Initial commit

igorcferreira · igorcferreira · commit 3756942f915d · 2022-05-19T15:24:16.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,30 @@
+# Project files
+.env
+.bitrise*.yml
+bitrise.yml
+
+# Docker project generated files to ignore
+#  if you want to ignore files created by your editor/tools,
+#  please consider a global .gitignore https://help.github.com/articles/ignoring-files
+.vagrant*
+bin
+docker/docker
+.*.swp
+a.out
+*.orig
+build_src
+.flymake*
+.idea
+.DS_Store
+docs/_build
+docs/_static
+docs/_templates
+.gopath/
+.dotcloud
+*.test
+bundles/
+.hg/
+.git/
+vendor/pkg/
+pyenv
+Vagrantfile
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,7 @@
+Copyright 2022 Igor Castañeda Ferreira
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/certificate.sh b/certificate.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+HOST=""
+CONTACT_EMAIL=""
+
+while [ -n "$1" ]; do
+    case "$1" in
+        --host | -h) HOST="$2" && shift;;
+        --email | -e) CONTACT_EMAIL="$2" && shift;;
+    esac
+    shift
+done
+
+if [ -z "${HOST}" ]; then
+    echo "Please, provide a host to be used with the '--host' argument. Example:"
+    echo "$ ./certificate.sh --host website.domain.com --email user@website.domain.com"
+    exit 1
+fi
+
+if [ -z "${CONTACT_EMAIL}" ]; then
+    echo "Please, provide a host to be used with the '--email' argument. Example:"
+    echo "$ ./certificate.sh --host website.domain.com --email user@website.domain.com"
+    exit 1
+fi
+
+docker run \
+  -v letsencrypt:/etc/letsencrypt \
+  -v acme-challenge:/var/www/challenge/.well-known/acme-challenge \
+  --name certbot \
+  "certbot/certbot" \
+  certonly --webroot -w /var/www/challenge -d "${HOST}" -m "${CONTACT_EMAIL}" --agree-tos
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '3'
+services:
+  proxy:
+    restart: unless-stopped
+    image: nginx:latest
+    ports:
+      - 80:$PROXY_HTTP_PORT/tcp
+      - 443:$PROXY_HTTPS_PORT/tcp
+    volumes:
+      - ./templates:/etc/nginx/templates
+      - letsencrypt:/etc/letsencrypt
+      - acme-challenge:/var/www/challenge/.well-known/acme-challenge
+    env_file:
+      - ./.env
+volumes:
+  letsencrypt: {}
+  acme-challenge: {}
diff --git a/templates/proxy.conf.template b/templates/proxy.conf.template
@@ -0,0 +1,53 @@
+server {
+    listen ${PROXY_HTTPS_PORT} ssl default_server;
+    server_name ${PROXY_HOST};
+
+    gzip              on;
+    gzip_comp_level   2;
+    gzip_min_length   1024;
+    gzip_vary         on;
+    gzip_proxied      expired no-cache no-store private auth;
+    gzip_types        application/x-javascript application/javascript application/xml application/json text/xml text/css text$
+
+    client_body_timeout 12;
+    client_header_timeout 12;
+    reset_timedout_connection on;
+    proxy_connect_timeout       600;
+    proxy_send_timeout          600;
+    proxy_read_timeout          600;
+    send_timeout                600;
+    server_tokens off;
+    client_max_body_size 50m;
+
+    expires 1y;
+    access_log off;
+    log_not_found off;
+    root /var/www/public/content/default;
+    ssl_certificate    /etc/letsencrypt/live/${PROXY_HOST}/fullchain.pem;
+    ssl_certificate_key    /etc/letsencrypt/live/${PROXY_HOST}/privkey.pem;
+
+    location / {
+        proxy_pass       http://${PROXY_REDIRECT_HOST}:${PROXY_REDIRECT_PORT};
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_pass_request_headers on;
+    }
+}
+
+server {
+    listen ${PROXY_HTTP_PORT};
+    listen [::]:${PROXY_HTTP_PORT};
+    server_name ${PROXY_HOST};
+
+    location ~ /.well-known/acme-challenge {
+        allow all;
+        root /var/www/html;
+    }
+}
