From 25f02a3b74cb3607c77b773f4d75cf72ab29ca47 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:35:24 +0000 Subject: [PATCH 01/37] add docker compose file and nginx template --- docker-compose.yml | 16 +++++++++++ nginx/nginx.tmpl.conf | 62 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 docker-compose.yml create mode 100644 nginx/nginx.tmpl.conf diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4822fad --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,16 @@ +version: '2' +services: + nginx: + image: nginx:latest + container_name: webserver + volumes: + - ./nginx/:/etc/nginx/ + - ./nginx/log/:/var/log/nginx/ + - /etc/letsencrypt/:/etc/letsencrypt/ + ports: + - 80:80 + - 443:443 + - 3456:3456 + tty-proxy: + container_name: tty-proxy + build: ./ diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf new file mode 100644 index 0000000..b2e66e2 --- /dev/null +++ b/nginx/nginx.tmpl.conf @@ -0,0 +1,62 @@ +# Define a yaml with: +# --- +# your_subdomain: https://whatever.whatever.whatever +# ssl: +# chain: path_to_your_chain +# key: path_to_your_key +# +# --- +events { } + +# You may have to install the stream module separately + +load_module /usr/lib64/nginx/modules/ngx_stream_module.so; + +stream { + # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server + # the tty-server tcp connection ssl proxy + server { + listen 4567 ssl so_keepalive=30m::10; + proxy_pass tty-proxy:3456; + ssl_certificate {{ssl.chain}}; + ssl_certificate_key {{ssl.key}}; + } +} + +http { + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server { + listen 80; + server_name {{your_subdomain}}; + return 301 https://{{your_subdomain}}$request_uri; + } + + server { + listen 443 ssl; + server_name {{your_subdomain}}; + + ssl_certificate {{ssl.chain}}; + ssl_certificate_key {{ssl.key}}; + + access_log /var/log/nginx/data-access.log combined; + + location / { + proxy_pass http://tty-proxy:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect http://tty-proxy $scheme://$http_host/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 20d; + proxy_buffering off; + } + } +} From aaa130076f1bf921881fc161dd42a1b04455294a Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:36:34 +0000 Subject: [PATCH 02/37] adjust docker compose port binding --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4822fad..47f867f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: ports: - 80:80 - 443:443 - - 3456:3456 + - 4567:4567 tty-proxy: container_name: tty-proxy build: ./ From dc8245532cf37f6803b3f39f54f73303d6962875 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:52:56 +0000 Subject: [PATCH 03/37] add example pre/post hooks --- nginx/tty-proxy_post_hook.sh | 4 ++++ nginx/tty-proxy_pre_hook.sh | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 nginx/tty-proxy_post_hook.sh create mode 100644 nginx/tty-proxy_pre_hook.sh diff --git a/nginx/tty-proxy_post_hook.sh b/nginx/tty-proxy_post_hook.sh new file mode 100644 index 0000000..457e1c5 --- /dev/null +++ b/nginx/tty-proxy_post_hook.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +docker-compose -f ~/projects/tty-proxy/docker-compose.yml up -d + diff --git a/nginx/tty-proxy_pre_hook.sh b/nginx/tty-proxy_pre_hook.sh new file mode 100644 index 0000000..fa98da9 --- /dev/null +++ b/nginx/tty-proxy_pre_hook.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +docker-compose -f ~/projects/tty-proxy/docker-compose.yml down + From 3713b415f88ec015aa235aed1da05c41190e57f0 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:56:03 +0000 Subject: [PATCH 04/37] Add example config --- nginx/nginx.example.yaml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 nginx/nginx.example.yaml diff --git a/nginx/nginx.example.yaml b/nginx/nginx.example.yaml new file mode 100644 index 0000000..0726ad3 --- /dev/null +++ b/nginx/nginx.example.yaml @@ -0,0 +1,4 @@ +your_subdomain: tty.example.com +ssl: + chain: /etc/letsencrypt/live/tty.example.com/fullchain.pem + key: /etc/letsencrypt/live/tty.example.com/privkey.pem From e88c37b5b94d2cbeb92cdaa84cfb6bc91fe04fb2 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:56:26 +0000 Subject: [PATCH 05/37] ignore actual yaml --- nginx/.gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 nginx/.gitignore diff --git a/nginx/.gitignore b/nginx/.gitignore new file mode 100644 index 0000000..d42ec2e --- /dev/null +++ b/nginx/.gitignore @@ -0,0 +1,2 @@ +nginx.yaml + From 894d5c495ba499574dcc90b313d05e3089662492 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 03:58:39 +0000 Subject: [PATCH 06/37] mark hooks executable --- nginx/tty-proxy_post_hook.sh | 0 nginx/tty-proxy_pre_hook.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 nginx/tty-proxy_post_hook.sh mode change 100644 => 100755 nginx/tty-proxy_pre_hook.sh diff --git a/nginx/tty-proxy_post_hook.sh b/nginx/tty-proxy_post_hook.sh old mode 100644 new mode 100755 diff --git a/nginx/tty-proxy_pre_hook.sh b/nginx/tty-proxy_pre_hook.sh old mode 100644 new mode 100755 From d1ad19660e9da223618ffc137674f846679dfac3 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:02:28 +0000 Subject: [PATCH 07/37] update paths for hooks --- nginx/tty-proxy_post_hook.sh | 2 +- nginx/tty-proxy_pre_hook.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/tty-proxy_post_hook.sh b/nginx/tty-proxy_post_hook.sh index 457e1c5..493b274 100755 --- a/nginx/tty-proxy_post_hook.sh +++ b/nginx/tty-proxy_post_hook.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash -docker-compose -f ~/projects/tty-proxy/docker-compose.yml up -d +docker-compose -f /home/ubuntu/projects/tty-proxy/docker-compose.yml up -d diff --git a/nginx/tty-proxy_pre_hook.sh b/nginx/tty-proxy_pre_hook.sh index fa98da9..06228e7 100755 --- a/nginx/tty-proxy_pre_hook.sh +++ b/nginx/tty-proxy_pre_hook.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash -docker-compose -f ~/projects/tty-proxy/docker-compose.yml down +docker-compose -f ~/home/ubuntu/tty-proxy/docker-compose.yml down From a38c3539c6efda70fbb8951027e813952afe478f Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:04:43 +0000 Subject: [PATCH 08/37] ignore nginx.conf --- nginx/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx/.gitignore b/nginx/.gitignore index d42ec2e..1ba06a5 100644 --- a/nginx/.gitignore +++ b/nginx/.gitignore @@ -1,2 +1,3 @@ nginx.yaml +nginx.conf From ecd39d3e1f0cc1adc819df106cd7b969fc4ad322 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:14:29 +0000 Subject: [PATCH 09/37] Move load_module directive up in conf --- nginx/nginx.tmpl.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index b2e66e2..c97c651 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -6,11 +6,12 @@ # key: path_to_your_key # # --- +load_module /usr/lib64/nginx/modules/ngx_stream_module.so; + events { } # You may have to install the stream module separately -load_module /usr/lib64/nginx/modules/ngx_stream_module.so; stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server From 81944176b13845ea539300a5bb56da8e3e92aea0 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:23:00 +0000 Subject: [PATCH 10/37] Add dockerfile for nginx (hopefuly can install stream module) --- nginx/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 nginx/Dockerfile diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 0000000..8dc7e22 --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx + +RUN apt-get update \ + && apt-get install nginx-extras + From 2792d0f7207b557bb09c30a9048f6397f77bd6b9 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:24:17 +0000 Subject: [PATCH 11/37] Build nginx container --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 47f867f..724ea7a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: nginx: - image: nginx:latest + build: ./nginx/ container_name: webserver volumes: - ./nginx/:/etc/nginx/ From 232c77fa0ade6b37110da6938d0b1d1e0b1c4660 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:25:48 +0000 Subject: [PATCH 12/37] Fix noninteractive install --- nginx/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 8dc7e22..2140dd2 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,5 +1,5 @@ FROM nginx RUN apt-get update \ - && apt-get install nginx-extras + && apt-get install --no-install-recommends --no-install-suggests -y nginx-extras From 805984b10057981fd31d31efa2717349c7625e8e Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:38:03 +0000 Subject: [PATCH 13/37] target lib not lib64 for stream module --- nginx/nginx.tmpl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index c97c651..0a732f4 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -6,7 +6,7 @@ # key: path_to_your_key # # --- -load_module /usr/lib64/nginx/modules/ngx_stream_module.so; +load_module /usr/lib/nginx/modules/ngx_stream_module.so; events { } From f9f4a2a122537b543da43ae07d3c41a60fefa741 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:42:12 +0000 Subject: [PATCH 14/37] ignore nginx logs --- nginx/.gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nginx/.gitignore b/nginx/.gitignore index 1ba06a5..569abc6 100644 --- a/nginx/.gitignore +++ b/nginx/.gitignore @@ -1,3 +1,5 @@ nginx.yaml nginx.conf +/log/** + From be76b1c5a1a9c82b164fd991d1f56c9112ab6343 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:44:24 +0000 Subject: [PATCH 15/37] fix port config --- docker-compose.yml | 2 +- nginx/nginx.tmpl.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 724ea7a..9ece5d8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: ports: - 80:80 - 443:443 - - 4567:4567 + - 3456:3456 tty-proxy: container_name: tty-proxy build: ./ diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 0a732f4..1103bf1 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -17,7 +17,7 @@ stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 4567 ssl so_keepalive=30m::10; + listen 3456 ssl so_keepalive=30m::10; proxy_pass tty-proxy:3456; ssl_certificate {{ssl.chain}}; ssl_certificate_key {{ssl.key}}; From 017e87ea4df0657164b8ab1cbf7f62cf5be4c4d0 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:44:34 +0000 Subject: [PATCH 16/37] install correct module for image --- nginx/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 2140dd2..7a75aa9 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,5 +1,5 @@ FROM nginx RUN apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y nginx-extras + && apt-get install --no-install-recommends --no-install-suggests -y libnginx-mod-stream From a7149def85d1975a8aea1128d3d21a22ce32a333 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 04:51:01 +0000 Subject: [PATCH 17/37] enable override compose --- .gitignore | 4 +++- docker-compose.override.tmpl.yml | 8 ++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 docker-compose.override.tmpl.yml diff --git a/.gitignore b/.gitignore index 14be18d..f1fcaea 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -all-proxy \ No newline at end of file +all-proxy +/docker-compose.override.yml + diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml new file mode 100644 index 0000000..c4a7265 --- /dev/null +++ b/docker-compose.override.tmpl.yml @@ -0,0 +1,8 @@ +version: '2' +services: + nginx: + environment: + - URL=a_url_unused + tty-proxy: + environment: + - URL=tty.example.com From 13840176f73c74ae0b03e8b779e375ca56b02682 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 05:22:13 +0000 Subject: [PATCH 18/37] forward 8080 to localhost for proxy --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 9ece5d8..82ae32f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,3 +14,5 @@ services: tty-proxy: container_name: tty-proxy build: ./ + ports: + - 8080:8080 From 60d4fc8f136d01f12425b9a633fa623a65df0ce5 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 09:40:21 +0000 Subject: [PATCH 19/37] nginx via docker isn't playing nicely --- docker-compose.override.tmpl.yml | 3 --- docker-compose.yml | 30 ++++++++++++++++++------------ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml index c4a7265..3c3052b 100644 --- a/docker-compose.override.tmpl.yml +++ b/docker-compose.override.tmpl.yml @@ -1,8 +1,5 @@ version: '2' services: - nginx: - environment: - - URL=a_url_unused tty-proxy: environment: - URL=tty.example.com diff --git a/docker-compose.yml b/docker-compose.yml index 82ae32f..14f9547 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,18 +1,24 @@ version: '2' services: - nginx: - build: ./nginx/ - container_name: webserver - volumes: - - ./nginx/:/etc/nginx/ - - ./nginx/log/:/var/log/nginx/ - - /etc/letsencrypt/:/etc/letsencrypt/ - ports: - - 80:80 - - 443:443 - - 3456:3456 + # nginx: + # image: nginx:latest + # build: ./nginx/ + # container_name: webserver + # volumes: + # - ./nginx/:/etc/nginx/ + # - ./nginx/log/:/var/log/nginx/ + # - /etc/letsencrypt/:/etc/letsencrypt/ + # ports: + # - "80:80" + # - "443:443" + # - "3456:3456" + # command: [nginx-debug, '-g', 'daemon off;'] tty-proxy: container_name: tty-proxy build: ./ ports: - - 8080:8080 + - "8080:8080" + - "6969:3456" + cap_drop: + - ALL + From 800ee68b3915909e50e16110c26881625b454216 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Tue, 15 Dec 2020 09:41:56 +0000 Subject: [PATCH 20/37] work on making nginx work --- nginx/nginx.tmpl.conf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 1103bf1..325bf2a 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -6,7 +6,8 @@ # key: path_to_your_key # # --- -load_module /usr/lib/nginx/modules/ngx_stream_module.so; +# load_module /usr/lib/nginx/modules/ngx_stream_module.so; +# load_module modules/ngx_stream_js_module.so; events { } @@ -14,11 +15,18 @@ events { } stream { + upstream backend { + server tty-proxy:3456; + } # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 3456 ssl so_keepalive=30m::10; - proxy_pass tty-proxy:3456; + listen 3456 ssl; # so_keepalive=30m::10; + # listen 3456 ssl so_keepalive=30m::10; + proxy_pass backend; + + # proxy_ssl off means terminate ssl here which is good. + proxy_ssl off; ssl_certificate {{ssl.chain}}; ssl_certificate_key {{ssl.key}}; } From ad517b2492efc270a687ee7aef15ce824325af9e Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Wed, 16 Dec 2020 08:16:51 +0000 Subject: [PATCH 21/37] fix events & module load in nginx --- nginx/nginx.tmpl.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 325bf2a..9264edc 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -6,11 +6,11 @@ # key: path_to_your_key # # --- -# load_module /usr/lib/nginx/modules/ngx_stream_module.so; -# load_module modules/ngx_stream_js_module.so; - -events { } +load_module modules/ngx_stream_module.so; +events { + worker_connections 1024; ## Default: 1024 +} # You may have to install the stream module separately From 257109fe5e51884b288127f5ecddeead0ef337cc Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Wed, 16 Dec 2020 08:22:23 +0000 Subject: [PATCH 22/37] change to json logging --- nginx/nginx.tmpl.conf | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 9264edc..0a5fecb 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -18,6 +18,17 @@ stream { upstream backend { server tty-proxy:3456; } + log_format json_combined escape=json + '{' + '"time_local":"$time_local",' + '"remote_addr":"$remote_addr",' + '"remote_port":"$remote_port",' + '"hostname": "$hostname",' + '"status": "$status",' + '"bytes_sent":"$bytes_sent",' + '"bytes_received":"$bytes_received",' + '"connection":"$connection"' + '}'; # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { @@ -29,10 +40,24 @@ stream { proxy_ssl off; ssl_certificate {{ssl.chain}}; ssl_certificate_key {{ssl.key}}; + + access_log /var/log/nginx/stream.log json_combined; } } http { + log_format json_combined escape=json + '{' + '"time_local":"$time_local",' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"request":"$request",' + '"status": "$status",' + '"body_bytes_sent":"$body_bytes_sent",' + '"request_time":"$request_time",' + '"http_referrer":"$http_referer",' + '"http_user_agent":"$http_user_agent"' + '}'; map $http_upgrade $connection_upgrade { default upgrade; @@ -52,7 +77,7 @@ http { ssl_certificate {{ssl.chain}}; ssl_certificate_key {{ssl.key}}; - access_log /var/log/nginx/data-access.log combined; + access_log /var/log/nginx/data-access.log json_combined; location / { proxy_pass http://tty-proxy:8080; From 2f92ca528ffcdf117b2442e9378dae837ce18ddb Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Wed, 16 Dec 2020 08:23:08 +0000 Subject: [PATCH 23/37] pass to localhost instead of docker-compose hostname (as no longer running nginx via docker) --- nginx/nginx.tmpl.conf | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 0a5fecb..4263652 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -15,9 +15,6 @@ events { stream { - upstream backend { - server tty-proxy:3456; - } log_format json_combined escape=json '{' '"time_local":"$time_local",' @@ -32,10 +29,9 @@ stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 3456 ssl; # so_keepalive=30m::10; - # listen 3456 ssl so_keepalive=30m::10; - proxy_pass backend; - + listen 5432 ssl; #so_keepalive=30m::10; + proxy_pass localhost:6969; + # proxy_ssl off means terminate ssl here which is good. proxy_ssl off; ssl_certificate {{ssl.chain}}; @@ -80,12 +76,12 @@ http { access_log /var/log/nginx/data-access.log json_combined; location / { - proxy_pass http://tty-proxy:8080; + proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect http://tty-proxy $scheme://$http_host/; + proxy_redirect http://localhost:8080 $scheme://$http_host/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; From fe366f04f70619e1bf11255a4871cc3515e764b3 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 06:43:53 +0000 Subject: [PATCH 24/37] Revert "pass to localhost instead of docker-compose hostname (as no longer running nginx via docker)" This reverts commit 99253241c4797908d4615e28b4dd8c2a3f726c73. --- nginx/nginx.tmpl.conf | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 4263652..0a5fecb 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -15,6 +15,9 @@ events { stream { + upstream backend { + server tty-proxy:3456; + } log_format json_combined escape=json '{' '"time_local":"$time_local",' @@ -29,9 +32,10 @@ stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 5432 ssl; #so_keepalive=30m::10; - proxy_pass localhost:6969; - + listen 3456 ssl; # so_keepalive=30m::10; + # listen 3456 ssl so_keepalive=30m::10; + proxy_pass backend; + # proxy_ssl off means terminate ssl here which is good. proxy_ssl off; ssl_certificate {{ssl.chain}}; @@ -76,12 +80,12 @@ http { access_log /var/log/nginx/data-access.log json_combined; location / { - proxy_pass http://localhost:8080; + proxy_pass http://tty-proxy:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect http://localhost:8080 $scheme://$http_host/; + proxy_redirect http://tty-proxy $scheme://$http_host/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; From ac100500a33d428f062ed418368dc4d7cfcbc925 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 07:38:54 +0000 Subject: [PATCH 25/37] Revert "nginx via docker isn't playing nicely" This reverts commit bb41a7ccfdec95e37b659bc74bf68b838258c0f3. Hopefully this enough to let nginx drive this --- docker-compose.override.tmpl.yml | 3 +++ docker-compose.yml | 30 ++++++++++++------------------ 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml index 3c3052b..c4a7265 100644 --- a/docker-compose.override.tmpl.yml +++ b/docker-compose.override.tmpl.yml @@ -1,5 +1,8 @@ version: '2' services: + nginx: + environment: + - URL=a_url_unused tty-proxy: environment: - URL=tty.example.com diff --git a/docker-compose.yml b/docker-compose.yml index 14f9547..82ae32f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,24 +1,18 @@ version: '2' services: - # nginx: - # image: nginx:latest - # build: ./nginx/ - # container_name: webserver - # volumes: - # - ./nginx/:/etc/nginx/ - # - ./nginx/log/:/var/log/nginx/ - # - /etc/letsencrypt/:/etc/letsencrypt/ - # ports: - # - "80:80" - # - "443:443" - # - "3456:3456" - # command: [nginx-debug, '-g', 'daemon off;'] + nginx: + build: ./nginx/ + container_name: webserver + volumes: + - ./nginx/:/etc/nginx/ + - ./nginx/log/:/var/log/nginx/ + - /etc/letsencrypt/:/etc/letsencrypt/ + ports: + - 80:80 + - 443:443 + - 3456:3456 tty-proxy: container_name: tty-proxy build: ./ ports: - - "8080:8080" - - "6969:3456" - cap_drop: - - ALL - + - 8080:8080 From c963d76f43f526838e7f7001dd3bd3f57026f7dc Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 08:02:51 +0000 Subject: [PATCH 26/37] upgrade docker compose version, use explicit file binding for nginx.conf The stream module isn't being found because /etc/nginx is being mounted to our config dir. The modules are found in /etc/nginx/modules , but this isnt found as as /etc/nginx is replaced with our template dir. The solution is to instead mount just what we need. --- docker-compose.override.tmpl.yml | 2 +- docker-compose.yml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml index c4a7265..f5779d3 100644 --- a/docker-compose.override.tmpl.yml +++ b/docker-compose.override.tmpl.yml @@ -1,4 +1,4 @@ -version: '2' +version: '3.7' services: nginx: environment: diff --git a/docker-compose.yml b/docker-compose.yml index 82ae32f..b2deed9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,12 @@ -version: '2' +version: '3.7' services: nginx: build: ./nginx/ container_name: webserver volumes: - - ./nginx/:/etc/nginx/ + - type: bind + source: ./nginx/nginx.conf + target: /etc/nginx/nginx.conf - ./nginx/log/:/var/log/nginx/ - /etc/letsencrypt/:/etc/letsencrypt/ ports: From e3ce304a271a7add416bfc595c22f36180ddee78 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 08:06:51 +0000 Subject: [PATCH 27/37] comment out module load for container version --- nginx/nginx.tmpl.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index 0a5fecb..c9bfd62 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -6,7 +6,9 @@ # key: path_to_your_key # # --- -load_module modules/ngx_stream_module.so; + +# Module is loaded by default on container +# load_module modules/ngx_stream_module.so; events { worker_connections 1024; ## Default: 1024 From ad72499d1fc3b7e0df495dfb23597896e193529f Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 19:41:46 +1100 Subject: [PATCH 28/37] use intermediate image to eval nginx.conf.tmpl at build time --- docker-compose.yml | 6 +++--- nginx/Dockerfile | 14 +++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b2deed9..7181b36 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,9 +4,9 @@ services: build: ./nginx/ container_name: webserver volumes: - - type: bind - source: ./nginx/nginx.conf - target: /etc/nginx/nginx.conf + # - type: bind + # source: ./nginx/nginx.conf + # target: /etc/nginx/nginx.conf - ./nginx/log/:/var/log/nginx/ - /etc/letsencrypt/:/etc/letsencrypt/ ports: diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 7a75aa9..bd89c91 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,5 +1,13 @@ -FROM nginx +FROM ruby as template + +ADD "nginx.conf.tmpl" "nginx.yaml" "/build/" +RUN gem install mustache \ + && cd /build \ + && mustache nginx.yaml nginx.conf.tmpl > nginx.conf + + +FROM nginx:latest +#RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests -y libnginx-mod-stream +COPY --from=template /build/nginx.conf /etc/nginx/nginx.conf -RUN apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y libnginx-mod-stream From 42600391f6eda8d522e5cef78d6540ab99606f92 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 19:46:14 +1100 Subject: [PATCH 29/37] allow specifying template data as build time arg --- nginx/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index bd89c91..563785c 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,9 +1,10 @@ FROM ruby as template +ARG nginx_template_data=nginx.example.yaml -ADD "nginx.conf.tmpl" "nginx.yaml" "/build/" +ADD "nginx.conf.tmpl" ${nginx_template_data} "/build/" RUN gem install mustache \ && cd /build \ - && mustache nginx.yaml nginx.conf.tmpl > nginx.conf + && mustache ${nginx_template_data} nginx.conf.tmpl > nginx.conf FROM nginx:latest From a8a96b0c594dd896afeec575f6140d5846c89092 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 19:58:57 +1100 Subject: [PATCH 30/37] update compose & override to match new dockerfile --- docker-compose.override.tmpl.yml | 5 +++-- docker-compose.yml | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/docker-compose.override.tmpl.yml b/docker-compose.override.tmpl.yml index f5779d3..7d71fd1 100644 --- a/docker-compose.override.tmpl.yml +++ b/docker-compose.override.tmpl.yml @@ -1,8 +1,9 @@ version: '3.7' services: nginx: - environment: - - URL=a_url_unused + build: + args: + nginx_template_data: nginx.yaml tty-proxy: environment: - URL=tty.example.com diff --git a/docker-compose.yml b/docker-compose.yml index 7181b36..51e8a73 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,9 @@ version: '3.7' services: nginx: - build: ./nginx/ + build: + context: ./nginx/ + image: webserver container_name: webserver volumes: # - type: bind From d16c748431da47199467889cbb46cadcca9e19d4 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 20:27:36 +1100 Subject: [PATCH 31/37] fix typo in template filename in dockerfile --- nginx/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 563785c..7d51bc7 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,10 +1,10 @@ FROM ruby as template ARG nginx_template_data=nginx.example.yaml -ADD "nginx.conf.tmpl" ${nginx_template_data} "/build/" +ADD "./nginx.tmpl.conf" ${nginx_template_data} "/build/" RUN gem install mustache \ && cd /build \ - && mustache ${nginx_template_data} nginx.conf.tmpl > nginx.conf + && mustache ${nginx_template_data} nginx.tmpl.conf > nginx.conf FROM nginx:latest From 1ce3a34ffb7f9d391492d5a0c3dec9b7cad080ef Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 20:27:53 +1100 Subject: [PATCH 32/37] log info about templatefile during build --- nginx/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 7d51bc7..1b9040d 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,9 +1,14 @@ FROM ruby as template ARG nginx_template_data=nginx.example.yaml +RUN echo "---" \ + && echo "template_file: ${nginx_template_data}" \ + && echo "---" + ADD "./nginx.tmpl.conf" ${nginx_template_data} "/build/" RUN gem install mustache \ && cd /build \ + && cat ${nginx_template_data} \ && mustache ${nginx_template_data} nginx.tmpl.conf > nginx.conf From a3eba11610d4358ea126a1cfa02fd53dd8dd8ee2 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 20:40:16 +1100 Subject: [PATCH 33/37] coloured logging at buildtime --- nginx/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 1b9040d..ba63731 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,9 +1,9 @@ FROM ruby as template ARG nginx_template_data=nginx.example.yaml -RUN echo "---" \ - && echo "template_file: ${nginx_template_data}" \ - && echo "---" +RUN echo "\e[31m---" \ + && echo "template_file: ${nginx_template_data} #############" \ + && echo "---\e[0m" ADD "./nginx.tmpl.conf" ${nginx_template_data} "/build/" RUN gem install mustache \ From 21693183823dbb9b26c82bdf7e750d426302d4ef Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 20:40:39 +1100 Subject: [PATCH 34/37] enable ssl keepalive etc --- nginx/nginx.tmpl.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index c9bfd62..e06d4bf 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -34,8 +34,7 @@ stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 3456 ssl; # so_keepalive=30m::10; - # listen 3456 ssl so_keepalive=30m::10; + listen 3456 ssl so_keepalive=30m::10; proxy_pass backend; # proxy_ssl off means terminate ssl here which is good. From 4c74b0c6dba30be35ddbe95124d83eab8b5095f6 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 21:55:28 +1100 Subject: [PATCH 35/37] add install script for certbot hooks --- nginx/install_certbot_hooks.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 nginx/install_certbot_hooks.sh diff --git a/nginx/install_certbot_hooks.sh b/nginx/install_certbot_hooks.sh new file mode 100755 index 0000000..7cd4dd1 --- /dev/null +++ b/nginx/install_certbot_hooks.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +hook_dir=/etc/letsencrypt/renewal-hooks + +project_root="$(git rev-parse --show-toplevel)" +shebang="#!/bin/sh" + + +sudo cat << EOF > "$hook_dir/pre/tty-proxy.sh" +$shebang + +docker-compose -f "$project_root/docker-compose.yml" down +EOF + +sudo cat << EOF > "$hook_dir/post/tty-proxy.sh" +$shebang + +docker-compose -f "$project_root/docker-compose.yml" up -d +EOF + +sudo chmod 755 "$hook_dir/pre/tty-proxy.sh" +sudo chmod 755 "$hook_dir/post/tty-proxy.sh" + From 3154287c105660b657843f2ab154870eeb307098 Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 21:55:55 +1100 Subject: [PATCH 36/37] fix typo in pre hook --- nginx/tty-proxy_pre_hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/tty-proxy_pre_hook.sh b/nginx/tty-proxy_pre_hook.sh index 06228e7..0139a15 100755 --- a/nginx/tty-proxy_pre_hook.sh +++ b/nginx/tty-proxy_pre_hook.sh @@ -1,4 +1,4 @@ #!/usr/bin/env bash -docker-compose -f ~/home/ubuntu/tty-proxy/docker-compose.yml down +docker-compose -f home/ubuntu/tty-proxy/docker-compose.yml down From 2066f90619768d6542baaf4aa67bbb227173665c Mon Sep 17 00:00:00 2001 From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com> Date: Thu, 17 Dec 2020 11:15:27 +0000 Subject: [PATCH 37/37] if ssl section is empty in template data, bind to localhost --- nginx/nginx.tmpl.conf | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/nginx/nginx.tmpl.conf b/nginx/nginx.tmpl.conf index e06d4bf..56a7a7f 100644 --- a/nginx/nginx.tmpl.conf +++ b/nginx/nginx.tmpl.conf @@ -34,14 +34,21 @@ stream { # https://nginx.org/en/docs/stream/ngx_stream_core_module.html#server # the tty-server tcp connection ssl proxy server { - listen 3456 ssl so_keepalive=30m::10; - proxy_pass backend; + # If ssl is given + {{#ssl}} + listen 3456 ssl so_keepalive=30m::10; + # proxy_ssl off means terminate ssl here which is good. + proxy_ssl off; + ssl_certificate {{ssl.chain}}; + ssl_certificate_key {{ssl.key}}; + {{/ssl}} - # proxy_ssl off means terminate ssl here which is good. - proxy_ssl off; - ssl_certificate {{ssl.chain}}; - ssl_certificate_key {{ssl.key}}; + # If ssl is empty or missing + {{^ssl}} + listen 127.0.0.1:3456; + {{/ssl}} + proxy_pass backend; access_log /var/log/nginx/stream.log json_combined; } } @@ -60,6 +67,8 @@ http { '"http_user_agent":"$http_user_agent"' '}'; + # if ssl is given + {{#ssl}} map $http_upgrade $connection_upgrade { default upgrade; '' close; @@ -94,4 +103,19 @@ http { proxy_buffering off; } } + + {{/ssl}} + + # if ssl is not given + {{^ssl}} + server { + listen 127.0.0.1:80; + + server_name {{your_subdomain}}; + location / { + proxy_pass http://tty-proxy:8080; + } + } + {{/ssl}} + }