Merge pull request #2041 from SkynetLabs/nginx-docker-improvements
Nginx docker improvements
This commit is contained in:
commit
5d33b79f69
|
@ -14,6 +14,7 @@ jobs:
|
||||||
matrix:
|
matrix:
|
||||||
dockerfile:
|
dockerfile:
|
||||||
- docker/nginx/Dockerfile
|
- docker/nginx/Dockerfile
|
||||||
|
- docker/nginx/testing/Dockerfile
|
||||||
- docker/sia/Dockerfile
|
- docker/sia/Dockerfile
|
||||||
- packages/dashboard/Dockerfile
|
- packages/dashboard/Dockerfile
|
||||||
- packages/dashboard-v2/Dockerfile
|
- packages/dashboard-v2/Dockerfile
|
||||||
|
|
|
@ -54,9 +54,11 @@ services:
|
||||||
- ./docker/data/certbot:/etc/letsencrypt
|
- ./docker/data/certbot:/etc/letsencrypt
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
build:
|
# uncomment "build" and comment out "image" to build from sources
|
||||||
context: ./docker/nginx
|
# build:
|
||||||
dockerfile: Dockerfile
|
# context: https://github.com/SkynetLabs/skynet-webportal.git#master
|
||||||
|
# dockerfile: ./docker/nginx/Dockerfile
|
||||||
|
image: skynetlabs/nginx
|
||||||
container_name: nginx
|
container_name: nginx
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
logging: *default-logging
|
logging: *default-logging
|
||||||
|
@ -69,6 +71,10 @@ services:
|
||||||
- ./docker/data/nginx/skynet:/data/nginx/skynet:ro
|
- ./docker/data/nginx/skynet:/data/nginx/skynet:ro
|
||||||
- ./docker/data/sia/apipassword:/data/sia/apipassword:ro
|
- ./docker/data/sia/apipassword:/data/sia/apipassword:ro
|
||||||
- ./docker/data/certbot:/etc/letsencrypt
|
- ./docker/data/certbot:/etc/letsencrypt
|
||||||
|
- ./docker/nginx/libs:/etc/nginx/libs
|
||||||
|
- ./docker/nginx/conf.d:/etc/nginx/conf.d
|
||||||
|
- ./docker/nginx/conf.d.templates:/etc/nginx/templates
|
||||||
|
- ./docker/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
|
||||||
networks:
|
networks:
|
||||||
shared:
|
shared:
|
||||||
ipv4_address: 10.10.10.30
|
ipv4_address: 10.10.10.30
|
||||||
|
|
|
@ -2,25 +2,20 @@ FROM openresty/openresty:1.19.9.1-focal
|
||||||
|
|
||||||
WORKDIR /
|
WORKDIR /
|
||||||
|
|
||||||
RUN luarocks install lua-resty-http && \
|
RUN apt-get update && apt-get --no-install-recommends -y install bc=1.07.1-2build1 && \
|
||||||
luarocks install hasher && \
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
||||||
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
|
luarocks install lua-resty-http && \
|
||||||
-subj '/CN=local-certificate' \
|
luarocks install hasher
|
||||||
-keyout /etc/ssl/local-certificate.key \
|
|
||||||
-out /etc/ssl/local-certificate.crt
|
|
||||||
|
|
||||||
COPY mo ./
|
# reload nginx every 6 hours (for reloading certificates)
|
||||||
COPY libs /etc/nginx/libs
|
ENV NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS 6
|
||||||
COPY conf.d /etc/nginx/conf.d
|
|
||||||
COPY conf.d.templates /etc/nginx/conf.d.templates
|
|
||||||
COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
|
|
||||||
|
|
||||||
CMD [ "bash", "-c", \
|
# copy entrypoint and entrypoint scripts
|
||||||
"./mo < /etc/nginx/conf.d.templates/server.account.conf > /etc/nginx/conf.d/server.account.conf ; \
|
COPY docker/nginx/docker-entrypoint.sh /
|
||||||
./mo < /etc/nginx/conf.d.templates/server.api.conf > /etc/nginx/conf.d/server.api.conf; \
|
COPY docker/nginx/docker-entrypoint.d /docker-entrypoint.d
|
||||||
./mo < /etc/nginx/conf.d.templates/server.dnslink.conf > /etc/nginx/conf.d/server.dnslink.conf; \
|
|
||||||
./mo < /etc/nginx/conf.d.templates/server.hns.conf > /etc/nginx/conf.d/server.hns.conf; \
|
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||||
./mo < /etc/nginx/conf.d.templates/server.skylink.conf > /etc/nginx/conf.d/server.skylink.conf ; \
|
|
||||||
while :; do sleep 6h & wait ${!}; /usr/local/openresty/bin/openresty -s reload; done & \
|
STOPSIGNAL SIGQUIT
|
||||||
/usr/local/openresty/bin/openresty '-g daemon off;'" \
|
|
||||||
]
|
CMD ["nginx", "-g", "daemon off;"]
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
{{#ACCOUNTS_ENABLED}}
|
|
||||||
{{#PORTAL_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name account.{{PORTAL_DOMAIN}}; # example: account.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name account.{{PORTAL_DOMAIN}}; # example: account.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain {
|
|
||||||
-- fall back to portal domain if server domain is not defined
|
|
||||||
if "{{SERVER_DOMAIN}}" == "" then
|
|
||||||
return "{{PORTAL_DOMAIN}}"
|
|
||||||
end
|
|
||||||
return "{{SERVER_DOMAIN}}"
|
|
||||||
}
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.account;
|
|
||||||
}
|
|
||||||
{{/PORTAL_DOMAIN}}
|
|
||||||
|
|
||||||
{{#SERVER_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name account.{{SERVER_DOMAIN}}; # example: account.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name account.{{SERVER_DOMAIN}}; # example: account.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.account;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
{{/SERVER_DOMAIN}}
|
|
||||||
{{/ACCOUNTS_ENABLED}}
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
server_name account.${PORTAL_DOMAIN}; # example: account.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name account.${PORTAL_DOMAIN}; # example: account.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
|
||||||
|
set_by_lua_block $skynet_server_domain {
|
||||||
|
-- fall back to portal domain if server domain is not defined
|
||||||
|
if "${SERVER_DOMAIN}" == "" then
|
||||||
|
return "${PORTAL_DOMAIN}"
|
||||||
|
end
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.account;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name account.${SERVER_DOMAIN}; # example: account.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name account.${SERVER_DOMAIN}; # example: account.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain {
|
||||||
|
-- when accessing portal directly through server domain, portal domain should be set to server domain
|
||||||
|
-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
|
||||||
|
-- portal address and it should be server domain when accessing specific server by its domain address
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.account;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
|
@ -1,43 +0,0 @@
|
||||||
{{#PORTAL_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name {{PORTAL_DOMAIN}}; # example: siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name {{PORTAL_DOMAIN}}; # example: siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain {
|
|
||||||
-- fall back to portal domain if server domain is not defined
|
|
||||||
if "{{SERVER_DOMAIN}}" == "" then
|
|
||||||
return "{{PORTAL_DOMAIN}}"
|
|
||||||
end
|
|
||||||
return "{{SERVER_DOMAIN}}"
|
|
||||||
}
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.api;
|
|
||||||
}
|
|
||||||
{{/PORTAL_DOMAIN}}
|
|
||||||
|
|
||||||
{{#SERVER_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name {{SERVER_DOMAIN}}; # example: eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name {{SERVER_DOMAIN}}; # example: eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.api;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
{{/SERVER_DOMAIN}}
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
server_name ${PORTAL_DOMAIN}; # example: siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ${PORTAL_DOMAIN}; # example: siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
|
||||||
|
set_by_lua_block $skynet_server_domain {
|
||||||
|
-- fall back to portal domain if server domain is not defined
|
||||||
|
if "${SERVER_DOMAIN}" == "" then
|
||||||
|
return "${PORTAL_DOMAIN}"
|
||||||
|
end
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.api;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ${SERVER_DOMAIN}; # example: eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ${SERVER_DOMAIN}; # example: eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain {
|
||||||
|
-- when accessing portal directly through server domain, portal domain should be set to server domain
|
||||||
|
-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
|
||||||
|
-- portal address and it should be server domain when accessing specific server by its domain address
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.api;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
|
@ -12,13 +12,13 @@ server {
|
||||||
ssl_certificate /etc/ssl/local-certificate.crt;
|
ssl_certificate /etc/ssl/local-certificate.crt;
|
||||||
ssl_certificate_key /etc/ssl/local-certificate.key;
|
ssl_certificate_key /etc/ssl/local-certificate.key;
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
|
||||||
set_by_lua_block $skynet_server_domain {
|
set_by_lua_block $skynet_server_domain {
|
||||||
-- fall back to portal domain if server domain is not defined
|
-- fall back to portal domain if server domain is not defined
|
||||||
if "{{SERVER_DOMAIN}}" == "" then
|
if "${SERVER_DOMAIN}" == "" then
|
||||||
return "{{PORTAL_DOMAIN}}"
|
return "${PORTAL_DOMAIN}"
|
||||||
end
|
end
|
||||||
return "{{SERVER_DOMAIN}}"
|
return "${SERVER_DOMAIN}"
|
||||||
}
|
}
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.dnslink;
|
include /etc/nginx/conf.d/server/server.dnslink;
|
|
@ -1,45 +0,0 @@
|
||||||
{{#PORTAL_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name *.hns.{{PORTAL_DOMAIN}}; # example: *.hns.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name *.hns.{{PORTAL_DOMAIN}}; # example: *.hns.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain {
|
|
||||||
-- fall back to portal domain if server domain is not defined
|
|
||||||
if "{{SERVER_DOMAIN}}" == "" then
|
|
||||||
return "{{PORTAL_DOMAIN}}"
|
|
||||||
end
|
|
||||||
return "{{SERVER_DOMAIN}}"
|
|
||||||
}
|
|
||||||
|
|
||||||
proxy_set_header Host {{PORTAL_DOMAIN}};
|
|
||||||
include /etc/nginx/conf.d/server/server.hns;
|
|
||||||
}
|
|
||||||
{{/PORTAL_DOMAIN}}
|
|
||||||
|
|
||||||
{{#SERVER_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name *.hns.{{SERVER_DOMAIN}}; # example: *.hns.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name *.hns.{{SERVER_DOMAIN}}; # example: *.hns.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
|
|
||||||
proxy_set_header Host {{SERVER_DOMAIN}};
|
|
||||||
include /etc/nginx/conf.d/server/server.hns;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
{{/SERVER_DOMAIN}}
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
server {
|
||||||
|
server_name *.hns.${PORTAL_DOMAIN}; # example: *.hns.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.hns.${PORTAL_DOMAIN}; # example: *.hns.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
|
||||||
|
set_by_lua_block $skynet_server_domain {
|
||||||
|
-- fall back to portal domain if server domain is not defined
|
||||||
|
if "${SERVER_DOMAIN}" == "" then
|
||||||
|
return "${PORTAL_DOMAIN}"
|
||||||
|
end
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy_set_header Host ${PORTAL_DOMAIN};
|
||||||
|
include /etc/nginx/conf.d/server/server.hns;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.hns.${SERVER_DOMAIN}; # example: *.hns.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.hns.${SERVER_DOMAIN}; # example: *.hns.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain {
|
||||||
|
-- when accessing portal directly through server domain, portal domain should be set to server domain
|
||||||
|
-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
|
||||||
|
-- portal address and it should be server domain when accessing specific server by its domain address
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
|
||||||
|
|
||||||
|
proxy_set_header Host ${SERVER_DOMAIN};
|
||||||
|
include /etc/nginx/conf.d/server/server.hns;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
|
@ -1,43 +0,0 @@
|
||||||
{{#PORTAL_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name *.{{PORTAL_DOMAIN}}; # example: *.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name *.{{PORTAL_DOMAIN}}; # example: *.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain {
|
|
||||||
-- fall back to portal domain if server domain is not defined
|
|
||||||
if "{{SERVER_DOMAIN}}" == "" then
|
|
||||||
return "{{PORTAL_DOMAIN}}"
|
|
||||||
end
|
|
||||||
return "{{SERVER_DOMAIN}}"
|
|
||||||
}
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.skylink;
|
|
||||||
}
|
|
||||||
{{/PORTAL_DOMAIN}}
|
|
||||||
|
|
||||||
{{#SERVER_DOMAIN}}
|
|
||||||
server {
|
|
||||||
server_name *.{{SERVER_DOMAIN}}; # example: *.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.http;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name *.{{SERVER_DOMAIN}}; # example: *.eu-ger-1.siasky.net
|
|
||||||
|
|
||||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.skylink;
|
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
|
||||||
}
|
|
||||||
{{/SERVER_DOMAIN}}
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
server {
|
||||||
|
server_name *.${PORTAL_DOMAIN}; # example: *.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.${PORTAL_DOMAIN}; # example: *.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "${PORTAL_DOMAIN}" }
|
||||||
|
set_by_lua_block $skynet_server_domain {
|
||||||
|
-- fall back to portal domain if server domain is not defined
|
||||||
|
if "${SERVER_DOMAIN}" == "" then
|
||||||
|
return "${PORTAL_DOMAIN}"
|
||||||
|
end
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.skylink;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.${SERVER_DOMAIN}; # example: *.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.http;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name *.${SERVER_DOMAIN}; # example: *.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain {
|
||||||
|
-- when accessing portal directly through server domain, portal domain should be set to server domain
|
||||||
|
-- motivation: skynet-js uses Skynet-Portal-Api header (that is set to $skynet_portal_domain) to detect current
|
||||||
|
-- portal address and it should be server domain when accessing specific server by its domain address
|
||||||
|
return "${SERVER_DOMAIN}"
|
||||||
|
}
|
||||||
|
set_by_lua_block $skynet_server_domain { return "${SERVER_DOMAIN}" }
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/server/server.skylink;
|
||||||
|
|
||||||
|
set_by_lua_block $server_alias { return string.match("${SERVER_DOMAIN}", "^([^.]+)") }
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/20-envsubst-on-templates.sh
|
||||||
|
# https://github.com/nginxinc/docker-nginx/blob/master/LICENSE
|
||||||
|
|
||||||
|
# Copyright (C) 2011-2016 Nginx, Inc.
|
||||||
|
# All rights reserved.
|
||||||
|
|
||||||
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
# modification, are permitted provided that the following conditions
|
||||||
|
# are met:
|
||||||
|
# 1. Redistributions of source code must retain the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer.
|
||||||
|
# 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer in the
|
||||||
|
# documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||||
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
# SUCH DAMAGE.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
ME=$(basename $0)
|
||||||
|
|
||||||
|
auto_envsubst() {
|
||||||
|
local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}"
|
||||||
|
local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}"
|
||||||
|
local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}"
|
||||||
|
|
||||||
|
local template defined_envs relative_path output_path subdir
|
||||||
|
defined_envs=$(printf '${%s} ' $(env | cut -d= -f1))
|
||||||
|
[ -d "$template_dir" ] || return 0
|
||||||
|
if [ ! -w "$output_dir" ]; then
|
||||||
|
echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do
|
||||||
|
relative_path="${template#$template_dir/}"
|
||||||
|
output_path="$output_dir/${relative_path%$suffix}"
|
||||||
|
subdir=$(dirname "$relative_path")
|
||||||
|
# create a subdirectory where the template file exists
|
||||||
|
mkdir -p "$output_dir/$subdir"
|
||||||
|
echo >&3 "$ME: Running envsubst on $template to $output_path"
|
||||||
|
envsubst "$defined_envs" < "$template" > "$output_path"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
auto_envsubst
|
||||||
|
|
||||||
|
exit 0
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# source: https://github.com/nginxinc/docker-nginx/pull/509
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
ME=$(basename $0)
|
||||||
|
|
||||||
|
[ "${NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS:-}" ] || exit 0
|
||||||
|
if [ $(echo "$NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS > 0" | bc) = 0 ]; then
|
||||||
|
echo >&3 "$ME: Error. Provide integer or floating point number greater that 0. See 'man sleep'."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
start_background_reload() {
|
||||||
|
echo >&3 "$ME: Reloading Nginx every $NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS hour(s)"
|
||||||
|
while :; do sleep ${NGINX_ENTRYPOINT_RELOAD_EVERY_X_HOURS}h; echo >&3 "$ME: Reloading Nginx ..." && nginx -s reload; done &
|
||||||
|
}
|
||||||
|
|
||||||
|
start_background_reload
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Generate locally signed ssl certificate to be used on routes
|
||||||
|
# that do not require certificate issued by trusted CA
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
ME=$(basename $0)
|
||||||
|
|
||||||
|
generate_local_certificate() {
|
||||||
|
echo >&3 "$ME: Generating locally signed ssl certificate"
|
||||||
|
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
|
||||||
|
-subj '/CN=local-certificate' \
|
||||||
|
-keyout /etc/ssl/local-certificate.key \
|
||||||
|
-out /etc/ssl/local-certificate.crt
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_local_certificate
|
|
@ -0,0 +1,65 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# vim:sw=4:ts=4:et
|
||||||
|
|
||||||
|
# https://github.com/nginxinc/docker-nginx/blob/master/entrypoint/docker-entrypoint.sh
|
||||||
|
# https://github.com/nginxinc/docker-nginx/blob/master/LICENSE
|
||||||
|
|
||||||
|
# Copyright (C) 2011-2016 Nginx, Inc.
|
||||||
|
# All rights reserved.
|
||||||
|
|
||||||
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
# modification, are permitted provided that the following conditions
|
||||||
|
# are met:
|
||||||
|
# 1. Redistributions of source code must retain the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer.
|
||||||
|
# 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer in the
|
||||||
|
# documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||||
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
# SUCH DAMAGE.
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
|
||||||
|
exec 3>&1
|
||||||
|
else
|
||||||
|
exec 3>/dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then
|
||||||
|
if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
|
||||||
|
echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
|
||||||
|
|
||||||
|
echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/"
|
||||||
|
find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
|
||||||
|
case "$f" in
|
||||||
|
*.sh)
|
||||||
|
if [ -x "$f" ]; then
|
||||||
|
echo >&3 "$0: Launching $f";
|
||||||
|
"$f"
|
||||||
|
else
|
||||||
|
# warn on shell scripts without exec bit
|
||||||
|
echo >&3 "$0: Ignoring $f, not executable";
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*) echo >&3 "$0: Ignoring $f";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
echo >&3 "$0: Configuration complete; ready for start up"
|
||||||
|
else
|
||||||
|
echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec "$@"
|
1106
docker/nginx/mo
1106
docker/nginx/mo
File diff suppressed because it is too large
Load Diff
|
@ -19,6 +19,9 @@
|
||||||
user root;
|
user root;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
|
|
||||||
|
# Enables the use of JIT for regular expressions to speed-up their processing.
|
||||||
|
pcre_jit on;
|
||||||
|
|
||||||
#error_log logs/error.log;
|
#error_log logs/error.log;
|
||||||
#error_log logs/error.log notice;
|
#error_log logs/error.log notice;
|
||||||
#error_log logs/error.log info;
|
#error_log logs/error.log info;
|
||||||
|
|
|
@ -8,4 +8,4 @@ RUN luarocks install lua-resty-http && \
|
||||||
|
|
||||||
COPY rbusted /etc/nginx/
|
COPY rbusted /etc/nginx/
|
||||||
|
|
||||||
CMD /etc/nginx/rbusted --verbose --pattern=spec /usr/local/openresty/site/lualib
|
CMD ["/etc/nginx/rbusted", "--verbose", "--pattern=spec", "/usr/local/openresty/site/lualib"]
|
||||||
|
|
Reference in New Issue