moon
/
soapbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'docker-backend' into 'develop' 

Docker: support proxying to a backend, build image in GitLab CI

See merge request soapbox-pub/soapbox!1769
This commit is contained in:
Alex Gleason 2022-09-04 21:07:14 +00:00
parent 3cd6855611 53be32de34
commit 38012ddff4
4 changed files with 100 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore
View File

@ -1,3 +1,5 @@
.git
/node_modules/ /node_modules/
/tmp/ /tmp/
/build/ /build/

14
.gitlab-ci.yml
View File

@ -142,3 +142,17 @@ pages:
only: only:
refs: refs:
- develop - develop
docker:
stage: deploy
image: docker:20.10.17
services:
- docker:20.10.17-dind
# https://medium.com/devops-with-valentine/how-to-build-a-docker-image-and-push-it-to-the-gitlab-container-registry-from-a-gitlab-ci-pipeline-acac0d1f26df
script:
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker build -t $CI_REGISTRY_IMAGE .
- docker push $CI_REGISTRY_IMAGE
only:
refs:
- develop

3
Dockerfile
View File

@ -10,5 +10,8 @@ RUN yarn build
FROM nginx:stable-alpine FROM nginx:stable-alpine
EXPOSE 5000 EXPOSE 5000
ENV PORT=5000 ENV PORT=5000
ENV FALLBACK_PORT=4444
ENV BACKEND_URL=http://localhost:4444
ENV CSP=
COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template
COPY --from=build /app/static /usr/share/nginx/html COPY --from=build /app/static /usr/share/nginx/html

92
installation/docker.conf.template
View File

@ -2,8 +2,36 @@
# It's intended to be used by the official nginx image, which has templating functionality. # It's intended to be used by the official nginx image, which has templating functionality.
# Mount at: `/etc/nginx/templates/default.conf.template` # Mount at: `/etc/nginx/templates/default.conf.template`
map_hash_bucket_size 128;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# ActivityPub routing.
map $http_accept $activitypub_location {
default @soapbox;
"application/activity+json" @backend;
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' @backend;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
# Fake backend for when BACKEND_URL isn't defined.
server {
listen ${FALLBACK_PORT};
listen [::]:${FALLBACK_PORT};
location / {
add_header Content-Type "application/json" always;
return 404 '{"error": "Not implemented"}';
}
}
server { server {
listen ${PORT}; listen ${PORT};
listen [::]:${PORT};
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;
@ -12,6 +40,7 @@ server {
root /usr/share/nginx/html; root /usr/share/nginx/html;
gzip on; gzip on;
gzip_disable "msie6";
gzip_vary on; gzip_vary on;
gzip_proxied any; gzip_proxied any;
gzip_comp_level 6; gzip_comp_level 6;
@ -21,28 +50,69 @@ server {
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
# SPA. # Content Security Policy (CSP)
# Try static files, then fall back to index.html. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
add_header Content-Security-Policy "${CSP}";
# Fallback route.
# Try static files, then fall back to the SPA.
location / { location / {
try_files $uri /index.html; try_files $uri @soapbox;
} }
# Build files. # Backend routes.
# These are routes to the backend's API and important rendered pages.
location ~ ^/(api|oauth|auth|admin|pghero|sidekiq|manifest.json|media|nodeinfo|unsubscribe|.well-known/(webfinger|host-meta|nodeinfo|change-password)|@(.+)/embed$) {
try_files /dev/null @backend;
}
# Backend ActivityPub routes.
# Conditionally send to the backend by Accept header.
location ~ ^/(inbox|users|@(.+)) {
try_files /dev/null $activitypub_location;
}
# Soapbox build files.
# New builds produce hashed filenames, so these should be cached heavily. # New builds produce hashed filenames, so these should be cached heavily.
location /packs { location /packs {
add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
} }
# Return 404 on API routes so Soapbox knows what to do. # Soapbox ServiceWorker.
location /api {
add_header Content-Type "application/json";
return 404 '{"error": "Not implemented"}';
}
# ServiceWorker: don't cache.
location = /sw.js { location = /sw.js {
add_header Cache-Control "public, max-age=0"; add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
} }
# Soapbox SPA (Single Page App).
location @soapbox {
try_files /index.html /dev/null;
}
# Proxy to the backend.
location @backend {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass "${BACKEND_URL}";
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000" always;
tcp_nodelay on;
}
} }