reverse proxy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Giles Bradshaw 116abd13ee Merge branch 'no-ipv6' 5 months ago
.drone . 10 months ago
git-hooks feat: registry promotion 1 year ago
my-nginx Merge branch 'no-ipv6' 5 months ago
my-nginx-drone . 10 months ago
ngrok-gitea feat: http 11 months ago
registry feat: registry promotion 1 year ago
.gitignore ci: added standard version for releasing 1 year ago
.versionrc ci: added standard version for releasing 1 year ago
CHANGELOG.md chore(release): 0.0.10 11 months ago
README.md feat: authorisation file in .certificates for registry 6 months ago
docker-compose-80-drone.yml . 11 months ago
docker-compose-80-git.yml . 11 months ago
docker-compose-443-drone.yml . 11 months ago
docker-compose-443-git.yml . 11 months ago
docker-compose-letsencrypt-drone.yml . 11 months ago
docker-compose-letsencrypt-git.yml feat: save parameter 11 months ago
docker-compose-letsencrypt-huginn.yml . 11 months ago
docker-compose-ngrok.yml . 11 months ago
docker-compose.yml feat: authorisation file in .certificates for registry 6 months ago
make-ca.sh readme and deploy.sh 1 year ago
make-cert.sh feat: allow serve over http/https and with or without letsencrypt 11 months ago
package.json chore(release): 0.0.10 11 months ago
renovate.json chore(deps): add renovate.json 1 year ago
yarn.lock ci: added standard version for releasing 1 year ago

README.md

proxy

Nginx reverse proxies to expose other services on the internet. These use the https://letsencrypt.org/ service to obtain and expose ssl certificates.

Ngrok service tunneling to https://ngrok.com/ this allows services to be given public URLs even though they have no fixed public IP (ie behind NAT router).

A docker registry for internal use.

secrets

certbot-email

This is the email address to use with letsencrypt.

drone-domain

The domain that drone will be served on. If using ngrok this will need to be configured in ngrok and your dns.

eg “drone.sigyl.com”

Leave blank if you have no drone.

huginn-domain

The domain that huggin will be served on. If using ngrok this will need to be configured in ngrok and your dns.

eg “huginn.sigyl.com”

Leave blank if you have no huginn.

git-domain

The domain which all other services will be exposed on (either at the root or in sub folders.

eg “sigyl.com”

local-docker-registry

This is the dns address of the local registry service.

eg “registry.local-domain:5003/”

note the trailing slash.

registry-password

Password for the local docker registry.

Whatever you want.

ngrok-auth-token

If using ngrok this is the auth-token needed to access it.

initial deployment

clone repo into /stack/proxy


git clone [repo] /stack/proxy

environment variables

nb you only need ngrok if you are behind a nat router (ie on ‘home network’).

you need to manually set up the above secrets as environment variables capitalising them and replacing hyphens with underscores.

(you can leave out huginn domain, in fact you can leave out any of them). (set REGISTRY_PASSWORD and NEW_REGISTRY_PASSWORD the same).

Note the trailing slash on LOCAL_DOCKER_REGISTRY.

If using ngrok the domains should be setup there.

export CERTBOT_EMAIL='your.name@example.com'
export DRONE_DOMAIN='drone.example.com'
export HUGINN_DOMAIN='huginn.example.com'
export GIT_DOMAIN='example.com'
export LOCAL_DOCKER_REGISTRY='pc-name.local-domain:5003/'
export NGROK_AUTH_TOKEN='get this from ngrok'
export REGISTRY_PASSWORD='make something up'
export NEW_REGISTRY_PASSWORD='make something up'

make authfile

The authorisation file configures the name and password needed to access registry

docker run --entrypoint htpasswd registry:2.7.0 -Bbn [user] [password] > .certificates/registry-password.txt

make certificates

It makes a self signed certificate authority which gets copied to /etc/docker/certs.d for the registry domain and a tls certificate for the registry.

$REGISTRY_DOMAIN is the domain of the local registry eg registry.local-domain

sh make-ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry

if you are going to use a self signed certificate to serve over the web:

(where $DOMAIN is the domain to be served - eg sigyl.com)

sh make-cert.sh $DOMAIN web

build docker images

These are the images that are used in the stack.

sh .drone/build.sh

create externalnet

This is the network that links all the stack together

docker network create --driver=overlay --attachable externalnet

initialise the docker swarm

you’ll be the manager

where IP is the IP address you want to use to communicate with other nodes (if there are any)

docker swarm init --advertise-addr $IP

update your label

(get your node id)

docker node ls

docker node update --label-add com.sigyl.git-stack=yes [node id]

deploy stack

sh .drone/deploy.sh

did it work?

curl to the domains you are using.


curl http://$GIT_DOMAIN