Cleanup.

- No more proxying in www.shore.co.il. I think about redoing it all with a subdomain per service. Also no more secrets, intead authenticate against the LDAP server or something. - CI templates. - Simpler self-signed SSL certificate generation. - Set the hostname in CI. - Use the www-redirect snippet in shore.co.il.

Cleanup.
13fb302b · nimrod · 24ac95c4 · 13fb302b · 13fb302b · 13fb302b
Commit 13fb302b authored 4 years ago by nimrod
--- a/Dockerfile
+++ b/Dockerfile
 FROM nginx:1.19.8-alpine
-ARG TRANSMISSION
 # hadolint ignore=DL3018
 RUN rm -rf /etc/nginx/conf./* && \
    chmod 777 /run && \
@@ -16,8 +15,7 @@ RUN rm -rf /etc/nginx/conf./* && \
                -keyout /var/ssl/site.key \
                -nodes \
                -out /var/ssl/site.crt \
-                -days 2 \
+                -batch && \
-                -subj "/C=US/ST=IL/L=None/O=None/OU=None/CN=localhost/" && \
    cp /var/ssl/site.crt /var/ssl/mail.crt && \
    cp /var/ssl/site.key /var/ssl/mail.key && \
    setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
@@ -25,11 +23,6 @@ RUN rm -rf /etc/nginx/conf./* && \
 COPY www/ /var/www/
 COPY conf.d/ /etc/nginx/conf.d/
 COPY snippets/ /etc/nginx/snippets/
-# Another option would be to copy the file to the template directory and have
-# the environment variable substitution happen in runtime, but that way would
-# miss checking the syntax during the build process.
-# hadolint ignore=SC2097,SC2098
-RUN TRANSMISSION=$TRANSMISSION sed -i "s/TRANSMISSION/$TRANSMISSION/" /etc/nginx/conf.d/www.shore.co.il.conf
 USER nginx
 RUN nginx -t
 HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' http://localhost/ || exit 1
--- a/conf.d/shore.co.il.conf
+++ b/conf.d/shore.co.il.conf
@@ -27,5 +27,5 @@ server {
    include     snippets/z-push.conf;
    location = /        { return 301 https://www.shore.co.il/blog/; }
-    location /          { return 301 https://www.shore.co.il$request_uri; }
+    include     snippets/redirect-www.conf;
 }
--- a/conf.d/www.shore.co.il.conf
+++ b/conf.d/www.shore.co.il.conf
-map $host $lam { default ldap-account-manager; }
-map $host $kodi { default kodi.shore.co.il; }
 server {
    listen              80;
    listen              [::]:80;
@@ -43,31 +40,4 @@ server {
    location /cgit/         { return 301 https://git.shore.co.il/explore; }
    location /git           { return 301 https://git.shore.co.il/explore; }
    location /git/          { return 301 https://git.shore.co.il/explore; }
-    location /lam {
-        proxy_pass          http://$lam$request_uri;
-        proxy_http_version  1.1;
-        include             snippets/proxy-headers.conf;
-        include             snippets/allow-private-ips.conf;
-    }
-    location /jellyfin { return 302 $scheme://$host/jellyfin/; }
-    location /jellyfin/ {
-        proxy_pass          http://$kodi:8096/jellyfin/;
-        proxy_http_version  1.1;
-        include             snippets/proxy-headers.conf;
-        include             snippets/common-headers.conf;
-        proxy_set_header    Upgrade $http_upgrade;
-        proxy_set_header    Connection $http_connection;
-        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-        proxy_buffering     off;
-    }
-    location /TRANSMISSION/ {
-        proxy_pass http://kodi.shore.co.il:9091/;
-        proxy_http_version 1.1;
-        include             snippets/proxy-headers.conf;
-    }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,11 +3,9 @@ version: '3.5'
 services:
  proxy:
    build:
-      args:
-        TRANSMISSION: "${TRANSMISSION}"
      context: ./
    # command: ["nginx", "-g", "daemon off;"]
-    hostname: &hostname www.shore.co.il
+    hostname: &hostname "${HOSTNAME}"
    networks:
      default:
        aliases: