fix #41: define web server

Author: kamilsk

env/docker/compose/base.yml

@@ -16,6 +16,15 @@ services:
 #    env_file:
 #      - ../monitoring/.env
 
+  server:
+    image: octopot/tablo:server
+    build:
+      context: ../server
+    depends_on:
+      - service
+    env_file:
+      - ../server/.env
+
   service:
     image: octopot/tablo:latest
     build:

env/docker/compose/demo.yml

@@ -1,3 +1,28 @@
 version: "3"
 
-services: {}
+services:
+
+  server:
+    command: tablo.octolab.org
+    environment:
+      - DEV_ENABLED=false
+      - LE_ENABLED=true
+      - [email protected]
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - certificates:/etc/nginx/ssl
+      - letsencrypt:/etc/letsencrypt
+
+  storage:
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+
+  certificates: { driver: local }
+  letsencrypt:  { driver: local }
+
+  pgdata:       { driver: local }
+

env/docker/compose/dev.yml

@@ -2,6 +2,14 @@ version: "3"
 
 services:
 
+  server:
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - certificates:/etc/nginx/ssl
+      - letsencrypt:/etc/letsencrypt
+
   service:
     ports:
       - 8080:8080
@@ -14,4 +22,7 @@ services:
 
 volumes:
 
+  certificates: { driver: local }
+  letsencrypt:  { driver: local }
+
   pgdata: { driver: local }

env/docker/server/.env

@@ -0,0 +1,7 @@
+BASIC_USER=admin
+BASIC_PASS=admin
+
+DEV_ENABLED=true
+LE_ENABLED=false
+LE_EMAIL=
+TIME_ZONE=UTC

env/docker/server/Dockerfile

@@ -1,3 +1,5 @@
-FROM scratch
+FROM kamilsk/nginx:alpine AS server
 
 LABEL maintainer="Kamil Samigullin <[email protected]>"
+
+COPY conf.d /etc/nginx/sites-available

env/docker/server/conf.d/service.conf

@@ -0,0 +1,69 @@
+upstream service   { server service:8080; }
+# upstream grpc      { server service:8090; }
+# upstream profiling { server service:8091; }
+# upstream telemetry { server service:8092; }
+# upstream vault     { server vault:8200; }
+
+server {
+    listen  80;
+    listen  [::]:80;
+
+    #:https listen                   443       ssl http2;
+    #:https listen                   [::]:443  ssl http2;
+    #:https ssl_certificate          ${SSL_CERT};
+    #:https ssl_certificate_key      ${SSL_KEY};
+    #:https #:le ssl_trusted_certificate  ${SSL_CHAIN};
+    #:https ssl_dhparam              /etc/nginx/ssl/dhparams.pem;
+    #:https ssl_ecdh_curve           prime256v1:secp384r1:secp521r1;
+    #:https include h5bp/directive-only/ssl.conf;
+    #:https #:le include h5bp/directive-only/ssl-stapling.conf;
+    #:https if ($scheme = http) {
+    #:https     return  301  https://$server_name$request_uri;
+    #:https }
+    #:https add_header  Strict-Transport-Security  "max-age=86400" always;
+
+    server_name  tablo.octolab.org  tablo.127.0.0.1.xip.io;
+
+    charset  utf-8;
+    index    index.html;
+    root     /usr/share/nginx/html;
+
+    etag   on;
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location /.well-known/  { root /usr/share/nginx/html; }
+
+    location /api/ {
+        rewrite  ^/api/(.*)  /$1  break;
+
+        proxy_redirect    off;
+        proxy_buffering   off;
+        proxy_pass        http://service;
+        proxy_set_header  Host               $http_host;
+        proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto  $scheme;
+        proxy_set_header  X-Real-IP          $remote_addr;
+    }
+
+#    location /grpc/ {
+#        rewrite  ^/grpc/(.*)  /$1  break;
+#
+#        grpc_pass  grpc://grpc;
+#    }
+
+#    location /vault/ {
+#        rewrite  ^/vault/(.*)  /$1  break;
+#
+#        proxy_redirect    off;
+#        proxy_buffering   off;
+#        proxy_pass        http://vault;
+#        proxy_set_header  Host               $http_host;
+#        proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
+#        proxy_set_header  X-Forwarded-Proto  $scheme;
+#        proxy_set_header  X-Real-IP          $remote_addr;
+#    }
+
+    include h5bp/directive-only/x-ua-compatible.conf;
+    include h5bp/directive-only/extra-security.conf;
+    include h5bp/directive-only/no-transform.conf;
+}

env/docker/service/Dockerfile

@@ -29,12 +29,12 @@ ENV BIND=0.0.0.0 \
     HTTP_PORT=8080 \
     GRPC_PORT=8090 \
     PROFILING_PORT=8091 \
-    MONITORING_PORT=8092
+    TELEMETRY_PORT=8092
 
 EXPOSE ${HTTP_PORT} \
        ${GRPC_PORT} \
        ${PROFILING_PORT} \
-       ${MONITORING_PORT}
+       ${TELEMETRY_PORT}
 
 ENTRYPOINT [ "service" ]
 CMD        [ "help", "run" ]