From 2689f177ac7d91a950d1d164062662eb221704d0 Mon Sep 17 00:00:00 2001
From: Thumbscrew <thumbscrw@pm.me>
Date: Mon, 31 Jan 2022 20:48:54 +0000
Subject: [PATCH] add nginx service

---
 docker-compose.yaml        | 16 +++++++++++++++-
 nginx/Dockerfile           |  9 +++++++++
 nginx/default.conf         | 29 +++++++++++++++++++++++++++++
 nginx/docker-entrypoint.sh |  6 ++++++
 4 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 nginx/Dockerfile
 create mode 100644 nginx/default.conf
 create mode 100644 nginx/docker-entrypoint.sh

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 2c9f2e9..6761a35 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -8,7 +8,7 @@ services:
     restart: unless-stopped
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
     secrets:
-        - mariadb_password
+      - mariadb_password
     volumes:
       - ${VOLUME_PATH}/var/lib/mysql:/var/lib/mysql
     environment:
@@ -42,3 +42,17 @@ services:
     depends_on:
       - db
       - redis
+
+  nginx:
+    build: nginx
+    restart: unless-stopped
+    ports:
+      - ${NGINX_HTTP_PORT}:80
+      - ${NGINX_HTTPS_PORT}:443
+    volumes:
+      - ${SSL_CERT_PATH}:/etc/ssl/certs/server.cert.pem
+      - ${SSL_KEY_PATH}:/etc/ssl/private/server.key.pem
+    environment:
+      NGINX_HOST: ${NGINX_HOST}
+    depends_on:
+      - nextcloud
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..d0d9310
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:latest
+
+COPY default.conf /tmp/nginx/default.conf
+
+COPY docker-entrypoint.sh /tmp/docker-entrypoint.sh
+RUN chmod 755 /tmp/docker-entrypoint.sh
+ENTRYPOINT [ "/tmp/docker-entrypoint.sh" ]
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/nginx/default.conf b/nginx/default.conf
new file mode 100644
index 0000000..1fd248f
--- /dev/null
+++ b/nginx/default.conf
@@ -0,0 +1,29 @@
+server {
+    listen      443 ssl;
+    server_name ${NGINX_HOST};
+
+	ssl_certificate /etc/ssl/certs/server.cert.pem;
+	ssl_certificate_key /etc/ssl/private/server.key.pem;
+
+    location / {
+        proxy_pass http://nextcloud:80;
+        proxy_headers_hash_max_size 512;
+		proxy_headers_hash_bucket_size 64;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		add_header Front-End-Https on;
+        client_max_body_size 1G;
+    }
+}
+
+server {
+	if ($host = ${NGINX_HOST}) {
+		return 301 https://$host$request_uri;
+	}
+
+	listen 80;
+
+	server_name ${NGINX_HOST};
+}
\ No newline at end of file
diff --git a/nginx/docker-entrypoint.sh b/nginx/docker-entrypoint.sh
new file mode 100644
index 0000000..47a0498
--- /dev/null
+++ b/nginx/docker-entrypoint.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+set -eu
+
+envsubst '${NGINX_HOST}' < /tmp/nginx/default.conf > /etc/nginx/conf.d/default.conf
+
+exec "$@"
\ No newline at end of file