init

h2-proxy/Dockerfile

@@ -0,0 +1,17 @@
+FROM alpine:latest
+
+RUN apk add --no-cache openssl
+
+# Use this self-generated certificate only in dev, IT IS NOT SECURE!
+RUN openssl genrsa -des3 -passout pass:NotSecure -out cert.pass.key 2048
+RUN openssl rsa -passin pass:NotSecure -in cert.pass.key -out cert.key
+RUN rm cert.pass.key
+RUN openssl req -new -passout pass:NotSecure -key cert.key -out cert.csr \
+    -subj '/C=SS/ST=SS/L=Gotham City/O=API Platform Dev/CN=localhost'
+RUN openssl x509 -req -sha256 -days 365 -in cert.csr -signkey cert.key -out cert.crt
+
+FROM nginx:1.15-alpine
+
+RUN mkdir -p /etc/nginx/ssl/
+COPY --from=0 cert.key cert.crt /etc/nginx/ssl/
+COPY conf.d /etc/nginx/conf.d/

h2-proxy/conf.d/default.conf

@@ -0,0 +1,85 @@
+# client
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        proxy_pass http://client:3000;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+
+# admin
+server {
+    listen 444 ssl http2;
+    listen [::]:444 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        proxy_pass http://admin:3000;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+
+# api
+server {
+    listen 8443 ssl http2;
+    listen [::]:8443 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        proxy_pass http://api;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 8443;
+    }
+}
+
+# cache-proxy
+server {
+    listen 8444 ssl http2;
+    listen [::]:8444 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        proxy_pass http://cache-proxy;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 8444;
+    }
+}
+
+# mercure
+server {
+    listen 1338 ssl http2;
+    listen [::]:1338 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        proxy_pass http://mercure;
+        proxy_read_timeout 24h;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port 1338;
+        proxy_set_header Connection "";
+    }
+}