[~] Refactor

2023-06-11 20:23:03 +03:00 · 2023-06-11 20:23:03 +03:00 · da47adc859
commit da47adc859
parent 79623db497
3 changed files with 177 additions and 72 deletions
--- a/d1/nginx_config.py
+++ b/d1/nginx_config.py
@ -3,14 +3,18 @@ import io
 import sys


+def forward(
+    input_json,
+    output_conf,
+):
    with io.open(
-    sys.argv[1],
+        input_json,
        'r'
    ) as f:
        forward_nginx = json.load(f)

    with io.open(
-    sys.argv[2],
+        output_conf,
        'w'
    ) as f:
        names = [o['app_name'] for o in forward_nginx]
@ -101,3 +105,87 @@ http {
        '''.replace(
          '{sections_config}', '\n'.join(sections)
        ))
+
+def ssl(input_json, output_conf):
+    with io.open(
+        input_json,
+        'r'
+    ) as f:
+        ssl_nginx = json.load(f)
+
+    servers = []
+
+    for server in ssl_nginx['servers']:
+        servers.append(
+            r'''
+server {
+  set $t1 $remote_addr;
+  if ($http_x_forwarded_for)
+  {
+    set $t1 $http_x_forwarded_for;
+  }
+
+  listen 443 ssl;
+  server_name {server_names};
+
+  ssl_certificate {signed_chain_cert};
+  ssl_certificate_key {domain_key};
+
+  location ^~ / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_pass http://app:80;
+  }
+}
+            '''.replace(
+                '{server_names}', ' '.join(server['server_names'])
+              ).replace(
+                  '{signed_chain_cert}', server['signed_chain_cert'],
+              ).replace(
+                  '{domain_key}', server['domain_key'],
+              )
+        )
+
+    with io.open(
+        output_conf,
+        'w'
+    ) as f:
+        f.write(
+            r'''
+events {
+  multi_accept on;
+  worker_connections 64;
+}
+
+http {
+  log_format main
+  '[$time_local][$remote_addr, $http_x_forwarded_for, $t1, $http_host]'
+  '[$request_length,$bytes_sent,$request_time]'
+  '[$status][$request]'
+  '[$http_user_agent][$http_referer]';
+
+  access_log /dev/null combined;
+  access_log /dev/stderr main;
+
+  {servers}
+
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+  }
+}
+            '''.replace('{servers}', '\n'.join(servers))
+        )
+
+
+if __name__ == '__main__':
+    if len(sys.argv) >= 2 and sys.argv[1] == 'ssl':
+        ssl(*sys.argv[2:])
+    else:
+        forward(sys.argv[1:])
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -11,10 +11,11 @@ services:
  ssl-app:
    build:
      context: .
-      dockerfile: ./docker/app/Dockerfile
+      dockerfile: ./docker/ssl-app/Dockerfile
    volumes:
-      - ./d1/nginx_config.py:/app/d1/nginx_config.py:ro
-      - ./tmp/cache/forward.nginx.json:/app/tmp/cache/forward.nginx.json:ro
+      - ./d1/:/app/d1/:ro
+      - ./tmp/d1/:/app/tmp/d1/:ro
+      - ./tmp/d1/letsencrypt:/etc/letsencrypt:rw
    restart: always
  cpanel:
    build:
--- a/docker/ssl-app/Dockerfile
+++ b/docker/ssl-app/Dockerfile
@ -0,0 +1,16 @@
+FROM alpine:latest
+RUN apk add openssh
+RUN apk add python3
+RUN apk add bash curl
+RUN apk add py3-pip
+RUN apk add nginx
+RUN apk add tini
+#RUN pip3 install requests certbot
+RUN apk add certbot
+
+WORKDIR /app
+
+ENTRYPOINT /bin/sh -c "\
+  python3 d1/nginx_config.py ssl tmp/d1/ssl.nginx.json /etc/nginx/nginx.conf && \
+  tini -- nginx -g 'daemon off;' \
+"