Merge 'dev' to 'main'

.github/workflows/dev.yml

@@ -0,0 +1,17 @@
+name: Deploy OPEX-Nginx - Dev
+on:
+  push:
+    branches:
+      - dev
+jobs:
+  jenkinsJob:
+    name: Build OPEX-Nginx new dev version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger opex-nginx-dev on jenkins
+        uses: appleboy/jenkins-action@master
+        with:
+          url: ${{ secrets.JENKINS_URL }}
+          user: ${{ secrets.JENKINS_USER }}
+          token: ${{ secrets.JENKINS_TOKEN }}
+          job: "opex-nginx-dev"

.github/workflows/main.yml

@@ -0,0 +1,17 @@
+name: Deploy OPEX-Nginx - Demo
+on:
+  push:
+    branches:
+      - main
+jobs:
+  jenkinsJob:
+    name: Deploy OPEX-Nginx new demo version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger opex-nginx-demo on jenkins
+        uses: appleboy/jenkins-action@master
+        with:
+          url: ${{ secrets.JENKINS_URL }}
+          user: ${{ secrets.JENKINS_USER }}
+          token: ${{ secrets.JENKINS_TOKEN }}
+          job: "opex-nginx-demo"

.gitignore

@@ -1,2 +1,7 @@
 # IntelliJ
-.idea/
+.idea/
+
+# Certificate
+*.pem
+*.crt
+*.der

Dockerfile

@@ -1,2 +1,2 @@
 FROM jboesl/docker-nginx-headers-more
-COPY nginx.conf /etc/nginx/nginx.conf
+ADD nginx.conf opex.dev.crt private.pem /etc/nginx/

Jenkinsfile

@@ -0,0 +1,55 @@
+pipeline {
+    agent any
+
+    stages('Deploy') {
+        stage('Deliver') {
+            environment {
+                COMPOSE_PROJECT_NAME = 'demo-nginx'
+                DEFAULT_NETWORK_NAME = 'demo-opex'
+            }
+            steps {
+                withCredentials([
+                    file(credentialsId: 'private.pem', variable: 'PRIVATE'),
+                    file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC')
+                ]) {
+                    sh 'cp -f $PRIVATE ./private.pem'
+                    sh 'cp -f $PUBLIC ./opex.dev.crt'
+                }
+                sh 'docker-compose up -d --build --remove-orphans'
+                sh 'docker image prune -f'
+                sh 'docker network prune -f'
+            }
+        }
+    }
+
+    post {
+        always {
+            echo 'One way or another, I have finished'
+        }
+        success {
+            echo ':)'
+            setBuildStatus(":)", "SUCCESS")
+        }
+        unstable {
+            echo ':/'
+            setBuildStatus(":/", "UNSTABLE")
+        }
+        failure {
+            echo ':('
+            setBuildStatus(":(", "FAILURE")
+        }
+        changed {
+            echo 'Things were different before...'
+        }
+    }
+}
+
+void setBuildStatus(String message, String state) {
+    step([
+            $class            : "GitHubCommitStatusSetter",
+            reposSource       : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"],
+            contextSource     : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"],
+            errorHandlers     : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]],
+            statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]]
+    ])
+}

dev.Jenkinsfile

@@ -0,0 +1,55 @@
+pipeline {
+    agent any
+
+    stages('Deploy') {
+        stage('Deliver') {
+            environment {
+                COMPOSE_PROJECT_NAME = 'dev-nginx'
+                DEFAULT_NETWORK_NAME = 'dev-opex'
+            }
+            steps {
+                withCredentials([
+                    file(credentialsId: 'private.pem', variable: 'PRIVATE'),
+                    file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC')
+                ]) {
+                    sh 'cp -f $PRIVATE ./private.pem'
+                    sh 'cp -f $PUBLIC ./opex.dev.crt'
+                }
+                sh 'docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build --remove-orphans'
+                sh 'docker image prune -f'
+                sh 'docker network prune -f'
+            }
+        }
+    }
+
+    post {
+        always {
+            echo 'One way or another, I have finished'
+        }
+        success {
+            echo ':)'
+            setBuildStatus(":)", "SUCCESS")
+        }
+        unstable {
+            echo ':/'
+            setBuildStatus(":/", "UNSTABLE")
+        }
+        failure {
+            echo ':('
+            setBuildStatus(":(", "FAILURE")
+        }
+        changed {
+            echo 'Things were different before...'
+        }
+    }
+}
+
+void setBuildStatus(String message, String state) {
+    step([
+            $class            : "GitHubCommitStatusSetter",
+            reposSource       : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"],
+            contextSource     : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"],
+            errorHandlers     : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]],
+            statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]]
+    ])
+}

docker-compose.dev.yml

@@ -0,0 +1,5 @@
+version: '3.8'
+services:
+  nginx:
+    ports:
+      - '8443:443'

docker-compose.override.yml

@@ -0,0 +1,5 @@
+version: '3.8'
+services:
+  nginx:
+    ports:
+      - '443:443'

docker-compose.yml

@@ -2,12 +2,13 @@ version: '3.8'
 services:
   nginx:
     build: .
-    ports:
-      - '127.0.0.1:80:80'
     volumes:
       - www:/data/www
     networks:
       - default
+    deploy:
+      restart_policy:
+        condition: on-failure
 volumes:
   www:
     external: false

nginx.conf

@@ -1,12 +1,22 @@
-worker_processes 1;
+worker_processes auto;
 
 events {
     worker_connections 1024;
 }
 
 http {
+    include /etc/nginx/mime.types;
     sendfile on;
 
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+    keepalive_timeout   70;
+
+    ssl_certificate     opex.dev.crt;
+    ssl_certificate_key private.pem;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+
     upstream docker-wallet {
         server wallet:8080;
     }
@@ -31,13 +41,52 @@ http {
         server websocket:8080;
     }
 
+    upstream docker-web-app {
+        server app:80;
+    }
+
+    upstream docker-ipg {
+        server payment:8080;
+    }
+
     proxy_set_header   Host $host;
     proxy_set_header   X-Real-IP $remote_addr;
     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header   X-Forwarded-Host $server_name;
 
     server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+
+        server_name demo.opex.dev;
+        server_name demo.opex.dev:8443;
+
+        location ^~ /auth {
+            resolver 127.0.0.11;
+            set $backend http://docker-auth;
+            proxy_pass $backend;
+        }
+
+        location ~* \.(.*)$ {
+            resolver 127.0.0.11;
+            set $backend http://docker-web-app;
+            proxy_pass $backend;
+        }
+
+        location / {
+            resolver 127.0.0.11;
+            set $backend http://docker-web-app;
+            proxy_pass $backend;
+            rewrite .* / break;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+
         server_name api.opex.dev;
+        server_name api.opex.dev:8443;
 
         more_set_headers 'Access-Control-Allow-Origin: *';
         more_set_headers 'Access-Control-Allow-Headers: *';
@@ -53,7 +102,9 @@ http {
         }
 
         location /auth {
-            proxy_pass http://docker-auth;
+            resolver 127.0.0.11;
+            set $backend http://docker-auth;
+            proxy_pass $backend;
         }
 
         location /wallet/transfer {
@@ -69,22 +120,30 @@ http {
         }
 
         location /wallet {
-            proxy_pass http://docker-wallet;
+            resolver 127.0.0.11;
+            set $backend http://docker-wallet;
+            proxy_pass $backend;
             rewrite ^/wallet/(.*)$ /$1 break;
         }
 
         location /gateway {
-            proxy_pass http://docker-matching-gateway;
+            resolver 127.0.0.11;
+            set $backend http://docker-matching-gateway;
+            proxy_pass $backend;
             rewrite ^/gateway/(.*)$ /$1 break;
         }
 
         location /storage {
-            proxy_pass http://docker-storage;
+            resolver 127.0.0.11;
+            set $backend http://docker-storage;
+            proxy_pass $backend;
             rewrite ^/storage/(.*)$ /$1 break;
         }
 
         location /stream {
-            proxy_pass http://docker-websocket;
+            resolver 127.0.0.11;
+            set $backend http://docker-websocket;
+            proxy_pass $backend;
             # WS config
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
@@ -93,19 +152,32 @@ http {
             rewrite ^/stream/(.*)$ /$1 break;
         }
 
+        location /ipg {
+            resolver 127.0.0.11;
+            set $backend http://docker-ipg;
+            proxy_pass $backend;
+            rewrite ^/ipg/(.*)$ /$1 break;
+        }
+
         location /api {
-            proxy_pass http://docker-api;
+            resolver 127.0.0.11;
+            set $backend http://docker-api;
+            proxy_pass $backend;
             rewrite ^/api/(.*)$ /$1 break;
         }
 
         location /sapi {
-            proxy_pass http://docker-api;
+            resolver 127.0.0.11;
+            set $backend http://docker-api;
+            proxy_pass $backend;
             rewrite ^/sapi/(.*)$ /$1 break;
         }
 
         location /binance {
+            resolver 127.0.0.11;
+            set $backend http://api.binance.com;
             proxy_set_header Host api.binance.com;
-            proxy_pass https://api.binance.com;
+            proxy_pass $backend;
             rewrite ^/binance/(.*)$ /$1 break;
         }
     }