From 1e61e99ba51db08a1f0100dfad334730150c37f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charl=C3=A8ne=20Auger?= Date: Wed, 13 Apr 2022 17:39:17 +0200 Subject: [PATCH] Add nginx container --- 2.9.2/docker-compose.yml | 38 ++++++++++++++-- 2.9.2/nginx/auth/ocsapi.htpasswd | 1 + 2.9.2/nginx/certs/ocs-dummy.crt | 22 ++++++++++ 2.9.2/nginx/certs/ocs-dummy.key | 28 ++++++++++++ 2.9.2/nginx/conf/ocsinventory.conf.template | 48 +++++++++++++++++++++ 5 files changed, 133 insertions(+), 4 deletions(-) create mode 100644 2.9.2/nginx/auth/ocsapi.htpasswd create mode 100644 2.9.2/nginx/certs/ocs-dummy.crt create mode 100644 2.9.2/nginx/certs/ocs-dummy.key create mode 100644 2.9.2/nginx/conf/ocsinventory.conf.template diff --git a/2.9.2/docker-compose.yml b/2.9.2/docker-compose.yml index dcd735a..5678df2 100644 --- a/2.9.2/docker-compose.yml +++ b/2.9.2/docker-compose.yml @@ -5,8 +5,8 @@ services: image: ocsinventory/ocsinventory-docker-image:2.9.2 container_name : ocsinventory-server restart: always - ports: - - 80 + expose: + - "80" volumes: - "perlcomdata:/etc/ocsinventory-server" - "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports/extensions" @@ -30,8 +30,8 @@ services: image : mysql:8.0 container_name : ocsinventory-db restart: always - ports : - - 3306:3306 + expose : + - "3306" volumes : - ./sql/:/docker-entrypoint-initdb.d/ - sqldata:/var/lib/mysql @@ -42,6 +42,36 @@ services: MYSQL_DATABASE : ocsweb networks: - localocs + + ocsproxy: + image: nginx + container_name: ocsinventory-proxy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - ./nginx/conf:/etc/nginx/templates + - ./nginx/certs:/etc/nginx/certs + - ./nginx/auth:/etc/nginx/auth + environment: + # 80 or 443 + LISTEN_PORT: 80 + # empty or ssl + PORT_TYPE: "" + SSL_CERT: ocs-dummy.crt + SSL_KEY: ocs-dummy.key + # OCS Api user restriction (default ocsapi/ocapi) + API_AUTH_FILE: ocsapi.htpasswd + # OCS Download + READ_TIMEOUT: 300 + CONNECT_TIMEOUT: 300 + SEND_TIMEOUT: 300 + MAX_BODY_SIZE: 1G + depends_on: + - ocsapplication + networks: + - localocs networks: localocs: diff --git a/2.9.2/nginx/auth/ocsapi.htpasswd b/2.9.2/nginx/auth/ocsapi.htpasswd new file mode 100644 index 0000000..0d7ab06 --- /dev/null +++ b/2.9.2/nginx/auth/ocsapi.htpasswd @@ -0,0 +1 @@ +ocsapi:$apr1$BcAk5f/A$0O5c/DSy92/o.vpwwshWQ. diff --git a/2.9.2/nginx/certs/ocs-dummy.crt b/2.9.2/nginx/certs/ocs-dummy.crt new file mode 100644 index 0000000..db62053 --- /dev/null +++ b/2.9.2/nginx/certs/ocs-dummy.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUZq+XFJryUuBpkwebSwjSy/hfMCkwDQYJKoZIhvcNAQEL +BQAwWzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLbXlvY3NzZXJ2ZXIw +HhcNMjIwNDEzMDk0OTUzWhcNMzIwNDEwMDk0OTUzWjBbMQswCQYDVQQGEwJGUjET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRQwEgYDVQQDDAtteW9jc3NlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOQDcGzmYzzgVycXSEZWMJ2TEtnmjouNuUKAVQUcELMkZOk0 +TIRz7QhPIOCiH2bklji+ByyVZg/uXRFJlT/P46rPor/OuRK2Lkrt+APr+FmkLgvf +JHMfm7YRbZuWVRJq0htNNL6szwHEFE99GlRy7SuapkhKSo4qY/LjrrR7E7DnPj/G +7o21ge3OpOfbmx9xVWbEZaJqMOZDt1y3fbp3hQsflVM0AKdg7OoHOBWnv65iJIkN +LtG7Icqcp+8AKnL1PaiMU+P970GTMZyZ0NWVAWgab9+Wl+makTTdDdQgJIhg19og +ReLeYspEQlzXmEz+8JAxWGqsu+HuiZ6ClSl04W0CAwEAAaNTMFEwHQYDVR0OBBYE +FEljOkF7g17RD+pOpJ7M6dovwI9uMB8GA1UdIwQYMBaAFEljOkF7g17RD+pOpJ7M +6dovwI9uMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKA2Fcot +58X97tsLWC6eJrF2MLJzcNeSiiJayG9bT8agsUE8WGq5fvHvf5E54tueCp/q+a7V +k4ZowCJF3RAvAqzRkMLQWaGms0Brz4qRtVvRqhWkP7aMGhUieOS2rTfLZ+TYPKfK +561w8gSpxs9uRXbhnYeUchxJxCUg0CbxQwsjltrvnOF2LVP6JJDtYcc/NiDXhP4W +pTp+EdwXt87VSRkTrqjEQO7/3TMsNjhi0PMFHnQf47ijLt44XaNGKh9pY31Ae9oo +6IuRygJc6QNVoGRmF2bxsorU4i4rA3kR2Ir9AUbxJT6MtuLtx8DGB8Dmp6bKmIv+ +HZH21wRRhwrYJb8= +-----END CERTIFICATE----- diff --git a/2.9.2/nginx/certs/ocs-dummy.key b/2.9.2/nginx/certs/ocs-dummy.key new file mode 100644 index 0000000..7470526 --- /dev/null +++ b/2.9.2/nginx/certs/ocs-dummy.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDkA3Bs5mM84Fcn +F0hGVjCdkxLZ5o6LjblCgFUFHBCzJGTpNEyEc+0ITyDgoh9m5JY4vgcslWYP7l0R +SZU/z+Oqz6K/zrkSti5K7fgD6/hZpC4L3yRzH5u2EW2bllUSatIbTTS+rM8BxBRP +fRpUcu0rmqZISkqOKmPy4660exOw5z4/xu6NtYHtzqTn25sfcVVmxGWiajDmQ7dc +t326d4ULH5VTNACnYOzqBzgVp7+uYiSJDS7RuyHKnKfvACpy9T2ojFPj/e9BkzGc +mdDVlQFoGm/flpfpmpE03Q3UICSIYNfaIEXi3mLKREJc15hM/vCQMVhqrLvh7ome +gpUpdOFtAgMBAAECggEBAM4BGXMaV/CpU7R6wY7i0jubpH2AY6tMGWQu5CGgsKnZ +qN5VpQhKYI6QR0kM0Mg6oEqVzY+HT1X3athynciwf6ZUwFsBX467UGncRKbubEw5 +HG0XZywoE5vUdS4MDcJ9BmUqRQw8vy5+REdo5QAFcahiqfdIP8HgJLtO4Aop5Kl/ +HoLqR83q3vBHfidxTX2z4m05t6ucAbmqLAgAb2GzRHEvdCpSXvs7M9ZyR/rvdhSV +pswWR7XIUic50Lc8tHXyaKinuBFOCWCszsirPLAVPrs1D7Gq8kmdxUEEj0V9VbEE +8afsb9cCojrDISn814WwjX+zVwjRwyr3v3BLHVGu06ECgYEA+1VHUwBTUnHmnMR+ +6XE1nkBStedvXGsMDIxK/VhNXAylUz4kfJ0bMPKdzbxSieHwA8O1+Hg4gN31V2Sn +RgT5P0sLGdideysoy8yR5Aiiwx+7EXGqSQltY2lpaykP9wvpznWi3k/Wd7dAaTCd +jPCtkzoLYMDzaQ9uc4A2VyY00RkCgYEA6D9PPvV6YE8S7G7sGwTSt9mgobZNm1AV +BjDmtEPfDSK59rT8PpoN+225c1qaIIODdH0DHK9ZbPzo/29tW1l9zgGjEXEw396v +Q9y99Ofh0JEsQbJJw/nPdV8dHKOL2ek3UWsscpsk5dUb+4gBpE+/wH21j7UiczKt +a8whmMFw+XUCgYAPYdHCr7NpyVTO5WvLB8W7UL5/KZH0Owz6u59fUAc0CgYYSSZc +hhUC8uZbkBoRHEXfRRwe/+SdZng8iAmAzI8go4wjYdGJl0Og7X1EUo77mDaPw8Aj +RjNusSXljBbRDOabXzG/n21F2G5VwcbyuEw3RYcqvcRn+qzM3tz0in8TCQKBgDe1 +N+T6LOh9DyT3VlsExSakZQtlFyhyBRj/EdebkB0ufzzWHMtHWKM+poUs7ltuMFH4 +yo5O4TxrTdg3ehu3U53edqbwZ7DLUW8Nu+LK3DeTGvKHOXpwqXqV3f3InPsgHczB +0F+NJ0SZ4aRr8zjeiDg77xkRcboAJej9hfGGNPshAoGALPS2HtT/1ycsER3a33NW +A8j/2TfovcjZ9u15q5KDLRZ+3UngLvVwPJO1j/uLPqyyRsQID7SE29KCj/E8kOZH +clbLXZmslyk369HOlpXZEXvR7rDxOt1jdojQrtEyW4gDT8k4iEw8nPcJyJ7YSVp/ +Qa0OOCtQPPvBt0Be1bHTGek= +-----END PRIVATE KEY----- diff --git a/2.9.2/nginx/conf/ocsinventory.conf.template b/2.9.2/nginx/conf/ocsinventory.conf.template new file mode 100644 index 0000000..c1b9ee1 --- /dev/null +++ b/2.9.2/nginx/conf/ocsinventory.conf.template @@ -0,0 +1,48 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# OCS server configuration +# +server { + listen ${LISTEN_PORT} ${PORT_TYPE} default_server; + + ssl_certificate /etc/nginx/certs/${SSL_CERT}; + ssl_certificate_key /etc/nginx/certs/${SSL_KEY}; + + location / { + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://ocsapplication; + } + + location /ocsapi { + auth_basic "OCS Api area"; + auth_basic_user_file /etc/nginx/auth/${API_AUTH_FILE}; + } + + location /download { + proxy_read_timeout ${READ_TIMEOUT}; + proxy_connect_timeout ${CONNECT_TIMEOUT}; + proxy_send_timeout ${SEND_TIMEOUT}; + client_max_body_size ${MAX_BODY_SIZE}; + } +} \ No newline at end of file