From 22d665bbe1d7cbacdc8ad9a2c21e99ec480c829c Mon Sep 17 00:00:00 2001
From: quentin <quentin@deuxfleurs.fr>
Date: Tue, 21 Feb 2023 14:49:04 +0000
Subject: [PATCH] add nginx

---
 README.md          |   9 +++-
 docker-compose.yml |  39 ++++++++--------
 garage.toml        |   4 +-
 nginx.conf         | 111 +++++++++++++++++++++++++++++++++++++++++++++
 teabag.env         |   4 +-
 5 files changed, 142 insertions(+), 25 deletions(-)
 create mode 100644 nginx.conf

diff --git a/README.md b/README.md
index a337ccc..0c5d943 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,18 @@ if you are reading this file years later,
 it is very probably obsolete.
 
 based on:
+  - Nginx as the reverse proxy (would be tricot in production)
   - Gitea: https://github.com/superboum/gitea
   - Teabag: https://github.com/denyskon/teabag
   - Static CMS: https://www.staticcms.org/
   - Drone: https://github.com/harness/drone
-  - Garage: git.deuxfleurs.fr/Deuxfleurs/garage/
+  - Garage: https://git.deuxfleurs.fr/Deuxfleurs/garage/
+
+## Launch the reverse proxy
+
+```
+docker-compose up -d reverse
+```
 
 ## Install Gitea
 
diff --git a/docker-compose.yml b/docker-compose.yml
index ac43899..b6997dd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,21 +1,29 @@
 version: "3.4"
 
 services:
-  server:
+  reverse:
+    image: nginx:1.23.3
+    container_name: reverse
+    restart: always
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+    ports:
+      - "80:80"
+
+  gitea:
     # Patched image required for Gitea version < 1.19
     image: superboum/gitea:1.17.4-cors
     container_name: gitea
-    network_mode: host
     environment:
       - USER_UID=1000
       - USER_GID=1000
-      - GITEA__cors__ENABLED =true
-      - GITEA__cors__ALLOW_DOMAIN =*
-      - GITEA__cors__ALLOW_CREDENTIALS =true
-      - GITEA__cors__SCHEME =*
-      - GITEA__cors__METHODS =GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+      - GITEA__cors__ENABLED=true
+      - GITEA__cors__ALLOW_DOMAIN=*
+      - GITEA__cors__ALLOW_CREDENTIALS=true
+      - GITEA__cors__SCHEME=*
+      - GITEA__cors__METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
       # Ignored in Gitea version < 1.19, see image comment above
-      - GITEA__cors__HEADERS =Content-Type,User-Agent,Authorization
+      - GITEA__cors__HEADERS=Content-Type,User-Agent,Authorization
       # HTTP hooks
       - GITEA__webhook__ALLOWED_HOST_LIST=*
     restart: always
@@ -24,42 +32,34 @@ services:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
-      - "3000:3000"
       - "2222:22"
   teabag:
     image: ghcr.io/denyskon/teabag:latest
     container_name: teabag
     restart: always
-    network_mode: host
     volumes:
       - ./teabag.env:/etc/teabag/teabag.env
-    ports:
-      - "3001:3001"
 
   drone:
     image: drone/drone:2
     container_name: drone
-    network_mode: host
     restart: always
     environment:
       - DRONE_GITEA_CLIENT_ID=2ede47ba-c943-48ad-8f7b-987df45983ee
       - DRONE_GITEA_CLIENT_SECRET=gto_vvj5e4fjvg6s3zeu4plgolvx2erowjvcp5bzhfo4c76v7bn466pa
-      - DRONE_GITEA_SERVER=http://localhost:3000
+      - DRONE_GITEA_SERVER=http://git.vimaire.machine.dufour.io
       - DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10=
-      - DRONE_SERVER_HOST=localhost:3002
+      - DRONE_SERVER_HOST=drone.vimaire.machine.dufour.io
       - DRONE_SERVER_PROTO=http
       - DRONE_SERVER_PORT=:3002
-    ports:
-      - "3002:3002"
 
   runner:
     image: drone/drone-runner-docker:1
     container_name: runner
-    network_mode: host
     restart: always
     environment:
       - DRONE_RPC_PROTO=http
-      - DRONE_RPC_HOST=localhost:3002
+      - DRONE_RPC_HOST=drone.vimaire.machine.dufour.io
       - DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10=
       - DRONE_RUNNER_CAPACITY=1
       - DRONE_RUNNER_NAME=dummy
@@ -70,7 +70,6 @@ services:
   garage:
     image: dxflrs/garage:v0.8.1
     container_name: garage
-    network_mode: host
     restart: always
     volumes:
       - ./garage.toml:/etc/garage.toml
diff --git a/garage.toml b/garage.toml
index 87e25dd..f75ac12 100644
--- a/garage.toml
+++ b/garage.toml
@@ -11,11 +11,11 @@ rpc_secret = "9ec6d97e54b2a55e939f0ba761ba565595691f0d42eb6511f4cb6cb69e906cad"
 [s3_api]
 s3_region = "garage"
 api_bind_addr = "[::]:3900"
-root_domain = ".s3.localhost"
+root_domain = ".s3.vimaire.machine.dufour.io"
 
 [s3_web]
 bind_addr = "[::]:3902"
-root_domain = ".web.localhost"
+root_domain = ".web.vimaire.machine.dufour.io"
 index = "index.html"
 
 [k2v_api]
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..229a1f0
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,111 @@
+# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
+error_log  /dev/stderr info;
+
+events {}
+
+http {
+  ##
+  # Basic Settings
+  ##
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+
+
+  # mimetypes, required by jitsi!
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  ##
+  # SSL Settings
+  ##
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+  ssl_prefer_server_ciphers on;
+       
+  ##
+  # Gzip Settings
+  ##
+  gzip on;
+
+  access_log /dev/stdout;
+  server_names_hash_bucket_size 64;
+
+  server {
+    listen 80;
+
+    client_max_body_size 0;
+    server_name git.vimaire.machine.dufour.io;
+
+    location / {
+      set $upstream http://gitea:3000;
+      proxy_pass $upstream;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+    }
+  }
+
+  server {
+    listen 80;
+  
+    client_max_body_size 0;
+    server_name teabag.vimaire.machine.dufour.io;
+
+    location / {
+      set $upstream http://teabag:3001;
+      proxy_pass $upstream;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+    }
+  }
+
+  server {
+    listen 80;
+  
+    client_max_body_size 0;
+    server_name drone.vimaire.machine.dufour.io;
+
+    location / {
+      set $upstream http://drone:3002;
+      proxy_pass $upstream;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+    }
+  }
+
+  server {
+    listen 80;
+  
+    client_max_body_size 0;
+    server_name *.web.vimaire.machine.dufour.io;
+
+    location / {
+      set $upstream http://garage:3002;	
+      proxy_pass $upstream;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+    }
+  }
+
+  server {
+    listen 80;
+  
+    client_max_body_size 0;
+    server_name *.s3.vimaire.machine.dufour.io;
+
+    location / {
+      set $upstream http://garage:3900;
+      proxy_pass $upstream;
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Host $host;
+    }
+  }
+}
+
diff --git a/teabag.env b/teabag.env
index f6e04a5..d75a895 100644
--- a/teabag.env
+++ b/teabag.env
@@ -4,8 +4,8 @@ SESSION_SECRET=uLCe67uvUpaI/U3c0yBzzFxJliY80BQHU/l9FZrkN38=
 
 GITEA_KEY=968c9d5a-8b4e-4091-b48d-cc5d0888680d
 GITEA_SECRET=gto_65p4gglq5au4mtvtpq7xcnlyonfyvphlwixhhkni6aql5yd3ovcq
-GITEA_BASE_URL=http://localhost:3000
+GITEA_BASE_URL=http://git.vimaire.machine.dufour.io
 GITEA_AUTH_URI=login/oauth/authorize
 GITEA_TOKEN_URI=login/oauth/access_token
 GITEA_USER_URI=api/v1/user
-CALLBACK_URI=http://localhost:3001/callback
+CALLBACK_URI=http://teabag.vimaire.machine.dufour.io/callback