diff --git a/netmaker_server/files/opt/netmaker_server/nginx/conf/conf.d/proxy.conf b/netmaker_server/files/opt/netmaker_server/nginx/conf/conf.d/proxy.conf new file mode 100644 index 0000000..f97d9fb --- /dev/null +++ b/netmaker_server/files/opt/netmaker_server/nginx/conf/conf.d/proxy.conf @@ -0,0 +1,26 @@ +map $host $proxy_name { + hostnames; + + netmaker-ui.* netmaker-ui:80; + netmaker-api.* netmaker:80; + netmaker-rqlite-http.* rqlite:4001; + + default 444; +} + +server { + resolver 127.0.0.11; # Explicitly set docker-resolver + + listen 8443 ssl; + + ssl_certificate /certs/node.crt; + ssl_certificate_key /certs/node.key; + + if ($proxy_name = 444){ + return 444; + } + + location / { + proxy_pass http://$proxy_name; + } +} diff --git a/netmaker_server/files/opt/netmaker_server/nginx/conf/stream.d/passthrough.conf b/netmaker_server/files/opt/netmaker_server/nginx/conf/stream.d/passthrough.conf new file mode 100644 index 0000000..8077e4e --- /dev/null +++ b/netmaker_server/files/opt/netmaker_server/nginx/conf/stream.d/passthrough.conf @@ -0,0 +1,24 @@ +stream{ + map $ssl_preread_server_name $name { + hostnames; # Use hostnames as map? + + netmaker-ui.* 127.0.0.1:8443; + netmaker-api.* 127.0.0.1:8443; + + netmaker-broker.* mosquitto:8883; # todo: tls-terminate? + + netmaker-rqlite-http.* 127.0.0.1:8443; + netmaker-rqlite-cluster.* rqlite:4002; + + default 127.0.0.1:1; + } + + server { + resolver 127.0.0.11; # Explicitly set docker-resolver + + listen 443; + ssl_preread on; + + proxy_pass $name; + } +} diff --git a/netmaker_server/files/opt/netmaker_server/nginx/nginx.conf b/netmaker_server/files/opt/netmaker_server/nginx/nginx.conf new file mode 100644 index 0000000..d1e9413 --- /dev/null +++ b/netmaker_server/files/opt/netmaker_server/nginx/nginx.conf @@ -0,0 +1,33 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} +include /etc/nginx/stream.d/*.conf; diff --git a/netmaker_server/tasks/main.yml b/netmaker_server/tasks/main.yml index 2b1b967..4aa89aa 100644 --- a/netmaker_server/tasks/main.yml +++ b/netmaker_server/tasks/main.yml @@ -11,6 +11,10 @@ src: docker-compose.yml.template dest: /opt/netmaker_server/docker-compose.yml +- import_tasks: ./certs.yml + +- import_tasks: ./nginx.yml + - import_tasks: ./rqlite.yml - import_tasks: ./netmaker.yml diff --git a/netmaker_server/templates/docker-compose.yml.template b/netmaker_server/templates/docker-compose.yml.template index 9d689b3..ec380dd 100644 --- a/netmaker_server/templates/docker-compose.yml.template +++ b/netmaker_server/templates/docker-compose.yml.template @@ -1,6 +1,17 @@ version: "3.4" services: + nginx: + image: nginx + restart: unless-stopped + volumes: + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro # Override nginx-config to add stream-import + - ./nginx/conf/conf.d/:/etc/nginx/conf.d:ro # conf.d + - ./nginx/conf/stream.d/:/etc/nginx/stream.d:ro # conf.d + - ./certs:/certs:ro # SSL-certificates + ports: + - 51820:443 + rqlite: # Distributed sqlite-db image: rqlite/rqlite restart: unless-stopped @@ -8,7 +19,7 @@ services: volumes: - "./rqlite/data:/rqlite/file" - "./rqlite/config.json:/config.json:ro" - - "./rqlite/certs:/certs:ro" + - "./certs:/certs:ro" ports: - 4001:4001 - 4002:4002