From da47adc859cd7bcb7cbf84ea7e81a739abfcba52 Mon Sep 17 00:00:00 2001 From: Siarhei Siniak Date: Sun, 11 Jun 2023 20:23:03 +0300 Subject: [PATCH] [~] Refactor --- d1/nginx_config.py | 226 ++++++++++++++++++++++++++------------ docker-compose.yml | 7 +- docker/ssl-app/Dockerfile | 16 +++ 3 files changed, 177 insertions(+), 72 deletions(-) create mode 100644 docker/ssl-app/Dockerfile diff --git a/d1/nginx_config.py b/d1/nginx_config.py index 78f8d62..bc08fa3 100644 --- a/d1/nginx_config.py +++ b/d1/nginx_config.py @@ -3,67 +3,160 @@ import io import sys -with io.open( - sys.argv[1], - 'r' -) as f: - forward_nginx = json.load(f) +def forward( + input_json, + output_conf, +): + with io.open( + input_json, + 'r' + ) as f: + forward_nginx = json.load(f) -with io.open( - sys.argv[2], - 'w' -) as f: - names = [o['app_name'] for o in forward_nginx] + with io.open( + output_conf, + 'w' + ) as f: + names = [o['app_name'] for o in forward_nginx] - if not '' in names: - forward_nginx.append( - dict( - app_name='', - redirect_url='https://product-development-service.blogspot.com', + if not '' in names: + forward_nginx.append( + dict( + app_name='', + redirect_url='https://product-development-service.blogspot.com', + ) ) - ) - sections = [] - for entry in forward_nginx: - location = None + sections = [] + for entry in forward_nginx: + location = None - if entry['app_name'] != '': - location = '/%s/' % entry['app_name'] - else: - location = '/' + if entry['app_name'] != '': + location = '/%s/' % entry['app_name'] + else: + location = '/' - if 'target_endpoint' in entry: - section_body = r''' - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $t1; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_redirect off; - proxy_buffering off; - proxy_pass {target_endpoint}; + if 'target_endpoint' in entry: + section_body = r''' + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $t1; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_redirect off; + proxy_buffering off; + proxy_pass {target_endpoint}; + '''.replace( + '{target_endpoint}', entry['target_endpoint'], + ) + elif 'redirect_url' in entry: + section_body = r''' + return 302 {redirect_url}$request_uri; + '''.replace( + '{redirect_url}', entry['redirect_url'], + ) + else: + raise NotImplementedError + + sections.append(r''' + location ^~ {location} { + {section_body} + } '''.replace( - '{target_endpoint}', entry['target_endpoint'], - ) - elif 'redirect_url' in entry: - section_body = r''' - return 302 {redirect_url}$request_uri; - '''.replace( - '{redirect_url}', entry['redirect_url'], - ) - else: - raise NotImplementedError + '{section_body}', section_body, + ).replace( + '{location}', location, + )) + f.write(r''' + events { + multi_accept on; + worker_connections 64; + } - sections.append(r''' - location ^~ {location} { - {section_body} + http { + log_format main + '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]' + '[$request_length,$bytes_sent,$request_time]' + '[$status][$request]' + '[$http_user_agent][$http_referer]'; + + access_log /dev/null combined; + access_log /dev/stderr main; + + server { + set $t1 $remote_addr; + if ($http_x_forwarded_for) + { + set $t1 $http_x_forwarded_for; + } + + + listen 80; + client_max_body_size 50M; + + {sections_config} + } + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } } '''.replace( - '{section_body}', section_body, - ).replace( - '{location}', location, + '{sections_config}', '\n'.join(sections) )) - f.write(r''' + +def ssl(input_json, output_conf): + with io.open( + input_json, + 'r' + ) as f: + ssl_nginx = json.load(f) + + servers = [] + + for server in ssl_nginx['servers']: + servers.append( + r''' +server { + set $t1 $remote_addr; + if ($http_x_forwarded_for) + { + set $t1 $http_x_forwarded_for; + } + + listen 443 ssl; + server_name {server_names}; + + ssl_certificate {signed_chain_cert}; + ssl_certificate_key {domain_key}; + + location ^~ / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_redirect off; + proxy_buffering off; + proxy_pass http://app:80; + } +} + '''.replace( + '{server_names}', ' '.join(server['server_names']) + ).replace( + '{signed_chain_cert}', server['signed_chain_cert'], + ).replace( + '{domain_key}', server['domain_key'], + ) + ) + + with io.open( + output_conf, + 'w' + ) as f: + f.write( + r''' events { multi_accept on; worker_connections 64; @@ -71,33 +164,28 @@ events { http { log_format main - '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]' - '[$request_length,$bytes_sent,$request_time]' - '[$status][$request]' - '[$http_user_agent][$http_referer]'; + '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]' + '[$request_length,$bytes_sent,$request_time]' + '[$status][$request]' + '[$http_user_agent][$http_referer]'; access_log /dev/null combined; access_log /dev/stderr main; - server { - set $t1 $remote_addr; - if ($http_x_forwarded_for) - { - set $t1 $http_x_forwarded_for; - } + {servers} - listen 80; - client_max_body_size 50M; - - {sections_config} - } - map $http_upgrade $connection_upgrade { default upgrade; '' close; } } - '''.replace( - '{sections_config}', '\n'.join(sections) - )) + '''.replace('{servers}', '\n'.join(servers)) + ) + + +if __name__ == '__main__': + if len(sys.argv) >= 2 and sys.argv[1] == 'ssl': + ssl(*sys.argv[2:]) + else: + forward(sys.argv[1:]) diff --git a/docker-compose.yml b/docker-compose.yml index 99143e0..85d626c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,10 +11,11 @@ services: ssl-app: build: context: . - dockerfile: ./docker/app/Dockerfile + dockerfile: ./docker/ssl-app/Dockerfile volumes: - - ./d1/nginx_config.py:/app/d1/nginx_config.py:ro - - ./tmp/cache/forward.nginx.json:/app/tmp/cache/forward.nginx.json:ro + - ./d1/:/app/d1/:ro + - ./tmp/d1/:/app/tmp/d1/:ro + - ./tmp/d1/letsencrypt:/etc/letsencrypt:rw restart: always cpanel: build: diff --git a/docker/ssl-app/Dockerfile b/docker/ssl-app/Dockerfile new file mode 100644 index 0000000..dbb80da --- /dev/null +++ b/docker/ssl-app/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:latest +RUN apk add openssh +RUN apk add python3 +RUN apk add bash curl +RUN apk add py3-pip +RUN apk add nginx +RUN apk add tini +#RUN pip3 install requests certbot +RUN apk add certbot + +WORKDIR /app + +ENTRYPOINT /bin/sh -c "\ + python3 d1/nginx_config.py ssl tmp/d1/ssl.nginx.json /etc/nginx/nginx.conf && \ + tini -- nginx -g 'daemon off;' \ +"