Add nginx config in docker image

Author: ramanan-ravi

Dockerfile

@@ -11,10 +11,14 @@ RUN cd /root/docs/ \
     && make build
 
 FROM nginx:1.23-alpine
+MAINTAINER Deepfence Inc
 LABEL deepfence.role=system
 
-WORKDIR /home/deepfence
-ADD nginx.conf /etc/nginx/conf.d/default.conf
-RUN mkdir -p /var/www/html
-COPY --from=build /root/docs/build /var/www/html
-RUN ls -alh /var/www/html
+ADD community.deepfence.io.conf /etc/nginx/conf.d/community.deepfence.io.conf.template
+ADD docs.deepfence.io.conf /etc/nginx/conf.d/docs.deepfence.io.conf
+ADD docker-entrypoint.sh /docker-entrypoint.d/docker-entrypoint.sh
+RUN apk update \
+    && rm /etc/nginx/conf.d/default.conf  \
+    && mkdir -p /var/www/html \
+    && chmod +x /docker-entrypoint.d/docker-entrypoint.sh
+COPY --from=build /root/docs/build /var/www/html

README.md

@@ -74,14 +74,22 @@ Alternatively, you can build-and-serve the site as follows:
 yarn run serve --build --port 8000 --host 0.0.0.0
 ```
 
+## Docker image
+
+```bash
+./bootstrap.sh
+docker build -f Dockerfile -t deepfenceio/deepfence_docs:latest .
+docker run -dit --restart=always --name=deepfence-docs -e GITHUB_USER=aaa -e GITHUB_ACCESS_TOKEN=aaa -p 80:80 deepfenceio/deepfence_docs
+```
+
 ## Hosting the site
 
 The site is intended to be hosted behind two domains:
 
  * `community.mydomain.com`: the primary domain to be used to serve the site
  * `docs.mydomain.com`: used to provide links to the docs, particularly for the enterprise product documentation where a 'community' domain would not be appropriate.
 
-It's an anti pattern to serve an SPA from multiple domains, and switch domains during routing. Configuration is non-trivial and the user experience is poor as a change of domain means a full reload of the SPA. Therefore, `docs.mydomain.com/productname` redirects to `community.mydomain.com/docs/productname` to achieve this.
+It's an antipattern to serve an SPA from multiple domains, and switch domains during routing. Configuration is non-trivial and the user experience is poor as a change of domain means a full reload of the SPA. Therefore, `docs.mydomain.com/productname` redirects to `community.mydomain.com/docs/productname` to achieve this.
 
 The following, minimal NGINX configuration is sufficient:
 
@@ -134,24 +142,24 @@ Follow these steps if you'd like to add docs to a new Deepfence project, and to
 
 ### Get the Skeleton Files
 
-Check out the github repo you wish to add docs to.
+Check out the GitHub repo you wish to add docs to.
 
 Remove (back-up) any existing `/docs/` directory in the repo.
 
 Copy `skel/docs` into the root of the repo, to create a new `/docs/` directory.  This directory contains:
 
-| Filename | Purpose |
-| -------- | ------- |
-| `docs/docusaurus.config.js` | Sample configuration for your docusaurus docs site |
-| `docs/sidebars.js` | Sample sidebar for your documentation tree |
-| `docs/README.md` | README for the docs in your new repo, with build instructions |
-| `docs/docs/threatmapper` | Location for your docs files (must rename first) |
-| `docs/docs/threatmapper/index.md` | Your first documentation file |
-| In `docs/static:`<br/> `css/deepfence.css`,<br/> `img/deepfence-logo-black.svg`,<br/> `img/deepfence-logo-white.svg` | Styling for the deepfence skin for the `classic` theme |
-| `docs/src/pages/index.md` | Default home page for Deepfence docs; no need to edit |
-| `docs/yarn.lock`, `docs/package.json` | NPM package list, used when initialized with `yarn` |
-| `docs/.gitignore` | Configuration to ignore node dependencies and temporary files |
-| `docs/babel.config.js` | Babel config |
+| Filename                                                                                                             | Purpose                                                       |
+|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|
+| `docs/docusaurus.config.js`                                                                                          | Sample configuration for your docusaurus docs site            |
+| `docs/sidebars.js`                                                                                                   | Sample sidebar for your documentation tree                    |
+| `docs/README.md`                                                                                                     | README for the docs in your new repo, with build instructions |
+| `docs/docs/threatmapper`                                                                                             | Location for your docs files (must rename first)              |
+| `docs/docs/threatmapper/index.md`                                                                                    | Your first documentation file                                 |
+| In `docs/static:`<br/> `css/deepfence.css`,<br/> `img/deepfence-logo-black.svg`,<br/> `img/deepfence-logo-white.svg` | Styling for the deepfence skin for the `classic` theme        |
+| `docs/src/pages/index.md`                                                                                            | Default home page for Deepfence docs; no need to edit         |
+| `docs/yarn.lock`, `docs/package.json`                                                                                | NPM package list, used when initialized with `yarn`           |
+| `docs/.gitignore`                                                                                                    | Configuration to ignore node dependencies and temporary files |
+| `docs/babel.config.js`                                                                                               | Babel config                                                  |
 
 These are the basic skeleton files needed to create a local docs site.
 
@@ -168,14 +176,14 @@ Rename the `docs/threatmapper` directory to be product-appropriate, e.g. `packet
 Edit `docusaurus.config.js` to make it product-appropriate.  You'll want to replace:
 
 1. config.title
-1. config.tagline
-1. config.presets.docs.editURL
-1. themeconfig.navbar.items[0]
+2. config.tagline
+3. config.presets.docs.editURL
+4. themeconfig.navbar.items[0]
 
 Edit `sidebars.js`:
 
 1. Replace the name of the sidebar object to the appropriate product name.  
-1. Correct the value in the `sidebar-title`
+2. Correct the value in the `sidebar-title`
 
 You will want to edit sidebars.js further, to define the nav structure of the documentation, but that can wait.
 

community.deepfence.io.conf

@@ -0,0 +1,50 @@
+proxy_cache_path /var/www/cache keys_zone=apicache:1m;
+
+server {
+    #listen 443 ssl;
+    listen 80;
+    server_name community.deepfence.io;
+
+    location /gh-cache/ {
+        proxy_pass https://api.github.com/;
+        proxy_set_header Host   api.github.com;
+
+        proxy_set_header Authorization "Basic ${GITHUB_BASIC_AUTH}";
+
+        proxy_cache apicache;
+        add_header X-Cache-Status $upstream_cache_status;
+
+        # GH responses have cache-control: private, making them uncacheable
+        proxy_ignore_headers Cache-Control;
+
+        # cache 200, 301, 302 responses for 1m
+        # errors (e.g. 403 rate limit exceeded) will not be cached
+        proxy_cache_valid 1m;
+
+        # return previous valid response if we get a rate limit
+        # error, or other error type
+        proxy_cache_use_stale error timeout http_500 http_503 http_504 http_403 http_429;
+    }
+
+    location /dh-cache/ {
+        proxy_pass https://hub.docker.com/;
+        proxy_set_header Host   hub.docker.com;
+
+        proxy_cache apicache;
+        add_header X-Cache-Status $upstream_cache_status;
+        add_header Access-Control-Allow-Origin *;
+
+        # cache 200, 301, 302 responses for 1m
+        # errors (e.g. 403 rate limit exceeded) will not be cached
+        proxy_cache_valid 1m;
+
+        # return previous valid response if we get a rate limit
+        # error, or other error type
+        proxy_cache_use_stale error timeout http_500 http_503 http_504 http_403 http_429;
+    }
+
+    location / {
+        # the contents of the build process from Docusaurus
+        root /var/www/html;
+    }
+}

docker-entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+set -e
+
+export GITHUB_BASIC_AUTH=$(echo "${GITHUB_USER}:${GITHUB_ACCESS_TOKEN}" | base64)
+envsubst '${GITHUB_BASIC_AUTH}' < /etc/nginx/conf.d/community.deepfence.io.conf.template > /etc/nginx/conf.d/community.deepfence.io.conf
+rm -f /etc/nginx/conf.d/community.deepfence.io.conf.template

docs.deepfence.io.conf

@@ -0,0 +1,10 @@
+server {
+    #listen 443 ssl;
+    listen 80;
+    server_name docs.deepfence.io;
+    #ssl_certificate /etc/nginx/certs/minica.pem;
+    #ssl_certificate_key /etc/nginx/certs/minica-key.pem;
+    location / {
+        return 302 $scheme://community.deepfence.io/docs$request_uri;
+    }
+}