add nginx

This commit is contained in:
Quentin 2023-02-21 14:49:04 +00:00
parent 5f9592255e
commit 22d665bbe1
5 changed files with 142 additions and 25 deletions

View file

@ -5,11 +5,18 @@ if you are reading this file years later,
it is very probably obsolete. it is very probably obsolete.
based on: based on:
- Nginx as the reverse proxy (would be tricot in production)
- Gitea: https://github.com/superboum/gitea - Gitea: https://github.com/superboum/gitea
- Teabag: https://github.com/denyskon/teabag - Teabag: https://github.com/denyskon/teabag
- Static CMS: https://www.staticcms.org/ - Static CMS: https://www.staticcms.org/
- Drone: https://github.com/harness/drone - Drone: https://github.com/harness/drone
- Garage: git.deuxfleurs.fr/Deuxfleurs/garage/ - Garage: https://git.deuxfleurs.fr/Deuxfleurs/garage/
## Launch the reverse proxy
```
docker-compose up -d reverse
```
## Install Gitea ## Install Gitea

View file

@ -1,11 +1,19 @@
version: "3.4" version: "3.4"
services: services:
server: reverse:
image: nginx:1.23.3
container_name: reverse
restart: always
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
ports:
- "80:80"
gitea:
# Patched image required for Gitea version < 1.19 # Patched image required for Gitea version < 1.19
image: superboum/gitea:1.17.4-cors image: superboum/gitea:1.17.4-cors
container_name: gitea container_name: gitea
network_mode: host
environment: environment:
- USER_UID=1000 - USER_UID=1000
- USER_GID=1000 - USER_GID=1000
@ -24,42 +32,34 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "3000:3000"
- "2222:22" - "2222:22"
teabag: teabag:
image: ghcr.io/denyskon/teabag:latest image: ghcr.io/denyskon/teabag:latest
container_name: teabag container_name: teabag
restart: always restart: always
network_mode: host
volumes: volumes:
- ./teabag.env:/etc/teabag/teabag.env - ./teabag.env:/etc/teabag/teabag.env
ports:
- "3001:3001"
drone: drone:
image: drone/drone:2 image: drone/drone:2
container_name: drone container_name: drone
network_mode: host
restart: always restart: always
environment: environment:
- DRONE_GITEA_CLIENT_ID=2ede47ba-c943-48ad-8f7b-987df45983ee - DRONE_GITEA_CLIENT_ID=2ede47ba-c943-48ad-8f7b-987df45983ee
- DRONE_GITEA_CLIENT_SECRET=gto_vvj5e4fjvg6s3zeu4plgolvx2erowjvcp5bzhfo4c76v7bn466pa - DRONE_GITEA_CLIENT_SECRET=gto_vvj5e4fjvg6s3zeu4plgolvx2erowjvcp5bzhfo4c76v7bn466pa
- DRONE_GITEA_SERVER=http://localhost:3000 - DRONE_GITEA_SERVER=http://git.vimaire.machine.dufour.io
- DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10= - DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10=
- DRONE_SERVER_HOST=localhost:3002 - DRONE_SERVER_HOST=drone.vimaire.machine.dufour.io
- DRONE_SERVER_PROTO=http - DRONE_SERVER_PROTO=http
- DRONE_SERVER_PORT=:3002 - DRONE_SERVER_PORT=:3002
ports:
- "3002:3002"
runner: runner:
image: drone/drone-runner-docker:1 image: drone/drone-runner-docker:1
container_name: runner container_name: runner
network_mode: host
restart: always restart: always
environment: environment:
- DRONE_RPC_PROTO=http - DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=localhost:3002 - DRONE_RPC_HOST=drone.vimaire.machine.dufour.io
- DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10= - DRONE_RPC_SECRET=EJPRnOcjAoKxAShyBTdeDX4GSHRUX4FzuIJKohTEw10=
- DRONE_RUNNER_CAPACITY=1 - DRONE_RUNNER_CAPACITY=1
- DRONE_RUNNER_NAME=dummy - DRONE_RUNNER_NAME=dummy
@ -70,7 +70,6 @@ services:
garage: garage:
image: dxflrs/garage:v0.8.1 image: dxflrs/garage:v0.8.1
container_name: garage container_name: garage
network_mode: host
restart: always restart: always
volumes: volumes:
- ./garage.toml:/etc/garage.toml - ./garage.toml:/etc/garage.toml

View file

@ -11,11 +11,11 @@ rpc_secret = "9ec6d97e54b2a55e939f0ba761ba565595691f0d42eb6511f4cb6cb69e906cad"
[s3_api] [s3_api]
s3_region = "garage" s3_region = "garage"
api_bind_addr = "[::]:3900" api_bind_addr = "[::]:3900"
root_domain = ".s3.localhost" root_domain = ".s3.vimaire.machine.dufour.io"
[s3_web] [s3_web]
bind_addr = "[::]:3902" bind_addr = "[::]:3902"
root_domain = ".web.localhost" root_domain = ".web.vimaire.machine.dufour.io"
index = "index.html" index = "index.html"
[k2v_api] [k2v_api]

111
nginx.conf Normal file
View file

@ -0,0 +1,111 @@
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
error_log /dev/stderr info;
events {}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# mimetypes, required by jitsi!
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Gzip Settings
##
gzip on;
access_log /dev/stdout;
server_names_hash_bucket_size 64;
server {
listen 80;
client_max_body_size 0;
server_name git.vimaire.machine.dufour.io;
location / {
set $upstream http://gitea:3000;
proxy_pass $upstream;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 80;
client_max_body_size 0;
server_name teabag.vimaire.machine.dufour.io;
location / {
set $upstream http://teabag:3001;
proxy_pass $upstream;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 80;
client_max_body_size 0;
server_name drone.vimaire.machine.dufour.io;
location / {
set $upstream http://drone:3002;
proxy_pass $upstream;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 80;
client_max_body_size 0;
server_name *.web.vimaire.machine.dufour.io;
location / {
set $upstream http://garage:3002;
proxy_pass $upstream;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
server {
listen 80;
client_max_body_size 0;
server_name *.s3.vimaire.machine.dufour.io;
location / {
set $upstream http://garage:3900;
proxy_pass $upstream;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
}

View file

@ -4,8 +4,8 @@ SESSION_SECRET=uLCe67uvUpaI/U3c0yBzzFxJliY80BQHU/l9FZrkN38=
GITEA_KEY=968c9d5a-8b4e-4091-b48d-cc5d0888680d GITEA_KEY=968c9d5a-8b4e-4091-b48d-cc5d0888680d
GITEA_SECRET=gto_65p4gglq5au4mtvtpq7xcnlyonfyvphlwixhhkni6aql5yd3ovcq GITEA_SECRET=gto_65p4gglq5au4mtvtpq7xcnlyonfyvphlwixhhkni6aql5yd3ovcq
GITEA_BASE_URL=http://localhost:3000 GITEA_BASE_URL=http://git.vimaire.machine.dufour.io
GITEA_AUTH_URI=login/oauth/authorize GITEA_AUTH_URI=login/oauth/authorize
GITEA_TOKEN_URI=login/oauth/access_token GITEA_TOKEN_URI=login/oauth/access_token
GITEA_USER_URI=api/v1/user GITEA_USER_URI=api/v1/user
CALLBACK_URI=http://localhost:3001/callback CALLBACK_URI=http://teabag.vimaire.machine.dufour.io/callback