initial v1.0

.gitignore

@@ -0,0 +1 @@
+data/

README.md

@@ -0,0 +1,35 @@
+### nginx-proxy stack
+
+1. [nginx-proxy](https://github.com/jwilder/nginx-proxy) acts as reverse proxy.
+   The nginx configs get automatically created based on environment variables.
+   
+2. [jrcs/letsencrypt-nginx-proxy-companion](https://github.com/jwilder/nginx-proxy)
+   obtains certificates from [letsencrypt](https://letsencrypt.org/)
+   used by the revsers proxy.
+
+#### Mailcow
+  - Edit `./data/conf.d/mailcow_proxy.conf` or delete it when not using mailcow
+  - When missing, create a hardlink to the config living in the `conf.d` subfolder: `ln ../mailcow_proxy.conf mailcow_proxy.conf`
+
+#### Get started
+To use the service of this stack, add to the respective `docker-compose.yml`:
+```
+     environment:
+       VIRTUAL_HOST: www.example.com
+       LETSENCRYPT_HOST: www.example.com 
+       LETSENCRYPT_EMAIL: webmaster+web-www.letsencrypt.org@example.com
+```
+
+
+#### Basic Auth
+`echo "someusername:"`echo "somepassword" openssl passwd -stdin` > ./data/htpasswd/www.example.com`
+to [enable basic auth for a vhost](https://github.com/jwilder/nginx-proxy#basic-authentication-support)
+or use the bash script in `./utils/setup_basic-auth.sh`
+
+
+#### Background
+Both containers listen on `/var/run/docker.sock` to see the environment variables of new containers coming up.
+
+
+#### Notes and pitfalls
+When changing domains while moving from development to production, perform a `docker system prune` prior to restarting the service.

docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3.2'
+services:
+  reverse-proxy:
+    container_name: reverse-proxy
+    image: jwilder/nginx-proxy:alpine 
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: true
+      com.centurylinklabs.watchtower.enable: true
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      SSL_POLICY: "Mozilla-Modern"
+    volumes:
+      - /opt/mailcow-dockerized/data/assets/ssl/:/etc/ssl/mail/:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./data/certs/:/etc/nginx/certs:ro
+      - ./data/conf.d/:/etc/nginx/conf.d/
+      - ./data/vhost.d/:/etc/nginx/vhost.d/
+      - ./data/html/:/usr/share/nginx/html/
+      - ./data/htpasswd/:/etc/nginx/htpasswd/
+  proxy-companion:
+    container_name: reverse-proxy-letsencrypt
+    depends_on:
+      - reverse-proxy
+    image: jrcs/letsencrypt-nginx-proxy-companion      
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/certs/:/etc/nginx/certs:rw
+      - ./data/conf.d/:/etc/nginx/conf.d/
+      - ./data/vhost.d/:/etc/nginx/vhost.d/
+      - ./data/html/:/usr/share/nginx/html/

utils/setup_basic-auth.sh

@@ -0,0 +1,17 @@
+#!/bin/bash -e
+[ $# -eq 0 ] && { echo "Usage: $0 <vhost> <user> <pass>"; exit 1; }
+vhost=$1
+user=$2
+pass=$3
+htpasswd_dir=/opt/docker/proxy/data/htpasswd/
+
+mkdir -p $htpasswd_dir 
+
+htpasswd="$user"":"`echo $pass | openssl passwd -stdin`
+echo "  Writing:"
+echo "    --> $htpasswd"
+echo "    --> into: $htpasswd_dir$vhost"
+echo $htpasswd > $htpasswd_dir$vhost
+
+# Restart so the password file is read by nginx
+docker restart reverse-proxy

utils/simpleshell-based-log-analysis.md

@@ -0,0 +1,38 @@
+## Simple shell-based log analysis 
+
+
+
+#### Define hostname
+```
+vhost_name="www\.example\.com"
+vhost_name="fam\.s-up\.net"
+```
+
+#### Group by IP since 24h
+```
+docker logs reverse-proxy --since 24h 2>&1 \
+| grep -e $vhost_name \
+| grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" \
+| sort \
+| uniq -c
+```
+
+
+#### Resolve IPs
+```
+for ip in `
+  docker logs reverse-proxy 2>&1 \
+  | grep -e $vhost_name \
+  | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" \
+  | sort \
+  | uniq`; do echo "$ip" `dig -x $ip +short`; done
+```
+
+#### Visites sites
+```
+docker logs reverse-proxy 2>&1 \
+  | grep -e $vhost_name \
+  | grep -oE '[a-z]*.php' \
+  | sort \
+  | uniq -c
+```