diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 11ded4e..7aa0ea1 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -15,7 +15,6 @@ jobs: - name: Build Docker images env: TAG: dev - EXPOSED_PORT: 8443 run: docker-compose build - name: Login to GitHub Container Registry uses: docker/login-action@v1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 24599ff..efad59a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,6 @@ jobs: - name: Build Docker images env: TAG: latest - EXPOSED_PORT: 443 run: docker-compose build - name: Login to GitHub Container Registry uses: docker/login-action@v1 diff --git a/Dockerfile b/Dockerfile index 9cd27a2..3e5fb3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ FROM nginx:1.20.2 -COPY nginx.conf /etc/nginx/ -ARG EXPOSED_PORT=443 -ENV EXPOSED_PORT $EXPOSED_PORT -RUN envsubst '\$EXPOSED_PORT' < /etc/nginx/nginx.conf | tee /etc/nginx/nginx.conf +COPY nginx.conf /etc/nginx/nginx.conf.org +ENV EXPOSED_PORT 443 +ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' EXPOSE 443 diff --git a/docker-compose.yml b/docker-compose.yml index f5f1b5a..6658dd9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,6 @@ version: '3.8' services: nginx: image: ghcr.io/opexdev/nginx:$TAG - build: - context: . - args: - - EXPOSED_PORT=$EXPOSED_PORT + build: . + environment: + - EXPOSED_PORT=$EXPOSED_PORT diff --git a/nginx.conf b/nginx.conf index 5324c4b..9cd9f25 100644 --- a/nginx.conf +++ b/nginx.conf @@ -18,61 +18,13 @@ http { ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; - upstream docker-wallet { - server wallet:8080; - } - - upstream docker-auth { - server auth:8080; - } - - upstream docker-matching-gateway { - server matching-gateway:8080; - } - - upstream docker-api { - server api:8080; - } - - upstream docker-storage { - server storage:8080; - } - - upstream docker-websocket { - server websocket:8080; - } - - upstream docker-admin { - server admin:8080; - } - - upstream docker-web-app { - server web-app:80; - } - - upstream docker-admin-panel { - server admin-panel:80; - } - - upstream docker-ipg { - server payment:8080; - } - - upstream docker-referral { - server referral:8080; - } - - upstream docker-captcha { - server captcha:8080; - } - proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Allow-Methods; - add_header Access-Control-Allow-Credentials false always; - add_header Access-Control-Allow-Origin * always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; @@ -83,6 +35,8 @@ http { proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Port $EXPOSED_PORT; + resolver 127.0.0.11 valid=30s; + server { listen 443 ssl; listen [::]:443 ssl; @@ -90,7 +44,6 @@ http { server_name dashbrd-demo.opex.dev; location / { - resolver 127.0.0.11; set $backend http://superset:8088; proxy_pass $backend; } @@ -103,11 +56,13 @@ http { server_name adm-demo.opex.dev; location ~* \.(.*)$ { - proxy_pass http://docker-admin-panel; + set $backend http://admin-panel; + proxy_pass $backend; } location / { - proxy_pass http://docker-admin-panel; + set $backend http://admin-panel; + proxy_pass $backend; rewrite .* / break; } } @@ -118,20 +73,31 @@ http { server_name demo.opex.dev; - location ^~ /auth { - proxy_pass http://docker-auth; - } - location ~* \.(.*)$ { - proxy_pass http://docker-web-app; + set $backend http://web-app; + proxy_pass $backend; } location / { - proxy_pass http://docker-web-app; + set $backend http://web-app; + proxy_pass $backend; rewrite .* / break; } } + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name auth-demo.opex.dev; + + location / { + set $backend http://auth:8080; + proxy_pass $backend; + rewrite ^/(.*)$ /auth/$1 break; + } + } + server { listen 443 ssl; listen [::]:443 ssl; @@ -144,10 +110,6 @@ http { return 204; } - location /auth { - proxy_pass http://docker-auth; - } - location /wallet/transfer { return 403; } @@ -160,68 +122,82 @@ http { return 403; } + location /auth { + set $backend http://auth:8080; + proxy_pass $backend; + } + location /wallet { - proxy_pass http://docker-wallet; + set $backend http://wallet:8080; + proxy_pass $backend; rewrite ^/wallet/(.*)$ /$1 break; } location /gateway { - proxy_pass http://docker-matching-gateway; + set $backend http://matching-gateway:8080; + proxy_pass $backend; rewrite ^/gateway/(.*)$ /$1 break; } location /storage { - proxy_pass http://docker-storage; + set $backend http://storage:8080; + proxy_pass $backend; rewrite ^/storage/(.*)$ /$1 break; } location /referral { - proxy_pass http://docker-referral; + set $backend http://referral:8080; + proxy_pass $backend; rewrite ^/referral/(.*)$ /$1 break; } location /stream { - proxy_pass http://docker-websocket; # WS config proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ########### + set $backend http://websocket:8080; + proxy_pass $backend; rewrite ^/stream/(.*)$ /$1 break; } location /ipg { - proxy_pass http://docker-ipg; + set $backend http://payment:8080; + proxy_pass $backend; rewrite ^/ipg/(.*)$ /$1 break; } location /admin { - proxy_pass http://docker-admin; + set $backend http://admin:8080; + proxy_pass $backend; rewrite ^/admin/(.*)$ /$1 break; } location /api { - proxy_pass http://docker-api; + set $backend http://api:8080; + proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } location /sapi { - proxy_pass http://docker-api; + set $backend http://api:8080; + proxy_pass $backend; rewrite ^/sapi/(.*)$ /$1 break; } location /captcha { - add_header Access-Control-Allow-Credentials false always; - add_header Access-Control-Allow-Origin * always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; add_header Access-Control-Expose-Headers 'Captcha-Session-Key, Captcha-Expire-Timestamp' always; - proxy_pass http://docker-captcha; + set $backend http://captcha:8080; + proxy_pass $backend; rewrite ^/captcha/(.*)$ /$1 break; } location /binance { - resolver 127.0.0.11; proxy_set_header Host api.binance.com; proxy_set_header X-Real-IP ''; proxy_set_header X-Forwarded-For '';