From 4b91eefc682e17fd6b90670cf8b4c28ceb2b43e5 Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Wed, 19 Jan 2022 23:42:38 +0100
Subject: Rather see the data/ folder as examples/ for the docker host
 configuration.

---
 examples/proxy/haproxy/.keep                       |  0
 examples/proxy/nginx/sites-common                  | 13 ++++
 .../proxy/nginx/sites.template.scalelite-cluster   | 77 ++++++++++++++++++++++
 .../proxy/nginx/sites.template.scalelite-local     | 64 ++++++++++++++++++
 .../nginx/sites.template.scalelite-local-protected | 61 +++++++++++++++++
 .../proxy/nginx/sites.template.scalelite-proxy     | 69 +++++++++++++++++++
 .../nginx/sites.template.scalelite-proxy-protected | 61 +++++++++++++++++
 7 files changed, 345 insertions(+)
 create mode 100644 examples/proxy/haproxy/.keep
 create mode 100644 examples/proxy/nginx/sites-common
 create mode 100644 examples/proxy/nginx/sites.template.scalelite-cluster
 create mode 100644 examples/proxy/nginx/sites.template.scalelite-local
 create mode 100644 examples/proxy/nginx/sites.template.scalelite-local-protected
 create mode 100644 examples/proxy/nginx/sites.template.scalelite-proxy
 create mode 100644 examples/proxy/nginx/sites.template.scalelite-proxy-protected

(limited to 'examples/proxy')

diff --git a/examples/proxy/haproxy/.keep b/examples/proxy/haproxy/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/examples/proxy/nginx/sites-common b/examples/proxy/nginx/sites-common
new file mode 100644
index 0000000..d906992
--- /dev/null
+++ b/examples/proxy/nginx/sites-common
@@ -0,0 +1,13 @@
+proxy_read_timeout 60s;
+proxy_redirect off;
+
+proxy_set_header  Host $http_host;
+
+proxy_set_header  X-Real-IP $remote_addr;
+proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+
+proxy_set_header  X-Forwarded-Proto $scheme;
+
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
diff --git a/examples/proxy/nginx/sites.template.scalelite-cluster b/examples/proxy/nginx/sites.template.scalelite-cluster
new file mode 100644
index 0000000..395fabe
--- /dev/null
+++ b/examples/proxy/nginx/sites.template.scalelite-cluster
@@ -0,0 +1,77 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server scalelite-api-1:80 max_fails=3 fail_timeout=30s;
+    server scalelite-api-2:80 max_fails=3 fail_timeout=30s;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings-1:80  max_fails=3 fail_timeout=30s;
+    server scalelite-recordings-2:80  max_fails=3 fail_timeout=30s;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /bigbluebutton/api/ {
+        proxy_pass  http://docker-scalelite-api;
+
+        proxy_read_timeout 60s;
+        proxy_redirect off;
+
+        proxy_set_header  Host $http_host;
+
+        proxy_set_header  X-Real-IP $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header  X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location / {
+        proxy_pass  http://docker-scalelite-recordings;
+
+        proxy_read_timeout 60s;
+        proxy_redirect off;
+
+        proxy_set_header  Host $http_host;
+
+        proxy_set_header  X-Real-IP $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header  X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/examples/proxy/nginx/sites.template.scalelite-local b/examples/proxy/nginx/sites.template.scalelite-local
new file mode 100644
index 0000000..dfb5f97
--- /dev/null
+++ b/examples/proxy/nginx/sites.template.scalelite-local
@@ -0,0 +1,64 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server $NGINX_HOSTNAME:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass  http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /bigbluebutton/api/ {
+        proxy_pass  http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /presentation/ {
+        proxy_pass  http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location /playback/ {
+        proxy_pass  http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api/health_check;
+        include /etc/nginx/sites-common;
+    }
+}
diff --git a/examples/proxy/nginx/sites.template.scalelite-local-protected b/examples/proxy/nginx/sites.template.scalelite-local-protected
new file mode 100644
index 0000000..d53d130
--- /dev/null
+++ b/examples/proxy/nginx/sites.template.scalelite-local-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server $NGINX_HOSTNAME:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource/ {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
diff --git a/examples/proxy/nginx/sites.template.scalelite-proxy b/examples/proxy/nginx/sites.template.scalelite-proxy
new file mode 100644
index 0000000..c099bcb
--- /dev/null
+++ b/examples/proxy/nginx/sites.template.scalelite-proxy
@@ -0,0 +1,69 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server scalelite-api:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache       shared:SSL:10m;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass  http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /bigbluebutton/api/ {
+        proxy_pass  http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /presentation/ {
+        proxy_pass  http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location /playback/ {
+        proxy_pass  http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api/health_check;
+        include /etc/nginx/sites-common;
+    }
+}
diff --git a/examples/proxy/nginx/sites.template.scalelite-proxy-protected b/examples/proxy/nginx/sites.template.scalelite-proxy-protected
new file mode 100644
index 0000000..5a8403a
--- /dev/null
+++ b/examples/proxy/nginx/sites.template.scalelite-proxy-protected
@@ -0,0 +1,61 @@
+#### For <$NGINX_HOSTNAME>
+
+upstream docker-scalelite-api {
+    server scalelite-api:3000;
+}
+
+upstream docker-scalelite-recordings {
+    server scalelite-recordings:80;
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen  80;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return  301 https://$host$request_uri;
+    }
+}
+
+server {
+    server_name $NGINX_HOSTNAME;
+
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+
+    ## Configuration for SSL Certificate from a CA other than LetsEncrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
+    location /health_check {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+
+    location /static-resource/ {
+        rewrite /static-resource(/|$)(.*) /$2 break;
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+        internal;
+    }
+
+    location /playback {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
+    location / {
+        proxy_pass http://docker-scalelite-api;
+        include /etc/nginx/sites-common;
+    }
+}
-- 
cgit v1.2.3