diff --git a/Dockerfile b/Dockerfile index 4f32a47..efcd243 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,9 +27,9 @@ COPY --from=build /app/publish . # Override connection string to use /app/data/asadi.db (volume path) ENV ConnectionStrings__Default="Data Source=/app/data/asadi.db" -ENV ASPNETCORE_URLS="http://+:3410" +ENV ASPNETCORE_URLS="http://+:4310" ENV ASPNETCORE_ENVIRONMENT="Production" -EXPOSE 3410 +EXPOSE 4310 ENTRYPOINT ["dotnet", "AsadiTools.dll"] diff --git a/docker-compose.yml b/docker-compose.yml index 07c21e5..520f38f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: container_name: asadi-tools restart: unless-stopped ports: - - "3410:3410" + - "4310:4310" volumes: # SQLite database persisted on host - asadi_data:/app/data @@ -16,7 +16,7 @@ services: - ASPNETCORE_ENVIRONMENT=Production - ConnectionStrings__Default=Data Source=/app/data/asadi.db healthcheck: - test: ["CMD-SHELL", "curl -f http://localhost:3410/ || exit 1"] + test: ["CMD-SHELL", "curl -f http://localhost:4310/ || exit 1"] interval: 30s timeout: 10s retries: 3 diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..25d5fea --- /dev/null +++ b/nginx.conf @@ -0,0 +1,390 @@ +events { worker_connections 1024; } + +http { + + upstream nexus_http { server nexus:8081; } + upstream nexus_docker { server nexus:5000; } + upstream nexus_ghcr { server nexus:5001; } + upstream nexus_docker_group { server nexus:8082; } + upstream nexus_docker_host { server nexus:8083; } + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + proxy_read_timeout 300s; + proxy_connect_timeout 60s; + proxy_send_timeout 300s; + client_max_body_size 1g; + + # ========================================================= + # Nexus UI — nexus.soroushasadi.com + # ========================================================= + server { + listen 80; + server_name nexus.soroushasadi.com; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + server_name nexus.soroushasadi.com; + client_max_body_size 1g; + + ssl_certificate /etc/ssl/soroushasadi/fullchain.pem; + ssl_certificate_key /etc/ssl/soroushasadi/privateKey.pem; + + location / { + proxy_pass http://nexus_http; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + + # ========================================================= + # Docker registry — mirror.soroushasadi.com + # ========================================================= + server { + listen 80; + server_name mirror.soroushasadi.com; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + server_name mirror.soroushasadi.com; + + ssl_certificate /etc/ssl/soroushasadi/fullchain.pem; + ssl_certificate_key /etc/ssl/soroushasadi/privateKey.pem; + + client_max_body_size 0; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + proxy_request_buffering off; + + location /v2/token { + proxy_pass http://nexus_docker_group; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + } + + location /v2/docker-host/ { + proxy_pass http://nexus_docker_host; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + proxy_hide_header WWW-Authenticate; + add_header WWW-Authenticate "Bearer realm=\"https://mirror.soroushasadi.com/v2/token\",service=\"mirror.soroushasadi.com\"" always; + } + + location /v2/ { + proxy_pass http://nexus_docker_group; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + proxy_hide_header WWW-Authenticate; + add_header WWW-Authenticate "Bearer realm=\"https://mirror.soroushasadi.com/v2/token\",service=\"mirror.soroushasadi.com\"" always; + } + + location / { + proxy_pass http://nexus_http; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + } + + # ========================================================= + # Gitea — git.soroushasadi.com + # ========================================================= + server { + listen 80; + server_name git.soroushasadi.com; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + server_name git.soroushasadi.com; + client_max_body_size 300m; + + ssl_certificate /etc/ssl/soroushasadi/fullchain.pem; + ssl_certificate_key /etc/ssl/soroushasadi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + + # ========================================================= + # Docker Hub proxy (port 5000) — legacy + # ========================================================= + server { + listen 5000; + server_name _; + location / { + proxy_pass http://nexus_docker; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } + } + + # ========================================================= + # GHCR proxy (port 5001) — legacy + # ========================================================= + server { + listen 5001; + server_name _; + location / { + proxy_pass http://nexus_ghcr; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } + } + + # ========================================================= + # DrAletaha — draletaha.ir + # ========================================================= + server { + listen 80; + server_name draletaha.ir; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + http2 on; + server_name draletaha.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/draletaha/fullchain.pem; + ssl_certificate_key /etc/ssl/draletaha/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:5010; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + + # ========================================================= + # Meezi + # ========================================================= + server { + listen 80; + server_name meezi.ir app.meezi.ir admin.meezi.ir koja.meezi.ir api.meezi.ir admin-api.meezi.ir; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + http2 on; + server_name meezi.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3010; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + + server { + listen 443 ssl; + http2 on; + server_name app.meezi.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3101; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + + server { + listen 443 ssl; + http2 on; + server_name admin.meezi.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3102; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + + server { + listen 443 ssl; + http2 on; + server_name koja.meezi.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3103; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + + server { + listen 443 ssl; + http2 on; + server_name api.meezi.ir; + client_max_body_size 50m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:5080; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 3600s; + } + } + + server { + listen 443 ssl; + http2 on; + server_name admin-api.meezi.ir; + client_max_body_size 50m; + + ssl_certificate /etc/ssl/meezi/fullchain.pem; + ssl_certificate_key /etc/ssl/meezi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:5081; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_read_timeout 3600s; + } + } + + # ========================================================= + # Soroush personal site — soroushasadi.com + # ========================================================= + server { + listen 80; + server_name soroushasadi.com www.soroushasadi.com; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + http2 on; + server_name soroushasadi.com www.soroushasadi.com; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/soroushasadi/fullchain.pem; + ssl_certificate_key /etc/ssl/soroushasadi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:3020; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + + # ========================================================= + # AbzarAsadi — abzarasadi.ir → :4310 + # ========================================================= + server { + listen 80; + server_name abzarasadi.ir www.abzarasadi.ir; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + http2 on; + server_name abzarasadi.ir www.abzarasadi.ir; + client_max_body_size 25m; + + ssl_certificate /etc/ssl/abzarasadi/fullchain.pem; + ssl_certificate_key /etc/ssl/abzarasadi/privateKey.pem; + + location / { + proxy_pass http://171.22.25.73:4310; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + } + +}