KazV2/dockers/proxy/proxy-gen.sh
2024-06-03 18:43:35 +02:00

128 lines
3.0 KiB
Bash
Executable File

#!/bin/bash
KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd)
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
setKazVars
. "${DOCKERS_ENV}"
printKazMsg "\n *** Proxy update config"
NGINX_TMPL=config/nginx.tmpl.conf
NGINX_CONF=config/nginx.conf
DOCKER_DIST=docker-compose.tmpl.yml.dist
DOCKER_TMPL=docker-compose.tmpl.yml
DOCKER_CONF=docker-compose.yml
for service in agora cloud paheko wiki wp pod; do
touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_map"
touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_name"
done
# update port
PROXY_ALLOW_CFG="${KAZ_CONF_PROXY_DIR}/allow_ip"
if [ ! -f "${PROXY_ALLOW_CFG}" ]; then
cat > "${PROXY_ALLOW_CFG}" <<EOF
allow all;
EOF
fi
# update port
PROXY_PORT_CFG="${KAZ_CONF_PROXY_DIR}/port"
if [ ! -f "${PROXY_PORT_CFG}" ]; then
case "${domain}" in
kaz.bzh)
SSL_CERT="/etc/ssl/certs/wildcard_${domain//./_}.chain.pem"
SSL_KEY="/etc/ssl/private/wildcard_${domain//./_}.key.pem"
;;
kaz.local)
SSL_CERT="/etc/letsencrypt/local/_wildcard.${domain}.pem"
SSL_KEY="/etc/letsencrypt/local/_wildcard.${domain}-key.pem"
;;
*)
SSL_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem"
SSL_KEY="/etc/letsencrypt/live/${domain}/privkey.pem"
;;
esac
cat > "${PROXY_PORT_CFG}" <<EOF
listen 443 ssl http2;
ssl_certificate ${SSL_CERT};
ssl_certificate_key ${SSL_KEY};
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_early_data on;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
EOF
fi
# update redirect
PROXY_REDIRECT="${KAZ_CONF_PROXY_DIR}/redirect"
if [ ! -f "${PROXY_REDIRECT}" ]; then
cat > "${PROXY_REDIRECT}" <<EOF
server {
listen 80;
return 301 https://\$host\$request_uri;
}
# file
server {
listen 80;
server_name file.${domain};
return 301 https://depot.${domain}\$request_uri;
}
# cacl
server {
listen 80;
server_name calc.${domain};
return 301 https://tableur.${domain}\$request_uri;
}
# date
server {
listen 80;
server_name date.${domain};
return 301 https://sondage.${domain}\$request_uri;
}
# cloud
server {
listen 80;
server_name bureau.${domain};
return 301 https://cloud.${domain}\$request_uri;
}
# mattermost
server {
listen 80;
server_name mattermost.${domain};
return 301 https://agora.${domain}\$request_uri;
}
# dokuwiki
server {
listen 80;
server_name dokuwiki.${domain};
return 301 https://wiki.${domain}\$request_uri;
}
# castopod
server {
listen 80;
server_name pod.${domain};
return 301 https://pod.${domain}\$request_uri;
}
EOF
fi
cd $(dirname $0)
[[ -f "${DOCKER_TMPL}" ]] || cp "${DOCKER_DIST}" "${DOCKER_TMPL}"
"${APPLY_TMPL}" -time "${DOCKER_TMPL}" "${DOCKER_CONF}"
"${APPLY_TMPL}" -time "${NGINX_TMPL}" "${NGINX_CONF}"
#("${KAZ_COMP_DIR}/web/web-gen.sh" ) &