Merge branch 'docker-backend' into 'develop'
Docker: support proxying to a backend, build image in GitLab CI See merge request soapbox-pub/soapbox!1769
This commit is contained in:
Alex Gleason
commit
38012ddff4
|
|
@ -1,3 +1,5 @@
|
|||
.git
|
||||
|
||||
/node_modules/
|
||||
/tmp/
|
||||
/build/
|
||||
|
|
|
|||
|
|
@ -142,3 +142,17 @@ pages:
|
|||
only:
|
||||
refs:
|
||||
- develop
|
||||
|
||||
docker:
|
||||
stage: deploy
|
||||
image: docker:20.10.17
|
||||
services:
|
||||
- docker:20.10.17-dind
|
||||
# https://medium.com/devops-with-valentine/how-to-build-a-docker-image-and-push-it-to-the-gitlab-container-registry-from-a-gitlab-ci-pipeline-acac0d1f26df
|
||||
script:
|
||||
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
|
||||
- docker build -t $CI_REGISTRY_IMAGE .
|
||||
- docker push $CI_REGISTRY_IMAGE
|
||||
only:
|
||||
refs:
|
||||
- develop
|
||||
|
|
@ -10,5 +10,8 @@ RUN yarn build
|
|||
FROM nginx:stable-alpine
|
||||
EXPOSE 5000
|
||||
ENV PORT=5000
|
||||
ENV FALLBACK_PORT=4444
|
||||
ENV BACKEND_URL=http://localhost:4444
|
||||
ENV CSP=
|
||||
COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template
|
||||
COPY --from=build /app/static /usr/share/nginx/html
|
||||
|
|
|
|||
|
|
@ -2,8 +2,36 @@
|
|||
# It's intended to be used by the official nginx image, which has templating functionality.
|
||||
# Mount at: `/etc/nginx/templates/default.conf.template`
|
||||
|
||||
map_hash_bucket_size 128;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# ActivityPub routing.
|
||||
map $http_accept $activitypub_location {
|
||||
default @soapbox;
|
||||
"application/activity+json" @backend;
|
||||
'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' @backend;
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
|
||||
|
||||
# Fake backend for when BACKEND_URL isn't defined.
|
||||
server {
|
||||
listen ${FALLBACK_PORT};
|
||||
listen [::]:${FALLBACK_PORT};
|
||||
|
||||
location / {
|
||||
add_header Content-Type "application/json" always;
|
||||
return 404 '{"error": "Not implemented"}';
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen ${PORT};
|
||||
listen [::]:${PORT};
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
|
|
@ -12,6 +40,7 @@ server {
|
|||
root /usr/share/nginx/html;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
|
|
@ -21,28 +50,69 @@ server {
|
|||
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
# SPA.
|
||||
# Try static files, then fall back to index.html.
|
||||
# Content Security Policy (CSP)
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||
add_header Content-Security-Policy "${CSP}";
|
||||
|
||||
# Fallback route.
|
||||
# Try static files, then fall back to the SPA.
|
||||
location / {
|
||||
try_files $uri /index.html;
|
||||
try_files $uri @soapbox;
|
||||
}
|
||||
|
||||
# Build files.
|
||||
# Backend routes.
|
||||
# These are routes to the backend's API and important rendered pages.
|
||||
location ~ ^/(api|oauth|auth|admin|pghero|sidekiq|manifest.json|media|nodeinfo|unsubscribe|.well-known/(webfinger|host-meta|nodeinfo|change-password)|@(.+)/embed$) {
|
||||
try_files /dev/null @backend;
|
||||
}
|
||||
|
||||
# Backend ActivityPub routes.
|
||||
# Conditionally send to the backend by Accept header.
|
||||
location ~ ^/(inbox|users|@(.+)) {
|
||||
try_files /dev/null $activitypub_location;
|
||||
}
|
||||
|
||||
# Soapbox build files.
|
||||
# New builds produce hashed filenames, so these should be cached heavily.
|
||||
location /packs {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
}
|
||||
|
||||
# Return 404 on API routes so Soapbox knows what to do.
|
||||
location /api {
|
||||
add_header Content-Type "application/json";
|
||||
return 404 '{"error": "Not implemented"}';
|
||||
}
|
||||
|
||||
# ServiceWorker: don't cache.
|
||||
# Soapbox ServiceWorker.
|
||||
location = /sw.js {
|
||||
add_header Cache-Control "public, max-age=0";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
}
|
||||
|
||||
# Soapbox SPA (Single Page App).
|
||||
location @soapbox {
|
||||
try_files /index.html /dev/null;
|
||||
}
|
||||
|
||||
# Proxy to the backend.
|
||||
location @backend {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass "${BACKEND_URL}";
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_cache CACHE;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_cache_valid 410 24h;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue