update .gitignore

explicitly specify both ipv4 and ipv6 in subdomains nginx config file
add clean config script
2019-07-16 12:19:09 -07:00 · 2019-07-13 08:07:06 -07:00 · 2019-07-13 06:40:50 -07:00 · 2019-07-12 23:07:56 -07:00 · 2019-03-25 13:19:37 -07:00 · 2018-09-08 19:33:38 -07:00
9 changed files with 107 additions and 59 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ letsencrypt/
 letsencrypt_certs/
 nginx.conf.default
 rojo.charlesreid1.com
+conf.d/http.subdomains.conf
--- a/conf.d/client-allow.conf
+++ b/conf.d/client-allow.conf
@@ -1,2 +0,0 @@
-allow 10.5.0.1;
-allow 45.56.87.232;
--- a/conf.d/http.subdomains.conf
+++ b/conf.d/http.subdomains.conf
@@ -1,55 +0,0 @@
-####################
-#
-# charlesreid1 subdomains
-# (http only, https happens with krash)
-# 
-# runs on #blackbeard
-# 
-# nginx only listens on the private vpn ip,
-# because it is reverse-proxied by another
-# nginx instance (krash).
-# binding to the private vpn ip happens
-# at the docker level, not the nginx level.
-#
-# 7777  pages.charlesreid1.com
-# 7778  hooks.charlesreid1.com
-# 7779  bots.charlesreid1.com
-# 
-####################
-
-server {
-    listen 7777;
-    server_name pages.charlesreid1.com;
-    include /etc/nginx/conf.d/client-allow.conf;
-    deny all;
-    port_in_redirect off;
-    location / {
-        index index.html;
-        try_files $uri $uri/ $uri/index.html =404;
-        root /www/pages.charlesreid1.com/htdocs;
-    }
-}
-
-server {
-    listen 7778;
-    server_name hooks.charlesreid1.com;
-    include /etc/nginx/conf.d/client-allow.conf;
-    deny all;
-    location / {
-        index index.html;
-        try_files $uri $uri/ =404;
-        root /www/hooks.charlesreid1.com/htdocs;
-    }
-}
-
-server {
-    listen 7779;
-    server_name bots.charlesreid1.com;
-    include /etc/nginx/conf.d/client-allow.conf;
-    deny all;
-    location / {
-        try_files $uri $uri/ =404;
-        root /www/bots.charlesreid1.com/htdocs;
-        index index.html;
-    }
-}
--- a/conf.d_templates/client-allow.conf
+++ b/conf.d_templates/client-allow.conf
@@ -0,0 +1 @@
+allow {{ nginx_charlesreid1_ip }};
--- a/conf.d_templates/http.subdomains.conf.j2
+++ b/conf.d_templates/http.subdomains.conf.j2
@@ -0,0 +1,69 @@
+####################
+#
+# charlesreid1 subdomains
+# (this is http only)
+# (the https happens in pod-charlesreid1)
+# (this happens in pod-webhooks)
+# 
+# We use a client-allow.conf to block all IPs
+# except for the IP of the machine running
+# pod-charlesreid1. This is because this pod
+# is reverse-proxied by the machine running
+# pod-charlesreid1.
+#
+# Binding to a private ip happens
+# at the docker level, not the nginx level.
+#
+# 7777  pages.{{ server_name_default }}
+# 7778  hooks.{{ server_name_default }}
+# 7779  bots.{{ server_name_default }}
+# 
+####################
+
+server {
+    listen 7777;
+    listen [::]:7777;
+    server_name pages.{{ server_name_default }};
+    ## Only allow IPs in client-allow.conf
+    #include /etc/nginx/conf.d/client-allow.conf;
+    #deny all;
+    port_in_redirect off;
+    location / {
+        index index.html;
+        try_files $uri $uri/ $uri/index.html =404;
+        root /www/pages.{{ server_name_default }}/htdocs;
+    }
+}
+
+
+
+server {
+    listen 7778;
+    listen [::]:7778;
+    server_name hooks.{{ server_name_default }};
+    ## Only allow IPs in client-allow.conf
+    #include /etc/nginx/conf.d/client-allow.conf;
+    #deny all;
+    location / {
+        index index.html;
+        try_files $uri $uri/ $uri/index.html =404;
+        root /www/hooks.{{ server_name_default }}/htdocs;
+    }
+}
+
+
+
+server {
+    listen 7779;
+    listen [::]:7779;
+    server_name bots.{{ server_name_default }};
+    ## Only allow IPs in client-allow.conf
+    #include /etc/nginx/conf.d/client-allow.conf;
+    #deny all;
+    location / {
+        index index.html;
+        try_files $uri $uri/ $uri/index.html =404;
+        root /www/bots.{{ server_name_default }}/htdocs;
+    }
+}
+
--- a/docs/index.md
+++ b/docs/index.md
@@ -34,6 +34,7 @@ inside the container:
 ```
 server {
    listen *:7777;
+    }
 ```

 Meanwhile, in the `docker-compose.yml` file,
--- a/2
+++ b/2
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -21,7 +21,7 @@ theme:
  font:
    text: 'Roboto'
    code: 'Roboto Mono'
-pages:
+nav:
  - 'Home':         'index.md'

 # Extensions
@@ -31,3 +31,6 @@ markdown_extensions:
      guess_lang: false
  - toc:
      permalink: true
+
+
+strict: true
--- a/scripts/clean_config.py
+++ b/scripts/clean_config.py
@@ -0,0 +1,30 @@
+import glob
+import os
+import subprocess
+
+"""
+Clean d-nginx-subdomains conf.d directory
+
+
+This script cleans out the conf.d directory
+in the d-nginx-subdomains repo.
+
+This script should be run before you generate a new set
+of config files from the nginx config file templates in
+d-nginx-subdomains/conf.d_templates/
+
+This script cleans out all the config files in the folder
+d-nginx-subdomains/conf.d/
+
+That way there are no old config files to clash with the
+new ones.
+"""
+
+HERE = os.path.abspath(os.path.dirname(__file__))
+CONF = os.path.abspath(os.path.join(HERE,'..','conf.d'))
+
+for f in glob.glob(os.path.join(CONF,"*.conf")):
+    if os.path.basename(f)!="_.conf":
+        cmd = ['rm','-fr',f]
+        subprocess.call(cmd)
+
Author	SHA1	Message	Date
Charles Reid	a87dcd5f3d	update .gitignore	2019-07-16 12:19:09 -07:00
C Reid	e9dc8c6b42	explicitly specify both ipv4 and ipv6 in subdomains nginx config file	2019-07-13 08:07:06 -07:00
C Reid	a859c5837c	add clean config script	2019-07-13 06:40:50 -07:00
C Reid	3037db52d6	move configuration templates to conf.d_templates, clean conf.d	2019-07-12 23:07:56 -07:00
C Reid	12781c12e9	updates to subdomains config file	2019-03-25 13:19:37 -07:00
Charles Reid	71467e35ff	include explanatory comment	2018-09-08 19:33:38 -07:00
Charles Reid	abb4187794	Update mkdocs.yml for mkdocs 1.0	2018-08-11 12:33:18 -07:00
Charles Reid	65d3c81478	Update mkdocs-material for mkdocs 1.0	2018-08-11 12:20:43 -07:00
Charles Reid	72e6866ea6	typo sniper	2018-07-30 23:58:37 +00:00