Commit ba92a6a1 authored by nimrod's avatar nimrod
Browse files

Web proxy: Add host01.

parent e245c8e1
Loading
Loading
Loading
Loading
Loading
+24 −2
Original line number Diff line number Diff line
@@ -63,14 +63,14 @@ web-proxy ns4 build:
  tags: ["ns4.shore.co.il"]
  variables:
    WORKDIR: Compose/web-proxy/ns4
  # rules: *compose-rules
  rules: *compose-rules

web-proxy ns4 pull:
  extends: .compose-pull
  tags: ["ns4.shore.co.il"]
  variables:
    WORKDIR: Compose/web-proxy/ns4
  # rules: *compose-rules
  rules: *compose-rules

web-proxy ns4 run:
  extends: .compose-run
@@ -78,4 +78,26 @@ web-proxy ns4 run:
  variables:
    WORKDIR: Compose/web-proxy/ns4
  when: manual
  rules: *compose-rules

web-proxy host01 build:
  extends: .compose-build
  tags: ["host01.shore.co.il"]
  variables:
    WORKDIR: Compose/web-proxy/host01
  # rules: *compose-rules

web-proxy host01 pull:
  extends: .compose-pull
  tags: ["host01.shore.co.il"]
  variables:
    WORKDIR: Compose/web-proxy/host01
  # rules: *compose-rules

web-proxy host01 run:
  extends: .compose-run
  tags: ["host01.shore.co.il"]
  variables:
    WORKDIR: Compose/web-proxy/host01
  when: manual
  # rules: *compose-rules
+4 −0
Original line number Diff line number Diff line
*
!conf.d/
!www/
!snippets/
+1 −0
Original line number Diff line number Diff line
COMPOSE_PROJECT_NAME=web-proxy
+10 −0
Original line number Diff line number Diff line
# hadolint ignore=DL3006
FROM registry.shore.co.il/nginx
USER root
RUN cp --archive /var/ssl/site.key /var/ssl/mail.key && \
    cp --archive /var/ssl/site.crt /var/ssl/mail.crt
USER nginx
COPY --chown=root:root www/ /var/www/
COPY --chown=root:root conf.d/ /etc/nginx/conf.d/
COPY --chown=root:root snippets/ /etc/nginx/snippets/
RUN nginx -t
+35 −0
Original line number Diff line number Diff line
# vim: ft=nginx
map $host $auth { default auth; }

limit_req_zone $binary_remote_addr zone=ldap_auth:2m rate=2r/s;
limit_req_status 429;

server {
    listen      80;
    listen      [::]:80;
    server_name auth.shore.co.il;
    include     snippets/robots-disallow-all.conf;
    include     snippets/ads-txt.conf;
    include     snippets/security-txt.conf;
    include     snippets/www-acme-challenge.conf;
    include     snippets/redirect-https.conf;
}

server {
    listen      443 ssl http2;
    listen      [::]:443 ssl http2;
    server_name auth.shore.co.il;
    include     snippets/robots-disallow-all.conf;
    include     snippets/ads-txt.conf;
    include     snippets/security-txt.conf;
    include     snippets/ssl-modern.conf;


    location / {
        proxy_pass              http://$auth:8080$request_uri;
        proxy_http_version      1.1;
        include                 snippets/proxy-headers.conf;
        include                 snippets/allow-shore-ips.conf;
        limit_req               zone=ldap_auth burst=10 delay=2;
    }
}
Loading