From 2bc618b22cb1b603e1d27ecf1cf0cad5e5a448b4 Mon Sep 17 00:00:00 2001
From: lehuygiang28 <lehuygiang28@gmail.com>
Date: Sat, 10 Aug 2024 22:11:19 +0700
Subject: [PATCH] chore: :rocket: add Dockerfile and nginx proxy configurations
 for swag container

---
 containers/swag/Dockerfile                    |  1 +
 containers/swag/nginx/nginx.conf              | 81 +++++++++++++++++++
 .../swag/nginx/proxy-confs/api.subdomain.conf | 31 +++++++
 .../proxy-confs/devin-main.subdomain.conf     | 19 +++++
 .../nginx/proxy-confs/devin.subdomain.conf    | 19 +++++
 .../nginx/proxy-confs/server.subdomain.conf   | 14 ++++
 containers/swag/www/index.html                | 14 ++++
 docker-compose.deploy.yml                     | 39 +++++++++
 8 files changed, 218 insertions(+)
 create mode 100644 containers/swag/Dockerfile
 create mode 100644 containers/swag/nginx/nginx.conf
 create mode 100644 containers/swag/nginx/proxy-confs/api.subdomain.conf
 create mode 100644 containers/swag/nginx/proxy-confs/devin-main.subdomain.conf
 create mode 100644 containers/swag/nginx/proxy-confs/devin.subdomain.conf
 create mode 100644 containers/swag/nginx/proxy-confs/server.subdomain.conf
 create mode 100644 containers/swag/www/index.html
 create mode 100644 docker-compose.deploy.yml

diff --git a/containers/swag/Dockerfile b/containers/swag/Dockerfile
new file mode 100644
index 0000000..622d49e
--- /dev/null
+++ b/containers/swag/Dockerfile
@@ -0,0 +1 @@
+FROM lscr.io/linuxserver/swag:2
diff --git a/containers/swag/nginx/nginx.conf b/containers/swag/nginx/nginx.conf
new file mode 100644
index 0000000..973b640
--- /dev/null
+++ b/containers/swag/nginx/nginx.conf
@@ -0,0 +1,81 @@
+## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample
+
+### Based on alpine defaults
+# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable
+
+user abc;
+
+# Set number of worker processes automatically based on number of CPU cores.
+include /config/nginx/worker_processes.conf;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /config/log/nginx/error.log;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Include files with config snippets into the root context.
+include /etc/nginx/conf.d/*.conf;
+
+events {
+    # The maximum number of simultaneous connections that can be opened by
+    # a worker process.
+    worker_connections 1024;
+}
+
+http {
+    # Includes mapping of file name extensions to MIME types of responses
+    # and defines the default type.
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Name servers used to resolve names of upstream servers into addresses.
+    # It's also needed when using tcpsocket and udpsocket in Lua modules.
+    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+    include /config/nginx/resolver.conf;
+
+    # Don't tell nginx version to the clients. Default is 'on'.
+    server_tokens off;
+
+    # Specifies the maximum accepted body size of a client request, as
+    # indicated by the request header Content-Length. If the stated content
+    # length is greater than this size, then the client receives the HTTP
+    # error code 413. Set to 0 to disable. Default is '1m'.
+    client_max_body_size 0;
+
+    # Sendfile copies data between one FD and other from within the kernel,
+    # which is more efficient than read() + write(). Default is off.
+    sendfile on;
+
+    # Causes nginx to attempt to send its HTTP response head in one packet,
+    # instead of using partial frames. Default is 'off'.
+    tcp_nopush on;
+
+    # all ssl related config moved to ssl.conf
+    # included in server blocks where listen 443 is defined
+
+    # Enable gzipping of responses.
+    gzip on;
+
+    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+    gzip_vary on;
+
+    # Helper variable for proxying websockets.
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
+    # Sets the path, format, and configuration for a buffered log write.
+    access_log /config/log/nginx/access.log;
+
+    # Includes virtual hosts configs.
+    include /etc/nginx/http.d/*.conf;
+    include /config/nginx/site-confs/*.conf;
+}
+
+daemon off;
+pid /run/nginx.pid;
diff --git a/containers/swag/nginx/proxy-confs/api.subdomain.conf b/containers/swag/nginx/proxy-confs/api.subdomain.conf
new file mode 100644
index 0000000..d299ef5
--- /dev/null
+++ b/containers/swag/nginx/proxy-confs/api.subdomain.conf
@@ -0,0 +1,31 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name api.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 100m;
+
+    location /api-stats/ {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        
+        access_log off;
+
+        set $upstream_app api;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app api;
+        set $upstream_port 8000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/containers/swag/nginx/proxy-confs/devin-main.subdomain.conf b/containers/swag/nginx/proxy-confs/devin-main.subdomain.conf
new file mode 100644
index 0000000..6221fd2
--- /dev/null
+++ b/containers/swag/nginx/proxy-confs/devin-main.subdomain.conf
@@ -0,0 +1,19 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name devin-main.*;
+
+    include /config/nginx/ssl.conf;
+
+    proxy_request_buffering off;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app devin-main;
+        set $upstream_port 9001;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/containers/swag/nginx/proxy-confs/devin.subdomain.conf b/containers/swag/nginx/proxy-confs/devin.subdomain.conf
new file mode 100644
index 0000000..cd9890b
--- /dev/null
+++ b/containers/swag/nginx/proxy-confs/devin.subdomain.conf
@@ -0,0 +1,19 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name devin.*;
+
+    include /config/nginx/ssl.conf;
+
+    proxy_request_buffering off;
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app devin;
+        set $upstream_port 9000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/containers/swag/nginx/proxy-confs/server.subdomain.conf b/containers/swag/nginx/proxy-confs/server.subdomain.conf
new file mode 100644
index 0000000..d8f3742
--- /dev/null
+++ b/containers/swag/nginx/proxy-confs/server.subdomain.conf
@@ -0,0 +1,14 @@
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name server.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 5m;
+
+    location / {
+        return 301 https://github.com/lehuygiang28/tasktr
+    }
+}
diff --git a/containers/swag/www/index.html b/containers/swag/www/index.html
new file mode 100644
index 0000000..6c5e12a
--- /dev/null
+++ b/containers/swag/www/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Techcell Cloud</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+</head>
+
+<body class="bg-black text-gray-100 font-sans m-0 p-0">
+</body>
+
+</html>
\ No newline at end of file
diff --git a/docker-compose.deploy.yml b/docker-compose.deploy.yml
new file mode 100644
index 0000000..f493c3f
--- /dev/null
+++ b/docker-compose.deploy.yml
@@ -0,0 +1,39 @@
+version: '3'
+
+services:
+    swag:
+        build:
+            context: ./containers/swag
+            dockerfile: Dockerfile
+        container_name: swag
+        cap_add:
+            - NET_ADMIN
+        environment:
+            - PUID=${PUID:-1001}
+            - PGID=${PGID:-1002}
+            - TZ=Etc/UTC
+            - URL=giaang.id.vn
+            - SUBDOMAINS=${SSL_SUBDOMAINS}
+            - VALIDATION=http
+            - CERTPROVIDER=zerossl #optional
+            - DNSPLUGIN=cloudflare #optional
+            # - DUCKDNSTOKEN=<token> #optional
+            - EMAIL=giang@giaang.id.vn #optional
+            - ONLY_SUBDOMAINS=true #optional
+            # - EXTRA_DOMAINS=<extradomains> #optional
+            - STAGING=false #optional
+        volumes:
+            - ./containers/swag/www:/config/www
+            - ./containers/swag/nginx/proxy-confs:/config/nginx/proxy-confs
+            - ./containers/swag/nginx/nginx.conf:/config/nginx/nginx.conf
+            - ./ssl/letsencrypt:/config/etc/letsencrypt # mount ssl key from container to work dir
+        ports:
+            - 80:80
+            - 443:443
+        networks:
+            - local
+        restart: unless-stopped
+
+networks:
+    local:
+        driver: bridge