From 87dea8373c6b734aef7caf138045ff4a77d17ccf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivan=20Verg=C3=A9s?= <ivan@pokecode.net>
Date: Tue, 2 Jan 2024 12:28:41 +0100
Subject: [PATCH] fix dockercompose

---
 Dockerfile.nginx   | 18 +++++++++++
 docker-compose.yml | 17 +++++++---
 nginx.conf         | 79 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 4 deletions(-)
 create mode 100644 Dockerfile.nginx
 create mode 100644 nginx.conf

diff --git a/Dockerfile.nginx b/Dockerfile.nginx
new file mode 100644
index 0000000..30881db
--- /dev/null
+++ b/Dockerfile.nginx
@@ -0,0 +1,18 @@
+FROM nginx
+
+RUN apt-get update -qq && apt-get -y install apache2-utils
+
+ENV RAILS_ROOT /app
+WORKDIR $RAILS_ROOT
+
+RUN mkdir log
+
+COPY public public/
+COPY nginx.conf /tmp/docker.nginx
+
+RUN envsubst '$RAILS_ROOT' < /tmp/docker.nginx > /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+EXPOSE 443
+
+CMD [ "nginx", "-g", "daemon off;" ]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 6219804..db04d65 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,17 @@
 version: '3'
 services:
+  web:
+    build:
+      context: .
+      dockerfile: Dockerfile.nginx
+    depends_on:
+      - app
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /home/dockerexec/.local/share/docker/certs/ssl-bundle.pem:/etc/ssl/ssl-bundle.pem
+      - /home/dockerexec/.local/share/docker/certs/privatekeymultidominiogetxo.pem:/etc/ssl/privatekeymultidominiogetxo.pem
   app:
     build: .
     volumes:
@@ -16,7 +28,6 @@ services:
       - REDIS_URL=${REDIS_URL:-redis://redis:6379/0}
       - WEB_CONCURRENCY=${WEB_CONCURRENCY:-2}
       - LOG_LEVEL=${LOG_LEVEL:-info}
-      - MAPS_PROVIDER=${MAPS_PROVIDER:-here}
       - DECIDIM_ENABLE_HTML_HEADER_SNIPPETS=${DECIDIM_ENABLE_HTML_HEADER_SNIPPETS:-true}
       - DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS=${DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS:-0}
       - CHANGE_ACTIVE_STEP=${CHANGE_ACTIVE_STEP:-enabled}
@@ -34,8 +45,6 @@ services:
       - MAPS_PROVIDER=${MAPS_PROVIDER:-here}
       - RACK_ATTACK_SECRET
       - CENSUS_URL
-    ports:
-      - 3000:3000
     depends_on:
       - db
       - redis
@@ -55,7 +64,6 @@ services:
       - RUN_SIDEKIQ=true
       - SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-5}
       - LOG_LEVEL=${LOG_LEVEL:-info}
-      - MAPS_PROVIDER=${MAPS_PROVIDER:-here}
       - DECIDIM_ENABLE_HTML_HEADER_SNIPPETS=${DECIDIM_ENABLE_HTML_HEADER_SNIPPETS:-true}
       - DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS=${DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS:-0}
       - CHANGE_ACTIVE_STEP=${CHANGE_ACTIVE_STEP:-enabled}
@@ -83,6 +91,7 @@ services:
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-decidim}
       - POSTGRES_DB=${POSTGRES_DB:-decidim}
     volumes:
+      - /home/dockerexec/:/home
       - pg_data:/var/lib/postgresql/data
   redis:
     image: redis
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..357f979
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,79 @@
+upstream app {
+  server 'app:3000';
+}
+
+server {
+  server_name _;
+  listen 80 default_server;
+  listen [::]:80 ipv6only=on default_server;
+  listen 443 ssl;
+  listen [::]:443 ipv6only=on ssl;
+
+  ssl_certificate    /etc/ssl/ssl-bundle.pem;
+  ssl_certificate_key    /etc/ssl/privatekeymultidominiogetxo.pem;
+
+  # ~2 seconds is often enough for most folks to parse HTML/CSS and
+  # retrieve needed images/icons/frames, connections are cheap in
+  # nginx so increasing this is generally safe...
+  keepalive_timeout 5;  # path for static files
+
+  root /app/public;
+  access_log /app/log/nginx.access.log;
+  error_log /app/log/nginx.error.log info;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/maintenance.html) {
+    rewrite  ^(.*)$  /maintenance.html last;
+    break;
+  }  
+
+  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewrite tests on it
+    if (-f $request_filename) {
+      break;
+    }
+
+    # check for index.html for directory index
+    # if it's there on the filesystem then rewrite
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rack page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewrite the url to have explicit .html on the end
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the
+    # necessary headers and proxies to our upstream pumas
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      proxy_pass http://app;
+      break;
+    }
+  }
+
+  # Now this supposedly should work as it gets the filenames with querystrings that Rails provides.
+  # BUT there's a chance it could break the ajax calls.
+  location ~* \.(ico|css|gif|jpe?g|png|js)(\?[0-9]+)?$ {
+     expires max;
+     break;
+  }
+
+  # Error pages
+  # error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root /app/current/public;
+  }
+}
\ No newline at end of file