Skip to content
This repository has been archived by the owner on Nov 29, 2022. It is now read-only.

Feature/Reverse proxy #3

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Feature/Reverse proxy #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
766208e
add: nginx service to infra
Sep 14, 2022
b52968e
fix:nginx volume config
Sep 14, 2022
2f017ba
add:automatic cert renewal
Sep 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 38 additions & 3 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,28 @@ services:
volumes:
- db-data:/var/lib/postgresql/data/

# apollo-gateway:
nginx:
image: nginx:latest
container_name: nginx-reverse-proxy
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./nginx:/etc/nginx/conf.d
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
depends_on:
- dex-api
# - lending-api

certbot:
image: certbot/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot

dex-indexer:
build: dex
Expand All @@ -31,10 +52,24 @@ services:
command: yarn run api
ports:
- 8080:8080


# lending-indexer:
# lending-indexer:
# build: lending
# environment:
# - DATABASE_URL=postgres://admin:admin@postgres:5432/db
# - RPC_URL=ws://3.111.45.9:8546
# command: yarn run indexer

# lending-api:
# lending-api:
# build: lending
# environment:
# - DATABASE_URL=postgres://admin:admin@postgres:5432/db
# - RPC_URL=ws://3.111.45.9:8546
# command: yarn run api
# ports:
# - 8080:8080

volumes:
db-data:
db-data:
97 changes: 97 additions & 0 deletions nginx/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
upstream dex {
server dex-api:8080;
}
# upstream lending {
# server lending-api:8080;
# }

map $http_origin $allow_origin {
~^https?://(.*\.)?analytics-canto.neobase.one(:\d+)?$ $http_origin;
~^https?://(.*\.)?localhost(:\d+)?$ $http_origin;
# NGINX won't set empty string headers, so if no match, header is unset.
default "";
}

server {
listen 80;
listen 443 ssl;
server_name <domain.name>;#Todo
ssl_certificate /etc/letsencrypt/live/<domain.name>/fullchain.pem;#Todo
ssl_certificate_key /etc/letsencrypt/live/<domain.name>/privkey.pem;#Todo

client_max_body_size 16M;

location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}

location /dex/ {
proxy_pass http://dex/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;

if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $allow_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' $allow_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' $allow_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
}
}

# location /lending/ {
# proxy_pass http://lending/;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;

# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' $allow_origin always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# #
# # Custom headers and headers various browsers *should* be OK with but aren't
# #
# add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
# #
# # Tell client that this pre-flight info is valid for 20 days
# #
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain; charset=utf-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' $allow_origin always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# }
# if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' $allow_origin always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# }
# }
}