moved sites-availabe to conf.d (Alpine default).

Dockerfile

@@ -2,12 +2,9 @@ FROM nginx:alpine
 
 MAINTAINER Tomi Cvetic <tomi@slurm.ch>
 
-#COPY sites-available /etc/nginx/sites-available
-#COPY sites-enabled /etc/nginx/sites-enabled
-
 COPY keys /etc/ssl/private
 
-VOLUME ["/etc/nginx/sites-available", "/etc/nginx/sites-enabled"]
+VOLUME ["/etc/nginx/conf.d"]
 
 EXPOSE 80
 

conf.d/proxy.conf

@@ -0,0 +1,146 @@
+# Proxy configuration
+#
+# Redirect http to https
+server {
+	listen 80;
+	listen [::]:80;
+	return 301 https://$host$request_uri;
+}
+
+# Default server
+server {
+	listen 443 		default_server ssl;
+	listen [::]:443 	default_server ssl;
+
+	server_name		_;
+
+	# SSL configuration
+	#
+	ssl_certificate		/etc/ssl/private/slurm.ch.chained.crt;
+	ssl_certificate_key	/etc/ssl/private/slurm.ch.key;
+	
+	ssl on;
+	ssl_session_cache	builtin:1000	shared:SSL:10m;
+	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers 		'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+	ssl_prefer_server_ciphers on;
+
+	ssl_dhparam		/etc/ssl/private/dhparams.pem;
+
+	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
+
+        gzip on;
+        gzip_proxied any;
+        gzip_types
+          text/css
+          text/javascript
+          text/xml
+          text/plain
+          application/javascript
+          application/x-javascript
+          application/json;
+}
+
+
+# Apache section
+server {
+	listen 443;
+	listen [::]:443;
+
+	server_name ~^(?<site_id>.+)?\.?slurm\.ch$;
+
+	location / {
+		proxy_pass		http://localhost:8000;
+		proxy_redirect		off;
+		proxy_read_timeout	90;
+		proxy_set_header	Host $host;
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Host $server_name;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+	}
+}
+
+
+# Gogs section
+server {
+	listen 443;
+	listen [::]:443;
+
+	server_name git.slurm.ch;
+
+	location / {
+		proxy_pass		http://localhost:10080;
+		proxy_redirect		off;
+		proxy_read_timeout	90;
+		proxy_set_header	Host $host;
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Host $server_name;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+	}
+}
+
+
+# Docker section
+server {
+	listen 443;
+	listen [::]:443;
+
+	server_name docker.slurm.ch;
+
+	location / {
+		proxy_pass		http://localhost:8080;
+		proxy_redirect		off;
+		proxy_read_timeout	90;
+		proxy_set_header	Host $host;
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Host $server_name;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+	}
+}
+
+
+# SZTM section
+server {
+	listen 443;
+	listen [::]:443;
+
+	server_name sztm.slurm.ch;
+
+	location / {
+		proxy_pass		http://localhost:18080;
+		proxy_redirect		off;
+		proxy_read_timeout	90;
+		proxy_set_header	Host $host;
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Host $server_name;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+	}
+	location /api {
+		proxy_pass		http://localhost:13002;
+		proxy_redirect		off;
+		proxy_read_timeout	90;
+		proxy_set_header	Host $host;
+		proxy_set_header	X-Real-IP $remote_addr;
+		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header	X-Forwarded-Host $server_name;
+		proxy_set_header	X-Forwarded-Proto $scheme;
+
+                rewrite ^/api/?(.*) /$1 break;
+	}
+
+        gzip on;
+        gzip_proxied any;
+        gzip_types
+          text/css
+          text/javascript
+          text/xml
+          text/plain
+          application/javascript
+          application/x-javascript
+          application/json;
+}
+

docker-compose.yml

@@ -5,8 +5,7 @@ services:
                 container_name: docker-proxy
                 build: .
                 volumes:
-                        - "./sites-available:/etc/nginx/sites-available"
-                        - "./sites-enabled:/etc/nginx/sites-enabled"
+                        - "./conf.d:/etc/nginx/conf.d"
                 ports:
                         - "80:80"
                         - "443:443"

sites-available/proxy

@@ -1,90 +0,0 @@
-# Proxy configuration
-#
-# Redirect http to https
-server {
-        listen 80;
-        listen [::]:80;
-        return 301 https://$host$request_uri;
-}
-
-# Default server
-server {
-        listen 443              default_server ssl;
-        listen [::]:443         default_server ssl;
-
-        server_name             _;
-
-        # SSL configuration
-        #
-        ssl_certificate         /etc/ssl/private/slurm.ch.chained.crt;
-        ssl_certificate_key     /etc/ssl/private/slurm.ch.key;
-
-        ssl on;
-        ssl_session_cache       builtin:1000    shared:SSL:10m;
-        ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers             'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128$
-        ssl_prefer_server_ciphers on;
-
-        ssl_dhparam             /etc/ssl/private/dhparams.pem;
-
-        add_header Strict-Transport-Security "max-age=63072000; includeSubdomai$
-}
-
-# Apache section
-server {
-        listen 443;
-        listen [::]:443;
-
-        server_name ~^(?<site_id>.+)?\.?slurm\.ch$;
-
-        location / {
-                proxy_pass              http://localhost:8000;
-                proxy_redirect          off;
-                proxy_read_timeout      90;
-                proxy_set_header        Host $host;
-                proxy_set_header        X-Real-IP $remote_addr;
-                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
-                proxy_set_header        X-Forwarded-Host $server_name;
-                proxy_set_header        X-Forwarded-Proto $scheme;
-        }
-}
-
-
-# Gogs section
-server {
-        listen 443;
-        listen [::]:443;
-
-        server_name git.slurm.ch;
-
-        location / {
-                proxy_pass              http://localhost:10080;
-                proxy_redirect          off;
-                proxy_read_timeout      90;
-                proxy_set_header        Host $host;
-                proxy_set_header        X-Real-IP $remote_addr;
-                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
-                proxy_set_header        X-Forwarded-Host $server_name;
-                proxy_set_header        X-Forwarded-Proto $scheme;
-        }
-}
-
-# Docker section
-server {
-        listen 443;
-        listen [::]:443;
-
-        server_name docker.slurm.ch;
-
-        location / {
-                proxy_pass              http://localhost:5000;
-                proxy_redirect          off;
-                proxy_read_timeout      90;
-                proxy_set_header        Host $host;
-                proxy_set_header        X-Real-IP $remote_addr;
-                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
-                proxy_set_header        X-Forwarded-Host $server_name;
-                proxy_set_header        X-Forwarded-Proto $scheme;
-        }
-}
-

sites-enabled/proxy

@@ -1 +0,0 @@
-../sites-available/proxy