diff --git a/nginx/nginx-dev/Dockerfile b/nginx/nginx-dev/Dockerfile index aa5750c..c143730 100644 --- a/nginx/nginx-dev/Dockerfile +++ b/nginx/nginx-dev/Dockerfile @@ -2,6 +2,7 @@ FROM nginx RUN apt-get update RUN apt-get install certbot --yes RUN apt-get install python3-certbot-nginx --yes +RUN pip3 install requests COPY ./config /etc/nginx -COPY ./privkey.pem /etc/nginx/privkey.pem -COPY ./fullchain.pem /etc/nginx/fullchain.pem \ No newline at end of file +COPY run.py run.py +CMD ["python3", "run.py"] \ No newline at end of file diff --git a/nginx/nginx-dev/config/guavo.conf b/nginx/nginx-dev/config/guavo.conf deleted file mode 100644 index dc6696b..0000000 --- a/nginx/nginx-dev/config/guavo.conf +++ /dev/null @@ -1,162 +0,0 @@ - - # server { - # listen 80; - # server_name *.develop.guavo.tech; - # return 301 https://$host$request_uri; - # } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name swarmpit.develop.guavo.tech; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - - location / { - proxy_pass http://develop.guavo.tech:888/; - } - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name portainer.develop.guavo.tech; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - - location / { - proxy_pass http://develop.guavo.tech:8888/; - } - - location /api/websocket/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_pass http://develop.guavo.tech:8888/api/websocket/; - } - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name rabbitmq.develop.guavo.tech; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - - location / { - proxy_pass http://develop.guavo.tech:15672/; - } - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name minio.develop.guavo.tech; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - - location / { - proxy_pass http://develop.guavo.tech:9001/; - } - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name grafana.develop.guavo.tech; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - proxy_set_header Host $http_host; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - - location / { - proxy_pass http://develop.guavo.tech:3000/; - } - - location /api/live/ws { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_pass http://develop.guavo.tech:3000/api/live/ws; - } - } - - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ~^(?.*)\.develop\.guavo\.tech$; - - resolver 127.0.0.11 ipv6=off; - - ssl_certificate /etc/nginx/fullchain.pem; - ssl_certificate_key /etc/nginx/privkey.pem; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - location / { - proxy_pass http://$domain-nginx:1238$request_uri; - } - } - - server { - listen 80; - server_name ~^(?.*)\.develop\.guavo\.tech$; - - resolver 127.0.0.11 ipv6=off; - - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - - location / { - proxy_pass http://$domain-nginx:1238$request_uri; - } - } diff --git a/nginx/nginx-dev/config/nginx.conf b/nginx/nginx-dev/config/nginx.conf index 5e77885..97c6f16 100644 --- a/nginx/nginx-dev/config/nginx.conf +++ b/nginx/nginx-dev/config/nginx.conf @@ -8,6 +8,6 @@ http { '' close; } - # include ./guavo.conf; + include ./hosts.conf; include ./sprinthub.conf; } \ No newline at end of file diff --git a/nginx/nginx-dev/run.py b/nginx/nginx-dev/run.py new file mode 100644 index 0000000..84798f8 --- /dev/null +++ b/nginx/nginx-dev/run.py @@ -0,0 +1,35 @@ +from requests import get +from subprocess import call + + +hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts'] +hosts = list(set(hosts + ['platform.develop.sprinthub.ru'])) + +config = '' +for host in hosts: + config += ''' + server \{ + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {0}; + + ssl_certificate /etc/nginx/{0}/fullchain.pem; + ssl_certificate_key /etc/nginx/{0}/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + + location / \{ + proxy_pass http://{1}-nginx:1238$request_uri; + \} + \}\n\n + '''.format(host, host.split('.')[0]) + +with open('/etc/nginx/hosts.conf', 'w') as fp: + fp.write(config) + + +call('nginx -g daemon off;', shell=True)