-
Notifications
You must be signed in to change notification settings - Fork 1
/
nginx.yml
66 lines (66 loc) · 3.6 KB
/
nginx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
services:
# Nginx - Web Server
nginx:
container_name: nginx
image: nginx:1.24 # 1.20 updated 4/19/2024 # 1.18 Updated 8/9/2021
security_opt:
- no-new-privileges:true
restart: unless-stopped
profiles: ["core", "all"]
networks:
- t2_proxy
depends_on:
- php7
- redis
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- $DOCKERDIR/logs/ws/nginx:/var/log/nginx
- $DOCKERDIR/appdata/nginx:/etc/nginx
- $DOCKERDIR/appdata/sites/shb/html:/var/www/html/shb
- $DOCKERDIR/logs/ws/wordpress/debug.log:/var/www/html/shb/wp-content/debug.log
- $DOCKERDIR/appdata/sites/shb/beta:/var/www/html/beta
- $DOCKERDIR/appdata/sites/khub/html:/var/www/html/khub
- $DOCKERDIR/appdata/sites/dash/html:/var/www/html/dash
secrets:
- basic_auth_credentials
labels:
- "traefik.enable=true"
# HTTP Routers SHB (WordPress) Auth
- "traefik.http.routers.nginx-shb-auth-rtr.entrypoints=websecure"
- "traefik.http.routers.nginx-shb-auth-rtr.rule=Host(`www.$DOMAINNAME_WS`) && Path(`/wp-login.php`)" # crowdsec
- "traefik.http.routers.nginx-shb-auth-rtr.priority=100"
# HTTP Routers SHB (WordPress) Bypass
- "traefik.http.routers.nginx-shb-rtr.entrypoints=websecure"
- "traefik.http.routers.nginx-shb-rtr.rule=Host(`$DOMAINNAME_WS`) || Host(`www.$DOMAINNAME_WS`)" # no crowdsec
- "traefik.http.routers.nginx-shb-rtr.priority=99"
# HTTP Routers SHB Beta (WordPress)
- "traefik.http.routers.nginx-shb-beta-rtr.entrypoints=websecure"
- "traefik.http.routers.nginx-shb-beta-rtr.rule=Host(`beta.$DOMAINNAME_WS`)"
# HTTP Routers DASH (non-WordPress)
- "traefik.http.routers.nginx-dash-rtr.entrypoints=websecure"
- "traefik.http.routers.nginx-dash-rtr.rule=Host(`dash.$DOMAINNAME_WS`)" # crowdsec
# HTTP Routers KHUB (non-WordPress)
- "traefik.http.routers.nginx-khub-rtr.entrypoints=websecure"
- "traefik.http.routers.nginx-khub-rtr.rule=Host(`$DOMAINNAME_KHUB`) || Host(`www.$DOMAINNAME_KHUB`)"
# Redirect shb non-www to www middleware
- "traefik.http.middlewares.shb-redirect.redirectregex.regex=^https?://$DOMAINNAME_WS/(.*)"
- "traefik.http.middlewares.shb-redirect.redirectregex.replacement=https://www.$DOMAINNAME_WS/$${1}"
- "traefik.http.middlewares.shb-redirect.redirectregex.permanent=true"
# Redirect khub non-www to www middleware
- "traefik.http.middlewares.khub-redirect.redirectregex.regex=^https?://$DOMAINNAME_KHUB/(.*)"
- "traefik.http.middlewares.khub-redirect.redirectregex.replacement=https://www.$DOMAINNAME_KHUB/$${1}"
- "traefik.http.middlewares.khub-redirect.redirectregex.permanent=true"
# Middlewares
- "traefik.http.routers.nginx-khub-rtr.middlewares=khub-redirect,chain-no-auth@file"
- "traefik.http.routers.nginx-shb-rtr.middlewares=shb-redirect,chain-no-auth-wp@file" # no crowdsec
- "traefik.http.routers.nginx-shb-auth-rtr.middlewares=shb-redirect,chain-no-auth-crowdsec-wp@file" # crowdsec
- "traefik.http.routers.nginx-dash-rtr.middlewares=chain-oauth@file"
- "traefik.http.routers.nginx-shb-beta-rtr.middlewares=chain-oauth@file"
# HTTP Services
- "traefik.http.routers.nginx-shb-rtr.service=nginx-svc"
- "traefik.http.routers.nginx-shb-auth-rtr.service=nginx-svc"
- "traefik.http.routers.nginx-khub-rtr.service=nginx-svc"
- "traefik.http.routers.nginx-dash-rtr.service=nginx-svc"
- "traefik.http.routers.nginx-shb-beta-rtr.service=nginx-svc"
- "traefik.http.services.nginx-svc.loadbalancer.server.port=80"