base template implementation

Author: killroy192

.github/actions/setup/action.yml

@@ -0,0 +1,12 @@
+name: Build
+description: Setup and Build Containers locally
+
+runs:
+  using: composite
+  steps:
+    - name: Network Initialization
+      shell: bash
+      run: bash networks.sh
+    - name: Build
+      shell: bash
+      run: docker compose build;

.github/workflows/dry-run.yml

@@ -0,0 +1,12 @@
+name: Dry Run
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup

.gitignore

@@ -0,0 +1 @@
+ssl

README.md

@@ -0,0 +1,20 @@
+[![Dry Run](https://github.com/dgma/ngix-ssl/actions/workflows/dry-run.yml/badge.svg)](https://github.com/dgma/ngix-ssl/actions/workflows/dry-run.yml)
+
+# TEMPLATE_NGINX_SSL
+
+Template for simple nginx-le based container for service requests routing.
+
+Bonus: custom github actions for easy CI\CD rollout.
+
+## Installation
+
+- Install Docker & Docker Compose
+- Run ```sh docker compose up```
+
+## Configuration
+
+1. Fork it 
+2. Identify your routes (domain -> service)
+3. Configure `ect/service.conf` according to your needs. Check `examples` folder for inspiration.
+4. Configure docker-compose.yaml (environment, ports)
+5. Optional: update `networks.sh` if you need more than one network.

docker-compose.yml

@@ -0,0 +1,38 @@
+version: '3.7'
+
+x-logging: &loggingConf
+  logging:
+    driver: "json-file"
+    options:
+      max-file: "5"
+      max-size: "100m"
+
+services:
+    nginx-router:
+        hostname: nginx-router
+        image: umputun/nginx-le:latest
+        <<: *loggingConf
+        restart: always
+        volumes:
+            - ./etc/ssl:/etc/nginx/ssl
+            - ./etc/service.conf:/etc/nginx/service.conf
+        ports:
+            - "80:80"
+            - "443:443"
+
+        environment:
+            # timezone
+            - TZ=GMT
+            # use letsencrypt for ssl
+            - LETSENCRYPT=true
+            # email for ssl
+            - LE_EMAIL=dogmaprotocol@gmail.com
+            # letsencrypt domains
+            - LE_FQDN=dgma.dev,dev.dgma.dev
+        networks:
+            pub-shared-net:
+
+networks:
+  pub-shared-net:
+    name: pub-shared-net
+    external: true

etc/service.conf

@@ -0,0 +1,20 @@
+server {
+    server_name dgma.dev;
+
+    # list all publically available ports for domain
+    listen 80;
+    listen 443;
+
+    root /var/www/app;
+
+    autoindex on;
+
+    ssl                     on;
+    ssl_certificate         SSL_CERT;
+    ssl_certificate_key     SSL_KEY;
+    ssl_trusted_certificate SSL_CHAIN_CERT;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

examples/containers.routing.conf

@@ -0,0 +1,75 @@
+# The following mapping block declares a relationship between the
+# public port the nginx-le container listens on and the service name for your service containers.
+# 1. Service containers shoudl be at the same network (pub-shared-net) as nginx-le container
+#    You can modify/add more networks in docker-compose files.
+# 2. Nginx-le container must be initialized after service container initialization and shared network creation. 
+
+map $server_port $stg_pass_route {
+    # port => container name:port
+    "443" "web:8080";
+
+    default "localhost:$server_port";
+}
+
+server {
+    server_name you-domain.com;
+
+    # must specify docker DNS as a resolver when use variables for proxy_pass
+    resolver 127.0.0.11 ipv6=off;
+
+    # list all publically available ports for domain
+    listen 80;
+    listen 443;
+
+    ssl                     on;
+    ssl_certificate         SSL_CERT;
+    ssl_certificate_key     SSL_KEY;
+    ssl_trusted_certificate SSL_CHAIN_CERT;
+
+    client_max_body_size 2M;
+
+    location / {
+        proxy_set_header        Host $http_host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # use the mapped hostname and port for a proxy target
+        proxy_pass              "http://$stg_pass_route";
+    }
+}
+
+map $server_port $dev_pass_route {
+    # port => name label:port
+    "443" "web:8081";
+
+    default "localhost:$server_port";
+}
+
+server {
+    server_name sub.you-domain.com;
+
+    # must specify docker DNS as a resolver when use variables for proxy_pass
+    resolver 127.0.0.11 ipv6=off;
+
+    # list all publically available ports for domain
+    listen 80;
+    listen 443;
+
+    ssl                     on;
+    ssl_certificate         SSL_CERT;
+    ssl_certificate_key     SSL_KEY;
+    ssl_trusted_certificate SSL_CHAIN_CERT;
+
+    client_max_body_size 2M;
+
+    location / {
+        proxy_set_header        Host $http_host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+        # use the mapped hostname and port for a proxy target
+        proxy_pass              "http://$dev_pass_route";
+    }
+}

examples/static.routing.conf

@@ -0,0 +1,41 @@
+server {
+    server_name you-domain.com;
+
+    # list all publically available ports for domain
+    listen 80;
+    listen 443;
+
+    root /var/www/app;
+
+    autoindex on;
+
+    ssl                     on;
+    ssl_certificate         SSL_CERT;
+    ssl_certificate_key     SSL_KEY;
+    ssl_trusted_certificate SSL_CHAIN_CERT;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
+
+server {
+    server_name sub.you-domain.com;
+
+    # list all publically available ports for domain
+    listen 80;
+    listen 443;
+
+    root /var/www/app-dev;
+
+    autoindex on;
+
+    ssl                     on;
+    ssl_certificate         SSL_CERT;
+    ssl_certificate_key     SSL_KEY;
+    ssl_trusted_certificate SSL_CHAIN_CERT;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

networks.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Initializes all shared networks for nginx-le and other service containers
+
+networks=("pub-shared-net")
+
+init_ntw () {
+  docker network inspect $1 >/dev/null 2>&1 || \
+  echo "create network $1" && \
+  docker network create --driver bridge $1
+}
+
+for ntw in ${networks[@]}; do
+  init_ntw $ntw
+done