5 files changed, 109 insertions, 0 deletions

diff --git a/build/nginx/Dockerfile b/build/nginx/Dockerfile
new file mode 100644
index 0000000..f74d555
--- /dev/null
+++ b/build/nginx/Dockerfile
@@ -0,0 +1,30 @@
+FROM alpine:latest
+
+# install packages
+RUN apk add --no-cache nginx shadow curl tini
+RUN rm -fr /var/cache/apk/*
+
+# update nginx user
+RUN groupmod --gid 1000 nginx
+RUN usermod --uid 1000 nginx
+
+# remove build packages
+RUN apk del shadow
+
+# make log syms
+RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
+	ln -sf /dev/stderr /var/log/nginx/error.log
+
+# copy configs
+RUN mkdir -p /etc/nginx
+COPY ./*.conf /etc/nginx/
+RUN chown -R nginx:nginx /etc/nginx
+
+# copy entrypoint
+COPY ./entrypoint.sh /usr/local/bin/entrypoint
+RUN chmod +x /usr/local/bin/entrypoint
+
+# do the
+USER nginx
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["/usr/local/bin/entrypoint"]
diff --git a/build/nginx/entrypoint.sh b/build/nginx/entrypoint.sh
new file mode 100755
index 0000000..6dc7eec
--- /dev/null
+++ b/build/nginx/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ ! "$API_ENABLED" = "true" ]; then
+    echo "" > /etc/nginx/nginx.api.conf
+    echo "" > /etc/nginx/nginx.api.server.conf
+fi
+
+exec -a /usr/sbin/nginx /usr/sbin/nginx -c /etc/nginx/nginx.conf
diff --git a/build/nginx/nginx.api.conf b/build/nginx/nginx.api.conf
new file mode 100644
index 0000000..52190c8
--- /dev/null
+++ b/build/nginx/nginx.api.conf
@@ -0,0 +1,3 @@
+upstream postgrest {
+    server rest:3000;
+}
diff --git a/build/nginx/nginx.api.server.conf b/build/nginx/nginx.api.server.conf
new file mode 100644
index 0000000..5dd88a4
--- /dev/null
+++ b/build/nginx/nginx.api.server.conf
@@ -0,0 +1,14 @@
+location /api/ {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_set_header Accept-Encoding "";
+    proxy_redirect off;
+
+    default_type  application/json;
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header Content-Location  /api/$upstream_http_content_location;
+    proxy_set_header  Connection "";
+    proxy_http_version 1.1;
+
+    proxy_pass http://postgrest/;
+}
diff --git a/build/nginx/nginx.conf b/build/nginx/nginx.conf
new file mode 100644
index 0000000..d3dc0ae
--- /dev/null
+++ b/build/nginx/nginx.conf
@@ -0,0 +1,54 @@
+worker_processes 4;
+daemon off;
+pid /tmp/nginx.pid;
+error_log /var/log/nginx/error.log;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include                 mime.types;
+    default_type            application/octet-stream;
+    sendfile                on;
+    keepalive_timeout       70;
+    server_tokens           off;
+    client_max_body_size    2m;
+
+    access_log /var/log/nginx/access.log;
+
+    include "nginx.api.conf";
+
+    server {
+        listen 8080;
+        root /opt/site;
+
+        gzip on;
+        gzip_vary on;
+        gzip_proxied any;
+        gzip_comp_level 6;
+        gzip_buffers 16 8k;
+        gzip_http_version 1.1;
+        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
+
+        include "nginx.api.server.conf";
+
+        location /favicon.ico {
+            add_header Cache-Control "public, max-age=31536000, immutable";
+            root /opt/site/public;
+        }
+
+        location /public {
+            add_header Cache-Control "public, max-age=31536000, immutable";
+            try_files $uri =404;
+        }
+
+        location / {
+            add_header Content-Security-Policy "base-uri 'none'";
+            root /opt/crimson;
+            include fastcgi_params;
+            fastcgi_pass php:9000;
+            fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+        }
+    }
+}