Initial checkin. Working, but without any sites.

.gitignore

@@ -0,0 +1 @@
+keys

Dockerfile

@@ -0,0 +1,14 @@
+FROM nginx:alpine
+
+MAINTAINER Tomi Cvetic <tomi@slurm.ch>
+
+#COPY sites-available /etc/nginx/sites-available
+#COPY sites-enabled /etc/nginx/sites-enabled
+
+COPY keys /etc/ssl/private
+
+VOLUME ["/etc/nginx/sites-available", "/etc/nginx/sites-enabled"]
+
+EXPOSE 80
+
+

docker-compose.yml

@@ -0,0 +1,12 @@
+version: "2"
+
+services:
+        proxy:
+                container_name: docker-proxy
+                build: .
+                volumes:
+                        - "./sites-available:/etc/nginx/sites-available"
+                        - "./sites-enabled:/etc/nginx/sites-enabled"
+                ports:
+                        - "80:80"
+                        - "443:443"

sites-available/proxy

@@ -0,0 +1,90 @@
+# Proxy configuration
+#
+# Redirect http to https
+server {
+        listen 80;
+        listen [::]:80;
+        return 301 https://$host$request_uri;
+}
+
+# Default server
+server {
+        listen 443              default_server ssl;
+        listen [::]:443         default_server ssl;
+
+        server_name             _;
+
+        # SSL configuration
+        #
+        ssl_certificate         /etc/ssl/private/slurm.ch.chained.crt;
+        ssl_certificate_key     /etc/ssl/private/slurm.ch.key;
+
+        ssl on;
+        ssl_session_cache       builtin:1000    shared:SSL:10m;
+        ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers             'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128$
+        ssl_prefer_server_ciphers on;
+
+        ssl_dhparam             /etc/ssl/private/dhparams.pem;
+
+        add_header Strict-Transport-Security "max-age=63072000; includeSubdomai$
+}
+
+# Apache section
+server {
+        listen 443;
+        listen [::]:443;
+
+        server_name ~^(?<site_id>.+)?\.?slurm\.ch$;
+
+        location / {
+                proxy_pass              http://localhost:8000;
+                proxy_redirect          off;
+                proxy_read_timeout      90;
+                proxy_set_header        Host $host;
+                proxy_set_header        X-Real-IP $remote_addr;
+                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
+                proxy_set_header        X-Forwarded-Host $server_name;
+                proxy_set_header        X-Forwarded-Proto $scheme;
+        }
+}
+
+
+# Gogs section
+server {
+        listen 443;
+        listen [::]:443;
+
+        server_name git.slurm.ch;
+
+        location / {
+                proxy_pass              http://localhost:10080;
+                proxy_redirect          off;
+                proxy_read_timeout      90;
+                proxy_set_header        Host $host;
+                proxy_set_header        X-Real-IP $remote_addr;
+                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
+                proxy_set_header        X-Forwarded-Host $server_name;
+                proxy_set_header        X-Forwarded-Proto $scheme;
+        }
+}
+
+# Docker section
+server {
+        listen 443;
+        listen [::]:443;
+
+        server_name docker.slurm.ch;
+
+        location / {
+                proxy_pass              http://localhost:5000;
+                proxy_redirect          off;
+                proxy_read_timeout      90;
+                proxy_set_header        Host $host;
+                proxy_set_header        X-Real-IP $remote_addr;
+                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
+                proxy_set_header        X-Forwarded-Host $server_name;
+                proxy_set_header        X-Forwarded-Proto $scheme;
+        }
+}
+

sites-enabled/proxy

@@ -0,0 +1 @@
+../sites-available/proxy