From 5d8de31f25944dad0d720ad8f9e3eaac135d0761 Mon Sep 17 00:00:00 2001
From: Chris <stofflees@gmail.com>
Date: Fri, 8 Oct 2021 22:27:02 +0100
Subject: [PATCH] Improve working locally

---
 README.md                               |  1 +
 docker-compose.yml                      |  5 ++-
 nginx/generate_conf.sh                  |  7 ++++
 nginx.conf => nginx/nginx.conf.template | 52 ++++++++++++-------------
 4 files changed, 38 insertions(+), 27 deletions(-)
 create mode 100755 nginx/generate_conf.sh
 rename nginx.conf => nginx/nginx.conf.template (92%)

diff --git a/README.md b/README.md
index 97c2f46..3c630f4 100644
--- a/README.md
+++ b/README.md
@@ -423,6 +423,7 @@ ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "docker exec
 - To remove all unused volumes: `docker volume prune`
 - To upgrade all images first run `docker-compose pull` followed by `docker-compose up -d --build`. Be careful this usually breaks something.
 - To connect to the database you can run the command `docker run -it --network scarif_db --rm mariadb mysql -hostname scarif_db_1 -p`
+- To get an interactive shell for a container run `docker exec -it {container} /bin/sh`
 
 # TODO
 - [x] Set up docker  
diff --git a/docker-compose.yml b/docker-compose.yml
index 7e821cb..15e0a06 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -407,10 +407,13 @@ services:
     restart: always
     volumes:
       - /opt/ssl:/etc/nginx/certs:ro
-      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/nginx.conf.template:/etc/nginx/conf.d/nginx.conf.template
+      - ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
       - monica-public:/var/www/html/monica/public:ro
       - monica-data:/var/www/html/monica/storage:ro
       - nextcloud:/var/www/html/nextcloud:ro
+    environment:
+      - DOMAIN=${DOMAIN}
     depends_on:
       - dashboard
       - monica
diff --git a/nginx/generate_conf.sh b/nginx/generate_conf.sh
new file mode 100755
index 0000000..df4625d
--- /dev/null
+++ b/nginx/generate_conf.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+
+set -eu
+
+envsubst '${DOMAIN}' < /etc/nginx/conf.d/nginx.conf.template > /etc/nginx/nginx.conf
+
+# exec "$@"
diff --git a/nginx.conf b/nginx/nginx.conf.template
similarity index 92%
rename from nginx.conf
rename to nginx/nginx.conf.template
index 9a41662..369d24f 100644
--- a/nginx.conf
+++ b/nginx/nginx.conf.template
@@ -75,10 +75,10 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name personel.scarif.space;
+        server_name personel.${DOMAIN};
 
         ## HSTS ##
         # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -211,10 +211,10 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name tower.scarif.space;
+        server_name tower.${DOMAIN};
 
         ## HSTS ##
         # Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
@@ -346,10 +346,10 @@ http {
 
     server {
         listen 443 ssl;
-        server_name office.scarif.space;
+        server_name office.${DOMAIN};
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         # static files
         location ^~ /loleaflet {
@@ -405,13 +405,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name labs.scarif.space;
+        server_name labs.${DOMAIN};
 
         location / {
             proxy_pass http://gitea-handler;
@@ -425,15 +425,15 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
-        server_name rec.scarif.space;
+        server_name rec.${DOMAIN};
 
         client_max_body_size 300M;
 
         location /foundry {
-            
+          
             # Set proxy headers
             proxy_set_header Host $host;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -442,7 +442,7 @@ http {
             # These are important to support WebSockets;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "Upgrade";
-            
+          
             proxy_pass http://foundry-handler;
         }
     }
@@ -454,13 +454,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name command.scarif.space scarif.space;
+        server_name command.${DOMAIN} ${DOMAIN};
 
         location / {
             proxy_pass http://dashboard-handler;
@@ -478,13 +478,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name research.scarif.space;
+        server_name research.${DOMAIN};
 
         location / {
             proxy_pass http://pinry-handler;
@@ -498,13 +498,13 @@ http {
     server {
         listen 443 ssl http2;
 
-        ssl_certificate /etc/nginx/certs/scarif.space.crt;
-        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
 
         gzip_types text/plain text/css application/json application/x-javascript
                    text/xml application/xml application/xml+rss text/javascript;
 
-        server_name comms.scarif.space;
+        server_name comms.${DOMAIN};
 
         location / {
             proxy_pass http://jitsi-handler;