From a71a13365332022ee3260058a62feacea2098d23 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 12 Jan 2021 15:22:22 +0200
Subject: [PATCH] Cleanup.
- No more proxying in www.shore.co.il. I think about redoing it all with
a subdomain per service. Also no more secrets, intead authenticate
against the LDAP server or something.
- CI templates.
- Simpler self-signed SSL certificate generation.
- Set the hostname in CI.
- Use the www-redirect snippet in shore.co.il.
---
Dockerfile | 9 +--------
conf.d/shore.co.il.conf | 2 +-
conf.d/www.shore.co.il.conf | 30 ------------------------------
docker-compose.yml | 4 +---
4 files changed, 3 insertions(+), 42 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index a8189be..6e0b25d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,4 @@
FROM nginx:1.23.2-alpine
-ARG TRANSMISSION
# hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf./* && \
chmod 777 /run && \
@@ -16,8 +15,7 @@ RUN rm -rf /etc/nginx/conf./* && \
-keyout /var/ssl/site.key \
-nodes \
-out /var/ssl/site.crt \
- -days 2 \
- -subj "/C=US/ST=IL/L=None/O=None/OU=None/CN=localhost/" && \
+ -batch && \
cp /var/ssl/site.crt /var/ssl/mail.crt && \
cp /var/ssl/site.key /var/ssl/mail.key && \
setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
@@ -25,11 +23,6 @@ RUN rm -rf /etc/nginx/conf./* && \
COPY www/ /var/www/
COPY conf.d/ /etc/nginx/conf.d/
COPY snippets/ /etc/nginx/snippets/
-# Another option would be to copy the file to the template directory and have
-# the environment variable substitution happen in runtime, but that way would
-# miss checking the syntax during the build process.
-# hadolint ignore=SC2097,SC2098
-RUN TRANSMISSION=$TRANSMISSION sed -i "s/TRANSMISSION/$TRANSMISSION/" /etc/nginx/conf.d/www.shore.co.il.conf
USER nginx
RUN nginx -t
HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' --header "Host: status" http://localhost/ || exit 1
diff --git a/conf.d/shore.co.il.conf b/conf.d/shore.co.il.conf
index 48c587e..437a1da 100644
--- a/conf.d/shore.co.il.conf
+++ b/conf.d/shore.co.il.conf
@@ -27,5 +27,5 @@ server {
include snippets/z-push.conf;
location = / { return 301 https://www.shore.co.il/blog/; }
- location / { return 301 https://www.shore.co.il$request_uri; }
+ include snippets/redirect-www.conf;
}
diff --git a/conf.d/www.shore.co.il.conf b/conf.d/www.shore.co.il.conf
index 7200f5a..cd62489 100644
--- a/conf.d/www.shore.co.il.conf
+++ b/conf.d/www.shore.co.il.conf
@@ -1,6 +1,3 @@
-map $host $lam { default ldap-account-manager; }
-map $host $kodi { default kodi.shore.co.il; }
-
server {
listen 80;
listen [::]:80;
@@ -43,31 +40,4 @@ server {
location /cgit/ { return 301 https://git.shore.co.il/explore; }
location /git { return 301 https://git.shore.co.il/explore; }
location /git/ { return 301 https://git.shore.co.il/explore; }
-
- location /lam {
- proxy_pass http://$lam$request_uri;
- proxy_http_version 1.1;
- include snippets/proxy-headers.conf;
- include snippets/allow-private-ips.conf;
- }
-
- location /jellyfin { return 302 $scheme://$host/jellyfin/; }
- location /jellyfin/ {
- proxy_pass http://$kodi:8096/jellyfin/;
- proxy_http_version 1.1;
- include snippets/proxy-headers.conf;
- include snippets/common-headers.conf;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
-
- # Disable buffering when the nginx proxy gets very resource heavy upon streaming
- proxy_buffering off;
- }
-
- location /TRANSMISSION/ {
- proxy_pass http://kodi.shore.co.il:9091/;
- proxy_http_version 1.1;
- include snippets/proxy-headers.conf;
- }
}
diff --git a/docker-compose.yml b/docker-compose.yml
index c1fa009..e50d9f9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,11 +3,9 @@ version: '3.5'
services:
proxy:
build:
- args:
- TRANSMISSION: "${TRANSMISSION}"
context: ./
# command: ["nginx", "-g", "daemon off;"]
- hostname: &hostname www.shore.co.il
+ hostname: &hostname "${HOSTNAME}"
networks:
default:
aliases:
--
GitLab