migrate: kid; matrix, firefish, search engine

2023-10-22 14:47:10 +02:00 · 2023-10-22 14:47:10 +02:00 · 509afb52a8
commit 509afb52a8
parent a12c81159a
25 changed files with 699 additions and 0 deletions
--- a/servers/kid/docker-compose.d/custom/nginx/Dockerfile
+++ b/servers/kid/docker-compose.d/custom/nginx/Dockerfile
@ -0,0 +1,13 @@
+FROM nginx:alpine
+
+RUN apk add \
+    certbot \
+    certbot-nginx
+
+COPY content /usr/share/nginx/html
+COPY conf.d/ /etc/nginx/conf.d/
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY entrypoint.sh /entrypoint
+ENTRYPOINT [ "sh", "/entrypoint" ]
+CMD [ "nginx", "-g", "daemon off;" ]
--- a/servers/kid/docker-compose.d/custom/nginx/conf.d/default.conf
+++ b/servers/kid/docker-compose.d/custom/nginx/conf.d/default.conf
@ -0,0 +1,21 @@
+server {
+    listen 80;
+    server_name kid.ixvd.net;
+
+    # SSL is managed by certbot, no need for a ssl listen; it will be generated automagically!
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    # default html page
+    location / {
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+    }
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }
+}
--- a/servers/kid/docker-compose.d/custom/nginx/conf.d/firefish.conf
+++ b/servers/kid/docker-compose.d/custom/nginx/conf.d/firefish.conf
@ -0,0 +1,12 @@
+server {
+    listen 80;
+    server_name fedi.ixvd.net;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    location / {
+        proxy_pass http://firefish:3000$request_uri;
+    }
+}
--- a/servers/kid/docker-compose.d/custom/nginx/conf.d/matrix.conf
+++ b/servers/kid/docker-compose.d/custom/nginx/conf.d/matrix.conf
@ -0,0 +1,27 @@
+server {
+    listen 80;
+    server_name matrix.ixvd.net;
+    
+    proxy_set_header Host      $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_read_timeout         600;
+
+    location = / {
+        return 302 https://cinny.ixvd.net;
+    }
+
+    # matrix
+    location /.well-known/matrix/server {
+        return 200 '{ "m.server": "matrix.ixvd.net:443" }';
+    }
+
+    location /.well-known/matrix/client {
+        add_header Access-Control-Allow-Origin '*';
+        return 200 '{ "m.homeserver": { "base_url": "https://matrix.ixvd.net" } }';
+    }
+
+    location /_matrix {
+        proxy_pass http://conduit:6167; 
+        client_max_body_size 0;
+    }
+}
--- a/servers/kid/docker-compose.d/custom/nginx/conf.d/search.conf
+++ b/servers/kid/docker-compose.d/custom/nginx/conf.d/search.conf
@ -0,0 +1,16 @@
+server {
+    listen 80;
+    server_name search.localhost;
+	access_log /dev/null;
+	error_log /dev/null;
+
+    location / {
+	    proxy_set_header X-Real-IP $remote_addr;
+	    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	    proxy_set_header X-Forwarded-Proto $scheme;
+	    proxy_set_header Host $host;
+	    proxy_set_header X-NginX-Proxy true;
+        proxy_pass http://whoogle:5000;
+    }
+
+}
--- a/servers/kid/docker-compose.d/custom/nginx/content/index.html
+++ b/servers/kid/docker-compose.d/custom/nginx/content/index.html
@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Welcome to nginx!</title>
+    <style>
+        html {
+            color-scheme: light dark;
+        }
+
+        body {
+            width: 35em;
+            margin: 0 auto;
+            font-family: Tahoma, Verdana, Arial, sans-serif;
+        }
+    </style>
+</head>
+
+<body>
+    <h1>Welcome to nginx!</h1>
+    <hr/>
+    <span>If you're seeing this, it means the admin was too lazy to remove this page.</span><br/>
+    <span>Expected something here? contact the admin: webmaster@ixvd.net</span>
+</body>
+
+</html>
--- a/servers/kid/docker-compose.d/custom/nginx/entrypoint.sh
+++ b/servers/kid/docker-compose.d/custom/nginx/entrypoint.sh
@ -0,0 +1,28 @@
+#!/bin/sh
+
+trap exit TERM
+
+if [ -n "${CERTBOT_DOMAINS}" ]; then
+    echo "registering..."
+    if ! certbot show_account; then
+        certbot register -n \
+            --agree-tos \
+            -m "${CERTBOT_EMAIL}"
+    fi
+
+    for d in $(echo "${CERTBOT_DOMAINS}" | sed 's/,/ /g'); do
+        echo "requesting for $d..."
+        certbot --nginx -n --keep -d "$d"
+    done
+
+    while :; do
+        echo "renewing domains..."
+        certbot --nginx --keep -n renew
+        sleep 12h &
+        wait $!
+    done &
+else
+    echo "skipping certbot due to no domains!"
+fi &
+
+exec "$@"
--- a/servers/kid/docker-compose.d/custom/nginx/nginx.conf
+++ b/servers/kid/docker-compose.d/custom/nginx/nginx.conf
@ -0,0 +1,35 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # docker resolver and quad9;
+    resolver 127.0.0.11 9.9.9.9 ipv6=off;
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}