Add in WIP docker-compose with lets-encrypt and nginx proxying. Vendo…

…rize go deps.

.env

@@ -0,0 +1,5 @@
+NGINX_CONF_PATH=
+STATIC_FILES_PATH=
+VIRTUAL_HOST=localhost
+LETSENCRYPT_HOST=
+LETSENCRYPT_EMAIL=

.gitignore

@@ -1 +1,3 @@
 bin
+vendor/**/
+nginx

Makefile

@@ -1,29 +1,55 @@
 GOLANG_VERSION := 1.9
+PROJECT_OWNER := algolia
+PROJECT_PATH := src/github.com/$(PROJECT_OWNER)/sup3rs3cretMes5age
+TARGET_OS ?= linux
 
-deps:
-	@go get -u github.com/hashicorp/vault
-	@go get -u github.com/labstack/echo
-	@go get -u github.com/dgrijalva/jwt-go
+$(GOPATH)/bin/govendor:
+	@go get -u github.com/kardianos/govendor
 
-bin/sup3rs3cretMes5age: deps
-	@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o $@
+.PHONY: vendor
+vendor: $(GOPATH)/bin/govendor
+	@govendor sync
 
+bin/sup3rs3cretMes5age: vendor
+	@CGO_ENABLED=0 GOOS=$(TARGET_OS) GOARCH=amd64 go build -o $@
+
+nginx/certs:
+	@mkdir -p $@
+
+nginx/certs/default.crt: nginx/certs
+	@openssl req \
+	-x509 \
+	-newkey rsa:4096 \
+	-days 365 \
+	-keyout nginx/certs/default.key \
+	-nodes \
+	-subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=localhost" \
+	-out $@
+
+nginx.tmpl:
+	@curl -sS https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > $@
+
+.PHONY: build
 build:
 	@docker run \
 	--rm \
-	-v $(PWD):/usr/src/supersecret \
-	-w /usr/src/supersecret \
+	-v $(PWD):/go/$(PROJECT_PATH) \
+	-w /go/$(PROJECT_PATH) \
 	golang:$(GOLANG_VERSION) \
 	make bin/sup3rs3cretMes5age
 
+.PHONY: clean
 clean:
 	@rm -f bin/*
 	@docker-compose rm -fv
 
-run: clean build
-	@docker-compose up --build
+run-local: clean build nginx.tmpl nginx/certs/default.crt
+	@docker-compose up --build -d
+
+.PHONY: run
+run: clean build nginx.tmpl
+	@docker-compose up --build -d
 
+.PHONY: stop
 stop:
 	@docker-compose stop
-
-.PHONY: deps build clean run stop

docker-compose.yml

@@ -1,6 +1,7 @@
 version: '3.2'
 
 services:
+
   vault:
     image: vault:latest
     environment:
@@ -9,11 +10,67 @@ services:
       - IPC_LOCK
     expose:
       - 8200
+
   supersecret:
     build: ./
     image: algolia/supersecretmessage:latest
     environment:
       VAULT_ADDR: http://vault:8200
       VAULT_TOKEN: supersecret
+      LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
+      LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
+      VIRTUAL_HOST: "${VIRTUAL_HOST}"
+      VIRTUAL_PROTO: "http"
+      VIRTUAL_PORT: 1234
+      CERT_NAME: "default"
+    expose:
+      - 1234
+
+  nginx:
+    image: nginx
+    labels:
+        com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    container_name: nginx
+    restart: unless-stopped
     ports:
-      - "1234:1234"
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
+      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
+      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
+      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:ro
+
+  nginx-gen:
+    image: jwilder/docker-gen
+    command: >-
+      -notify-sighup nginx
+      -watch
+      -wait 5s:30s
+      /etc/docker-gen/templates/nginx.tmpl
+      /etc/nginx/conf.d/default.conf
+    container_name: nginx-gen
+    restart: unless-stopped
+    volumes:
+      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
+      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
+      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
+      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+
+  nginx-letsencrypt:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    container_name: nginx-letsencrypt
+    restart: unless-stopped
+    volumes:
+      - ${NGINX_CONF_PATH}/conf.d:/etc/nginx/conf.d
+      - ${NGINX_CONF_PATH}/vhost.d:/etc/nginx/vhost.d
+      - ${STATIC_FILES_PATH}:/usr/share/nginx/html
+      - ${NGINX_CONF_PATH}/certs:/etc/nginx/certs:rw
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
+      NGINX_PROXY_CONTAINER: "nginx"
+
+