init

2023-10-30 13:50:01 +03:00 · 2023-10-30 13:50:01 +03:00 · 64082a73c4
commit 64082a73c4
7 changed files with 138 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,7 @@
+COMPOSE_PROJECT_NAME=
+NETWORK_NAME=
+TRAEFIK_APP_NAME=
+TRAEFIK_ENTRYPOINTS=web-secure
+# TRAEFIK_ENTRYPOINTS=web-secure-ext
+WEB_HOST=
+APPLICATION=
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,5 @@
+# local env files
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
--- a/config/include/location.conf
+++ b/config/include/location.conf
--- a/config/include/upstream.conf
+++ b/config/include/upstream.conf
--- a/config/nginx.conf
+++ b/config/nginx.conf
@ -0,0 +1,86 @@
+upstream auth_web {
+    server                       auth_web:3000;
+}
+
+upstream auth_api {
+    server                       auth_api:3001;
+}
+
+upstream app {
+    server                       $APPLICATION;
+}
+
+ include                         /etc/nginx/include/upstream.conf;
+
+
+server {
+    listen                       80;
+    include                      /etc/nginx/mime.types;
+
+    gzip                         on;
+    gzip_min_length              1000;
+    gzip_proxied                 any;
+    gzip_comp_level              1;
+    gzip_types                   text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
+    gzip_vary                    on;
+    gzip_disable                 "msie6";
+
+
+    error_page                   401 /login;
+
+
+    location = /auth {
+        internal;
+
+        proxy_pass               http://auth_api;
+
+        proxy_pass_request_body  off;
+        proxy_set_header         Content-Length "";
+        proxy_set_header         X-Original-URI $request_uri;
+        proxy_set_header         X-Original-Remote-Addr $remote_addr;
+        proxy_set_header         X-Original-Host $host;
+        proxy_intercept_errors   on;
+    }
+
+    location ~ ^/(signin|logout|get-user) {
+        proxy_pass               http://auth_api;
+
+        proxy_redirect           off;
+        proxy_set_header         X-Original-URI $request_uri;
+        proxy_set_header         X-Original-Remote-Addr $remote_addr;
+        proxy_set_header         X-Original-Host $host;
+    }
+
+    location ~ ^/login {
+        proxy_pass               http://auth_web;
+
+        proxy_http_version       1.1;
+        proxy_set_header         Upgrade $http_upgrade;
+        proxy_set_header         Connection 'upgrade';
+        proxy_set_header         Host $host;
+        proxy_cache_bypass       $http_upgrade;
+    }
+
+
+    location / {
+        proxy_pass               http://app;
+
+        proxy_http_version       1.1;
+        proxy_set_header         Upgrade $http_upgrade;
+        proxy_set_header         Connection 'upgrade';
+        proxy_set_header         Host $host;
+        proxy_cache_bypass       $http_upgrade;
+
+        auth_request             /auth;
+        auth_request_set         $auth_cookie $upstream_http_set_cookie;
+        add_header               Set-Cookie $auth_cookie;
+    }
+
+    location = /health {
+        access_log               off;
+        add_header               'Content-Type' 'application/json';
+        return                   200 'UP';
+    }
+
+    include /etc/nginx/include/location.conf;
+}
--- a/docker-compose.traefik.yml
+++ b/docker-compose.traefik.yml
@ -0,0 +1,15 @@
+version: '3'
+
+services:
+  server:
+    container_name: ${TRAEFIK_APP_NAME}
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.backend=${TRAEFIK_APP_NAME}'
+      - 'traefik.docker.network=web'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.rule=Host(`${WEB_HOST}`)'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.entrypoints=${TRAEFIK_ENTRYPOINTS}'
+      - 'traefik.http.routers.${TRAEFIK_APP_NAME}.tls.certresolver=le'
+      - 'traefik.port=80'
+    networks:
+      - web
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,25 @@
+version: '3'
+
+services:
+  server:
+    extends:
+      file: docker-compose.traefik.yml
+      service: server
+    image: nginx:alpine
+    environment:
+      - APPLICATION=${APPLICATION}
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/templates/default.conf.template
+      - ./config/include:/etc/nginx/include
+    restart: always
+    networks:
+      - auth_network
+      - app_network
+
+networks:
+  auth_network:
+  app_network:
+    external: true
+    name: ${NETWORK_NAME}
+  web:
+    external: true