Initial commit

385d40a2 · ale · 385d40a2 · 385d40a2 · 385d40a2 · 385d40a2
Commit 385d40a2 authored 4 months ago by ale
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+include: "https://git.autistici.org/pipelines/containers/raw/master/common.yml"
+
--- a/Dockerfile
+++ b/Dockerfile
+FROM docker.io/library/debian:stable-slim
+
+RUN apt-get -q update && \
+    DEBIAN_FRONTEND=noninteractive apt-get -q install -y --no-install-recommends nginx openssl && \
+    rm -fr /var/lib/apt/lists/*
+
+COPY --chmod=755 start.sh /start.sh
+
+ENTRYPOINT ["/start.sh"]
+
--- a/README.md
+++ b/README.md
+A simple HTTP reverse proxy with a self-signed SSL certificate. It can
+proxy one domain to a single upstream address.
+
+## Configuration
+
+Use environment variables to control the proxy behavior.
+
+* `PORT` (default 443) - Port that the proxy will listen on.
+* `DOMAIN` - Domain to proxy.
+* `BACKEND_ADDR` - Address (in host:port syntax) of the upstream.
+
--- a/start.sh
+++ b/start.sh
+#!/bin/sh
+
+set -e
+set -u
+
+config_dir=$(mktemp -d)
+
+echo "generating self-signed certificate..."
+openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 \
+    -nodes -keyout ${config_dir}/ssl.key -out ${config_dir}/ssl.crt \
+    -subj "/CN=${DOMAIN}" \
+    -addext "subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN}"
+
+cat >${config_dir}/nginx.conf <<EOF
+include /etc/nginx/modules-enabled/*.conf;
+worker_processes auto;
+pid ${config_dir}/nginx.pid;
+error_log stderr;
+
+events {
+	worker_connections 8192;
+}
+
+http {
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	access_log ${config_dir}/access.log;
+	include /etc/nginx/mime.types;
+	include /etc/nginx/conf.d/*.conf;
+
+	upstream target {
+		server ${BACKEND_ADDR};
+	}
+
+	server {
+		listen [::]:${PORT:-443} http2 ssl;
+		server_name *.${DOMAIN} ${DOMAIN};
+		ssl_certificate ${config_dir}/ssl.crt;
+		ssl_certificate_key ${config_dir}/ssl.key;
+		location / {
+			include /etc/nginx/proxy_params;
+			proxy_pass http://target;
+		}
+	}
+}
+EOF
+
+echo "testing NGINX configuration..."
+nginx -c ${config_dir}/nginx.conf -t
+if [ $? -gt 0 ]; then
+    echo "ERROR!" >&2
+    cat ${config_dir}/nginx.conf
+    exit 2
+fi
+
+echo "starting NGINX..."
+nginx -c ${config_dir}/nginx.conf -g 'daemon off;'
+
+exit 0