[~] Refactor

d1/nginx_config.py

@@ -3,14 +3,18 @@ import io
 import sys
 
 
+def forward(
+    input_json,
+    output_conf,
+):
     with io.open(
-    sys.argv[1],
+        input_json,
         'r'
     ) as f:
         forward_nginx = json.load(f)
 
     with io.open(
-    sys.argv[2],
+        output_conf,
         'w'
     ) as f:
         names = [o['app_name'] for o in forward_nginx]
@@ -101,3 +105,87 @@ http {
         '''.replace(
           '{sections_config}', '\n'.join(sections)
         ))
+
+def ssl(input_json, output_conf):
+    with io.open(
+        input_json,
+        'r'
+    ) as f:
+        ssl_nginx = json.load(f)
+
+    servers = []
+
+    for server in ssl_nginx['servers']:
+        servers.append(
+            r'''
+server {
+  set $t1 $remote_addr;
+  if ($http_x_forwarded_for)
+  {
+    set $t1 $http_x_forwarded_for;
+  }
+
+  listen 443 ssl;
+  server_name {server_names};
+
+  ssl_certificate {signed_chain_cert};
+  ssl_certificate_key {domain_key};
+
+  location ^~ / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_pass http://app:80;
+  }
+}
+            '''.replace(
+                '{server_names}', ' '.join(server['server_names'])
+              ).replace(
+                  '{signed_chain_cert}', server['signed_chain_cert'],
+              ).replace(
+                  '{domain_key}', server['domain_key'],
+              )
+        )
+
+    with io.open(
+        output_conf,
+        'w'
+    ) as f:
+        f.write(
+            r'''
+events {
+  multi_accept on;
+  worker_connections 64;
+}
+
+http {
+  log_format main
+  '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]'
+  '[$request_length,$bytes_sent,$request_time]'
+  '[$status][$request]'
+  '[$http_user_agent][$http_referer]';
+
+  access_log /dev/null combined;
+  access_log /dev/stderr main;
+
+  {servers}
+
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+  }
+}
+            '''.replace('{servers}', '\n'.join(servers))
+        )
+
+
+if __name__ == '__main__':
+    if len(sys.argv) >= 2 and sys.argv[1] == 'ssl':
+        ssl(*sys.argv[2:])
+    else:
+        forward(sys.argv[1:])

docker-compose.yml

@@ -11,10 +11,11 @@ services:
   ssl-app:
     build:
       context: .
-      dockerfile: ./docker/app/Dockerfile
+      dockerfile: ./docker/ssl-app/Dockerfile
     volumes:
-      - ./d1/nginx_config.py:/app/d1/nginx_config.py:ro
+      - ./d1/:/app/d1/:ro
-      - ./tmp/cache/forward.nginx.json:/app/tmp/cache/forward.nginx.json:ro
+      - ./tmp/d1/:/app/tmp/d1/:ro
+      - ./tmp/d1/letsencrypt:/etc/letsencrypt:rw
     restart: always
   cpanel:
     build:

docker/ssl-app/Dockerfile

@@ -0,0 +1,16 @@
+FROM alpine:latest
+RUN apk add openssh
+RUN apk add python3
+RUN apk add bash curl
+RUN apk add py3-pip
+RUN apk add nginx
+RUN apk add tini
+#RUN pip3 install requests certbot
+RUN apk add certbot
+
+WORKDIR /app
+
+ENTRYPOINT /bin/sh -c "\
+  python3 d1/nginx_config.py ssl tmp/d1/ssl.nginx.json /etc/nginx/nginx.conf && \
+  tini -- nginx -g 'daemon off;' \
+"