Skip to content
Snippets Groups Projects
Commit d4d48591 authored by nimrod's avatar nimrod
Browse files

A general master branch. 

I'm moving some services to ns4, some will remain on host01. I'm
branching to have specific deployment for each host. So have a minimal
and generic master branch so common changes will be done there and I'll
rebase the other branches on top of it.
parent c29e703d
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 8 additions and 355 deletions
.gitlab-ci.yml
+ 0
32
View file @ d4d48591
...@@ -2,35 +2,3 @@ ...@@ -2,35 +2,3 @@
include: include:
- project: shore/ci-templates - project: shore/ci-templates
file: templates/pre-commit.yml file: templates/pre-commit.yml
image: adarnimrod/ci-images:docker
stages:
- test
- build
- run
build:
stage: build
tags: ["host01.shore.co.il"]
variables:
COMPOSE_DOCKER_CLI_BUILD: "1"
DOCKER_BUILDKIT: "1"
script:
- docker-compose build --no-cache --pull
- docker-compose pull --quiet
run:
stage: run
tags: ["host01.shore.co.il"]
when: manual
script:
- docker-compose up --detach --remove-orphans
# yamllint disable rule:line-length
- |
for i in $(seq 12)
do
docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$' || break
sleep 10
done
! docker container inspect --format '{{ .State.Health.Status }}' $(docker-compose ps -q) | grep -v '^healthy$'
Dockerfile
+ 2
10
View file @ d4d48591
FROM nginx:1.19-alpine FROM nginx:1.19.6-alpine
ARG TRANSMISSION
# hadolint ignore=DL3018 # hadolint ignore=DL3018
RUN rm -rf /etc/nginx/conf./* && \ RUN rm -rf /etc/nginx/conf./* && \
chmod 777 /run && \ chmod 777 /run && \
...@@ -18,18 +17,11 @@ RUN rm -rf /etc/nginx/conf./* && \ ...@@ -18,18 +17,11 @@ RUN rm -rf /etc/nginx/conf./* && \
-out /var/ssl/site.crt \ -out /var/ssl/site.crt \
-days 2 \ -days 2 \
-subj "/C=US/ST=IL/L=None/O=None/OU=None/CN=localhost/" && \ -subj "/C=US/ST=IL/L=None/O=None/OU=None/CN=localhost/" && \
cp /var/ssl/site.crt /var/ssl/mail.crt && \
cp /var/ssl/site.key /var/ssl/mail.key && \
setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \ setcap CAP_NET_BIND_SERVICE=+ep "$(command -v nginx)" && \
chown nginx /var/ssl/site.* /var/ssl/mail.* chown nginx /var/ssl/site.*
COPY www/ /var/www/ COPY www/ /var/www/
COPY conf.d/ /etc/nginx/conf.d/ COPY conf.d/ /etc/nginx/conf.d/
COPY snippets/ /etc/nginx/snippets/ COPY snippets/ /etc/nginx/snippets/
# Another option would be to copy the file to the template directory and have
# the environment variable substitution happen in runtime, but that way would
# miss checking the syntax during the build process.
# hadolint ignore=SC2097,SC2098
RUN TRANSMISSION=$TRANSMISSION sed -i "s/TRANSMISSION/$TRANSMISSION/" /etc/nginx/conf.d/www.shore.co.il.conf
USER nginx USER nginx
RUN nginx -t RUN nginx -t
HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' http://localhost/ || exit 1 HEALTHCHECK CMD curl --fail --verbose --user-agent 'Docker health check' http://localhost/ || exit 1
README.md
+ 5
0
View file @ d4d48591
...@@ -4,6 +4,11 @@ ...@@ -4,6 +4,11 @@
> Web proxy Dockerized setup. > Web proxy Dockerized setup.
## Branches
The `master` branch doesn't have any configuration in it. The `ns4` and `host01`
branches have configuration for those hoss.
## License ## License
This software is licensed under the MIT license (see `LICENSE.txt`). This software is licensed under the MIT license (see `LICENSE.txt`).
......
conf.d/autoconfig.shore.co.il.conf deleted 100644 → 0
+ 0
21
View file @ c29e703d
server {
listen 80;
listen [::]:80;
server_name autoconfig.shore.co.il;
root /var/www/autoconfig.shore.co.il/;
include snippets/www-acme-challenge.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/robots-allow-all.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name autoconfig.shore.co.il;
root /var/www/autoconfig.shore.co.il/;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl.conf;
}
conf.d/git.shore.co.il.conf deleted 100644 → 0
+ 0
30
View file @ c29e703d
map $host $git { default gitlab; }
server {
listen 80;
listen [::]:80;
server_name git.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl.conf;
location / {
proxy_pass http://$git$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 512m;
}
}
conf.d/mail.shore.co.il.conf deleted 100644 → 0
+ 0
34
View file @ c29e703d
server {
listen 80;
listen [::]:80;
server_name imap.shore.co.il smtp.shore.co.il mta-sts.shore.co.il;
root /var/www/mail.shore.co.il/;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mta-sts.shore.co.il;
root /var/www/mail.shore.co.il/;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
# Copied from snippetes/ssl.conf.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
include snippets/common-headers.conf;
ssl_certificate /var/ssl/mail.crt;
ssl_certificate_key /var/ssl/mail.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/ocsp.pem;
}
conf.d/nextcloud.shore.co.il.conf deleted 100644 → 0
+ 0
31
View file @ c29e703d
map $host $nextcloud { default nextcloud; }
server {
listen 80;
listen [::]:80;
server_name nextcloud.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name nextcloud.shore.co.il;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl.conf;
include snippets/nextcloud-well-known.conf;
location / {
proxy_pass http://$nextcloud$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
proxy_hide_header X-Frame-Options;
client_max_body_size 512m;
}
}
conf.d/registry.shore.co.il.conf deleted 100644 → 0
+ 0
23
View file @ c29e703d
map $host $registry { default registy; }
server {
listen 80;
listen [::]:80;
server_name registry.shore.co.il;
include snippets/www-acme-challenge.conf;
include snippets/redirect-https.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name registry.shore.co.il;
include snippets/ssl.conf;
location / {
proxy_pass http://$registry$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
include snippets/allow-private-ips.conf;
}
}
conf.d/shore.co.il.conf deleted 100644 → 0
+ 0
31
View file @ c29e703d
map $host $z_push { default z-push; }
server {
listen 80;
listen [::]:80;
server_name shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
location = / { return 301 https://$host/blog/; }
location /repo/ {
root /var/www/www.shore.co.il/;
autoindex on;
}
include snippets/redirect-https.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl.conf;
include snippets/nextcloud-well-known.conf;
include snippets/z-push.conf;
location = / { return 301 https://www.shore.co.il/blog/; }
location / { return 301 https://www.shore.co.il$request_uri; }
}
conf.d/www.shore.co.il.conf deleted 100644 → 0
+ 0
73
View file @ c29e703d
map $host $lam { default ldap-account-manager; }
map $host $kodi { default kodi.shore.co.il; }
server {
listen 80;
listen [::]:80;
server_name www.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
location = / { return 301 https://$host/blog/; }
location /repo/ {
root /var/www/www.shore.co.il/;
autoindex on;
}
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.shore.co.il;
include snippets/robots-allow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/ssl.conf;
root /var/www/www.shore.co.il/;
error_page 404 /;
location /repo/ { autoindex on; }
location = /resume { try_files $uri /resume/resume.html; }
location = /resume/ { index resume.html; }
location = / { return 301 https://$host/blog/; }
location /about { return 301 https://$host/blog/pages/about-me.html; }
location /spam { return 301 https://$host/blog/pages/spam.html; }
location = /blog {
try_files $uri /blog/index.html;
charset UTF-8;
}
location /cgit { return 301 https://git.shore.co.il/explore; }
location /cgit/ { return 301 https://git.shore.co.il/explore; }
location /git { return 301 https://git.shore.co.il/explore; }
location /git/ { return 301 https://git.shore.co.il/explore; }
location /lam {
proxy_pass http://$lam$request_uri;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
include snippets/allow-private-ips.conf;
}
location /jellyfin { return 302 $scheme://$host/jellyfin/; }
location /jellyfin/ {
proxy_pass http://$kodi:8096/jellyfin/;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
include snippets/common-headers.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;
}
location /TRANSMISSION/ {
proxy_pass http://kodi.shore.co.il:9091/;
proxy_http_version 1.1;
include snippets/proxy-headers.conf;
}
}
docker-compose.yml
+ 1
11
View file @ d4d48591
...@@ -3,30 +3,20 @@ version: '3.5' ...@@ -3,30 +3,20 @@ version: '3.5'
services: services:
proxy: proxy:
build: build:
args:
TRANSMISSION: "${TRANSMISSION}"
context: ./ context: ./
#command: ["nginx", "-g", "daemon off;"] #command: ["nginx", "-g", "daemon off;"]
hostname: &hostname www.shore.co.il hostname: &hostname "${HOSTNAME}"
networks: networks:
default: default:
aliases: aliases:
- *hostname - *hostname
- nextcloud.shore.co.il
- git.shore.co.il
ports: ports:
- '80:80' - '80:80'
- '443:443' - '443:443'
restart: always restart: always
volumes: volumes:
- '/var/www/www.shore.co.il/blog:/var/www/www.shore.co.il/blog:ro'
- '/var/www/www.shore.co.il/resume:/var/www/www.shore.co.il/resume:ro'
- '/var/www/www.shore.co.il/.well-known/acme-challenge:/var/www/www.shore.co.il/.well-known/acme-challenge:ro'
- '/var/www/mail.shore.co.il/.well-known/acme-challenge:/var/www/mail.shore.co.il/.well-known/acme-challenge:ro'
- '/var/ssl/site.key:/var/ssl/site.key:ro' - '/var/ssl/site.key:/var/ssl/site.key:ro'
- '/var/ssl/site.crt:/var/ssl/site.crt:ro' - '/var/ssl/site.crt:/var/ssl/site.crt:ro'
- '/var/ssl/mail.key:/var/ssl/mail.key:ro'
- '/var/ssl/mail.crt:/var/ssl/mail.crt:ro'
- '/var/ssl/dhparams:/var/ssl/dhparams:ro' - '/var/ssl/dhparams:/var/ssl/dhparams:ro'
networks: networks:
......
snippets/nextcloud-well-known.conf deleted 100644 → 0
+ 0
11
View file @ c29e703d
location /.well-known/caldav {
return 301 https://nextcloud.shore.co.il/remote.php/dav;
}
location /.well-known/carddav {
return 301 https://nextcloud.shore.co.il/remote.php/dav;
}
location /.well-known/webfinger {
return 301 https://nextcloud.shore.co.il/public.php?service=webfinger;
}
snippets/z-push.conf deleted 100644 → 0
+ 0
19
View file @ c29e703d
location /AutoDiscover/ {
proxy_pass http://$z_push$request_uri;
include snippets/proxy-headers.conf;
}
location /Autodiscover/ {
proxy_pass http://$z_push$request_uri;
include snippets/proxy-headers.conf;
}
location /autodiscover/ {
proxy_pass http://$z_push$request_uri;
include snippets/proxy-headers.conf;
}
location /Microsoft-Server-ActiveSync {
proxy_pass http://$z_push$request_uri;
include snippets/proxy-headers.conf;
}
www/autoconfig.shore.co.il/mail/config-v1.1.xml deleted 100644 → 0
+ 0
24
View file @ c29e703d
<?xml version="1.0" encoding="UTF-8"?>
<clientConfig version="1.1">
<emailProvider id="shore.co.il">
<domain>shore.co.il</domain>
<displayName>Shore technologies</displayName>
<displayShortName>Shore</displayShortName>
<incomingServer type="imap">
<hostname>imap.shore.co.il</hostname>
<port>993</port>
<socketType>SSL</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.shore.co.il</hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<authentication>password-cleartext</authentication>
<username>%EMAILLOCALPART%</username>
</outgoingServer>
</emailProvider>
</clientConfig>
www/mail.shore.co.il/.well-known/mta-sts.txt deleted 100644 → 0
+ 0
4
View file @ c29e703d
version: STSv1
mode: testing
mx: smtp.shore.co.il
max_age: 86400
www/www.shore.co.il/google88c23a5c89fa3cb3.html deleted 100644 → 0
+ 0
1
View file @ c29e703d
google-site-verification: google88c23a5c89fa3cb3.html
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment