oren · KuZmichishe · Jul 16, 2022 · Jul 16, 2022 · Jul 16, 2022 · Jul 17, 2022
diff --git a/.DS_Store b/.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -1,9 +1,47 @@
-FROM alpine:3.2
-RUN apk add --update nginx && rm -rf /var/cache/apk/*
+FROM alpine:latest
+
+### Environment variables
+ENV LANG='en_US.UTF-8' \
+    LANGUAGE='en_US.UTF-8' \
+    TERM='xterm' 
+
+### Install Applications
+RUN apk --no-cache update && \
+	apk add --no-cache \
+	nginx \
+	bash
+#	openssh
+#	certbot
+
+### Remove cache and tmp data
+RUN rm -rf \ 
+	/var/cache/apk/* \
+	/tmp/* \
+	/var/tmp/*
+
 RUN mkdir -p /tmp/nginx/client-body
+RUN mkdir -p /etc/nginx/sites-enabled
+
+### Volume
+VOLUME ["/etc/letsencrypt"]
 
+### Copy Nginx configs
 COPY nginx/nginx.conf /etc/nginx/nginx.conf
 COPY nginx/default.conf /etc/nginx/conf.d/default.conf
+COPY nginx/.htpasswd /etc/nginx/.htpasswd
 COPY website /usr/share/nginx/html
+COPY nginx/sites-enabled /etc/nginx/sites-enabled
+
+### Expose ports
+EXPOSE 80
+EXPOSE 443
+
+#COPY ./docker-entrypoint.sh /
+#RUN chmod +x docker-entrypoint.sh
+
+#ENTRYPOINT ["/docker-entrypoint.sh"]
+#CMD ["certbot"]
+
+#ENTRYPOINT ["sh", "-c", "nginx"]
 
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+OS=""
+MYUPGRADE="0"
+
+DectectOS(){
+  if [ -e /etc/alpine-release ]; then
+    OS="alpine"
+  elif [ -e /etc/os-release ]; then
+    if grep -q "NAME=\"Ubuntu\"" /etc/os-release ; then
+      OS="ubuntu"
+    fi
+    if grep -q "NAME=\"CentOS Linux\"" /etc/os-release ; then
+      OS="centos"
+    fi
+  fi
+}
+
+AutoUpgrade(){
+  if [ "$(id -u)" = '0' ]; then
+    if [ -n "${DOCKUPGRADE}" ]; then
+      MYUPGRADE="${DOCKUPGRADE}"
+    fi
+    if [ "${MYUPGRADE}" == 1 ]; then
+      if [ "${OS}" == "alpine" ]; then
+        apk --no-cache upgrade
+        rm -rf /var/cache/apk/*
+      elif [ "${OS}" == "ubuntu" ]; then
+        export DEBIAN_FRONTEND=noninteractive
+        apt-get update
+        apt-get -y --no-install-recommends dist-upgrade
+        apt-get -y autoclean
+        apt-get -y clean
+        apt-get -y autoremove
+        rm -rf /var/lib/apt/lists/*
+      elif [ "${OS}" == "centos" ]; then
+        yum upgrade -y
+        yum clean all
+        rm -rf /var/cache/yum/*
+      fi
+    fi
+  fi
+}
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+DockLog(){
+  if [ "${OS}" == "centos" ] || [ "${OS}" == "alpine" ]; then
+    echo "${1}"
+  else
+    logger "${1}"
+  fi
+}
+
+DectectOS
+AutoUpgrade
+
+if [ "${1}" == 'certbot' ]; then
+  if [ -z "${DOCKMAIL}" ]; then
+    DockLog "ERROR: administrator email is mandatory"
+  elif [ -z "${DOCKDOMAINS}" ]; then
+    DockLog "ERROR: at least one domain must be specified"
+  else
+    exec certbot certonly --verbose --noninteractive --quiet --standalone --agree-tos --email="${DOCKMAIL}" -d "${DOCKDOMAINS}" 
+  fi
+elif [ "${1}" == 'certbot-renew' ]; then
+   exec certbot renew
+else
+  "$@"
+fi
+
+nginx
diff --git a/nginx/.DS_Store b/nginx/.DS_Store
diff --git a/nginx/.htpasswd b/nginx/.htpasswd
@@ -0,0 +1 @@
+KuZmich:$apr1$Og6jRiiM$yZEVsYjXTMf4WDOqVbPdg1
diff --git a/nginx/default.conf b/nginx/default.conf
@@ -1,13 +1,19 @@
 server {
-  location / {
-      root /usr/share/nginx/html;
-  }
+  listen 80 default_server;
+  listen [::]:80 default_server;
 
-  location /item {
-      alias /usr/share/nginx/html;
-  }
+  root /usr/share/nginx/html;
 
-  location /post {
-      alias /usr/share/nginx/html;
+  # Add index.php to the list if you are using PHP
+  index index.html index.htm index.nginx-debian.html;
+#  access_log /var/log/nginx/access.log;
+  error_log /var/log/nginx/error.log;
+
+  server_name localhost;
+
+  location / {
+    # First attempt to serve request as file, then
+    # as directory, then fall back to displaying a 404.
+    try_files $uri $uri/ =404;
   }
 }
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -19,14 +19,15 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log  main;
+#    access_log  /var/log/nginx/access.log  main;
 
     sendfile        off;
     #tcp_nopush     on;
 
-    keepalive_timeout  65;
+    keepalive_timeout  0;
 
     #gzip  on;
 
     include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
 }
diff --git a/nginx/sites-enabled/kuzmich.xyz b/nginx/sites-enabled/kuzmich.xyz
@@ -0,0 +1,50 @@
+server {
+    listen 80;
+    server_name kuzmich.xyz;
+
+#    access_log /var/log/nginx/router.kuzmich.xyz-access.log;
+    error_log /var/log/nginx/kuzmich.xyz-error.log;
+
+    location / {
+        auth_basic           "Administrator’s Area";
+        auth_basic_user_file /etc/nginx/.htpasswd; 
+    }
+
+    location /router {
+        proxy_pass http://192.168.1.1:81/;
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #auth_basic           "Administrator’s Area";
+        #auth_basic_user_file /etc/nginx/.htpasswd; 
+    }
+
+    location /homebridge {
+        proxy_pass http://192.168.1.139;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location /owncloud {
+        proxy_pass http://192.168.1.140;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location /plex {
+        proxy_pass http://192.168.1.140:32400;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    location /torrent {
+        proxy_pass http://192.168.1.140:9091;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+}