From 52260071aff03d0aac6261c0ac5f9b71577fb53f Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 29 Oct 2022 11:29:59 -0500 Subject: [PATCH 01/52] Enable files for testing on reverseproxy branch. --- .../{Dockerfile.disabled => Dockerfile} | 0 Config/ReverseProxy/docker-compose.yml | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+) rename Config/ReverseProxy/{Dockerfile.disabled => Dockerfile} (100%) create mode 100644 Config/ReverseProxy/docker-compose.yml diff --git a/Config/ReverseProxy/Dockerfile.disabled b/Config/ReverseProxy/Dockerfile similarity index 100% rename from Config/ReverseProxy/Dockerfile.disabled rename to Config/ReverseProxy/Dockerfile diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml new file mode 100644 index 0000000..f5ce6e4 --- /dev/null +++ b/Config/ReverseProxy/docker-compose.yml @@ -0,0 +1,20 @@ +# 2022-10-05 Hyperling +# Reverse Proxy +# This is a revised version of the original work here: +# https://phoenixnap.com/kb/docker-nginx-reverse-proxy +# https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ + +version: '2' + +services: + app: + image: nginx + restart: always +# Instead of using a volume, have the config files in . and COPY them to container with DockerFile +# volumes: +# - /opt/Docker/Volumes/ReverseProxy/nginx:/etc/nginx/ + build: ./ + ports: + - 8081:80 + - 8082:443 + From 4264bde00527c116e68a52d53f97f5c0481c5358 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sun, 30 Oct 2022 08:20:23 -0500 Subject: [PATCH 02/52] Clean up files. --- Config/ReverseProxy/Dockerfile | 1 - Config/ReverseProxy/docker-compose.yml | 4 ---- 2 files changed, 5 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 83e0ad4..c49fa53 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -8,4 +8,3 @@ FROM nginx COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/conf.d/* /etc/nginx/conf.d/ - diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index f5ce6e4..ae51f4b 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -10,11 +10,7 @@ services: app: image: nginx restart: always -# Instead of using a volume, have the config files in . and COPY them to container with DockerFile -# volumes: -# - /opt/Docker/Volumes/ReverseProxy/nginx:/etc/nginx/ build: ./ ports: - 8081:80 - 8082:443 - From 167195bc867acca9615bf014eb7af0881723932c Mon Sep 17 00:00:00 2001 From: Hyperling Date: Tue, 4 Jul 2023 09:30:29 -0700 Subject: [PATCH 03/52] Fix permissions. --- bin/install.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 bin/install.sh diff --git a/bin/install.sh b/bin/install.sh old mode 100644 new mode 100755 From c525a89bc7f7467d20d90de45ee4d8f4787f2e0c Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:00:40 -0700 Subject: [PATCH 04/52] Place the docker scripts ahead of local path since the user has likely explicitly called the env file. --- source.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source.env b/source.env index d0bdfb1..a3356c1 100644 --- a/source.env +++ b/source.env @@ -1,3 +1,3 @@ DOCKER_HOME=/opt/Docker DOCKER_PATH=$DOCKER_HOME/bin -PATH=$PATH:$DOCKER_PATH +PATH=$DOCKER_PATH:$PATH From 58bff5a5f5cd97e1f0ac6688757c2474ada03bf4 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:02:32 -0700 Subject: [PATCH 05/52] Ports will be the true ports since this will be a front-end system. --- Config/ReverseProxy/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index ae51f4b..c09b7a6 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -1,6 +1,6 @@ # 2022-10-05 Hyperling # Reverse Proxy -# This is a revised version of the original work here: +# This is a revised version of the original work here: # https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ @@ -12,5 +12,5 @@ services: restart: always build: ./ ports: - - 8081:80 - - 8082:443 + - 80:80 + - 443:443 From 31047f6285f5b6c49e4b2b365cf5017d0c2be1e4 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:02:43 -0700 Subject: [PATCH 06/52] Formatting changes. --- Config/ReverseProxy/Dockerfile | 2 +- Config/ReverseProxy/config/nginx.conf | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index c49fa53..906a171 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -1,5 +1,5 @@ # 2022-10-05 Hyperling -# Move config to nginx container. +# Move config to nginx container. # This is because nginx image does not play well with Volumes. # Nextcloud and MariaDB created files in their folders fine, but nginx stays empty. diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index c8c359b..c3f9e26 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -16,16 +16,16 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; + access_log /var/log/nginx/access.log main; sendfile on; - #tcp_nopush on; + #tcp_nopush on; - keepalive_timeout 65; + keepalive_timeout 65; #gzip on; From 999a8f4ca60e1e9f3ae8548a5017553af4cb9b99 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:09:06 -0700 Subject: [PATCH 07/52] Fill out the example file. --- .../ReverseProxy/config/conf.d/example.conf | 31 +++++++++++++++++++ Config/ReverseProxy/config/conf.d/test.conf | 2 -- 2 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 Config/ReverseProxy/config/conf.d/example.conf delete mode 100644 Config/ReverseProxy/config/conf.d/test.conf diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.conf new file mode 100644 index 0000000..a93c1cc --- /dev/null +++ b/Config/ReverseProxy/config/conf.d/example.conf @@ -0,0 +1,31 @@ +# 2022-10-05 Hyperling +# A dummy test file since true scripts are being kept private. +# This should help anyone understand how the project is being used. + +# Force HTTPS +server { + + listen 80; + server_name example.hyperling.com; + + # Redirect to the proper protocol. + return 301 https://$host$request_uri; + +} + +# Serve website +server { + + listen 443 ssl http2; + server_name example.hyperling.com; + + ssl_certificate /usr/local/etc/letsencrypt/live/example.hyperling.com/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/example.hyperling.com/privkey.pem; + + # Send traffic to upstream server + location / { + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://local_web_server:8317; + } + +} \ No newline at end of file diff --git a/Config/ReverseProxy/config/conf.d/test.conf b/Config/ReverseProxy/config/conf.d/test.conf deleted file mode 100644 index 4b8c2a9..0000000 --- a/Config/ReverseProxy/config/conf.d/test.conf +++ /dev/null @@ -1,2 +0,0 @@ -# 2022-10-05 Hyperling -# Just a dummy test file. From dd5e30115a4f2e996aff9dfae5f75ea4b7b6b29d Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:10:13 -0700 Subject: [PATCH 08/52] Ignore any further configurations which get added to Reverse Proxy. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 964da30..d7ac41d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ Volumes/* # Ignore logs logs/* +# Ignore private reverse proxy configurations. +Config/ReverseProxy/config/cond.d/* \ No newline at end of file From dd8294933b2143866ccfcb30303cd02e728b9fe0 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:11:49 -0700 Subject: [PATCH 09/52] Add newlines to the end. --- .gitignore | 2 +- Config/ReverseProxy/config/conf.d/example.conf | 2 +- Config/ReverseProxy/config/nginx.conf | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d7ac41d..96857da 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,4 @@ Volumes/* logs/* # Ignore private reverse proxy configurations. -Config/ReverseProxy/config/cond.d/* \ No newline at end of file +Config/ReverseProxy/config/cond.d/* diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.conf index a93c1cc..fc18770 100644 --- a/Config/ReverseProxy/config/conf.d/example.conf +++ b/Config/ReverseProxy/config/conf.d/example.conf @@ -28,4 +28,4 @@ server { proxy_pass http://local_web_server:8317; } -} \ No newline at end of file +} diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index c3f9e26..5e56211 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -31,4 +31,3 @@ http { include /etc/nginx/conf.d/*.conf; } - From d0d9ead069d7a33cad336959edd540e1e40b2913 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:36:10 -0700 Subject: [PATCH 10/52] Give more detailed examples. --- .../ReverseProxy/config/conf.d/example.conf | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.conf index fc18770..d8e8487 100644 --- a/Config/ReverseProxy/config/conf.d/example.conf +++ b/Config/ReverseProxy/config/conf.d/example.conf @@ -8,24 +8,42 @@ server { listen 80; server_name example.hyperling.com; - # Redirect to the proper protocol. + # Redirect to a more secure protocol. return 301 https://$host$request_uri; } -# Serve website +# Serve Resource server { listen 443 ssl http2; server_name example.hyperling.com; + # These are only necessary if you are redirecting somewhere internal. If you + # paxx the user to a ssl_certificate /usr/local/etc/letsencrypt/live/example.hyperling.com/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/example.hyperling.com/privkey.pem; # Send traffic to upstream server location / { proxy_set_header X-Forwarded-Proto https; - proxy_pass http://local_web_server:8317; + + ## General format is PROTOCOL://SERVER:PORT. For example: + # + # If using a domain name: + #proxy_pass http://YOUR_SERVER_NAME:8080; + # + # If using an IP address: + #proxy_pass http://192.168.1.80:8080; + # + # If forwarding to an external source: + #proxy_pass https://website.name/URI; + # + # Or alternatively, do it like the force of HTTPS: + #return 301 https://website.name/URI; + + # So this should forward you from 'example.hyperling.com' to a real site: + proxy_pass https://cahlen.org; } } From 8c18f90af9b5d619ccc813171df74a961f811a0c Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:36:23 -0700 Subject: [PATCH 11/52] Eliminate one of the /opt/ hardcodes. --- source.env | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source.env b/source.env index a3356c1..943f711 100644 --- a/source.env +++ b/source.env @@ -1,3 +1,11 @@ -DOCKER_HOME=/opt/Docker +#!/bin/bash +# Converted the env file to a shell script so that $0 can be used. + +DIR=`dirname $0` +if [[ $DIR == \.* ]]; then + DIR=`pwd` +fi + +DOCKER_HOME=$DIR DOCKER_PATH=$DOCKER_HOME/bin PATH=$DOCKER_PATH:$PATH From 5f2268b1e729e20fa1a1d0013c98fc1c522a5f95 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:36:34 -0700 Subject: [PATCH 12/52] Update based on newer instructions. --- bin/install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/install.sh b/bin/install.sh index ec33895..b8aeba7 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -30,7 +30,7 @@ echo "pkgmgr=$pkgmgr" ## Main ## if [[ "$pkgmgr" == "apt" ]]; then - apt purge docker docker-engine docker.io containerd runc + apt purge docker docker-engine docker.io containerd runc podman-docker apt update && apt install -y ca-certificates curl gnupg lsb-release && @@ -40,13 +40,13 @@ if [[ "$pkgmgr" == "apt" ]]; then "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$repo \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && apt update && - apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin && + apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && echo "Success!" && exit 0 elif [[ $pkgmgr == "pacman" ]]; then pacman -Rcns --noconfirm *docker* - + pacman -Sy --noconfirm docker docker-compose && echo "Success!" && exit 0 From c40219691a07f30c388edccad1e67a47a367250b Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:43:48 -0700 Subject: [PATCH 13/52] Show a warning if not using the currently preferred location. --- source.env | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/source.env b/source.env index 943f711..4d6e7c1 100644 --- a/source.env +++ b/source.env @@ -1,11 +1,18 @@ #!/bin/bash -# Converted the env file to a shell script so that $0 can be used. +# 2023-07-05 Converted the env file to a shell script so that $0 can be used. DIR=`dirname $0` if [[ $DIR == \.* ]]; then DIR=`pwd` fi +# Some projects are hard-coded to use /opt/Docker/Volumes so display a notice +# until they are updated to be directory agnostic. Will help with testing! +PREFERRED_HOME="/opt/Docker" +if [[ $DIR != $PREFERRED_HOME ]]; then + echo "WARNING: Preferred home is $PREFERRED_HOME but using $DIR." >&2 +fi + DOCKER_HOME=$DIR DOCKER_PATH=$DOCKER_HOME/bin PATH=$DOCKER_PATH:$PATH From a12fd8dfd00b7b4322d3f3e240e7dddea3a1c6d7 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:45:40 -0700 Subject: [PATCH 14/52] Update comments to not be a changelog. --- source.env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source.env b/source.env index 4d6e7c1..8699855 100644 --- a/source.env +++ b/source.env @@ -1,5 +1,6 @@ #!/bin/bash -# 2023-07-05 Converted the env file to a shell script so that $0 can be used. +# Provide any necessary project variables. +# Script is a shell file so that the paths can be relative. DIR=`dirname $0` if [[ $DIR == \.* ]]; then From fd3a2106917e87463e5176edc48d27d2df8c0d17 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:46:53 -0700 Subject: [PATCH 15/52] Fix typo. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 96857da..c7c9171 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,4 @@ Volumes/* logs/* # Ignore private reverse proxy configurations. -Config/ReverseProxy/config/cond.d/* +Config/ReverseProxy/config/conf.d/* From 6ce636f1d100d001a6350b30dce9e863f0b5ce2b Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 18:59:45 -0700 Subject: [PATCH 16/52] Include files of all names, no longer need a `.conf`. --- Config/ReverseProxy/config/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 5e56211..838c81b 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -29,5 +29,5 @@ http { #gzip on; - include /etc/nginx/conf.d/*.conf; + include /etc/nginx/conf.d/*; } From 67a1f3cd0c6af05a21f65fd9ee4d7c0a609febd2 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 20:02:50 -0700 Subject: [PATCH 17/52] Finish a working example. --- Config/ReverseProxy/Dockerfile | 14 ++++++--- .../ReverseProxy/config/conf.d/example.conf | 30 +++++++++++++------ Config/ReverseProxy/docker-compose.yml | 5 ++-- 3 files changed, 33 insertions(+), 16 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 906a171..c90904b 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -1,10 +1,16 @@ # 2022-10-05 Hyperling -# Move config to nginx container. -# This is because nginx image does not play well with Volumes. -# Nextcloud and MariaDB created files in their folders fine, but nginx stays empty. +# Create the nginx environment for a reverse proxy. +# https://docs.docker.com/engine/reference/builder/ FROM nginx +# Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf - COPY ./config/conf.d/* /etc/nginx/conf.d/ + +# Create "working" certificates for the example configuration file. +RUN mkdir -p /etc/nginx/certs/example.com +RUN openssl req -new -x509 -days 5000 -nodes \ + -out /etc/nginx/certs/example.com/cert.crt \ + -keyout /etc/nginx/certs/example.com/cert.key \ + -subj '/CN=example.com/O=Example/C=XX' diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.conf index d8e8487..b578321 100644 --- a/Config/ReverseProxy/config/conf.d/example.conf +++ b/Config/ReverseProxy/config/conf.d/example.conf @@ -2,11 +2,24 @@ # A dummy test file since true scripts are being kept private. # This should help anyone understand how the project is being used. +## Instructions ## +# Add this without the comment to your /etc/hosts to test that it is working, +# YOUR_DOCKER_SERVER_IP example.com +# If testing locally on a workstation, +# 127.0.0.1 example.com +# Then to test, first start the container, +# cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d +# Then from the system with the modified /etc/hosts, +# curl --insecure example.com +# You should a blip in the log of the container as well as the contents of the +# proxied website in the terminal, NOT example.com. If using a browser then you +# should notice that the URL is still example.com but the website is correct. + # Force HTTPS server { listen 80; - server_name example.hyperling.com; + server_name example.com; # Redirect to a more secure protocol. return 301 https://$host$request_uri; @@ -16,13 +29,12 @@ server { # Serve Resource server { - listen 443 ssl http2; - server_name example.hyperling.com; + listen 443 ssl; + server_name example.com; - # These are only necessary if you are redirecting somewhere internal. If you - # paxx the user to a - ssl_certificate /usr/local/etc/letsencrypt/live/example.hyperling.com/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/example.hyperling.com/privkey.pem; + # The certs being used for the website. + ssl_certificate /etc/nginx/certs/example.com/cert.crt; + ssl_certificate_key /etc/nginx/certs/example.com/cert.key; # Send traffic to upstream server location / { @@ -42,8 +54,8 @@ server { # Or alternatively, do it like the force of HTTPS: #return 301 https://website.name/URI; - # So this should forward you from 'example.hyperling.com' to a real site: - proxy_pass https://cahlen.org; + # This should forward you from 'example.com' to a real site: + proxy_pass https://hyperling.com; } } diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index c09b7a6..79f542d 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -4,13 +4,12 @@ # https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ -version: '2' +version: '3' services: app: - image: nginx + build: . restart: always - build: ./ ports: - 80:80 - 443:443 From bf0e25cfb016f9627065b6c4b9d2c8df0d0b9f99 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 20:36:58 -0700 Subject: [PATCH 18/52] Add file with how to copy the config files to the container. --- Config/ReverseProxy/config/conf.d/README | 1 + 1 file changed, 1 insertion(+) create mode 100644 Config/ReverseProxy/config/conf.d/README diff --git a/Config/ReverseProxy/config/conf.d/README b/Config/ReverseProxy/config/conf.d/README new file mode 100644 index 0000000..72e5eec --- /dev/null +++ b/Config/ReverseProxy/config/conf.d/README @@ -0,0 +1 @@ +Please be sure to run `docker compose build` after making conf.d changes. From bf2bcf78ea01a33c9ad0ea8b0a24c0892e8edc7d Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 20:54:53 -0700 Subject: [PATCH 19/52] Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. --- Config/ReverseProxy/Dockerfile | 2 +- Config/ReverseProxy/config/nginx.conf | 31 +++++++++++++++++--------- Config/ReverseProxy/docker-compose.yml | 18 +++++++++++---- 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index c90904b..8da69da 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -6,7 +6,7 @@ FROM nginx # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf -COPY ./config/conf.d/* /etc/nginx/conf.d/ +COPY ./config/conf.d/*.* /etc/nginx/conf.d/ # Create "working" certificates for the example configuration file. RUN mkdir -p /etc/nginx/certs/example.com diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 838c81b..3ca84e2 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -1,20 +1,20 @@ # 2022-10-05 Hyperling -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; events { - worker_connections 1024; + worker_connections 1024; } + http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' @@ -22,12 +22,21 @@ http { access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; + sendfile on; + #tcp_nopush on; keepalive_timeout 65; - #gzip on; + #gzip on; + ## LetsEncrypt Certbot Setup ## + # Allow nginx to fulfill LetsEncrypt Certbot challenges. + server { + location /.well-known/acme-challenge/ { + root /etc/nginx/certs-letsencrypt; + } + } + + ## Reverse Proxied Website Configurations ## include /etc/nginx/conf.d/*; } diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index 79f542d..f19a990 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -1,8 +1,9 @@ # 2022-10-05 Hyperling -# Reverse Proxy -# This is a revised version of the original work here: +# Reverse Proxy with LetsEncrypt Certbot. +# This is a revised version of these works: # https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ +# https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 version: '3' @@ -11,5 +12,14 @@ services: build: . restart: always ports: - - 80:80 - - 443:443 + - "80:80" + - "443:443" + volumes: + - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt + command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" + certbot: + image: certbot/certbot + volumes: + - ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt + - ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" From 38b6eb718f8f51cca694b45532d85187361410d0 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 21:06:35 -0700 Subject: [PATCH 20/52] Rename example.conf to be the website name. --- Config/ReverseProxy/config/conf.d/{example.conf => example.com} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Config/ReverseProxy/config/conf.d/{example.conf => example.com} (100%) diff --git a/Config/ReverseProxy/config/conf.d/example.conf b/Config/ReverseProxy/config/conf.d/example.com similarity index 100% rename from Config/ReverseProxy/config/conf.d/example.conf rename to Config/ReverseProxy/config/conf.d/example.com From 8fa7adb2d379db83ea31b24c7fbd7d585a7c386e Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 21:14:24 -0700 Subject: [PATCH 21/52] Change comment wording. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index c7c9171..1b50dbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -# Ignore everything in Volumes, it is large and private data. +# Ignore everything in Volumes, it contains large and private data. Volumes/* # Ignore backed up config files. From cea611c81cdb2eb725a8b1ab1d95beb4bb1349d5 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 21:17:14 -0700 Subject: [PATCH 22/52] Create temporary cert process so that nginx can start. Still need to figure out if/how certbot will attempt to renew domains in conf.d. Lowered the cert days in case it checks that. --- Config/ReverseProxy/Dockerfile | 7 ----- Config/ReverseProxy/config/conf.d/example.com | 4 +-- .../ReverseProxy/create_placeholder_certs.sh | 30 +++++++++++++++++++ Config/ReverseProxy/docker-compose.yml | 2 +- 4 files changed, 33 insertions(+), 10 deletions(-) create mode 100755 Config/ReverseProxy/create_placeholder_certs.sh diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 8da69da..7d8d97d 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -7,10 +7,3 @@ FROM nginx # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/conf.d/*.* /etc/nginx/conf.d/ - -# Create "working" certificates for the example configuration file. -RUN mkdir -p /etc/nginx/certs/example.com -RUN openssl req -new -x509 -days 5000 -nodes \ - -out /etc/nginx/certs/example.com/cert.crt \ - -keyout /etc/nginx/certs/example.com/cert.key \ - -subj '/CN=example.com/O=Example/C=XX' diff --git a/Config/ReverseProxy/config/conf.d/example.com b/Config/ReverseProxy/config/conf.d/example.com index b578321..8e3c7d7 100644 --- a/Config/ReverseProxy/config/conf.d/example.com +++ b/Config/ReverseProxy/config/conf.d/example.com @@ -33,8 +33,8 @@ server { server_name example.com; # The certs being used for the website. - ssl_certificate /etc/nginx/certs/example.com/cert.crt; - ssl_certificate_key /etc/nginx/certs/example.com/cert.key; + ssl_certificate /etc/nginx/certs/example.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem; # Send traffic to upstream server location / { diff --git a/Config/ReverseProxy/create_placeholder_certs.sh b/Config/ReverseProxy/create_placeholder_certs.sh new file mode 100755 index 0000000..0c83f54 --- /dev/null +++ b/Config/ReverseProxy/create_placeholder_certs.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Create a fake cert for each file in config/conf.d/. + +DIR=`dirname $0` +if [[ $DIR == \.* ]]; then + DIR=`pwd` +fi + +# Where the files need to live. +CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs +echo "CERT_DIR=$CERT_DIR" + +# Create the directory if it does not exist. +mkdir -pv $DIR/../../Volumes/ReverseProxy/letsencrypt-certs + +# Loop over the proxy configuration files and ensure they have certs. +ls $DIR/config/conf.d/*.* | while read file; do + filename=`basename $file` + echo "Checking $filename:" + if [[ ! -d $CERT_DIR/$filename ]]; then + echo " Creating self-signed certs at $CERT_DIR/$filename." + mkdir -pv $CERT_DIR/$filename + openssl req -new -x509 -days 3 -nodes \ + -out $CERT_DIR/$filename/fullchain.pem \ + -keyout $CERT_DIR/$filename/privkey.pem \ + -subj "/CN=$filename/O=$filename/C=XX" + else + echo " Certs already exist!" + fi +done diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index f19a990..6b97cc1 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -15,7 +15,7 @@ services: - "80:80" - "443:443" volumes: - - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt + - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" certbot: image: certbot/certbot From dbf350607b0ae973d87359dd1418ec32eded6e6e Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:10:41 -0700 Subject: [PATCH 23/52] Add helpful instructions/notes for the Reverse Proxy setup. --- Config/ReverseProxy/README.md | 39 +++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 Config/ReverseProxy/README.md diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md new file mode 100644 index 0000000..2db31b5 --- /dev/null +++ b/Config/ReverseProxy/README.md @@ -0,0 +1,39 @@ +# Setup Instructions +How to first begin using this subproject. +1. Move to this directory. +``` +cd $DOCKER_HOME/Config/ReverseProxy +``` +1. Run the placeholder certificate program. +``` +create_placeholder_certs.sh +``` +1. Build the project. This also needs done any time `./config/conf.d/*` changes. +``` +docker compose build +``` +1. Start the project. +``` +docker compose up -d +``` +1. Verify it started correctly, no configuration file errors. +``` +docker compose logs reverseproxy-app-1 +docker compose logs reverseproxy-certbot-1 +``` + +# Other Commands +## Stop +If you need to halt the project you may use either stop or down. +``` +docker compose stop +docker compose down +``` +## Upgrade +Upgrading the applications should be as easy as this: +``` +docker compose down +docker compose pull +docker compose build +docker compose up -d +``` From 0757cc340cf6b69e6174fc74138c565dc27fad4c Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:13:26 -0700 Subject: [PATCH 24/52] Attempt to fix the numbering. --- Config/ReverseProxy/README.md | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 2db31b5..17afe8c 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -1,39 +1,39 @@ # Setup Instructions How to first begin using this subproject. 1. Move to this directory. -``` -cd $DOCKER_HOME/Config/ReverseProxy -``` + ``` + $ cd $DOCKER_HOME/Config/ReverseProxy + ``` 1. Run the placeholder certificate program. -``` -create_placeholder_certs.sh -``` + ``` + # create_placeholder_certs.sh + ``` 1. Build the project. This also needs done any time `./config/conf.d/*` changes. -``` -docker compose build -``` + ``` + # docker compose build + ``` 1. Start the project. -``` -docker compose up -d -``` + ``` + # docker compose up -d + ``` 1. Verify it started correctly, no configuration file errors. -``` -docker compose logs reverseproxy-app-1 -docker compose logs reverseproxy-certbot-1 -``` + ``` + # docker compose logs reverseproxy-app-1 + # docker compose logs reverseproxy-certbot-1 + ``` # Other Commands ## Stop If you need to halt the project you may use either stop or down. ``` -docker compose stop -docker compose down +# docker compose stop +# docker compose down ``` ## Upgrade -Upgrading the applications should be as easy as this: +Upgrading the containers should be as easy as this: ``` -docker compose down -docker compose pull -docker compose build -docker compose up -d +# docker compose down +# docker compose pull +# docker compose build +# docker compose up -d ``` From 4257654c03c17ab9b46a472f043f1101008dbc0b Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:15:45 -0700 Subject: [PATCH 25/52] Test indenting the bottom code blocks as well. --- Config/ReverseProxy/README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 17afe8c..26c7553 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -1,4 +1,4 @@ -# Setup Instructions +# Initial Setup Instructions How to first begin using this subproject. 1. Move to this directory. ``` @@ -23,17 +23,18 @@ How to first begin using this subproject. ``` # Other Commands +Tasks which will also likely come up while using this subproject. ## Stop -If you need to halt the project you may use either stop or down. -``` -# docker compose stop -# docker compose down -``` +If you need to halt the system you may use either stop or down. + ``` + # docker compose stop + # docker compose down + ``` ## Upgrade Upgrading the containers should be as easy as this: -``` -# docker compose down -# docker compose pull -# docker compose build -# docker compose up -d -``` + ``` + # docker compose down + # docker compose pull + # docker compose build + # docker compose up -d + ``` From 51e29ae2ab381ab1ea5c3e2baaea1e5b13ac4023 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:16:39 -0700 Subject: [PATCH 26/52] Undo indent, made it into a `normal monospaced block`. --- Config/ReverseProxy/README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 26c7553..1ef8394 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -26,15 +26,15 @@ How to first begin using this subproject. Tasks which will also likely come up while using this subproject. ## Stop If you need to halt the system you may use either stop or down. - ``` - # docker compose stop - # docker compose down - ``` +``` +# docker compose stop +# docker compose down +``` ## Upgrade Upgrading the containers should be as easy as this: - ``` - # docker compose down - # docker compose pull - # docker compose build - # docker compose up -d - ``` +``` +# docker compose down +# docker compose pull +# docker compose build +# docker compose up -d +``` From cf73304bfecf7d74dd065c13b112292375ea3be9 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:50:31 -0700 Subject: [PATCH 27/52] Display the files which have been created. --- Config/ReverseProxy/create_placeholder_certs.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Config/ReverseProxy/create_placeholder_certs.sh b/Config/ReverseProxy/create_placeholder_certs.sh index 0c83f54..4335c50 100755 --- a/Config/ReverseProxy/create_placeholder_certs.sh +++ b/Config/ReverseProxy/create_placeholder_certs.sh @@ -16,15 +16,16 @@ mkdir -pv $DIR/../../Volumes/ReverseProxy/letsencrypt-certs # Loop over the proxy configuration files and ensure they have certs. ls $DIR/config/conf.d/*.* | while read file; do filename=`basename $file` - echo "Checking $filename:" + echo "*** Checking $filename ***" if [[ ! -d $CERT_DIR/$filename ]]; then - echo " Creating self-signed certs at $CERT_DIR/$filename." + echo "Creating self-signed certs at $CERT_DIR/$filename." mkdir -pv $CERT_DIR/$filename openssl req -new -x509 -days 3 -nodes \ -out $CERT_DIR/$filename/fullchain.pem \ -keyout $CERT_DIR/$filename/privkey.pem \ -subj "/CN=$filename/O=$filename/C=XX" + ls -lh $CERT_DIR/$filename/* else - echo " Certs already exist!" + echo "Certs already exist!" fi done From 81f8817e960e0bbefb0ca2cf2ac50601b3ce0df5 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:50:46 -0700 Subject: [PATCH 28/52] Remove any existing files before copying the new ones. --- Config/ReverseProxy/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 7d8d97d..b382c04 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -4,6 +4,9 @@ FROM nginx +# Clear old configurations. +RUN rm -rfv /etc/nginx/conf.d/* + # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/conf.d/*.* /etc/nginx/conf.d/ From 95714bc3855bbad84dc874a8320986ee134d3b1a Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:50:58 -0700 Subject: [PATCH 29/52] Add more notes. --- Config/ReverseProxy/README.md | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 1ef8394..e7083c2 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -1,14 +1,16 @@ # Initial Setup Instructions How to first begin using this subproject. -1. Move to this directory. +1. Move to the directory of this README. ``` $ cd $DOCKER_HOME/Config/ReverseProxy ``` +1. Add configuration files to `./config/conf.d/` which are named based on the domains and subdomains they point to. 1. Run the placeholder certificate program. ``` - # create_placeholder_certs.sh + # ./create_placeholder_certs.sh ``` -1. Build the project. This also needs done any time `./config/conf.d/*` changes. +1. Make any personal changes to `./config/nginx.conf`. +1. Build the project. ``` # docker compose build ``` @@ -18,18 +20,20 @@ How to first begin using this subproject. ``` 1. Verify it started correctly, no configuration file errors. ``` - # docker compose logs reverseproxy-app-1 - # docker compose logs reverseproxy-certbot-1 + # docker logs reverseproxy-app-1 + # docker logs reverseproxy-certbot-1 ``` # Other Commands Tasks which will also likely come up while using this subproject. + ## Stop If you need to halt the system you may use either stop or down. ``` # docker compose stop # docker compose down ``` + ## Upgrade Upgrading the containers should be as easy as this: ``` @@ -38,3 +42,17 @@ Upgrading the containers should be as easy as this: # docker compose build # docker compose up -d ``` + +## Update Config +Replace the configuration based on any new, updated, or removed files. +This may be possible to do when the system is up, buyt the best results have come from going down and back up. +This is essentially an upgrade but there is no pull. +``` +# docker compose down +# docker compose build +# docker compose up -d +``` +If you'd like it as a one command: +``` +# docker compose down && docker compose build && docker compose up -d +``` From 3b7b848eb4df7c5ede01a505b59842a0e93b2a89 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:52:14 -0700 Subject: [PATCH 30/52] Fix wording. --- Config/ReverseProxy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index e7083c2..131b6f1 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -52,7 +52,7 @@ This is essentially an upgrade but there is no pull. # docker compose build # docker compose up -d ``` -If you'd like it as a one command: +If you'd like it as a one-line command: ``` # docker compose down && docker compose build && docker compose up -d ``` From 7be7df9b45ccf94b87e1d09499172fc7ca430224 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 06:52:31 -0700 Subject: [PATCH 31/52] File is no longer necessary due to the README.md in the subproject home. --- Config/ReverseProxy/config/conf.d/README | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Config/ReverseProxy/config/conf.d/README diff --git a/Config/ReverseProxy/config/conf.d/README b/Config/ReverseProxy/config/conf.d/README deleted file mode 100644 index 72e5eec..0000000 --- a/Config/ReverseProxy/config/conf.d/README +++ /dev/null @@ -1 +0,0 @@ -Please be sure to run `docker compose build` after making conf.d changes. From 478cce43b54f96c151d4a26c483ae5407c25f229 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Thu, 6 Jul 2023 07:33:17 -0700 Subject: [PATCH 32/52] Create script to get real certificates. Programs are functional but have not tried pointing the production router to the test box yet to see if the challenge will pass. --- Config/ReverseProxy/config/nginx.conf | 2 +- .../ReverseProxy/create_letsencrypt_certs.sh | 73 +++++++++++++++++++ Config/ReverseProxy/docker-compose.yml | 3 +- 3 files changed, 76 insertions(+), 2 deletions(-) create mode 100755 Config/ReverseProxy/create_letsencrypt_certs.sh diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 3ca84e2..67af638 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -33,7 +33,7 @@ http { # Allow nginx to fulfill LetsEncrypt Certbot challenges. server { location /.well-known/acme-challenge/ { - root /etc/nginx/certs-letsencrypt; + root /etc/nginx/letsencrypt; } } diff --git a/Config/ReverseProxy/create_letsencrypt_certs.sh b/Config/ReverseProxy/create_letsencrypt_certs.sh new file mode 100755 index 0000000..339779d --- /dev/null +++ b/Config/ReverseProxy/create_letsencrypt_certs.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# Create a real cert for each file in config/conf.d/. + +DIR=`dirname $0` +if [[ $DIR == \.* ]]; then + DIR=`pwd` +fi + +# Where the files need to live. +CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs +echo "CERT_DIR=$CERT_DIR" + +# Ensure that fake certs were created at some point, or that the system has been run at least once. +if [[ ! -d $DIR/../../Volumes/ReverseProxy/letsencrypt-certs ]]; then + echo "ERROR: Certificate directory does not exist yet. Run the placeholder script first." >&2 + exit 1 +fi + +# The container needs to be running in order to use the certbot command. +certbot_running=`docker ps | grep -c reverseproxy-certbot-1` +if [[ $certbot_running != 1 ]]; then + echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2 + exit 1 +fi + +# Gather information from the user. +echo -n "Please provide the email address you would like the certs bound to: " +read email +if [[ -z $email ]]; then + echo "ERROR: Email address is mandatory. $email" >&2 + exit 1 +fi + +echo -n "Please double check that '$email' looks correct and provide Yes if so: " +typeset -u confirm +read confirm +if [[ $confirm != "Y"* ]]; then + echo "Email address was not confirmed, received '$confirm', aborting." + exit 0 +fi + +# Loop over the proxy configuration files and ensure they have certs. +ls $DIR/config/conf.d/*.* | while read file; do + filename=`basename $file` + + if [[ $filename == "example.com" ]]; then + echo "Skipping $filename since it is only for testing." + continue + fi + + echo "*** Checking $filename ***" + if [[ -d $CERT_DIR/$filename ]]; then + echo "Getting the domains which need the cert." + domains=`grep server_name $file` + + # Clean up the data by removing the directive and semi-colon, changing + # spaces to commas, and making sure there are no gaps. + domains=${domains//server_name/} + domains=${domains//;/} + domains=`echo $domains` + domains=${domains// /,} + echo "Domains='$domains'" + + echo "Attempting to create real certs at $CERT_DIR/$filename." + docker exec reverseproxy-certbot-1 certbot certonly -n --standalone \ + --agree-tos -m $email -d $filename + + ls -lh $CERT_DIR/$filename/* + else + echo "Website's certificate folder does not exist, skipping." + continue + fi +done diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index 6b97cc1..5b30a93 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -15,11 +15,12 @@ services: - "80:80" - "443:443" volumes: + - ../../Volumes/ReverseProxy/letsencrypt:/etc/nginx/letsencrypt - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" certbot: image: certbot/certbot volumes: - - ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt + - ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt - ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" From bf2fd2bb28e35f1c0aa4fc05ffd4c15cbf45bbe9 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 08:18:14 -0700 Subject: [PATCH 33/52] Add comment sections, use CERT_DIR, add exit 0. --- Config/ReverseProxy/create_letsencrypt_certs.sh | 12 +++++++++++- Config/ReverseProxy/create_placeholder_certs.sh | 8 +++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Config/ReverseProxy/create_letsencrypt_certs.sh b/Config/ReverseProxy/create_letsencrypt_certs.sh index 339779d..d0357bb 100755 --- a/Config/ReverseProxy/create_letsencrypt_certs.sh +++ b/Config/ReverseProxy/create_letsencrypt_certs.sh @@ -1,6 +1,8 @@ #!/bin/bash # Create a real cert for each file in config/conf.d/. +## Variables ## + DIR=`dirname $0` if [[ $DIR == \.* ]]; then DIR=`pwd` @@ -10,8 +12,10 @@ fi CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs echo "CERT_DIR=$CERT_DIR" +## Validations ## + # Ensure that fake certs were created at some point, or that the system has been run at least once. -if [[ ! -d $DIR/../../Volumes/ReverseProxy/letsencrypt-certs ]]; then +if [[ ! -d $CERT_DIR ]]; then echo "ERROR: Certificate directory does not exist yet. Run the placeholder script first." >&2 exit 1 fi @@ -23,6 +27,8 @@ if [[ $certbot_running != 1 ]]; then exit 1 fi +## Input ## + # Gather information from the user. echo -n "Please provide the email address you would like the certs bound to: " read email @@ -39,6 +45,8 @@ if [[ $confirm != "Y"* ]]; then exit 0 fi +## Main ## + # Loop over the proxy configuration files and ensure they have certs. ls $DIR/config/conf.d/*.* | while read file; do filename=`basename $file` @@ -71,3 +79,5 @@ ls $DIR/config/conf.d/*.* | while read file; do continue fi done + +exit 0 diff --git a/Config/ReverseProxy/create_placeholder_certs.sh b/Config/ReverseProxy/create_placeholder_certs.sh index 4335c50..fcc14f8 100755 --- a/Config/ReverseProxy/create_placeholder_certs.sh +++ b/Config/ReverseProxy/create_placeholder_certs.sh @@ -1,6 +1,8 @@ #!/bin/bash # Create a fake cert for each file in config/conf.d/. +## Variables ## + DIR=`dirname $0` if [[ $DIR == \.* ]]; then DIR=`pwd` @@ -10,8 +12,10 @@ fi CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs echo "CERT_DIR=$CERT_DIR" +## Main ## + # Create the directory if it does not exist. -mkdir -pv $DIR/../../Volumes/ReverseProxy/letsencrypt-certs +mkdir -pv $CERT_DIR # Loop over the proxy configuration files and ensure they have certs. ls $DIR/config/conf.d/*.* | while read file; do @@ -29,3 +33,5 @@ ls $DIR/config/conf.d/*.* | while read file; do echo "Certs already exist!" fi done + +exit 0 From f55880e0dfaae99a3574ee1b3fb6515be919f993 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 11:31:37 -0700 Subject: [PATCH 34/52] Forward additional headers. --- Config/ReverseProxy/config/conf.d/example.com | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Config/ReverseProxy/config/conf.d/example.com b/Config/ReverseProxy/config/conf.d/example.com index 8e3c7d7..0be463b 100644 --- a/Config/ReverseProxy/config/conf.d/example.com +++ b/Config/ReverseProxy/config/conf.d/example.com @@ -11,7 +11,7 @@ # cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d # Then from the system with the modified /etc/hosts, # curl --insecure example.com -# You should a blip in the log of the container as well as the contents of the +# You should see activity in the container log as well as the contents of the # proxied website in the terminal, NOT example.com. If using a browser then you # should notice that the URL is still example.com but the website is correct. @@ -38,7 +38,10 @@ server { # Send traffic to upstream server location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $proxy_add_x_forwaded_for; ## General format is PROTOCOL://SERVER:PORT. For example: # @@ -51,7 +54,7 @@ server { # If forwarding to an external source: #proxy_pass https://website.name/URI; # - # Or alternatively, do it like the force of HTTPS: + # Or alternatively, do it like the force of HTTPS if not your server. #return 301 https://website.name/URI; # This should forward you from 'example.com' to a real site: From a0d3731e15040b3ff4ebd907ef06e3be38dc2d71 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 11:32:22 -0700 Subject: [PATCH 35/52] Add the mail section for later. Confirmed that docker is compiled with the mail modules. --- Config/ReverseProxy/config/nginx.conf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 67af638..2be958a 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -10,8 +10,6 @@ events { worker_connections 1024; } - - http { include /etc/nginx/mime.types; default_type application/octet-stream; @@ -40,3 +38,9 @@ http { ## Reverse Proxied Website Configurations ## include /etc/nginx/conf.d/*; } + +# TBD, going live with HTTP first. +mail { + ## Reverse Proxied Mail Server Configurations ## + include /etc/nginx/mail.conf.d/*; +} From 3ea2443da444733892d086672a3bd1fe923aca0a Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 11:57:57 -0700 Subject: [PATCH 36/52] Comment the directory which does not exist yet. --- Config/ReverseProxy/config/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 2be958a..640cc50 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -42,5 +42,5 @@ http { # TBD, going live with HTTP first. mail { ## Reverse Proxied Mail Server Configurations ## - include /etc/nginx/mail.conf.d/*; + #include /etc/nginx/mail.conf.d/*; } From 9208295a420b59a74005f209436c8fc919482d1f Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:10:37 -0700 Subject: [PATCH 37/52] Fix typo, change comments, playing with headers. --- Config/ReverseProxy/config/conf.d/example.com | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Config/ReverseProxy/config/conf.d/example.com b/Config/ReverseProxy/config/conf.d/example.com index 0be463b..8e3de1c 100644 --- a/Config/ReverseProxy/config/conf.d/example.com +++ b/Config/ReverseProxy/config/conf.d/example.com @@ -38,10 +38,12 @@ server { # Send traffic to upstream server location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-For $proxy_add_x_forwaded_for; + + # These cause "400 Bad Request Request Header Or Cookie Too Large"? + #proxy_set_header Host $host; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ## General format is PROTOCOL://SERVER:PORT. For example: # @@ -52,10 +54,10 @@ server { #proxy_pass http://192.168.1.80:8080; # # If forwarding to an external source: - #proxy_pass https://website.name/URI; + #proxy_pass https://website.name; # # Or alternatively, do it like the force of HTTPS if not your server. - #return 301 https://website.name/URI; + #return 301 https://website.name/$request_uri; # This should forward you from 'example.com' to a real site: proxy_pass https://hyperling.com; From 62e5cc3ef787bafa53c8b68600f99c4d0a4a37e3 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:26:50 -0700 Subject: [PATCH 38/52] Add a naughty list of things to do. --- Config/ReverseProxy/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 131b6f1..dc02ab7 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -24,6 +24,13 @@ How to first begin using this subproject. # docker logs reverseproxy-certbot-1 ``` +## DO NOT +* Edit any configurations or website data inside the container. It is destroyed on each build + * Instead, modify the files in `./config/` then use the Update Config commands below. +* Install any additional software inside of the container. It will not persist a down and up. + * Instead, add what is needed to the `docker-compose.yml` or `Dockerfile` to be done on each rebuild. + * Alternatively write a script such as `../Nextcloud/fixes.ksh` which is run after every upgrade. + # Other Commands Tasks which will also likely come up while using this subproject. @@ -45,7 +52,7 @@ Upgrading the containers should be as easy as this: ## Update Config Replace the configuration based on any new, updated, or removed files. -This may be possible to do when the system is up, buyt the best results have come from going down and back up. +This may be possible to do when the system is up, but the best results have come from going down and back up. This is essentially an upgrade but there is no pull. ``` # docker compose down From f1a9e174a40eef50b2dbe0d82b51d405f6f48d15 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:27:56 -0700 Subject: [PATCH 39/52] Add an HTML section. --- Config/ReverseProxy/config/html/README.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 Config/ReverseProxy/config/html/README.md diff --git a/Config/ReverseProxy/config/html/README.md b/Config/ReverseProxy/config/html/README.md new file mode 100644 index 0000000..d260707 --- /dev/null +++ b/Config/ReverseProxy/config/html/README.md @@ -0,0 +1,5 @@ +# HTML Sites +If the reverse proxy also serves static HTML sites, the root directories of each can be placed here. +Then in conf.d may add a file which points the domain to the HTML web root, such as `/etc/nginx/html/www.website.name`. + +TODO Create an example file for this, such as `example.html.com`. From a5c15a577a95d21c66fa8506077feadf84aee1a2 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:28:27 -0700 Subject: [PATCH 40/52] Copy the HTML configuration the the container. --- Config/ReverseProxy/Dockerfile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index b382c04..0f1e589 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -5,8 +5,12 @@ FROM nginx # Clear old configurations. -RUN rm -rfv /etc/nginx/conf.d/* - +RUN rm -rfv /etc/nginx/conf.d # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf -COPY ./config/conf.d/*.* /etc/nginx/conf.d/ +COPY ./config/conf.d /etc/nginx/conf.d + +# Clear old sites. +RUN rm -rfv /etc/nginx/html +# Add any static HTML websites. +COPY ./config/html /etc/nginx/html From a122f651ac166c1f998d20ff473b46298b4c679a Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:34:33 -0700 Subject: [PATCH 41/52] Add an HTML example. --- .../config/conf.d/html.example.com | 66 +++++++++++++++++++ .../config/html/html.example.com/index.html | 8 +++ 2 files changed, 74 insertions(+) create mode 100644 Config/ReverseProxy/config/conf.d/html.example.com create mode 100644 Config/ReverseProxy/config/html/html.example.com/index.html diff --git a/Config/ReverseProxy/config/conf.d/html.example.com b/Config/ReverseProxy/config/conf.d/html.example.com new file mode 100644 index 0000000..8e3de1c --- /dev/null +++ b/Config/ReverseProxy/config/conf.d/html.example.com @@ -0,0 +1,66 @@ +# 2022-10-05 Hyperling +# A dummy test file since true scripts are being kept private. +# This should help anyone understand how the project is being used. + +## Instructions ## +# Add this without the comment to your /etc/hosts to test that it is working, +# YOUR_DOCKER_SERVER_IP example.com +# If testing locally on a workstation, +# 127.0.0.1 example.com +# Then to test, first start the container, +# cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d +# Then from the system with the modified /etc/hosts, +# curl --insecure example.com +# You should see activity in the container log as well as the contents of the +# proxied website in the terminal, NOT example.com. If using a browser then you +# should notice that the URL is still example.com but the website is correct. + +# Force HTTPS +server { + + listen 80; + server_name example.com; + + # Redirect to a more secure protocol. + return 301 https://$host$request_uri; + +} + +# Serve Resource +server { + + listen 443 ssl; + server_name example.com; + + # The certs being used for the website. + ssl_certificate /etc/nginx/certs/example.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem; + + # Send traffic to upstream server + location / { + proxy_set_header X-Forwarded-Proto https; + + # These cause "400 Bad Request Request Header Or Cookie Too Large"? + #proxy_set_header Host $host; + #proxy_set_header X-Real-IP $remote_addr; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + ## General format is PROTOCOL://SERVER:PORT. For example: + # + # If using a domain name: + #proxy_pass http://YOUR_SERVER_NAME:8080; + # + # If using an IP address: + #proxy_pass http://192.168.1.80:8080; + # + # If forwarding to an external source: + #proxy_pass https://website.name; + # + # Or alternatively, do it like the force of HTTPS if not your server. + #return 301 https://website.name/$request_uri; + + # This should forward you from 'example.com' to a real site: + proxy_pass https://hyperling.com; + } + +} diff --git a/Config/ReverseProxy/config/html/html.example.com/index.html b/Config/ReverseProxy/config/html/html.example.com/index.html new file mode 100644 index 0000000..d09b5d8 --- /dev/null +++ b/Config/ReverseProxy/config/html/html.example.com/index.html @@ -0,0 +1,8 @@ + +
+ Example HTML Website +
+ +

Welcome to the example HTML website!

+

This means the reverse proxy is successfully serving static HTML content. Yay!

+ From cb51b41fe3948ac46658bb63040b62e51ebd91e2 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:34:54 -0700 Subject: [PATCH 42/52] Rename example.com to proxy.example.com. --- .../conf.d/{example.com => proxy.example.com} | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) rename Config/ReverseProxy/config/conf.d/{example.com => proxy.example.com} (74%) diff --git a/Config/ReverseProxy/config/conf.d/example.com b/Config/ReverseProxy/config/conf.d/proxy.example.com similarity index 74% rename from Config/ReverseProxy/config/conf.d/example.com rename to Config/ReverseProxy/config/conf.d/proxy.example.com index 8e3de1c..f232231 100644 --- a/Config/ReverseProxy/config/conf.d/example.com +++ b/Config/ReverseProxy/config/conf.d/proxy.example.com @@ -4,22 +4,22 @@ ## Instructions ## # Add this without the comment to your /etc/hosts to test that it is working, -# YOUR_DOCKER_SERVER_IP example.com +# YOUR_DOCKER_SERVER_IP proxy.example.com # If testing locally on a workstation, -# 127.0.0.1 example.com +# 127.0.0.1 proxy.example.com # Then to test, first start the container, # cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d # Then from the system with the modified /etc/hosts, -# curl --insecure example.com +# curl --insecure proxy.example.com # You should see activity in the container log as well as the contents of the -# proxied website in the terminal, NOT example.com. If using a browser then you -# should notice that the URL is still example.com but the website is correct. +# proxied website in the terminal, NOT proxy.example.com. If using a browser then you +# should notice that the URL is still proxy.example.com but the website is correct. # Force HTTPS server { listen 80; - server_name example.com; + server_name proxy.example.com; # Redirect to a more secure protocol. return 301 https://$host$request_uri; @@ -30,11 +30,11 @@ server { server { listen 443 ssl; - server_name example.com; + server_name proxy.example.com; # The certs being used for the website. - ssl_certificate /etc/nginx/certs/example.com/fullchain.pem; - ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem; + ssl_certificate /etc/nginx/certs/proxy.example.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/proxy.example.com/privkey.pem; # Send traffic to upstream server location / { @@ -59,7 +59,7 @@ server { # Or alternatively, do it like the force of HTTPS if not your server. #return 301 https://website.name/$request_uri; - # This should forward you from 'example.com' to a real site: + # This should forward you from 'proxy.example.com' to a real site: proxy_pass https://hyperling.com; } From 46c4164636c5be41a26b9f9a318240b623900c72 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:35:12 -0700 Subject: [PATCH 43/52] Take into account anything with example.com as being an example. --- Config/ReverseProxy/create_letsencrypt_certs.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Config/ReverseProxy/create_letsencrypt_certs.sh b/Config/ReverseProxy/create_letsencrypt_certs.sh index d0357bb..ccd99c6 100755 --- a/Config/ReverseProxy/create_letsencrypt_certs.sh +++ b/Config/ReverseProxy/create_letsencrypt_certs.sh @@ -51,8 +51,8 @@ fi ls $DIR/config/conf.d/*.* | while read file; do filename=`basename $file` - if [[ $filename == "example.com" ]]; then - echo "Skipping $filename since it is only for testing." + if [[ $filename == *"example.com"* ]]; then + echo "Skipping $filename since it is only an example." continue fi From 81aa459fdaf0b576d8de11c448481688d90eba3a Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:36:04 -0700 Subject: [PATCH 44/52] Ignore HTML content similar to website configurations. --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1b50dbb..c8a807d 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ Volumes/* logs/* # Ignore private reverse proxy configurations. -Config/ReverseProxy/config/conf.d/* +Config/ReverseProxy/config/conf.d/*.* +Config/ReverseProxy/config/html/*.* From 0f2bd38745a681767540ccab8c03d5109dace69c Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:43:01 -0700 Subject: [PATCH 45/52] Modifying to serve the HTML content. It works, hooray! --- .../config/conf.d/html.example.com | 48 +++++-------------- 1 file changed, 12 insertions(+), 36 deletions(-) diff --git a/Config/ReverseProxy/config/conf.d/html.example.com b/Config/ReverseProxy/config/conf.d/html.example.com index 8e3de1c..80effef 100644 --- a/Config/ReverseProxy/config/conf.d/html.example.com +++ b/Config/ReverseProxy/config/conf.d/html.example.com @@ -1,25 +1,25 @@ -# 2022-10-05 Hyperling +# 2023-07-08 Hyperling # A dummy test file since true scripts are being kept private. # This should help anyone understand how the project is being used. ## Instructions ## # Add this without the comment to your /etc/hosts to test that it is working, -# YOUR_DOCKER_SERVER_IP example.com +# YOUR_DOCKER_SERVER_IP html.example.com # If testing locally on a workstation, -# 127.0.0.1 example.com +# 127.0.0.1 html.example.com # Then to test, first start the container, # cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d # Then from the system with the modified /etc/hosts, -# curl --insecure example.com +# curl --insecure html.example.com # You should see activity in the container log as well as the contents of the -# proxied website in the terminal, NOT example.com. If using a browser then you -# should notice that the URL is still example.com but the website is correct. +# proxied website in the terminal, NOT html.example.com. If using a browser then you +# should notice that the URL is still html.example.com but the website is correct. # Force HTTPS server { listen 80; - server_name example.com; + server_name html.example.com; # Redirect to a more secure protocol. return 301 https://$host$request_uri; @@ -30,37 +30,13 @@ server { server { listen 443 ssl; - server_name example.com; + server_name html.example.com; # The certs being used for the website. - ssl_certificate /etc/nginx/certs/example.com/fullchain.pem; - ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem; + ssl_certificate /etc/nginx/certs/html.example.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/html.example.com/privkey.pem; - # Send traffic to upstream server - location / { - proxy_set_header X-Forwarded-Proto https; - - # These cause "400 Bad Request Request Header Or Cookie Too Large"? - #proxy_set_header Host $host; - #proxy_set_header X-Real-IP $remote_addr; - #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - ## General format is PROTOCOL://SERVER:PORT. For example: - # - # If using a domain name: - #proxy_pass http://YOUR_SERVER_NAME:8080; - # - # If using an IP address: - #proxy_pass http://192.168.1.80:8080; - # - # If forwarding to an external source: - #proxy_pass https://website.name; - # - # Or alternatively, do it like the force of HTTPS if not your server. - #return 301 https://website.name/$request_uri; - - # This should forward you from 'example.com' to a real site: - proxy_pass https://hyperling.com; - } + # Load the static web content. + root /etc/nginx/html/html.example.com; } From 07dcfa2c16f3504616bebcf8b89eb84c131e50a0 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:47:26 -0700 Subject: [PATCH 46/52] Add period. --- Config/ReverseProxy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index dc02ab7..17321f0 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -25,7 +25,7 @@ How to first begin using this subproject. ``` ## DO NOT -* Edit any configurations or website data inside the container. It is destroyed on each build +* Edit any configurations or website data inside the container. It is destroyed on each build. * Instead, modify the files in `./config/` then use the Update Config commands below. * Install any additional software inside of the container. It will not persist a down and up. * Instead, add what is needed to the `docker-compose.yml` or `Dockerfile` to be done on each rebuild. From e95464cf7a12372526102a2e0dbf0ff041b28c63 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:49:26 -0700 Subject: [PATCH 47/52] Remove "you" verbiage. --- Config/ReverseProxy/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 17321f0..0e5d35a 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -35,7 +35,7 @@ How to first begin using this subproject. Tasks which will also likely come up while using this subproject. ## Stop -If you need to halt the system you may use either stop or down. +If the proxy needs turned off either stop or down may be used. ``` # docker compose stop # docker compose down @@ -59,7 +59,7 @@ This is essentially an upgrade but there is no pull. # docker compose build # docker compose up -d ``` -If you'd like it as a one-line command: +If wanted as a one-line command: ``` # docker compose down && docker compose build && docker compose up -d ``` From d5e090981e78580d96a301a81010d37a4a445f1f Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:50:37 -0700 Subject: [PATCH 48/52] Update README now that example exists. --- Config/ReverseProxy/config/html/README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Config/ReverseProxy/config/html/README.md b/Config/ReverseProxy/config/html/README.md index d260707..6fe6249 100644 --- a/Config/ReverseProxy/config/html/README.md +++ b/Config/ReverseProxy/config/html/README.md @@ -1,5 +1,7 @@ # HTML Sites -If the reverse proxy also serves static HTML sites, the root directories of each can be placed here. -Then in conf.d may add a file which points the domain to the HTML web root, such as `/etc/nginx/html/www.website.name`. - -TODO Create an example file for this, such as `example.html.com`. +If the reverse proxy also serves static HTML sites, + the root directories of each can be placed here. +Then in conf.d may add a file which points the domain to the HTML web root, + such as `/etc/nginx/html/www.website.name`. +An example for this exists called `html.example.com`. +It should be fairly easy to recreate for another website. From 571480b3f339f146889e6adf826c38b66b985e45 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 12:51:40 -0700 Subject: [PATCH 49/52] Add explicit path to conf.d, remove tabs. --- Config/ReverseProxy/config/html/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Config/ReverseProxy/config/html/README.md b/Config/ReverseProxy/config/html/README.md index 6fe6249..4cbc027 100644 --- a/Config/ReverseProxy/config/html/README.md +++ b/Config/ReverseProxy/config/html/README.md @@ -1,7 +1,7 @@ # HTML Sites If the reverse proxy also serves static HTML sites, - the root directories of each can be placed here. -Then in conf.d may add a file which points the domain to the HTML web root, - such as `/etc/nginx/html/www.website.name`. + the root directories of each can be placed here. +Then in `../conf.d` add a file which points the domain to the HTML web root, + such as `/etc/nginx/html/www.website.name`. An example for this exists called `html.example.com`. It should be fairly easy to recreate for another website. From 7416971edf7953be01c23aa0b3a09f563b70cc8a Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sat, 8 Jul 2023 13:29:19 -0700 Subject: [PATCH 50/52] Add favicon for example site. --- .../config/html/html.example.com/favicon.ico | Bin 0 -> 5694 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Config/ReverseProxy/config/html/html.example.com/favicon.ico diff --git a/Config/ReverseProxy/config/html/html.example.com/favicon.ico b/Config/ReverseProxy/config/html/html.example.com/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..a48ede5aa39ed9e6b6ea9c6075a767d57dc88667 GIT binary patch literal 5694 zcmeHJXIN9&7F`J)3yL&F6s6iwEC?z#?7e}YVguW=q9XRef(U{Q6?+2}K~#zjEQlf< zk!D1i^cDhykan4QC!+~LftmO3z3l$lv(!Am55G)&R&qjLC;= z!IgYO`|T|njRrcM4jCC4$jZt>PEHQ;^72qnP=KPMB9xSrpscKn4jnq6W5{{D!O&+1~oM`sH>|(Lqh|anwrqk(n9y{-O-~*4`^#^qi4^a z(9zLBuU@^-yLWHs>gu9TpFZf@w=eYc^q{Y=4+8@O7#bSF$jAuB#>VK^uOIsN?~efk z24LX8ffzJs5KK%=FnI7_3>h*6rlzJCI&>(84I75x!-r$Uh!HR|GsDP{BVlfC4hstl zj2blxqeqX%m@#8uX=#bEW5;6LxN#(I<1t~v1WcSb5mr`Km^5h;CQqJ>DO09k>eQ*2 zHfv0=joY}~jJn>KC2=FOY2Wy=<9-MSUqwrzuxlM}XY-;NzS zc3|huop5$`#;#qv;Ns$f-Me>V&z?QlyLT`4?c0a_`}gC(fde>r@E}}WU2*8pAsjw@ z7)OpA!O^2f;pXOsW5j~|DJhX*`8J#pg133z#V!Q0y#Cr_TlsZ*zL`t)g> zIdcYQ&z^;kj}OkBJBRb<&*Q>{3-I;z#l?#kap}?}T)uo6SFT*a)vH%=?bTUm)-Bw=eH(s$e(?AA$DKQOaQE(A+`D%V0RaKHfB!xL0|OBh6ody49w0b4 z7!Myl#G^-#@c8j#goK13G&B@pVPOal566=yPw@2VQ#^b249}lG$BP#)5D^i9$jC^% zeEAZuUcJKW*RS#B%^O5TMd9t+w}_68#=Cd#@c#XK#Kgql!-o%ujg3WITpZ%#g{tO0#fiGXa zAUiu7U%!4uPEHPTb90fGmxuiPd=wNE;M=!vC@d^QQBe_!i;GcGQi9UbQk0dIp}f2t z6%`eztgJ*;RTZkMtHES4QBzX`7K?@2+FI1r)uFz=9&9!n4Gj(8a5!jeYy_9f1&_xA zpU;OtAb?OP1VvG3YHGsozyFRu{`f;e2W0P`_1_l(iV_M*>Lg1jr2YdZDFL^ku7*i! zhLnzIFK5q*N!(-m8X-T+G5En zsp^_o*>3j^ip#C#x0+3&p7!|IGIJee85)_|(n~bO>GGYlj7Hl!Uw-+S$!i6G;#H+R zK592iOJ1Z+mysj$oA^(rxtuJWY!O6RB@LrVj;EexRJQ`aXJ&@F*$&l^6RFE6t7((K ziQ=cL+f%Enk_>rC5bbx+u~_CAp2_^>3WB=qXC6z2YZB`;x}v(_$Y~2~Y(@E7IDh8E zVFnr<<^F`ADQKB3^?Z?C`%@4pPT^ahm1ZL6X|gK1<_k8tdiwlXKc~Ii_HMAAVA5Mn zSytqlyyi%U^Y4lpTBea-m2zv-m>%*ZYI3T^Q`UL-KYvdMoYZe@%$qQO?>&xlMjL67 zYk;PpJ;CW-8j~-bMXDk9$!|0JDw1P4wLx>7uf9qzs`$}Am1PB)F=5x;w=TBOQz0(U zlnoboMHM$n=YU_CaLHjv7dmmio5}qBcjLa*@g&{L=hl_yeSCA*>tBo~ld3=z_|IrE{iIRg~8H0tW2 zVoHBe{}ZAiH}t?%ZCMiGp3{#+6mca1q#AM_xr|j4neR3IxA5GCpRIqF6ja8XTC7h} zB%?lN$Ad3yiIk9)?zi5wBQdWsc=hEZX0vA!6QT!UZQ89hCdx#tv#G9k29aN@>pnAb68vIihfazWl4cY zHrOq9@`=c zrWVz=k^JvC6u-Wdkq{l7m|e~mG^bg}Wfgx(O-aisum6RZS~@`S8yy|R5#_Mizl>8#z~gdx0%4Pss2G5pktIPE4R;BgScb$_Wa9^n z*qG>)7;IowSJ$xrdV*6zF1x0xs)j8+C57DD(ytlmj6!B(n}zwq3t=O(h>@1YD5_}| zCAs;Q9Qoiu*at?Hq+y!9mVP4RGbc7YFz{)7E>prFq&AWQPwsJXy%Nb_@}$LodFI#V zM%_5FYnQuUOn%*uCM30)8R~97Y3#g>zHjox75|H>XoIv-+)d{NUwX>~K04?5M6c5&R~X^9JqxM zho|=-q}$PSyLx-9~Q@&K8rKpd$Lj{N9AL6^-mKCbvb+1WQ==`Tmv>oyc2;#<<-f5)u|v z#h$j&S0MI{?R^ug+wN{*9pk~y(W-Qsy!O3w z>7g0DKzQ;tDpiEZV@o(ZYvqF!pv@)|?dNeFc@`@&8=fCt?GDK5z$P%xY`Rx_3u%R^N zp|{KCogM*+#cXk)2<0XR9I&&pvO5rvTqeHNPr3X4laOm_WT0Qbv!nu+gqxcLbphhz3tXe+mruaIV11% K|E&Mx2>csYwr6Sp literal 0 HcmV?d00001 From db8413a9deaaefa83097108ab2bd1e7bf89025eb Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sun, 9 Jul 2023 06:36:37 -0700 Subject: [PATCH 51/52] Add a TBD for stream{}. --- Config/ReverseProxy/config/nginx.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 640cc50..f74fe5b 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -44,3 +44,12 @@ mail { ## Reverse Proxied Mail Server Configurations ## #include /etc/nginx/mail.conf.d/*; } + +# TBD, going live with HTTP first. +stream { + ## Service Forwarding and Load Balancing ## + # If this supports the `listen` and `server_name` directives then this may + # be a better choice than mail{} since it will not require an auth server. + # It could also be useful as a frontend for ssh, databases, APIs, etc. + #include /etc/nginx/load.conf.d/*; +} From e5688f4f3c91280f1f7da6bc3fe0f188d53f83bf Mon Sep 17 00:00:00 2001 From: Hyperling Date: Sun, 9 Jul 2023 06:36:58 -0700 Subject: [PATCH 52/52] Remove README files from container. Add comment headers. --- Config/ReverseProxy/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 0f1e589..17da52d 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -4,13 +4,17 @@ FROM nginx +## Configuration Files ## # Clear old configurations. RUN rm -rfv /etc/nginx/conf.d # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/conf.d /etc/nginx/conf.d +RUN rm -rfv /etc/nginx/nginx.conf/README* +## Hosted Sites ## # Clear old sites. RUN rm -rfv /etc/nginx/html # Add any static HTML websites. COPY ./config/html /etc/nginx/html +RUN rm -rfv /etc/nginx/html/README*