Skip to content

Commit 7f64710

Browse files
runleveldevrunleveldev
committed
replace portmap.js with static templates
1 parent acf8af6 commit 7f64710

File tree

8 files changed

+102
-266
lines changed

8 files changed

+102
-266
lines changed

create-a-container/server.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,16 @@ app.get('/containers', requireAuth, async (req, res) => {
141141
return res.render('containers', { rows });
142142
});
143143

144+
// Generate nginx configuration for a container
145+
app.get('/nginx.conf', async (req, res) => {
146+
const services = await Service.findAll({
147+
where: { type: 'http' },
148+
include: [{ model: Container }]
149+
});
150+
res.contentType('text/plain');
151+
return res.render('nginx-conf', { services });
152+
});
153+
144154
// Create container
145155
app.post('/containers', async (req, res) => {
146156
const isInit = req.body.init === 'true' || req.body.init === true;

create-a-container/views/nginx-conf.ejs

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
server_names_hash_bucket_size 128;
2+
3+
<% services.forEach((service, index) => { %>
4+
server {
5+
listen 443 ssl;
6+
listen [::]:443 ssl;
7+
listen 443 quic;
8+
listen [::]:443 quic;
9+
http2 on;
10+
http3 on;
11+
12+
server_name <%= service.externalHostname %>.opensource.mieweb.org;
13+
14+
# SSL certificates
15+
ssl_certificate /root/.acme.sh/opensource.mieweb.org/fullchain.cer;
16+
ssl_certificate_key /root/.acme.sh/opensource.mieweb.org/opensource.mieweb.org.key;
17+
18+
# Modern TLS configuration
19+
ssl_protocols TLSv1.2 TLSv1.3;
20+
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
21+
ssl_prefer_server_ciphers off;
22+
23+
# SSL session optimization
24+
ssl_session_cache shared:SSL:10m;
25+
ssl_session_timeout 10m;
26+
ssl_session_tickets off;
27+
28+
# OCSP stapling
29+
ssl_stapling on;
30+
ssl_stapling_verify on;
31+
ssl_trusted_certificate /root/.acme.sh/opensource.mieweb.org/fullchain.cer;
32+
resolver 1.1.1.1 8.8.8.8 valid=300s;
33+
resolver_timeout 5s;
34+
35+
# Security headers
36+
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
37+
add_header X-Frame-Options "SAMEORIGIN" always;
38+
add_header X-Content-Type-Options "nosniff" always;
39+
add_header X-XSS-Protection "1; mode=block" always;
40+
add_header Alt-Svc 'h3=":443"; ma=86400' always;
41+
42+
# Proxy settings
43+
location / {
44+
proxy_pass http://<%= service.Container.ipv4Address %>:<%= service.internalPort %>;
45+
proxy_http_version 1.1;
46+
47+
# Proxy headers
48+
proxy_set_header Host $host;
49+
proxy_set_header X-Real-IP $remote_addr;
50+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
51+
proxy_set_header X-Forwarded-Proto $scheme;
52+
proxy_set_header X-Forwarded-Host $host;
53+
proxy_set_header X-Forwarded-Port $server_port;
54+
55+
# WebSocket support
56+
proxy_set_header Upgrade $http_upgrade;
57+
proxy_set_header Connection "upgrade";
58+
59+
# Timeouts
60+
proxy_connect_timeout 60s;
61+
proxy_send_timeout 60s;
62+
proxy_read_timeout 60s;
63+
64+
# Buffering (disable for SSE/streaming)
65+
proxy_buffering off;
66+
proxy_request_buffering off;
67+
68+
# Allow large uploads
69+
client_max_body_size 100M;
70+
}
71+
}
72+
<% }) %>

nginx-reverse-proxy/nginx.conf

Lines changed: 0 additions & 29 deletions
This file was deleted.

nginx-reverse-proxy/port-map-server.js

Lines changed: 0 additions & 67 deletions
This file was deleted.

nginx-reverse-proxy/port_map.js

Lines changed: 0 additions & 94 deletions
This file was deleted.

nginx-reverse-proxy/pull-config.cron

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
SHELL=/bin/bash
2+
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
3+
* * * * * root /opt/opensource-server/nginx-reverse-proxy/pull-config.sh

nginx-reverse-proxy/pull-config.sh

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
#!/usr/bin/env bash
2+
3+
set -euo pipefail
4+
5+
CONF_FILE=/etc/nginx/conf.d/reverse-proxy.conf
6+
CONF_URL=https://create-a-container.opensource.mieweb.org/nginx.conf
7+
8+
mv "${CONF_FILE}" "${CONF_FILE}.bak"
9+
curl -fsSL -o "${CONF_FILE}" "${CONF_URL}"
10+
11+
if ! nginx -t; then
12+
mv "${CONF_FILE}.bak" "${CONF_FILE}"
13+
exit 1
14+
fi
15+
16+
rm -f "${CONF_FILE}.bak"
17+
nginx -s reload

nginx-reverse-proxy/reverse_proxy.conf

Lines changed: 0 additions & 76 deletions
This file was deleted.

0 commit comments

Comments
 (0)