Add nginx container

2022-04-13 17:39:17 +02:00 · 2022-04-13 17:39:17 +02:00 · 1e61e99ba5
commit 1e61e99ba5
parent b28c17f21e
5 changed files with 133 additions and 4 deletions
--- a/2.9.2/docker-compose.yml
+++ b/2.9.2/docker-compose.yml
@ -5,8 +5,8 @@ services:
    image: ocsinventory/ocsinventory-docker-image:2.9.2
    container_name : ocsinventory-server
    restart: always
-    ports:
-      - 80
+    expose:
+      - "80"
    volumes:
      - "perlcomdata:/etc/ocsinventory-server"
      - "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports/extensions"
@ -30,8 +30,8 @@ services:
    image : mysql:8.0
    container_name : ocsinventory-db
    restart: always
-    ports :
-      - 3306:3306
+    expose :
+      - "3306"
    volumes :
      - ./sql/:/docker-entrypoint-initdb.d/
      - sqldata:/var/lib/mysql
@ -42,6 +42,36 @@ services:
      MYSQL_DATABASE : ocsweb
    networks:
      - localocs
+
+  ocsproxy:
+    image: nginx
+    container_name: ocsinventory-proxy
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./nginx/conf:/etc/nginx/templates
+      - ./nginx/certs:/etc/nginx/certs
+      - ./nginx/auth:/etc/nginx/auth
+    environment:
+      # 80 or 443
+      LISTEN_PORT: 80
+      # empty or ssl
+      PORT_TYPE: ""
+      SSL_CERT: ocs-dummy.crt
+      SSL_KEY: ocs-dummy.key
+      # OCS Api user restriction (default ocsapi/ocapi)
+      API_AUTH_FILE: ocsapi.htpasswd
+      # OCS Download
+      READ_TIMEOUT: 300
+      CONNECT_TIMEOUT: 300
+      SEND_TIMEOUT: 300
+      MAX_BODY_SIZE: 1G
+    depends_on:
+      - ocsapplication
+    networks:
+      - localocs
  
 networks:
  localocs:
--- a/2.9.2/nginx/auth/ocsapi.htpasswd
+++ b/2.9.2/nginx/auth/ocsapi.htpasswd
@ -0,0 +1 @@
+ocsapi:$apr1$BcAk5f/A$0O5c/DSy92/o.vpwwshWQ.
--- a/2.9.2/nginx/certs/ocs-dummy.crt
+++ b/2.9.2/nginx/certs/ocs-dummy.crt
@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIUZq+XFJryUuBpkwebSwjSy/hfMCkwDQYJKoZIhvcNAQEL
+BQAwWzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLbXlvY3NzZXJ2ZXIw
+HhcNMjIwNDEzMDk0OTUzWhcNMzIwNDEwMDk0OTUzWjBbMQswCQYDVQQGEwJGUjET
+MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMRQwEgYDVQQDDAtteW9jc3NlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAOQDcGzmYzzgVycXSEZWMJ2TEtnmjouNuUKAVQUcELMkZOk0
+TIRz7QhPIOCiH2bklji+ByyVZg/uXRFJlT/P46rPor/OuRK2Lkrt+APr+FmkLgvf
+JHMfm7YRbZuWVRJq0htNNL6szwHEFE99GlRy7SuapkhKSo4qY/LjrrR7E7DnPj/G
+7o21ge3OpOfbmx9xVWbEZaJqMOZDt1y3fbp3hQsflVM0AKdg7OoHOBWnv65iJIkN
+LtG7Icqcp+8AKnL1PaiMU+P970GTMZyZ0NWVAWgab9+Wl+makTTdDdQgJIhg19og
+ReLeYspEQlzXmEz+8JAxWGqsu+HuiZ6ClSl04W0CAwEAAaNTMFEwHQYDVR0OBBYE
+FEljOkF7g17RD+pOpJ7M6dovwI9uMB8GA1UdIwQYMBaAFEljOkF7g17RD+pOpJ7M
+6dovwI9uMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKA2Fcot
+58X97tsLWC6eJrF2MLJzcNeSiiJayG9bT8agsUE8WGq5fvHvf5E54tueCp/q+a7V
+k4ZowCJF3RAvAqzRkMLQWaGms0Brz4qRtVvRqhWkP7aMGhUieOS2rTfLZ+TYPKfK
+561w8gSpxs9uRXbhnYeUchxJxCUg0CbxQwsjltrvnOF2LVP6JJDtYcc/NiDXhP4W
+pTp+EdwXt87VSRkTrqjEQO7/3TMsNjhi0PMFHnQf47ijLt44XaNGKh9pY31Ae9oo
+6IuRygJc6QNVoGRmF2bxsorU4i4rA3kR2Ir9AUbxJT6MtuLtx8DGB8Dmp6bKmIv+
+HZH21wRRhwrYJb8=
+-----END CERTIFICATE-----
--- a/2.9.2/nginx/certs/ocs-dummy.key
+++ b/2.9.2/nginx/certs/ocs-dummy.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDkA3Bs5mM84Fcn
+F0hGVjCdkxLZ5o6LjblCgFUFHBCzJGTpNEyEc+0ITyDgoh9m5JY4vgcslWYP7l0R
+SZU/z+Oqz6K/zrkSti5K7fgD6/hZpC4L3yRzH5u2EW2bllUSatIbTTS+rM8BxBRP
+fRpUcu0rmqZISkqOKmPy4660exOw5z4/xu6NtYHtzqTn25sfcVVmxGWiajDmQ7dc
+t326d4ULH5VTNACnYOzqBzgVp7+uYiSJDS7RuyHKnKfvACpy9T2ojFPj/e9BkzGc
+mdDVlQFoGm/flpfpmpE03Q3UICSIYNfaIEXi3mLKREJc15hM/vCQMVhqrLvh7ome
+gpUpdOFtAgMBAAECggEBAM4BGXMaV/CpU7R6wY7i0jubpH2AY6tMGWQu5CGgsKnZ
+qN5VpQhKYI6QR0kM0Mg6oEqVzY+HT1X3athynciwf6ZUwFsBX467UGncRKbubEw5
+HG0XZywoE5vUdS4MDcJ9BmUqRQw8vy5+REdo5QAFcahiqfdIP8HgJLtO4Aop5Kl/
+HoLqR83q3vBHfidxTX2z4m05t6ucAbmqLAgAb2GzRHEvdCpSXvs7M9ZyR/rvdhSV
+pswWR7XIUic50Lc8tHXyaKinuBFOCWCszsirPLAVPrs1D7Gq8kmdxUEEj0V9VbEE
+8afsb9cCojrDISn814WwjX+zVwjRwyr3v3BLHVGu06ECgYEA+1VHUwBTUnHmnMR+
+6XE1nkBStedvXGsMDIxK/VhNXAylUz4kfJ0bMPKdzbxSieHwA8O1+Hg4gN31V2Sn
+RgT5P0sLGdideysoy8yR5Aiiwx+7EXGqSQltY2lpaykP9wvpznWi3k/Wd7dAaTCd
+jPCtkzoLYMDzaQ9uc4A2VyY00RkCgYEA6D9PPvV6YE8S7G7sGwTSt9mgobZNm1AV
+BjDmtEPfDSK59rT8PpoN+225c1qaIIODdH0DHK9ZbPzo/29tW1l9zgGjEXEw396v
+Q9y99Ofh0JEsQbJJw/nPdV8dHKOL2ek3UWsscpsk5dUb+4gBpE+/wH21j7UiczKt
+a8whmMFw+XUCgYAPYdHCr7NpyVTO5WvLB8W7UL5/KZH0Owz6u59fUAc0CgYYSSZc
+hhUC8uZbkBoRHEXfRRwe/+SdZng8iAmAzI8go4wjYdGJl0Og7X1EUo77mDaPw8Aj
+RjNusSXljBbRDOabXzG/n21F2G5VwcbyuEw3RYcqvcRn+qzM3tz0in8TCQKBgDe1
+N+T6LOh9DyT3VlsExSakZQtlFyhyBRj/EdebkB0ufzzWHMtHWKM+poUs7ltuMFH4
+yo5O4TxrTdg3ehu3U53edqbwZ7DLUW8Nu+LK3DeTGvKHOXpwqXqV3f3InPsgHczB
+0F+NJ0SZ4aRr8zjeiDg77xkRcboAJej9hfGGNPshAoGALPS2HtT/1ycsER3a33NW
+A8j/2TfovcjZ9u15q5KDLRZ+3UngLvVwPJO1j/uLPqyyRsQID7SE29KCj/E8kOZH
+clbLXZmslyk369HOlpXZEXvR7rDxOt1jdojQrtEyW4gDT8k4iEw8nPcJyJ7YSVp/
+Qa0OOCtQPPvBt0Be1bHTGek=
+-----END PRIVATE KEY-----
--- a/2.9.2/nginx/conf/ocsinventory.conf.template
+++ b/2.9.2/nginx/conf/ocsinventory.conf.template
@ -0,0 +1,48 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# OCS server configuration
+#
+server {
+    listen ${LISTEN_PORT} ${PORT_TYPE} default_server;
+
+    ssl_certificate /etc/nginx/certs/${SSL_CERT};
+    ssl_certificate_key /etc/nginx/certs/${SSL_KEY};
+
+    location / {
+        proxy_redirect          off;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Host              $http_host;
+        proxy_set_header        X-Real-IP         $remote_addr;
+        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Frame-Options   SAMEORIGIN;
+        proxy_pass              http://ocsapplication;
+    }
+
+    location /ocsapi {
+        auth_basic "OCS Api area";
+        auth_basic_user_file /etc/nginx/auth/${API_AUTH_FILE};
+    }
+
+    location /download {
+        proxy_read_timeout      ${READ_TIMEOUT};
+        proxy_connect_timeout   ${CONNECT_TIMEOUT};
+        proxy_send_timeout      ${SEND_TIMEOUT};
+        client_max_body_size    ${MAX_BODY_SIZE};
+    }
+}
				`@ -0,0 +1 @@`
				`ocsapi:$apr1$BcAk5f/A$0O5c/DSy92/o.vpwwshWQ.`