Add docker-compose support, so a working development server with HTTPS can be started with:

docker-compose build && docker-compose up
author: Toby Jaffey 2022-12-12 10:26:38 +0000
committer: Toby Jaffey 2022-12-12 10:26:38 +0000
commit: 4afa513dced3b9ef024bc366b4fc884802730d50 (patch)
tree: 51098e478054a66439e98dfab89cbbedf5d9f5c0
parent: Backport from xs. (diff)
download: penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.tar.gz
penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.tar.xz
penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.zip
9 files changed, 224 insertions, 0 deletions
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..05ae1fe
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,12 @@
+FROM alpine
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+RUN apk add --no-cache curl-dev build-base
+COPY . /build
+WORKDIR /build
+RUN make
+COPY examples/docker-entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
+EXPOSE 8001
+CMD /build/snac
diff --git a/README.md b/README.md
index 1b7dc50..7b63d7b 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,19 @@ Run `make` and then `make install` as root.
 See the administrator manual on how to proceed from here.
+# Testing via Docker
+A `docker-compose` file is provided for development and testing. To start snac with an nginx HTTPS frontend, run:
+    docker-compose build && docker-compose up
+This will:
+- Start snac, storing data in `data/`
+- Configure snac to listen on port 8001 with a server name of `localhost` (see `examples/docker-entrypoint.sh`)
+- Create a new user `testuser` and print the user's generated password on the console (see `examples/docker-entrypoint.sh`)
+- Start nginx to handle HTTPS, using the certificate pair from `nginx-alpine-ssl/nginx-selfsigned.*` (see `examples/nginx-alpine-ssl/entrypoint.sh`)
 # License
 See the LICENSE file for details.
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..bc4abf7
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,27 @@
+---
+version: '3'
+services:
+    snac:
+        build: .
+        image: snac
+        container_name: snac
+        restart: unless-stopped
+        security_opt:
+            - no-new-privileges:true
+        volumes:
+            - ./data:/data
+        ports:
+            - "8001:8001"
+    nginx-alpine-ssl:
+        build: examples/nginx-alpine-ssl
+        image: examples/nginx-alpine-ssl
+        container_name: nginx-alpine-ssl
+        restart: unless-stopped
+        security_opt:
+            - no-new-privileges:true
+        ports:
+            - "443:443"
+            - "80:80"
diff --git a/examples/docker-entrypoint.sh b/examples/docker-entrypoint.sh
new file mode 100755
index 0000000..b64e039
--- /dev/null
+++ b/examples/docker-entrypoint.sh
@@ -0,0 +1,6 @@
+if [ ! -e /data/data/server.json ]
+then
+    echo -ne "0.0.0.0\r\n8001\r\nlocalhost\r\n\r\n" | /build/snac init /data/data
+    /build/snac adduser /data/data testuser
+fi
+SSLKEYLOGFILE=/data/key /build/snac httpd /data/data
diff --git a/examples/nginx-alpine-ssl/Dockerfile b/examples/nginx-alpine-ssl/Dockerfile
new file mode 100644
index 0000000..845405d
--- /dev/null
+++ b/examples/nginx-alpine-ssl/Dockerfile
@@ -0,0 +1,13 @@
+FROM alpine
+RUN apk add nginx
+RUN mkdir -p /run/nginx
+ADD default.conf /etc/nginx/http.d/default.conf
+ADD *.key /etc/ssl/private/
+ADD *.crt /etc/ssl/certs/
+WORKDIR /var/www/localhost/htdocs
+COPY entrypoint.sh /usr/local/bin
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
+#EXPOSE 80
+EXPOSE 443
+CMD ["/bin/sh", "-c", "nginx -g 'daemon off;'; nginx -s reload;"]
diff --git a/examples/nginx-alpine-ssl/default.conf b/examples/nginx-alpine-ssl/default.conf
new file mode 100644
index 0000000..22db0df
--- /dev/null
+++ b/examples/nginx-alpine-ssl/default.conf
@@ -0,0 +1,89 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+    location /.well-known/webfinger {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+    location /.well-known/nodeinfo {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+    location / {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+    location /fedi/ {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+}
diff --git a/examples/nginx-alpine-ssl/entrypoint.sh b/examples/nginx-alpine-ssl/entrypoint.sh
new file mode 100755
index 0000000..5432d46
--- /dev/null
+++ b/examples/nginx-alpine-ssl/entrypoint.sh
@@ -0,0 +1,15 @@
+cd /etc/nginx/http.d;
+export CRT="${CRT:=nginx-selfsigned.crt}";
+if [ -f "/etc/ssl/certs/$CRT" ]
+then
+    # set crt file in the default.conf file
+    sed -i "/ssl_certificate \//c\\\tssl_certificate \/etc\/ssl\/certs\/$CRT;" default.conf;
+fi
+export KEY="${KEY:=nginx-selfsigned.key}";
+if [ -f "/etc/ssl/private/$KEY" ]
+then
+    # set key file in the default.conf file
+    sed -i "/ssl_certificate_key \//c\\\tssl_certificate_key \/etc\/ssl\/private\/$KEY;" default.conf;
+fi
+nginx -g 'daemon off;'; nginx -s reload;
diff --git a/examples/nginx-alpine-ssl/nginx-selfsigned.crt b/examples/nginx-alpine-ssl/nginx-selfsigned.crt
new file mode 100644
index 0000000..ac607a1
--- /dev/null
+++ b/examples/nginx-alpine-ssl/nginx-selfsigned.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIUCCSqvSfnCK67C4JNfoiXUXyTIK4wDQYJKoZIhvcNAQEL
+BQAwSTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMRYwFAYDVQQKDA1Db21wYW55
+LCBJbmMuMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wHhcNMjIxMjEyMTAwNzU1WhcN
+MjMxMjEyMTAwNzU1WjBJMQswCQYDVQQGEwJDQTELMAkGA1UECAwCUUMxFjAUBgNV
+BAoMDUNvbXBhbnksIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBANss2w/GUwKcoUxHsWDfnldEuJzwx3Jr
+oRvTZY7ZcEM8vsVW8Xi61jpo2H/Uqv+3jl6+R6UFL1IKQUY0jn9KatYkfrHdHcYx
+RwH8yLKWfCY9/qrPE8NzYQMkeNUqu5oGWDMFoCcGAuHOzB+v6JR2/0zaEavi96dZ
+ZwjijdZtZAB9BuqD5R5dmVBV1fYSWM/X0/KN2RPpoBRak+HmpoZfimut9rMAPjay
+WjVxQCR/kCL6OlfLL5CFp6e6u9pczRNTLr0QODmyQGIBd4Rjh1JQD2K1c1QN4ztw
+ExGW+gqe7CGuwVfPSjlUsE1kiC11KreAWadLiovOp4Th6lygeaYg4R8CAwEAAaNs
+MGowHQYDVR0OBBYEFE/ykxo/J5z2IT9Zuk3uwk+NAb4eMB8GA1UdIwQYMBaAFE/y
+kxo/J5z2IT9Zuk3uwk+NAb4eMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0RBBAwDoIM
+bXlkb21haW4uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ptI9ncISkYBDz8hUmWE
+WkBsSFs2BTBvUQ4bsdXmV3AkC1BFw0meW3kNL/4ptkSsOvVj4imBjG906UfyXw5l
+TyegRn2pA13IqBgl0Fs0+qlg5a/a+UgMZHmJeCsOZ3gJCG/mqJ0MyE8vUCUcD1oZ
+XGsUgOUkiK/eMN6r4kW6SsBs7iapDpascvmGz4VuzYpBy+qOGayfCOt4h/hS9VEC
+ErZo1L6jJFBApM1Jxmd7yYWJeQAkN1/LjdYJltSZ4dNlw6ewzK/Px0hGeEzr60M7
+JgGuAuxIdp3pTYZwB5TqZ5v/bvapzPgK4A7COBOj1N3uqJiTmYErKwx201AP3BQ
+-----END CERTIFICATE-----
diff --git a/examples/nginx-alpine-ssl/nginx-selfsigned.key b/examples/nginx-alpine-ssl/nginx-selfsigned.key
new file mode 100644
index 0000000..f26cf84
--- /dev/null
+++ b/examples/nginx-alpine-ssl/nginx-selfsigned.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbLNsPxlMCnKFM
+R7Fg355XRLic8Mdya6Eb02WO2XBDPL7FVvF4utY6aNh/1Kr/t45evkelBS9SCkFG
+NI5/SmrWJH6x3R3GMUcB/MiylnwmPf6qzxPDc2EDJHjVKruaBlgzBaAnBgLhzswf
+r+iUdv9M2hGr4venWWcI4o3WbWQAfQbqg+UeXZlQVdX2EljP19PyjdkT6aAUWpPh
+5qaGX4prrfazAD42slo1cUAkf5Ai+jpXyy+QhaenurvaXM0TUy69EDg5skBiAXeE
+Y4dSUA9itXNUDeM7cBMRlvoKnuwhrsFXz0o5VLBNZIgtdSq3gFmnS4qLzqeE4epc
+oHmmIOEfAgMBAAECggEBAJDckN1YQ71SMPnt2LsikdE0RqDUM77YjF+L1XAZHy4R
+lDVyRZ96PeXVLmMu+OaTN7I/KbNUPfaHeKUiT5yqXvqynFqKvwcjwr75iN0gwWW1
+TAExZOql89TT4lliKSSgVONEMJoaSwVcXWYEKkEWdZ8h8tQc63rciFFDDGRRYOtA
+fmMb3tOmnJqGu4PDq4vnVv7YiCXvNZiVOz99AsW0Y1ptSMyQrxyLjdr+wxClh0UV
+uGFcFIJJwsvBGDNb6G3Wy3vJHkkqMEhPwfP/AkHZMdQKdZ15V/WAOP8xKXW205jY
+Lu0mCbv2Udaait+fjZhM/JoemPLApwLNVRpwV5QfGwECgYEA9X/fjVPhJZ42LrP0
+Z4j2tj47DLtHLktrd84OA4BV4I+JjTvddJfXCtEk1m59vpzutJEYpy/bII84JWuE
+H1cMv8epS4Yfi/2RoB8ADO7E0L/BPAND7zjCHIqryiZY7ubp/71/jaOF0ZCugqbi
+YK7sl9H7qj1u+cC4+pab9ue/IyECgYEA5Iy90M7f7bI+6tS2/k4eroLxGWAJqRSj
+D2DjYTd/gPgm8jCDhnmbicquP2YBTIIdaNiREh19pvQs/JRo+tbsGKgSQbjLdM8Z
+8WzmhrNJH/fF/Vmi8DYSg4VScZgyjJX5T1FsRup8r53hxVpyRtTEJLOzSfJDEE1L
+eb09EeHrvD8CgYAOKdt25uD1b6RGm4E9O+yn5P05JdDcfeNsXQn3776EnyNbb5m+
+MUhpylkqueMtTRaEel6Gvr8QqNKfbg2IVVhZ9CXzQoCtbeqp5z/0fw4B0R5P3Qxd
+T9P7G5D/r6iv18imRYOHY2jEB2naBdDHrS/fLnEriDHP3OuPIYNMAmDHoQKBgQCQ
+Py/yIQ9+Axjot7aDTKTaubQXsuCGAYtkwl7gVdm4eWaDRxFMB2aekfhl9ShutFSB
+fuYYy9opTEU0aSrU3l8GtNVI+6wVnjyefoAElhVaAtTIMRHAkDAhKD0/irKkvmcq
+o5Y2L/rgEEKVf59Oiyz8iRpoWmnvWQmA3Wo05iUVmwKBgHTh1q1PTUzgvL0uNNZ3
+Kttp/U81I0C0TEyLFt/WfAD6ZrsG3GMq5IqN2CkOvPSDCrdxAxiDuxK7l3/gWU6s
+9EtoG2gZb5SyU6hZ0isuokaeAyuueDEco38AFXSvmt/jxvdzilYW/n5+HNoV2XL1
+CBv1Y6Ouy7rA3Q9C7WPb43m4
+-----END PRIVATE KEY-----
author	Toby Jaffey	2022-12-12 10:26:38 +0000
committer	Toby Jaffey	2022-12-12 10:26:38 +0000
commit	4afa513dced3b9ef024bc366b4fc884802730d50 (patch)
tree	51098e478054a66439e98dfab89cbbedf5d9f5c0
parent	Backport from xs. (diff)
download	penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.tar.gz penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.tar.xz penes-snac2-4afa513dced3b9ef024bc366b4fc884802730d50.zip

diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..05ae1fe --- /dev/null +++ b/Dockerfile
@@ -0,0 +1,12 @@
		1	FROM alpine
		2	ENV LANG C.UTF-8
		3	ENV LC_ALL C.UTF-8
		4	RUN apk add --no-cache curl-dev build-base
		5	COPY . /build
		6	WORKDIR /build
		7	RUN make
		8	COPY examples/docker-entrypoint.sh /usr/local/bin/entrypoint.sh
		9	RUN chmod +x /usr/local/bin/entrypoint.sh
		10	ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
		11	EXPOSE 8001
		12	CMD /build/snac


diff --git a/README.md b/README.md index 1b7dc50..7b63d7b 100644 --- a/README.md +++ b/README.md
@@ -43,6 +43,19 @@ Run `make` and then `make install` as root.
43		43
44	See the administrator manual on how to proceed from here.	44	See the administrator manual on how to proceed from here.
45		45
		46	# Testing via Docker
		47
		48	A `docker-compose` file is provided for development and testing. To start snac with an nginx HTTPS frontend, run:
		49
		50	docker-compose build && docker-compose up
		51
		52	This will:
		53
		54	- Start snac, storing data in `data/`
		55	- Configure snac to listen on port 8001 with a server name of `localhost` (see `examples/docker-entrypoint.sh`)
		56	- Create a new user `testuser` and print the user's generated password on the console (see `examples/docker-entrypoint.sh`)
		57	- Start nginx to handle HTTPS, using the certificate pair from `nginx-alpine-ssl/nginx-selfsigned.*` (see `examples/nginx-alpine-ssl/entrypoint.sh`)
		58
46	# License	59	# License
47		60
48	See the LICENSE file for details.	61	See the LICENSE file for details.


diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..bc4abf7 --- /dev/null +++ b/docker-compose.yaml
@@ -0,0 +1,27 @@
		1	---
		2	version: '3'
		3
		4	services:
		5	snac:
		6	build: .
		7	image: snac
		8	container_name: snac
		9	restart: unless-stopped
		10	security_opt:
		11	- no-new-privileges:true
		12	volumes:
		13	- ./data:/data
		14	ports:
		15	- "8001:8001"
		16
		17	nginx-alpine-ssl:
		18	build: examples/nginx-alpine-ssl
		19	image: examples/nginx-alpine-ssl
		20	container_name: nginx-alpine-ssl
		21	restart: unless-stopped
		22	security_opt:
		23	- no-new-privileges:true
		24	ports:
		25	- "443:443"
		26	- "80:80"
		27


diff --git a/examples/docker-entrypoint.sh b/examples/docker-entrypoint.sh new file mode 100755 index 0000000..b64e039 --- /dev/null +++ b/examples/docker-entrypoint.sh
@@ -0,0 +1,6 @@
		1	if [ ! -e /data/data/server.json ]
		2	then
		3	echo -ne "0.0.0.0\r\n8001\r\nlocalhost\r\n\r\n" \| /build/snac init /data/data
		4	/build/snac adduser /data/data testuser
		5	fi
		6	SSLKEYLOGFILE=/data/key /build/snac httpd /data/data


diff --git a/examples/nginx-alpine-ssl/Dockerfile b/examples/nginx-alpine-ssl/Dockerfile new file mode 100644 index 0000000..845405d --- /dev/null +++ b/examples/nginx-alpine-ssl/Dockerfile
@@ -0,0 +1,13 @@
		1	FROM alpine
		2	RUN apk add nginx
		3	RUN mkdir -p /run/nginx
		4	ADD default.conf /etc/nginx/http.d/default.conf
		5	ADD *.key /etc/ssl/private/
		6	ADD *.crt /etc/ssl/certs/
		7	WORKDIR /var/www/localhost/htdocs
		8	COPY entrypoint.sh /usr/local/bin
		9	RUN chmod +x /usr/local/bin/entrypoint.sh
		10	ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
		11	#EXPOSE 80
		12	EXPOSE 443
		13	CMD ["/bin/sh", "-c", "nginx -g 'daemon off;'; nginx -s reload;"]


diff --git a/examples/nginx-alpine-ssl/default.conf b/examples/nginx-alpine-ssl/default.conf new file mode 100644 index 0000000..22db0df --- /dev/null +++ b/examples/nginx-alpine-ssl/default.conf
@@ -0,0 +1,89 @@
		1	server {
		2	listen 80 default_server;
		3	listen [::]:80 default_server;
		4	listen 443 ssl http2 default_server;
		5	listen [::]:443 ssl http2 default_server;
		6	ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
		7	ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
		8
		9	location /.well-known/webfinger {
		10	proxy_http_version 1.1;
		11	proxy_set_header Upgrade $http_upgrade;
		12	proxy_set_header Connection "upgrade";
		13	proxy_redirect off;
		14	proxy_connect_timeout 90;
		15	proxy_send_timeout 90;
		16	proxy_read_timeout 90;
		17	proxy_set_header Host $host;
		18	proxy_set_header X-Real-IP $remote_addr;
		19	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		20	proxy_set_header X-Forwarded-Proto $scheme;
		21	proxy_set_header Proxy "";
		22	proxy_pass_header Server;
		23	proxy_buffering on;
		24	tcp_nodelay on;
		25	proxy_pass http://snac:8001;
		26	proxy_set_header Host $http_host;
		27	}
		28
		29	location /.well-known/nodeinfo {
		30	proxy_http_version 1.1;
		31	proxy_set_header Upgrade $http_upgrade;
		32	proxy_set_header Connection "upgrade";
		33	proxy_redirect off;
		34	proxy_connect_timeout 90;
		35	proxy_send_timeout 90;
		36	proxy_read_timeout 90;
		37	proxy_set_header Host $host;
		38	proxy_set_header X-Real-IP $remote_addr;
		39	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		40	proxy_set_header X-Forwarded-Proto $scheme;
		41	proxy_set_header Proxy "";
		42	proxy_pass_header Server;
		43	proxy_buffering on;
		44	tcp_nodelay on;
		45	proxy_pass http://snac:8001;
		46	proxy_set_header Host $http_host;
		47	}
		48
		49	location / {
		50	proxy_http_version 1.1;
		51	proxy_set_header Upgrade $http_upgrade;
		52	proxy_set_header Connection "upgrade";
		53	proxy_redirect off;
		54	proxy_connect_timeout 90;
		55	proxy_send_timeout 90;
		56	proxy_read_timeout 90;
		57	proxy_set_header Host $host;
		58	proxy_set_header X-Real-IP $remote_addr;
		59	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		60	proxy_set_header X-Forwarded-Proto $scheme;
		61	proxy_set_header Proxy "";
		62	proxy_pass_header Server;
		63	proxy_buffering on;
		64	tcp_nodelay on;
		65	proxy_pass http://snac:8001;
		66	proxy_set_header Host $http_host;
		67	}
		68
		69	location /fedi/ {
		70	proxy_http_version 1.1;
		71	proxy_set_header Upgrade $http_upgrade;
		72	proxy_set_header Connection "upgrade";
		73	proxy_redirect off;
		74	proxy_connect_timeout 90;
		75	proxy_send_timeout 90;
		76	proxy_read_timeout 90;
		77	proxy_set_header Host $host;
		78	proxy_set_header X-Real-IP $remote_addr;
		79	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		80	proxy_set_header X-Forwarded-Proto $scheme;
		81	proxy_set_header Proxy "";
		82	proxy_pass_header Server;
		83	proxy_buffering on;
		84	tcp_nodelay on;
		85	proxy_pass http://snac:8001;
		86	proxy_set_header Host $http_host;
		87	}
		88	}
		89


diff --git a/examples/nginx-alpine-ssl/entrypoint.sh b/examples/nginx-alpine-ssl/entrypoint.sh new file mode 100755 index 0000000..5432d46 --- /dev/null +++ b/examples/nginx-alpine-ssl/entrypoint.sh
@@ -0,0 +1,15 @@
		1	cd /etc/nginx/http.d;
		2	export CRT="${CRT:=nginx-selfsigned.crt}";
		3	if [ -f "/etc/ssl/certs/$CRT" ]
		4	then
		5	# set crt file in the default.conf file
		6	sed -i "/ssl_certificate \//c\\\tssl_certificate \/etc\/ssl\/certs\/$CRT;" default.conf;
		7	fi
		8	export KEY="${KEY:=nginx-selfsigned.key}";
		9	if [ -f "/etc/ssl/private/$KEY" ]
		10	then
		11	# set key file in the default.conf file
		12	sed -i "/ssl_certificate_key \//c\\\tssl_certificate_key \/etc\/ssl\/private\/$KEY;" default.conf;
		13	fi
		14	nginx -g 'daemon off;'; nginx -s reload;
		15


diff --git a/examples/nginx-alpine-ssl/nginx-selfsigned.crt b/examples/nginx-alpine-ssl/nginx-selfsigned.crt new file mode 100644 index 0000000..ac607a1 --- /dev/null +++ b/examples/nginx-alpine-ssl/nginx-selfsigned.crt
@@ -0,0 +1,21 @@
		1	-----BEGIN CERTIFICATE-----
		2	MIIDjDCCAnSgAwIBAgIUCCSqvSfnCK67C4JNfoiXUXyTIK4wDQYJKoZIhvcNAQEL
		3	BQAwSTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMRYwFAYDVQQKDA1Db21wYW55
		4	LCBJbmMuMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wHhcNMjIxMjEyMTAwNzU1WhcN
		5	MjMxMjEyMTAwNzU1WjBJMQswCQYDVQQGEwJDQTELMAkGA1UECAwCUUMxFjAUBgNV
		6	BAoMDUNvbXBhbnksIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJ
		7	KoZIhvcNAQEBBQADggEPADCCAQoCggEBANss2w/GUwKcoUxHsWDfnldEuJzwx3Jr
		8	oRvTZY7ZcEM8vsVW8Xi61jpo2H/Uqv+3jl6+R6UFL1IKQUY0jn9KatYkfrHdHcYx
		9	RwH8yLKWfCY9/qrPE8NzYQMkeNUqu5oGWDMFoCcGAuHOzB+v6JR2/0zaEavi96dZ
		10	ZwjijdZtZAB9BuqD5R5dmVBV1fYSWM/X0/KN2RPpoBRak+HmpoZfimut9rMAPjay
		11	WjVxQCR/kCL6OlfLL5CFp6e6u9pczRNTLr0QODmyQGIBd4Rjh1JQD2K1c1QN4ztw
		12	ExGW+gqe7CGuwVfPSjlUsE1kiC11KreAWadLiovOp4Th6lygeaYg4R8CAwEAAaNs
		13	MGowHQYDVR0OBBYEFE/ykxo/J5z2IT9Zuk3uwk+NAb4eMB8GA1UdIwQYMBaAFE/y
		14	kxo/J5z2IT9Zuk3uwk+NAb4eMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0RBBAwDoIM
		15	bXlkb21haW4uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ptI9ncISkYBDz8hUmWE
		16	WkBsSFs2BTBvUQ4bsdXmV3AkC1BFw0meW3kNL/4ptkSsOvVj4imBjG906UfyXw5l
		17	TyegRn2pA13IqBgl0Fs0+qlg5a/a+UgMZHmJeCsOZ3gJCG/mqJ0MyE8vUCUcD1oZ
		18	XGsUgOUkiK/eMN6r4kW6SsBs7iapDpascvmGz4VuzYpBy+qOGayfCOt4h/hS9VEC
		19	ErZo1L6jJFBApM1Jxmd7yYWJeQAkN1/LjdYJltSZ4dNlw6ewzK/Px0hGeEzr60M7
		20	+JgGuAuxIdp3pTYZwB5TqZ5v/bvapzPgK4A7COBOj1N3uqJiTmYErKwx201AP3BQ
		21	-----END CERTIFICATE-----


diff --git a/examples/nginx-alpine-ssl/nginx-selfsigned.key b/examples/nginx-alpine-ssl/nginx-selfsigned.key new file mode 100644 index 0000000..f26cf84 --- /dev/null +++ b/examples/nginx-alpine-ssl/nginx-selfsigned.key
@@ -0,0 +1,28 @@
		1	-----BEGIN PRIVATE KEY-----
		2	MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbLNsPxlMCnKFM
		3	R7Fg355XRLic8Mdya6Eb02WO2XBDPL7FVvF4utY6aNh/1Kr/t45evkelBS9SCkFG
		4	NI5/SmrWJH6x3R3GMUcB/MiylnwmPf6qzxPDc2EDJHjVKruaBlgzBaAnBgLhzswf
		5	r+iUdv9M2hGr4venWWcI4o3WbWQAfQbqg+UeXZlQVdX2EljP19PyjdkT6aAUWpPh
		6	5qaGX4prrfazAD42slo1cUAkf5Ai+jpXyy+QhaenurvaXM0TUy69EDg5skBiAXeE
		7	Y4dSUA9itXNUDeM7cBMRlvoKnuwhrsFXz0o5VLBNZIgtdSq3gFmnS4qLzqeE4epc
		8	oHmmIOEfAgMBAAECggEBAJDckN1YQ71SMPnt2LsikdE0RqDUM77YjF+L1XAZHy4R
		9	lDVyRZ96PeXVLmMu+OaTN7I/KbNUPfaHeKUiT5yqXvqynFqKvwcjwr75iN0gwWW1
		10	TAExZOql89TT4lliKSSgVONEMJoaSwVcXWYEKkEWdZ8h8tQc63rciFFDDGRRYOtA
		11	fmMb3tOmnJqGu4PDq4vnVv7YiCXvNZiVOz99AsW0Y1ptSMyQrxyLjdr+wxClh0UV
		12	uGFcFIJJwsvBGDNb6G3Wy3vJHkkqMEhPwfP/AkHZMdQKdZ15V/WAOP8xKXW205jY
		13	Lu0mCbv2Udaait+fjZhM/JoemPLApwLNVRpwV5QfGwECgYEA9X/fjVPhJZ42LrP0
		14	Z4j2tj47DLtHLktrd84OA4BV4I+JjTvddJfXCtEk1m59vpzutJEYpy/bII84JWuE
		15	H1cMv8epS4Yfi/2RoB8ADO7E0L/BPAND7zjCHIqryiZY7ubp/71/jaOF0ZCugqbi
		16	YK7sl9H7qj1u+cC4+pab9ue/IyECgYEA5Iy90M7f7bI+6tS2/k4eroLxGWAJqRSj
		17	D2DjYTd/gPgm8jCDhnmbicquP2YBTIIdaNiREh19pvQs/JRo+tbsGKgSQbjLdM8Z
		18	8WzmhrNJH/fF/Vmi8DYSg4VScZgyjJX5T1FsRup8r53hxVpyRtTEJLOzSfJDEE1L
		19	eb09EeHrvD8CgYAOKdt25uD1b6RGm4E9O+yn5P05JdDcfeNsXQn3776EnyNbb5m+
		20	MUhpylkqueMtTRaEel6Gvr8QqNKfbg2IVVhZ9CXzQoCtbeqp5z/0fw4B0R5P3Qxd
		21	T9P7G5D/r6iv18imRYOHY2jEB2naBdDHrS/fLnEriDHP3OuPIYNMAmDHoQKBgQCQ
		22	Py/yIQ9+Axjot7aDTKTaubQXsuCGAYtkwl7gVdm4eWaDRxFMB2aekfhl9ShutFSB
		23	fuYYy9opTEU0aSrU3l8GtNVI+6wVnjyefoAElhVaAtTIMRHAkDAhKD0/irKkvmcq
		24	o5Y2L/rgEEKVf59Oiyz8iRpoWmnvWQmA3Wo05iUVmwKBgHTh1q1PTUzgvL0uNNZ3
		25	Kttp/U81I0C0TEyLFt/WfAD6ZrsG3GMq5IqN2CkOvPSDCrdxAxiDuxK7l3/gWU6s
		26	9EtoG2gZb5SyU6hZ0isuokaeAyuueDEco38AFXSvmt/jxvdzilYW/n5+HNoV2XL1
		27	CBv1Y6Ouy7rA3Q9C7WPb43m4
		28	-----END PRIVATE KEY-----