rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

component/web: Add http and https variants

Browse source
This commit is contained in:
Tom Wiesing 2022-09-17 15:23:27 +02:00
parent 735d032865
commit 55bee7422d
No known key found for this signature in database
10 changed files with 88 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -79,7 +79,7 @@ These are:
- This will delegate individual hostnames to appropriate docker containers, see [this blog post](http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/) for an overview. - This will delegate individual hostnames to appropriate docker containers, see [this blog post](http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/) for an overview.
- Optionally makes use of [docker-letsencrypt-nginx-proxy-companion](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion) to automatically provision and renew HTTPS certificates. - Optionally makes use of [docker-letsencrypt-nginx-proxy-companion](https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion) to automatically provision and renew HTTPS certificates.
- See [distillery/resources/compose/web](embed/resources/compose/web) for implementation details. - See [internal/component/web](internal/component/web) for implementation details.
- [MariaDB](https://mariadb.org/) - an SQL server - [MariaDB](https://mariadb.org/) - an SQL server

2
internal/component/web/web.env → internal/component/web/web-http.env
View file

@ -1,2 +1,2 @@
DEFAULT_HOST=${DEFAULT_HOST} DEFAULT_HOST=${DEFAULT_HOST}
HTTPS_METHOD=${HTTPS_METHOD} HTTPS_METHOD=nohttps

30
internal/component/web/web-http/docker-compose.yml Normal file
View file

@ -0,0 +1,30 @@
version: "3.7"
services:
nginx-proxy:
image: ghcr.io/nginx-proxy/nginx-proxy:alpine
environment:
- DEFAULT_HOST=${DEFAULT_HOST}
- HTTPS_METHOD=${HTTPS_METHOD}
ports:
- "80:80"
volumes:
- "vhost:/etc/nginx/vhost.d"
- "./global.conf:/etc/nginx/conf.d/global.conf:ro"
- "./proxy.conf:/etc/nginx/proxy.conf:ro"
- "htpasswd:/etc/nginx/htpasswd"
- "html:/usr/share/nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
restart: always
networks:
- default
volumes:
vhost:
html:
htpasswd:
networks:
default:
name: distillery
external: true

0
internal/component/web/stack/global.conf → internal/component/web/web-http/global.conf
View file

0
internal/component/web/stack/proxy.conf → internal/component/web/web-http/proxy.conf
View file

2
internal/component/web/web-https.env Normal file
View file

@ -0,0 +1,2 @@
DEFAULT_HOST=${DEFAULT_HOST}
HTTPS_METHOD=redirect

0
internal/component/web/stack/docker-compose.yml → internal/component/web/web-https/docker-compose.yml
View file

4
internal/component/web/web-https/global.conf Normal file
View file

@ -0,0 +1,4 @@
# Nginx Configuration File
# These should match with distillery/resources/compose/barrel/conf/wisski.ini.
client_max_body_size 1000m;

19
internal/component/web/web-https/proxy.conf Normal file
View file

@ -0,0 +1,19 @@
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
# Timeouts for the proxy connection - in sync with the appropriate max_execution time.
proxy_connect_timeout 3000s;
proxy_read_timeout 3000s;
proxy_send_timeout 3000s;

42
internal/component/web/web.go
View file

@ -6,7 +6,9 @@ import (
"github.com/FAU-CDI/wisski-distillery/internal/component" "github.com/FAU-CDI/wisski-distillery/internal/component"
) )
// Web implements the web component // Web implements the ingress gateway for the distillery.
//
// It consists of an nginx docker container and an optional letsencrypt container.
type Web struct { type Web struct {
component.ComponentBase component.ComponentBase
} }
@ -15,24 +17,42 @@ func (Web) Name() string {
return "web" return "web"
} }
//go:embed all:stack
//go:embed web.env
var resources embed.FS
func (web Web) Stack() component.Installable { func (web Web) Stack() component.Installable {
HTTPS_METHOD := "nohttp"
if web.Config.HTTPSEnabled() { if web.Config.HTTPSEnabled() {
HTTPS_METHOD = "redirect" return web.stackHTTPS()
} else {
return web.stackHTTP()
} }
}
//go:embed all:web-https
//go:embed web-https.env
var httpsResources embed.FS
func (web Web) stackHTTPS() component.Installable {
return web.MakeStack(component.Installable{ return web.MakeStack(component.Installable{
Resources: resources, Resources: httpsResources,
ContextPath: "stack", ContextPath: "web-https",
EnvPath: "web.env", EnvPath: "web-https.env",
EnvContext: map[string]string{
"DEFAULT_HOST": web.Config.DefaultDomain,
},
})
}
//go:embed all:web-http
//go:embed web-http.env
var httpResources embed.FS
func (web Web) stackHTTP() component.Installable {
return web.MakeStack(component.Installable{
Resources: httpResources,
ContextPath: "web-http",
EnvPath: "web-http.env",
EnvContext: map[string]string{ EnvContext: map[string]string{
"DEFAULT_HOST": web.Config.DefaultDomain, "DEFAULT_HOST": web.Config.DefaultDomain,
"HTTPS_METHOD": HTTPS_METHOD,
}, },
}) })
} }