From 284bb26d92376b3d66d8c0805d977237d92ed0b7 Mon Sep 17 00:00:00 2001
From: Christian Winther <jippignu@gmail.com>
Date: Sat, 6 Jan 2024 16:43:48 +0000
Subject: [PATCH] sync

---
 .dockerignore                        |  6 ++--
 .env.docker                          | 16 +++++++--
 .gitignore                           |  3 +-
 docker-compose.yml                   | 51 ++++++++++++++++++++++++++--
 docker/shared/root/docker/helpers.sh |  2 +-
 5 files changed, 66 insertions(+), 12 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index a4f4ff035..b7a6691d9 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,8 +2,6 @@
 .env
 .git
 .gitignore
-contrib/docker-compose/.env
-contrib/docker-compose/config
-contrib/docker-compose/data
-data
 docker-compose*.yml
+
+/docker-compose/
diff --git a/.env.docker b/.env.docker
index ba4f62556..72994a23a 100644
--- a/.env.docker
+++ b/.env.docker
@@ -6,10 +6,10 @@
 ###############################################################
 
 # Path (relative to the docker-compose.yml) or absolute (/some/other/path) file where containers will store their data
-DOCKER_DATA_ROOT="./data"
+DOCKER_DATA_ROOT="./docker-compose/data"
 
 # Path (relative to the docker-compose.yml) or absolute (/some/other/path) file where containers will store their confguration
-DOCKER_CONFIG_ROOT="./config"
+DOCKER_CONFIG_ROOT="./docker-compose/config"
 
 # Image to pull the Pixelfed Docker images from
 #
@@ -30,6 +30,12 @@ TZ="UTC"
 # Automatically run [artisan migrate --force] if new migrations are detected
 DOCKER_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="0"
 
+# The e-mail to use for Lets Encrypt certificate requests
+LETSENCRYPT_EMAIL="__CHANGE_ME__"
+
+# Lets Encrypt staging/test servers for certificate requests
+LETSENCRYPT_TEST="true"
+
 ###############################################################
 # Pixelfed application configuration
 ###############################################################
@@ -922,3 +928,9 @@ DOCKER_WEB_HTTP_PORT_EXTERNAL="8080"
 
 # Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
 DOCKER_WEB_HTTPS_PORT_EXTERNAL="444"
+
+# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTP traffic
+DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
+
+# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
+DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
diff --git a/.gitignore b/.gitignore
index 4396e4cdd..abb42ef7c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,5 @@ yarn-error.log
 .git-credentials
 /.composer/
 /nginx.conf
-/contrib/docker-compose/data
-/contrib/docker-compose/config
+/docker-compose/
 !/contrib/docker-compose/.env
diff --git a/docker-compose.yml b/docker-compose.yml
index 4b1b6ac4b..5960f3484 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,6 +6,43 @@ version: "3"
 ###############################################################
 
 services:
+  # HTTP/HTTPS proxy
+  #
+  # See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
+  proxy:
+    image: nginxproxy/nginx-proxy:1.4
+    container_name: "${APP_DOMAIN}-proxy"
+    #restart: unless-stopped
+    volumes:
+      - "/var/run/docker.sock:/tmp/docker.sock:ro"
+      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
+      - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
+      - "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
+      - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
+    ports:
+      - "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
+      - "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
+
+  # Proxy companion for managing letsencrypt SSL certificates
+  #
+  # See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
+  proxy-acme:
+    image: nginxproxy/acme-companion
+    container_name: "${APP_DOMAIN}-proxy-acme"
+    #restart: unless-stopped
+    environment:
+      DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
+      LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
+      NGINX_PROXY_CONTAINER: "${APP_DOMAIN}-proxy"
+    depends_on:
+      - proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
+      - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
+      - "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
+      - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
+
   web:
     image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
     # build:
@@ -15,9 +52,17 @@ services:
       - "./.env:/var/www/.env"
       - "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
       - "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
-    ports:
-      - "${DOCKER_WEB_HTTP_PORT_EXTERNAL}:80"
-      - "${DOCKER_WEB_HTTPS_PORT_EXTERNAL}:443"
+    environment:
+      LETSENCRYPT_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
+      VIRTUAL_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
+      VIRTUAL_PORT: "80"
+    labels:
+      com.github.nginx-proxy.nginx-proxy.keepalive: 30
+      com.github.nginx-proxy.nginx-proxy.http2.enable: true
+      com.github.nginx-proxy.nginx-proxy.http3.enable: true
+    # ports:
+    #   - "${DOCKER_WEB_HTTP_PORT_EXTERNAL}:80"
+    #   - "${DOCKER_WEB_HTTPS_PORT_EXTERNAL}:443"
     depends_on:
       - db
       - redis
diff --git a/docker/shared/root/docker/helpers.sh b/docker/shared/root/docker/helpers.sh
index 4217b56a6..c9b5bb531 100644
--- a/docker/shared/root/docker/helpers.sh
+++ b/docker/shared/root/docker/helpers.sh
@@ -410,7 +410,7 @@ function await-database-ready() {
         ;;
 
     *)
-        log-error-and-exit "Unknown database type: [${DB_CONNECT}]"
+        log-error-and-exit "Unknown database type: [${DB_CONNECTION}]"
         ;;
     esac