extract proxy from app-artcoded

Author: nbittich

.gitignore

@@ -0,0 +1,4 @@
+/data/**
+docker-compose.override.yml
+config/proxy/certbot/**
+*.pem

config/proxy/cloudflare/.gitkeep

@@ -0,0 +1,21 @@
+
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  server_name _;
+  deny all;
+
+  #return 301 https://bittich.be;
+}
+server {
+    listen 443 ssl;
+    server_name _;
+    ssl_certificate /etc/nginx/ssl/self.crt;
+    ssl_certificate_key /etc/nginx/ssl/self.key;
+    include /etc/proxy/options-ssl-nginx.conf;
+    ssl_dhparam /etc/proxy/ssl-dhparams.pem;
+    deny all;
+
+    #return 301 https://bittich.be;
+    
+}

config/proxy/conf.d/00-default.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    server_name auth.bittich.be;
+    location / {
+        return 301 https://$host$request_uri;
+    }    
+}
+server {
+    listen 443 ssl http2;
+    server_name auth.bittich.be;
+    expires -1;
+    add_header Cache-Control "public, no-transform";
+    add_header Pragma public;
+    ssl_certificate /etc/proxy/cloudflare/auth.bittich.be/fullchain.pem;
+    ssl_certificate_key /etc/proxy/cloudflare/auth.bittich.be/privkey.pem;
+    include /etc/proxy/options-ssl-nginx.conf;
+    ssl_dhparam /etc/proxy/ssl-dhparams.pem;
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_pass http://api-gateway;
+    }
+}

config/proxy/conf.d/auth.conf

@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    server_name backoffice.bittich.be;
+    location / {
+        return 301 https://$host$request_uri;
+    }    
+}
+server {
+    listen 443 ssl http2;
+    server_name backoffice.bittich.be;
+    expires -1;
+    add_header Cache-Control "public, no-transform";
+    add_header Pragma public;
+    ssl_certificate /etc/proxy/cloudflare/backoffice.bittich.be/fullchain.pem;
+    ssl_certificate_key /etc/proxy/cloudflare/backoffice.bittich.be/privkey.pem;
+    include /etc/proxy/options-ssl-nginx.conf;
+    ssl_dhparam /etc/proxy/ssl-dhparams.pem;
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_pass http://api-gateway;
+    }
+}

config/proxy/conf.d/backoffice.conf

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    server_name bittich.be;
+    location / {
+        return 301 https://$host$request_uri;
+    }    
+}
+
+server {
+    listen 443 ssl http2;
+    server_name bittich.be;
+    expires -1;
+    add_header Cache-Control "public, no-transform";
+    add_header Pragma public;
+    ssl_certificate /etc/proxy/cloudflare/bittich.be/fullchain.pem;
+    ssl_certificate_key /etc/proxy/cloudflare/bittich.be/privkey.pem;
+    include /etc/proxy/options-ssl-nginx.conf;
+    ssl_dhparam /etc/proxy/ssl-dhparams.pem;
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_pass http://api-gateway;
+    }
+}

config/proxy/conf.d/website.conf

@@ -0,0 +1,23 @@
+server {
+    listen 80;
+    server_name www.bittich.be;
+    location / {
+        return 301 https://bittich.be;
+    }    
+}
+
+
+server {
+    listen 443 ssl http2;
+    server_name www.bittich.be;
+    expires -1;
+    add_header Cache-Control "public, no-transform";
+    add_header Pragma public;
+    ssl_certificate /etc/proxy/cloudflare/www.bittich.be/fullchain.pem;
+    ssl_certificate_key /etc/proxy/cloudflare/www.bittich.be/privkey.pem;
+    include /etc/proxy/options-ssl-nginx.conf;
+    ssl_dhparam /etc/proxy/ssl-dhparams.pem;
+    location / {
+        return 301 https://bittich.be;
+    }
+}

config/proxy/conf.d/www.conf

@@ -0,0 +1,32 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+    client_max_body_size 15M;
+    include /etc/nginx/conf.d/*.conf;
+}

config/proxy/nginx.conf

@@ -0,0 +1,19 @@
+version: '3.4'
+services:
+  proxy:
+      image: nginx:alpine
+      restart: always
+      ports:
+        - "80:80"
+        - "443:443"
+      volumes:
+        - ./config/proxy/cloudflare:/etc/proxy/cloudflare
+        - ./config/proxy/conf.d:/etc/nginx/conf.d
+        - ./config/proxy/nginx.conf:/etc/nginx/nginx.conf
+        - ./data/proxy/ssl:/etc/nginx/ssl
+        - ./config/proxy/certbot/conf:/etc/proxy
+        - ./config/proxy/certbot/www:/var/www/certbot
+  networks:
+      default:
+          external:
+              name: artcoded