fxreader.online/freelance-project-34-marketing-blog
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

[~] Refactor

Browse Source
This commit is contained in:
Siarhei Siniak 2023-06-11 20:23:03 +03:00
parent 79623db497
commit da47adc859
3 changed files with 177 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
d1/nginx_config.py
View File

@ -3,67 +3,160 @@ import io
import sys import sys
with io.open( def forward(
sys.argv[1], input_json,
'r' output_conf,
) as f: ):
forward_nginx = json.load(f) with io.open(
input_json,
'r'
) as f:
forward_nginx = json.load(f)
with io.open( with io.open(
sys.argv[2], output_conf,
'w' 'w'
) as f: ) as f:
names = [o['app_name'] for o in forward_nginx] names = [o['app_name'] for o in forward_nginx]
if not '' in names: if not '' in names:
forward_nginx.append( forward_nginx.append(
dict( dict(
app_name='', app_name='',
redirect_url='https://product-development-service.blogspot.com', redirect_url='https://product-development-service.blogspot.com',
)
) )
)
sections = [] sections = []
for entry in forward_nginx: for entry in forward_nginx:
location = None location = None
if entry['app_name'] != '': if entry['app_name'] != '':
location = '/%s/' % entry['app_name'] location = '/%s/' % entry['app_name']
else: else:
location = '/' location = '/'
if 'target_endpoint' in entry: if 'target_endpoint' in entry:
section_body = r''' section_body = r'''
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $t1; proxy_set_header X-Forwarded-For $t1;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_pass {target_endpoint}; proxy_pass {target_endpoint};
'''.replace(
'{target_endpoint}', entry['target_endpoint'],
)
elif 'redirect_url' in entry:
section_body = r'''
return 302 {redirect_url}$request_uri;
'''.replace(
'{redirect_url}', entry['redirect_url'],
)
else:
raise NotImplementedError
sections.append(r'''
location ^~ {location} {
{section_body}
}
'''.replace( '''.replace(
'{target_endpoint}', entry['target_endpoint'], '{section_body}', section_body,
) ).replace(
elif 'redirect_url' in entry: '{location}', location,
section_body = r''' ))
return 302 {redirect_url}$request_uri; f.write(r'''
'''.replace( events {
'{redirect_url}', entry['redirect_url'], multi_accept on;
) worker_connections 64;
else: }
raise NotImplementedError
sections.append(r''' http {
location ^~ {location} { log_format main
{section_body} '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]'
'[$request_length,$bytes_sent,$request_time]'
'[$status][$request]'
'[$http_user_agent][$http_referer]';
access_log /dev/null combined;
access_log /dev/stderr main;
server {
set $t1 $remote_addr;
if ($http_x_forwarded_for)
{
set $t1 $http_x_forwarded_for;
}
listen 80;
client_max_body_size 50M;
{sections_config}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
} }
'''.replace( '''.replace(
'{section_body}', section_body, '{sections_config}', '\n'.join(sections)
).replace(
'{location}', location,
)) ))
f.write(r'''
def ssl(input_json, output_conf):
with io.open(
input_json,
'r'
) as f:
ssl_nginx = json.load(f)
servers = []
for server in ssl_nginx['servers']:
servers.append(
r'''
server {
set $t1 $remote_addr;
if ($http_x_forwarded_for)
{
set $t1 $http_x_forwarded_for;
}
listen 443 ssl;
server_name {server_names};
ssl_certificate {signed_chain_cert};
ssl_certificate_key {domain_key};
location ^~ / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app:80;
}
}
'''.replace(
'{server_names}', ' '.join(server['server_names'])
).replace(
'{signed_chain_cert}', server['signed_chain_cert'],
).replace(
'{domain_key}', server['domain_key'],
)
)
with io.open(
output_conf,
'w'
) as f:
f.write(
r'''
events { events {
multi_accept on; multi_accept on;
worker_connections 64; worker_connections 64;
@ -71,33 +164,28 @@ events {
http { http {
log_format main log_format main
'[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]' '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]'
'[$request_length,$bytes_sent,$request_time]' '[$request_length,$bytes_sent,$request_time]'
'[$status][$request]' '[$status][$request]'
'[$http_user_agent][$http_referer]'; '[$http_user_agent][$http_referer]';
access_log /dev/null combined; access_log /dev/null combined;
access_log /dev/stderr main; access_log /dev/stderr main;
server { {servers}
set $t1 $remote_addr;
if ($http_x_forwarded_for)
{
set $t1 $http_x_forwarded_for;
}
listen 80;
client_max_body_size 50M;
{sections_config}
}
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
} }
} }
'''.replace( '''.replace('{servers}', '\n'.join(servers))
'{sections_config}', '\n'.join(sections) )
))
if __name__ == '__main__':
if len(sys.argv) >= 2 and sys.argv[1] == 'ssl':
ssl(*sys.argv[2:])
else:
forward(sys.argv[1:])

7
docker-compose.yml
View File

@ -11,10 +11,11 @@ services:
ssl-app: ssl-app:
build: build:
context: . context: .
dockerfile: ./docker/app/Dockerfile dockerfile: ./docker/ssl-app/Dockerfile
volumes: volumes:
- ./d1/nginx_config.py:/app/d1/nginx_config.py:ro - ./d1/:/app/d1/:ro
- ./tmp/cache/forward.nginx.json:/app/tmp/cache/forward.nginx.json:ro - ./tmp/d1/:/app/tmp/d1/:ro
- ./tmp/d1/letsencrypt:/etc/letsencrypt:rw
restart: always restart: always
cpanel: cpanel:
build: build:

16
docker/ssl-app/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
FROM alpine:latest
RUN apk add openssh
RUN apk add python3
RUN apk add bash curl
RUN apk add py3-pip
RUN apk add nginx
RUN apk add tini
#RUN pip3 install requests certbot
RUN apk add certbot
WORKDIR /app
ENTRYPOINT /bin/sh -c "\
python3 d1/nginx_config.py ssl tmp/d1/ssl.nginx.json /etc/nginx/nginx.conf && \
tini -- nginx -g 'daemon off;' \
"