver: golang + nginx_config: + name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION} + file: nginx.conf.tmpl + template_driver: golang diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl new file mode 100644 index 0000000..7580bd9 --- /dev/null +++ b/nginx.conf.tmpl @@ -0,0 +1,60 @@ +user www-data; + +events { + worker_connections 768; +} + +http { + upstream backend { + server {{ env "STACK_NAME" }}_app:8080; + } + + include /etc/nginx/mime.types; + + server { + listen 80; + listen [::]:80; + + server_name example.com; + + gzip on; + gzip_types + application/javascript + application/x-javascript + application/json + application/rss+xml + application/xml + image/svg+xml + image/x-icon + application/vnd.ms-fontobject + application/font-sfnt + text/css + text/plain; + gzip_min_length 256; + gzip_comp_level 5; + gzip_http_version 1.1; + gzip_vary on; + + location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://backend; + proxy_redirect off; + } + + location ~ ^/(css|img|js|fonts)/ { + root /var/www/example.com/static; + # Optionally cache these files in the browser: + # expires 12M; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://backend; + proxy_redirect off; + } + } +}