From 95c2fd70529cc4a8036244aa0673613f9ed6a233 Mon Sep 17 00:00:00 2001 From: gsd Date: Wed, 12 Mar 2025 15:48:24 +0300 Subject: [PATCH] nginx road --- Dockerfile | 3 ++ docker-compose.yaml | 14 +++++-- entrypoint.sh | 97 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 110 insertions(+), 4 deletions(-) create mode 100644 Dockerfile create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fc6a27f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:1.27.4-alpine +RUN apk add apache2-utils +COPY entrypoint.sh /docker-entrypoint.d/entrypoint.sh \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml index 69eeb87..0ceffbe 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -10,12 +10,18 @@ services: cpus: "0.1" memory: 128M pushgateway_nginx: - image: docker.pblr-nyk.pro/nginx:1.27.4-alpine + build: ./ container_name: p_gw_nginx restart: unless-stopped - volumes: - - $PWD/srv.conf:/etc/nginx/conf.d/srv.conf:ro - - $PWD/.htpasswd:/etc/nginx/.htpasswd:ro + #COMBO | base auth for this instance + #GATEWAY | first gateway without pass words + environment: + - COMBO=test:test;test1:test1 + - GATEWAY=p_gw:9091;p_gw:9091|user:pass;p_gw:9091|user:pass + - PORT=9091 + #volumes: + # - $PWD/srv.conf:/etc/nginx/conf.d/srv.conf:ro + # - $PWD/.htpasswd:/etc/nginx/.htpasswd:ro ports: - 9091:9091 deploy: diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b66c84a --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +#htpasswd part +rm /etc/nginx/.htpasswd || echo "cleared" +touch /etc/nginx/.htpasswd +USERS_SPLIT=$(echo $COMBO | tr ";" "\n") +for USER in $USERS_SPLIT +do + USERNAME=$(echo $USER | cut -d ":" -f 1) + PASSWORD=$(echo $USER | cut -d ":" -f 2) + htpasswd -b /etc/nginx/.htpasswd $USERNAME $PASSWORD +done + +#gateways setup +#gateway_0 is main +rm /etc/nginx/conf.d/srv.conf || echo "cleared" +touch /etc/nginx/conf.d/srv.conf +GATEWAYS_SPLIT=$(echo $GATEWAY | tr ";" "\n") + +COUNTER=0 +for GATEWAY in $GATEWAYS_SPLIT +do +cat <> /etc/nginx/conf.d/srv.conf +upstream gateway_$COUNTER { + server $(echo $GATEWAY | cut -d "|" -f 1); +} + +EOT +COUNTER=$((COUNTER + 1)) +done + +#main +cat <> /etc/nginx/conf.d/srv.conf +server { + listen 0.0.0.0:$PORT; + server_name __; + + location / { + auth_basic "Pushgateway server authentication"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://gateway_0; + +EOT + +#mirror redirect +COUNTER=0 +for GATEWAY in $GATEWAYS_SPLIT +do +if [ $COUNTER -gt 0 ]; then + cat <> /etc/nginx/conf.d/srv.conf + mirror /mirror_$COUNTER; +EOT +fi +COUNTER=$((COUNTER + 1)) +done +echo " }" >> /etc/nginx/conf.d/srv.conf + +#mirror catcher +cat <> /etc/nginx/conf.d/srv.conf + if (\$http_x_is_mirror) { + rewrite ^/(.*)\$ /mirror/\$1 last; + } + + location ~ ^/mirror/(.*)$ { + rewrite /mirror/(.*) /\$1 break; + auth_basic "Pushgateway server authentication"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://gateway_0; + } +EOT + +#mirror location +COUNTER=0 +for GATEWAY in $GATEWAYS_SPLIT +do +if [ $COUNTER -gt 0 ]; then + cat <> /etc/nginx/conf.d/srv.conf + + location = /mirror_$COUNTER { + internal; + proxy_pass http://gateway_$COUNTER; + proxy_set_header X-Is-Mirror 'yes'; + proxy_pass_header X-Is-Mirror; + proxy_set_header Authorization "Basic $(echo $GATEWAY | cut -d "|" -f 2 | base64)"; + proxy_pass_header Authorization; + } + +EOT +fi +COUNTER=$((COUNTER + 1)) +done + +echo "}" >> /etc/nginx/conf.d/srv.conf + +cat /etc/nginx/conf.d/srv.conf +cat /etc/nginx/.htpasswd +nginx -t \ No newline at end of file