master #69
@ -2,6 +2,7 @@ FROM nginx
|
|||||||
RUN apt-get update
|
RUN apt-get update
|
||||||
RUN apt-get install certbot --yes
|
RUN apt-get install certbot --yes
|
||||||
RUN apt-get install python3-certbot-nginx --yes
|
RUN apt-get install python3-certbot-nginx --yes
|
||||||
|
RUN pip3 install requests
|
||||||
COPY ./config /etc/nginx
|
COPY ./config /etc/nginx
|
||||||
COPY ./privkey.pem /etc/nginx/privkey.pem
|
COPY run.py run.py
|
||||||
COPY ./fullchain.pem /etc/nginx/fullchain.pem
|
CMD ["python3", "run.py"]
|
@ -1,162 +0,0 @@
|
|||||||
|
|
||||||
# server {
|
|
||||||
# listen 80;
|
|
||||||
# server_name *.develop.guavo.tech;
|
|
||||||
# return 301 https://$host$request_uri;
|
|
||||||
# }
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name swarmpit.develop.guavo.tech;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://develop.guavo.tech:888/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name portainer.develop.guavo.tech;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://develop.guavo.tech:8888/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/websocket/ {
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://develop.guavo.tech:8888/api/websocket/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name rabbitmq.develop.guavo.tech;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://develop.guavo.tech:15672/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name minio.develop.guavo.tech;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://develop.guavo.tech:9001/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name grafana.develop.guavo.tech;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://develop.guavo.tech:3000/;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/live/ws {
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $connection_upgrade;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://develop.guavo.tech:3000/api/live/ws;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
server_name ~^(?<domain>.*)\.develop\.guavo\.tech$;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/nginx/privkey.pem;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://$domain-nginx:1238$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name ~^(?<domain>.*)\.develop\.guavo\.tech$;
|
|
||||||
|
|
||||||
resolver 127.0.0.11 ipv6=off;
|
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
|
||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://$domain-nginx:1238$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
@ -8,6 +8,6 @@ http {
|
|||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
# include ./guavo.conf;
|
include ./hosts.conf;
|
||||||
include ./sprinthub.conf;
|
include ./sprinthub.conf;
|
||||||
}
|
}
|
35
nginx/nginx-dev/run.py
Normal file
35
nginx/nginx-dev/run.py
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
from requests import get
|
||||||
|
from subprocess import call
|
||||||
|
|
||||||
|
|
||||||
|
hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts']
|
||||||
|
hosts = list(set(hosts + ['platform.develop.sprinthub.ru']))
|
||||||
|
|
||||||
|
config = ''
|
||||||
|
for host in hosts:
|
||||||
|
config += '''
|
||||||
|
server \{
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name {0};
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/{0}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/nginx/{0}/privkey.pem;
|
||||||
|
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header Referrer-Policy "no-refferer-when-downgrade" always;
|
||||||
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||||
|
|
||||||
|
location / \{
|
||||||
|
proxy_pass http://{1}-nginx:1238$request_uri;
|
||||||
|
\}
|
||||||
|
\}\n\n
|
||||||
|
'''.format(host, host.split('.')[0])
|
||||||
|
|
||||||
|
with open('/etc/nginx/hosts.conf', 'w') as fp:
|
||||||
|
fp.write(config)
|
||||||
|
|
||||||
|
|
||||||
|
call('nginx -g daemon off;', shell=True)
|
Loading…
Reference in New Issue
Block a user