diff --git a/docker-compose.yml b/docker-compose.yml index ef48685b5..614f5e2a5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,14 +11,12 @@ services: POSTGRES_DB: plane POSTGRES_PASSWORD: plane command: postgres -c 'max_connections=1000' - networks: - - app_network + redis: image: redis:6.2.7-alpine restart: on-failure command: redis-server --maxmemory-policy allkeys-lru --maxmemory 200mb - networks: - - app_network + plane_web: container_name: plane_web build: @@ -31,8 +29,7 @@ services: NEXT_PUBLIC_API_BASE_URL: $NEXT_PUBLIC_API_BASE_URL ports: - 3000:3000 - networks: - - app_network + plane_api: container_name: plane_api @@ -59,8 +56,7 @@ services: EMAIL_HOST: $EMAIL_HOST EMAIL_HOST_USER: $EMAIL_HOST_USER EMAIL_HOST_PASSWORD: $EMAIL_HOST_PASSWORD - networks: - - app_network + depends_on: - db - redis @@ -68,9 +64,17 @@ services: links: - db - redis -networks: - app_network: - external: true + + nginx: + build: + context: ./nginx + dockerfile: Dockerfile + restart: unless-stopped + ports: + - 80:80 + depends_on: + - plane_api + - plane_web volumes: postgres-data: diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 000000000..529dff404 --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,4 @@ +FROM nginx:1.23.2-alpine + +RUN rm /etc/nginx/conf.d/default.conf +COPY /dev.conf /etc/nginx/conf.d diff --git a/nginx/dev.conf b/nginx/dev.conf new file mode 100644 index 000000000..3931dee40 --- /dev/null +++ b/nginx/dev.conf @@ -0,0 +1,27 @@ +server { + listen 80; + + location / { + proxy_pass http://plane_web:3000; + proxy_redirect default; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /api { + proxy_pass http://plane_api:8000; + proxy_redirect default; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 000000000..9981af6f8 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,72 @@ +## Version 2018/04/07 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf + +user abc; +worker_processes 4; +pid /run/nginx.pid; +include /etc/nginx/modules/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + variables_hash_max_size 2048; + + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + client_max_body_size 0; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log /config/log/nginx/access.log; + error_log /config/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 32 16k; + gzip_http_version 1.1; + gzip_min_length 250; + gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon; + + # security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + ssl_prefer_server_ciphers on; + + include /etc/nginx/conf.d/*.conf; + include /config/nginx/site-confs/*; +} + + +daemon off;