component/web: Add http and https variants

internal/component/web/web-http.env

@@ -1,2 +1,2 @@
 DEFAULT_HOST=${DEFAULT_HOST}
-HTTPS_METHOD=${HTTPS_METHOD}
+HTTPS_METHOD=nohttps

internal/component/web/web-http/docker-compose.yml

@@ -0,0 +1,30 @@
+version: "3.7"
+
+services:
+  nginx-proxy:
+    image: ghcr.io/nginx-proxy/nginx-proxy:alpine
+    environment:
+      - DEFAULT_HOST=${DEFAULT_HOST}
+      - HTTPS_METHOD=${HTTPS_METHOD}
+    ports:
+      - "80:80"
+    volumes:
+      - "vhost:/etc/nginx/vhost.d"
+      - "./global.conf:/etc/nginx/conf.d/global.conf:ro"
+      - "./proxy.conf:/etc/nginx/proxy.conf:ro"
+      - "htpasswd:/etc/nginx/htpasswd"
+      - "html:/usr/share/nginx/html"
+      - "/var/run/docker.sock:/tmp/docker.sock:ro"
+    restart: always
+    networks:
+      - default
+
+volumes:
+  vhost:
+  html:
+  htpasswd:
+
+networks:
+  default:
+    name: distillery
+    external: true

internal/component/web/web-https.env

@@ -0,0 +1,2 @@
+DEFAULT_HOST=${DEFAULT_HOST}
+HTTPS_METHOD=redirect

internal/component/web/web-https/global.conf

@@ -0,0 +1,4 @@
+# Nginx Configuration File
+# These should match with distillery/resources/compose/barrel/conf/wisski.ini.
+ 
+client_max_body_size 1000m;

internal/component/web/web-https/proxy.conf

@@ -0,0 +1,19 @@
+# HTTP 1.1 support
+proxy_http_version 1.1;
+proxy_buffering off;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $proxy_connection;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
+proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
+proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
+
+# Mitigate httpoxy attack (see README for details)
+proxy_set_header Proxy "";
+
+# Timeouts for the proxy connection - in sync with the appropriate max_execution time.
+proxy_connect_timeout 3000s;
+proxy_read_timeout 3000s;
+proxy_send_timeout 3000s;

internal/component/web/web.go

@@ -6,7 +6,9 @@ import (
 	"github.com/FAU-CDI/wisski-distillery/internal/component"
 )
 
-// Web implements the web component
+// Web implements the ingress gateway for the distillery.
+//
+// It consists of an nginx docker container and an optional letsencrypt container.
 type Web struct {
 	component.ComponentBase
 }
@@ -15,24 +17,42 @@ func (Web) Name() string {
 	return "web"
 }
 
-//go:embed all:stack
-//go:embed web.env
-var resources embed.FS
-
 func (web Web) Stack() component.Installable {
-	HTTPS_METHOD := "nohttp"
 	if web.Config.HTTPSEnabled() {
-		HTTPS_METHOD = "redirect"
+		return web.stackHTTPS()
+	} else {
+		return web.stackHTTP()
 	}
+}
 
+//go:embed all:web-https
+//go:embed web-https.env
+var httpsResources embed.FS
+
+func (web Web) stackHTTPS() component.Installable {
 	return web.MakeStack(component.Installable{
-		Resources:   resources,
-		ContextPath: "stack",
-		EnvPath:     "web.env",
+		Resources:   httpsResources,
+		ContextPath: "web-https",
+		EnvPath:     "web-https.env",
+
+		EnvContext: map[string]string{
+			"DEFAULT_HOST": web.Config.DefaultDomain,
+		},
+	})
+}
+
+//go:embed all:web-http
+//go:embed web-http.env
+var httpResources embed.FS
+
+func (web Web) stackHTTP() component.Installable {
+	return web.MakeStack(component.Installable{
+		Resources:   httpResources,
+		ContextPath: "web-http",
+		EnvPath:     "web-http.env",
 
 		EnvContext: map[string]string{
 			"DEFAULT_HOST": web.Config.DefaultDomain,
-			"HTTPS_METHOD": HTTPS_METHOD,
 		},
 	})
 }