NOW THE NAME OF THE PROJECT IS EVO.AUTH

2023-10-18 12:06:20 +03:00 · 2023-10-18 12:06:20 +03:00 · 43126e3425
commit 43126e3425
parent 68fc67913f
6 changed files with 127 additions and 106 deletions
--- a/.env
+++ b/.env
@ -1,5 +1,9 @@
 COMPOSE_PROJECT_NAME=
 NETWORK_NAME=
+TRAEFIK_APP_NAME=
+TRAEFIK_ENTRYPOINTS=web-secure
+# TRAEFIK_ENTRYPOINTS=web-secure-ext
+WEB_HOST=

 # WEB
 APP_BASE_PATH=/login
@ -17,6 +21,3 @@ LDAP_ATTRIBUTE=
 API_SECRET=
 API_TOKEN_TTL=
 API_CACHE_TTL=
-
-REDIS_HOST=redis
-REDIS_PORT=
--- a/config/nginx.conf
+++ b/config/nginx.conf
@ -0,0 +1,93 @@
+
+ worker_processes                    auto;
+
+events {
+    worker_connections               1024;
+}
+
+
+http {
+
+    upstream web {
+        server                       web:3000;
+    }
+
+    upstream api {
+        server                       api:3001;
+    }
+
+    upstream app {
+        server                       application:80;
+    }
+
+
+    server {
+        listen                       80;
+        include                      /etc/nginx/mime.types;
+
+        gzip                         on;
+        gzip_min_length              1000;
+        gzip_proxied                 any;
+        gzip_comp_level              1;
+        gzip_types                   text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
+        gzip_vary                    on;
+        gzip_disable                 "msie6";
+
+
+        error_page                   401 /login;
+
+
+        location = /auth {
+            internal;
+
+            proxy_pass               http://api;
+
+            proxy_pass_request_body  off;
+            proxy_set_header         Content-Length "";
+            proxy_set_header         X-Original-URI $request_uri;
+            proxy_set_header         X-Original-Remote-Addr $remote_addr;
+            proxy_set_header         X-Original-Host $host;
+            proxy_intercept_errors   on;
+        }
+
+        location ~ ^/(signin|logout|get-user) {
+            proxy_pass               http://api;
+
+            proxy_redirect           off;
+            proxy_set_header         X-Original-URI $request_uri;
+            proxy_set_header         X-Original-Remote-Addr $remote_addr;
+            proxy_set_header         X-Original-Host $host;
+        }
+
+        location ~ ^/login {
+            proxy_pass               http://web;
+
+            proxy_http_version       1.1;
+            proxy_set_header         Upgrade $http_upgrade;
+            proxy_set_header         Connection 'upgrade';
+            proxy_set_header         Host $host;
+            proxy_cache_bypass       $http_upgrade;
+        }
+
+
+        location / {
+            proxy_pass               http://app;
+
+            proxy_http_version       1.1;
+            proxy_set_header         Upgrade $http_upgrade;
+            proxy_set_header         Connection 'upgrade';
+            proxy_set_header         Host $host;
+            proxy_cache_bypass       $http_upgrade;
+
+            auth_request             /auth;
+            auth_request_set         $auth_cookie $upstream_http_set_cookie;
+            add_header               Set-Cookie $auth_cookie;
+        }
+
+        location = /health {
+            access_log               off;
+            add_header               'Content-Type' 'application/json';
+            return                   200 'UP';
+        }
+    }
+}
--- a/docker-compose.traefik.yml
+++ b/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+version: '3'
+
+services:
+  server:
+    container_name: ${TRAEFIK_APP_NAME}
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.backend=${TRAEFIK_APP_NAME}'
+      - 'traefik.docker.network=web'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.rule=Host(`${WEB_HOST}`)'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.entrypoints=${TRAEFIK_ENTRYPOINTS}'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.tls.certresolver=le'
+      - 'traefik.port=80'
+    networks:
+      - web
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,6 +8,7 @@ services:
    restart: always
    networks:
      - auth_network
+
  api:
    build:
      context: .
@ -33,11 +34,19 @@ services:
      ALLOW_EMPTY_PASSWORD: 'yes'
    networks:
      - auth_network
-  auth_server:
-    image: nginx
+
+  server:
+    extends:
+      file: docker-compose.traefik.yml
+      service: server
+    image: nginx:alpine
    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./config/nginx.conf:/etc/nginx/templates/default.conf.template
    restart: always
+    depends_on:
+      - web
+      - api
+      - redis
    networks:
      - auth_network
      - app_network
@ -47,3 +56,5 @@ networks:
  app_network:
    external: true
    name: ${NETWORK_NAME}
+  web:
+    external: true
--- a/example/nginx.conf
+++ b/example/nginx.conf
@ -1,58 +0,0 @@
-
- worker_processes                    auto;
-
-events {
-    worker_connections               1024;
-}
-
-
-http {
-
-    upstream auth_server {
-        server                       auth_server:80;
-    }
-
-    upstream application {
-        server                       application:3000;
-    }
-
-    server {
-        listen                       80;
-        include                      /etc/nginx/mime.types;
-
-        error_page                   401 /login;
-
-
-        location = /auth {
-            internal;
-
-            proxy_pass               http://auth_server;
-
-            proxy_pass_request_body  off;
-            proxy_set_header         Content-Length "";
-            proxy_set_header         X-Original-URI $request_uri;
-            proxy_set_header         X-Original-Remote-Addr $remote_addr;
-            proxy_set_header         X-Original-Host $host;
-            proxy_intercept_errors   on;
-        }
-
-        location ~ ^/(login|signin|logout|get-user) {
-            proxy_pass               http://auth_server;
-
-            proxy_redirect           off;
-            proxy_set_header         X-Original-URI $request_uri;
-            proxy_set_header         X-Original-Remote-Addr $remote_addr;
-            proxy_set_header         X-Original-Host $host;
-        }
-
-
-        location / {
-            proxy_pass               http://application/;
-
-            auth_request             /auth;
-            auth_request_set         $auth_cookie $upstream_http_set_cookie;
-            add_header               Set-Cookie $auth_cookie;
-        }
-
-    }
-}
--- a/nginx.conf
+++ b/nginx.conf
@ -1,41 +0,0 @@
-
-worker_processes 4;
-
-events {
-    worker_connections 1024;
-}
-
-
-http {
-    upstream web {
-        server web:3000;
-    }
-
-    upstream api {
-        server api:3001;
-    }
-
-    server {
-        listen 80;
-        include /etc/nginx/mime.types;
-
-
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_cache_bypass $http_upgrade;
-
-        location / {
-            proxy_pass http://api/;
-        }
-
-        location /login {
-            proxy_pass http://web;
-
-            limit_except GET {
-                deny all;
-            }
-        }
-    }
-}