From 64082a73c4aabf624dede3d6f84425491961c0e9 Mon Sep 17 00:00:00 2001
From: vchikalkin <djchikalkin@gmail.com>
Date: Mon, 30 Oct 2023 13:50:01 +0300
Subject: [PATCH] init

---
 .env                         |  7 +++
 .gitignore                   |  5 +++
 config/include/location.conf |  0
 config/include/upstream.conf |  0
 config/nginx.conf            | 86 ++++++++++++++++++++++++++++++++++++
 docker-compose.traefik.yml   | 15 +++++++
 docker-compose.yml           | 25 +++++++++++
 7 files changed, 138 insertions(+)
 create mode 100644 .env
 create mode 100644 .gitignore
 create mode 100644 config/include/location.conf
 create mode 100644 config/include/upstream.conf
 create mode 100644 config/nginx.conf
 create mode 100644 docker-compose.traefik.yml
 create mode 100644 docker-compose.yml

diff --git a/.env b/.env
new file mode 100644
index 0000000..e57534b
--- /dev/null
+++ b/.env
@@ -0,0 +1,7 @@
+COMPOSE_PROJECT_NAME=
+NETWORK_NAME=
+TRAEFIK_APP_NAME=
+TRAEFIK_ENTRYPOINTS=web-secure
+# TRAEFIK_ENTRYPOINTS=web-secure-ext
+WEB_HOST=
+APPLICATION=
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..18696b5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+# local env files
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
\ No newline at end of file
diff --git a/config/include/location.conf b/config/include/location.conf
new file mode 100644
index 0000000..e69de29
diff --git a/config/include/upstream.conf b/config/include/upstream.conf
new file mode 100644
index 0000000..e69de29
diff --git a/config/nginx.conf b/config/nginx.conf
new file mode 100644
index 0000000..1139f2f
--- /dev/null
+++ b/config/nginx.conf
@@ -0,0 +1,86 @@
+upstream auth_web {
+    server                       auth_web:3000;
+}
+
+upstream auth_api {
+    server                       auth_api:3001;
+}
+
+upstream app {
+    server                       $APPLICATION;
+}
+
+ include                         /etc/nginx/include/upstream.conf;
+
+
+server {
+    listen                       80;
+    include                      /etc/nginx/mime.types;
+
+    gzip                         on;
+    gzip_min_length              1000;
+    gzip_proxied                 any;
+    gzip_comp_level              1;
+    gzip_types                   text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
+    gzip_vary                    on;
+    gzip_disable                 "msie6";
+
+
+    error_page                   401 /login;
+
+
+    location = /auth {
+        internal;
+
+        proxy_pass               http://auth_api;
+
+        proxy_pass_request_body  off;
+        proxy_set_header         Content-Length "";
+        proxy_set_header         X-Original-URI $request_uri;
+        proxy_set_header         X-Original-Remote-Addr $remote_addr;
+        proxy_set_header         X-Original-Host $host;
+        proxy_intercept_errors   on;
+    }
+
+    location ~ ^/(signin|logout|get-user) {
+        proxy_pass               http://auth_api;
+
+        proxy_redirect           off;
+        proxy_set_header         X-Original-URI $request_uri;
+        proxy_set_header         X-Original-Remote-Addr $remote_addr;
+        proxy_set_header         X-Original-Host $host;
+    }
+
+    location ~ ^/login {
+        proxy_pass               http://auth_web;
+
+        proxy_http_version       1.1;
+        proxy_set_header         Upgrade $http_upgrade;
+        proxy_set_header         Connection 'upgrade';
+        proxy_set_header         Host $host;
+        proxy_cache_bypass       $http_upgrade;
+    }
+
+
+    location / {
+        proxy_pass               http://app;
+
+        proxy_http_version       1.1;
+        proxy_set_header         Upgrade $http_upgrade;
+        proxy_set_header         Connection 'upgrade';
+        proxy_set_header         Host $host;
+        proxy_cache_bypass       $http_upgrade;
+
+        auth_request             /auth;
+        auth_request_set         $auth_cookie $upstream_http_set_cookie;
+        add_header               Set-Cookie $auth_cookie;
+    }
+
+    location = /health {
+        access_log               off;
+        add_header               'Content-Type' 'application/json';
+        return                   200 'UP';
+    }
+
+    include /etc/nginx/include/location.conf;
+}
diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml
new file mode 100644
index 0000000..68e0b90
--- /dev/null
+++ b/docker-compose.traefik.yml
@@ -0,0 +1,15 @@
+version: '3'
+
+services:
+  server:
+    container_name: ${TRAEFIK_APP_NAME}
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.backend=${TRAEFIK_APP_NAME}'
+      - 'traefik.docker.network=web'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.rule=Host(`${WEB_HOST}`)'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.entrypoints=${TRAEFIK_ENTRYPOINTS}'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.tls.certresolver=le'
+      - 'traefik.port=80'
+    networks:
+      - web
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..0d2ef6c
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,25 @@
+version: '3'
+
+services:
+  server:
+    extends:
+      file: docker-compose.traefik.yml
+      service: server
+    image: nginx:alpine
+    environment:
+      - APPLICATION=${APPLICATION}
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/templates/default.conf.template
+      - ./config/include:/etc/nginx/include
+    restart: always
+    networks:
+      - auth_network
+      - app_network
+
+networks:
+  auth_network:
+  app_network:
+    external: true
+    name: ${NETWORK_NAME}
+  web:
+    external: true