init commit

2024-09-03 21:00:49 +03:00 · 2024-09-03 21:00:49 +03:00 · 1898a7b088
commit 1898a7b088
17 changed files with 197 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+logs/*
+ssl/*
+sites-enabled/*
+!sites-enabled/example.conf.tplm
--- a/12
+++ b/12
@ -0,0 +1,12 @@
+ARG ubu_tag
+FROM ubuntu:${ubu_tag}
+ENV TZ="Europe/Moscow"
+ARG nginx_ssl_path
+ARG nginx_config_path
+ARG nginx_proxy_config_path
+RUN apt-get update \
+    && apt-get install nginx libnginx-mod-http-geoip2 nginx-common nginx-core curl tzdata -y \
+    && apt-get clean \
+    && rm -fr /var/lib/apt/lists/*
+COPY ./nginx.conf ${nginx_config_path}/nginx.conf
+ENTRYPOINT ["nginx", "-g", "daemon off;"]
--- a/configuration/cache.conf
+++ b/configuration/cache.conf
@ -0,0 +1,12 @@
+# proxy_cache all;
+# proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=all:20m max_size=4096m;
+# proxy_cache_key "$host$request_uri$cookie_user";
+# proxy_cache_valid 200 301 302 10m;
+# proxy_cache_valid 502 404 10s;
+# proxy_cache_lock on;
+# proxy_cache_lock_age 10s;
+# proxy_cache_lock_timeout 10s;
+# proxy_ignore_headers "Set-Cookie";
+# proxy_cache_use_stale   error timeout invalid_header updating http_500 http_502 http_503 http_504;
+#proxy_cache_bypass 
+#proxy_no_cache
--- a/configuration/compression.conf
+++ b/configuration/compression.conf
@ -0,0 +1,7 @@
+gzip            on;
+gzip_vary       on;
+gzip_proxied    any;
+gzip_buffers    64 4k;
+gzip_comp_level 9;
+gzip_min_length 200;
+gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
--- a/configuration/error_pages.conf
+++ b/configuration/error_pages.conf
@ -0,0 +1,13 @@
+error_page 404 /404.html;
+error_page 502 /502.html;
+
+location = /404.html {
+	root /etc/nginx/error-pages/404;
+	proxy_intercept_errors on;
+	internal;
+}
+location = /502.html {
+		root /etc/nginx/error-pages/502;
+		proxy_intercept_errors on;
+		internal;
+}
--- a/configuration/general.conf
+++ b/configuration/general.conf
@ -0,0 +1,12 @@
+location = /favicon.ico {
+    log_not_found off;
+}
+
+location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+    expires 12h;
+}
+
+location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+    add_header Access-Control-Allow-Origin "*";
+    expires    12h;
+}
--- a/configuration/includes.conf
+++ b/configuration/includes.conf
@ -0,0 +1,2 @@
+include configuration/compression.conf;
+include configuration/error_pages.conf;
--- a/configuration/security.conf
+++ b/configuration/security.conf
@ -0,0 +1,10 @@
+add_header X-XSS-Protection          "1; mode=block" always;
+add_header X-Content-Type-Options    "nosniff" always;
+add_header Referrer-Policy           "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+location ~ /\.(?!well-known) {
+    deny all;
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,33 @@
+services:
+  reverse:
+    image: nginx:stable-alpine
+    container_name: reverse
+    hostname: reverse
+    restart: always
+    extra_hosts:
+      - "host.docker.internal=host-gateway"
+    volumes:
+      - "./nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "./locations:/etc/nginx/locations:ro"
+      - "./configuration:/etc/nginx/configuration:ro"
+      - "./sites-enabled:/etc/nginx/sites-enabled:ro"
+      - "./error-pages:/etc/nginx/error-pages/"
+      - "./resources:/var/www/html/resources"
+      - "./ssl:/etc/nginx/ssl"
+      - "./logs:/var/log/nginx/"
+    networks:
+      local_net: {}
+    ports:
+      - 80:80
+      - 443:443
+      - 60180:60180
+      - 60280:60280
+      - 60380:60380
+      - 60480:60480
+      - 64443:64443
+
+networks:
+  local_net:
+    external: true
+    driver: bridge
+    name: services
--- a/error-pages/404/404.html
+++ b/error-pages/404/404.html
@ -0,0 +1,2 @@
+<h1 style='color:red'>Error 404: Not found :-(</h1>
+<p>I have no idea where that file is, sorry. Are you sure you typed in the correct URL?</p>
--- a/error-pages/502/502.html
+++ b/error-pages/502/502.html
@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <style>
+        .center {
+        display: block;
+        margin-left: auto;
+        margin-right: auto;
+        }
+    </style>
+</head>
+<body>
+    <img src="https://resources.softsols.ru/502.jpg" alt="oh no..." width="612" height="488" class="center">
+</body>
+</html>
--- a/error-pages/502/502.jpg
+++ b/error-pages/502/502.jpg
--- a/locations/acme_reverse.location
+++ b/locations/acme_reverse.location
@ -0,0 +1,8 @@
+location /.well-known/acme-challenge/ {
+    proxy_pass http://apache/;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,30 @@
+user  nobody nogroup;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 24;
+}
+
+http {
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+
+	#client_max_body_size 1024M;
+	client_max_body_size 64M;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log debug;
+
+	gzip on;
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*.conf;
+}
--- a/readme.md
+++ b/readme.md
--- a/resources/502.jpg
+++ b/resources/502.jpg
--- a/sites-enabled/example.conf.tplm
+++ b/sites-enabled/example.conf.tplm
@ -0,0 +1,37 @@
+resolver 127.0.0.11 valid=60s ipv6=off;
+resolver_timeout 10s;
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    rewrite ^(.*) https://$host$1 permanent;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name spve15.softsols.ru;
+    ssl_certificate     /etc/nginx/ssl/live/softsols.ru/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/softsols.ru/privkey.pem;
+
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+
+    include                 configuration/includes.conf;
+
+    proxy_redirect off;
+    set $proxy_value https://172.17.0.1:59115;
+    location / {
+        proxy_pass $proxy_value;
+        proxy_redirect off;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+	proxy_buffering off;
+	client_max_body_size 0;
+        proxy_connect_timeout  3600s;
+        proxy_read_timeout  3600s;
+        proxy_send_timeout  3600s;
+        send_timeout  3600s;
+   }
+}