Fix some nginx bugs.

11 files changed, 112 insertions, 51 deletions

diff --git a/aio b/aio
new file mode 120000
index 0000000..5608f24
--- /dev/null
+++ b/aio
@@ -0,0 +1 @@
+./tool/aio.py
\ No newline at end of file
diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/docker/auto-certbot/daemon.bash
diff --git a/template/docker-compose.yaml.template b/template/docker-compose.yaml.template
index d8e1b85..8cb617a 100644
--- a/template/docker-compose.yaml.template
+++ b/template/docker-compose.yaml.template
@@ -58,6 +58,7 @@ services:
     ports:
       - "80:80"
       - "443:443"
+      - "443:443/udp"
     volumes:
       - "./nginx-config:/etc/nginx/conf.d:ro"
       - "./site:/srv/www:ro"
diff --git a/template/nginx/forbid_unknown_domain.conf b/template/nginx/forbid_unknown_domain.conf
new file mode 100644
index 0000000..ae96393
--- /dev/null
+++ b/template/nginx/forbid_unknown_domain.conf
@@ -0,0 +1,8 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    return 444;
+}
diff --git a/template/nginx/https-redirect.conf b/template/nginx/https-redirect.conf
deleted file mode 100644
index 6301836..0000000
--- a/template/nginx/https-redirect.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
-
-    location /.well-known/acme-challenge {
-        root /srv/acme;
-    }
-}
diff --git a/template/nginx/reverse-proxy.conf.template b/template/nginx/reverse-proxy.conf.template
index f8efc69..d7eebdf 100644
--- a/template/nginx/reverse-proxy.conf.template
+++ b/template/nginx/reverse-proxy.conf.template
@@ -21,3 +21,13 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
     }
 }
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN};
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
diff --git a/template/nginx/root.conf.template b/template/nginx/root.conf.template
index 8af8fff..a6992c7 100644
--- a/template/nginx/root.conf.template
+++ b/template/nginx/root.conf.template
@@ -8,3 +8,17 @@ server {
 
     root /srv/www;
 }
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${CRUPEST_DOMAIN};
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /.well-known/acme-challenge {
+        root /srv/acme;
+    }
+}
diff --git a/template/nginx/server.json b/template/nginx/server.json
index 1c3165c..56f3845 100644
--- a/template/nginx/server.json
+++ b/template/nginx/server.json
@@ -18,6 +18,14 @@
             }
         },
         {
+            "type": "reverse-proxy",
+            "subdomain": "timeline",
+            "upstream": {
+                "name": "timeline",
+                "server": "timeline:5000"
+            }
+        },
+        {
             "type": "cert-only",
             "subdomain": "mail"
         }
diff --git a/template/nginx/static-file.conf.template b/template/nginx/static-file.conf.template
index 2097302..1597d10 100644
--- a/template/nginx/static-file.conf.template
+++ b/template/nginx/static-file.conf.template
@@ -7,4 +7,16 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem;
 
     root ${CRUPEST_NGINX_ROOT};
+
+    client_max_body_size 5G;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${CRUPEST_NGINX_SUBDOMAIN}.${CRUPEST_DOMAIN};
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
 }
diff --git a/tool/aio.py b/tool/aio.py
index 011387d..b690b3e 100755
--- a/tool/aio.py
+++ b/tool/aio.py
@@ -24,33 +24,37 @@ def print_order(number: int, total: int, *, console=console) -> None:
 
 parser = argparse.ArgumentParser(
     description="Crupest server all-in-one setup script. Have fun play with it!")
+parser.add_argument("--no-hello", action="store_true",
+                    default=False, help="Do not print hello message.")
+
 subparsers = parser.add_subparsers(dest="action")
 
 setup_parser = subparsers.add_parser(
     "setup", help="Do everything necessary to setup the server.")
 
+print_path_parser = subparsers.add_parser(
+    "print-path", help="Print the paths of all related files and dirs.")
+
 download_tools_parser = subparsers.add_parser(
     "download-tools", help="Download some extra tools to manage the server.")
 
-domain_parser = subparsers.add_parser(
-    "domain", help="Misc things about domains.")
-domain_subparsers = domain_parser.add_subparsers(dest="domain_action")
-
-domain_list_parser = domain_subparsers.add_parser(
-    "list", help="List all domains.")
+list_domain_parser = subparsers.add_parser(
+    "list-domain", help="Misc things about domains.")
 
-domain_nginx_parser = domain_subparsers.add_parser(
+nginx_parser = subparsers.add_parser(
     "nginx", help="Generate nginx config for a domain.")
 
-domain_certbot_parser = domain_subparsers.add_parser(
+certbot_parser = subparsers.add_parser(
     "certbot", help="Get some common certbot commands.")
 
-domain_certbot_parser.add_argument(
+certbot_command_group = certbot_parser.add_mutually_exclusive_group()
+
+certbot_command_group.add_argument(
     "-C", "--create", action="store_true", default=False, help="Only print the command for 'create' action.")
-domain_certbot_parser.add_argument(
+certbot_command_group.add_argument(
     "-R", "--renew", action="store_true", default=False, help="Only print the command for 'renew' action.")
 
-domain_certbot_parser.add_argument(
+certbot_parser.add_argument(
     "-t", "--test", action="store_true", default=False, help="Make the commands for test use.")
 
 clear_parser = subparsers .add_parser(
@@ -60,7 +64,18 @@ clear_parser.add_argument("-D", "--include-data-dir", action="store_true",
 
 args = parser.parse_args()
 
-console.print("Nice to see you! :waving_hand:", style="cyan")
+if args.action == "certbot":
+    if args.create or args.renew:
+        args.no_hello = True
+
+if not args.no_hello:
+    console.print("Nice to see you! :waving_hand:", style="cyan")
+
+if args.action == 'print-path':
+    console.print("Project path =", project_dir)
+    console.print("Project absolute path =", project_abs_path)
+    console.print("Data path =", data_dir)
+    exit(0)
 
 
 def check_domain_is_defined() -> str:
@@ -127,34 +142,38 @@ def generate_nginx_config(domain: str) -> None:
     console.print("Nginx config generated.", style="green")
 
 
-if args.action == 'domain':
+if args.action == 'list-domain':
     domain = check_domain_is_defined()
-    domain_action = args.domain_action
-    if domain_action == 'list':
-        domains = list_domains(domain)
-        for domain in domains:
-            console.print(domain)
-    elif domain_action == 'certbot':
-        is_test = args.test
-        if args.create:
-            console.print(certbot_command_gen(domain, "create",
-                          test=is_test), soft_wrap=True, highlight=False)
-            exit(0)
-        elif args.renew:
-            console.print(certbot_command_gen(domain, "renew",
-                          test=is_test), soft_wrap=True, highlight=False)
-            exit(0)
-        console.print(
-            "Here is some commands you can use to do certbot related work.")
-        if is_test:
-            console.print(
-                "Note you specified --test, so the commands are for test use.", style="yellow")
-        console.print(
-            f"To create certs for init:\n[code]{certbot_command_gen(domain, 'create', test=is_test)}[/]")
+    domains = list_domains(domain)
+    for domain in domains:
+        console.print(domain)
+    exit(0)
+
+if args.action == 'certbot':
+    domain = check_domain_is_defined()
+    is_test = args.test
+    if args.create:
+        console.print(certbot_command_gen(domain, "create",
+                                          test=is_test), soft_wrap=True, highlight=False)
+        exit(0)
+    elif args.renew:
+        console.print(certbot_command_gen(domain, "renew",
+                                          test=is_test), soft_wrap=True, highlight=False)
+        exit(0)
+    console.print(
+        "Here is some commands you can use to do certbot related work.")
+    if is_test:
         console.print(
-            f"To renew certs previously created:\n[code]{certbot_command_gen(domain, 'renew', test=is_test)}[/]")
-    elif domain_action == 'nginx':
-        generate_nginx_config(domain)
+            "Note you specified --test, so the commands are for test use.", style="yellow")
+    console.print(
+        f"To create certs for init:\n[code]{certbot_command_gen(domain, 'create', test=is_test)}[/]")
+    console.print(
+        f"To renew certs previously created:\n[code]{certbot_command_gen(domain, 'renew', test=is_test)}[/]")
+    exit(0)
+
+if args.action == 'nginx':
+    domain = check_domain_is_defined()
+    generate_nginx_config(domain)
     exit(0)
 
 
diff --git a/tool/modules/nginx.py b/tool/modules/nginx.py
index e9cc0d9..ebbbee5 100755
--- a/tool/modules/nginx.py
+++ b/tool/modules/nginx.py
@@ -16,7 +16,7 @@ with open(os.path.join(nginx_template_dir, 'server.schema.json')) as f:
 
 jsonschema.validate(server, schema)
 
-non_template_files = ['ssl.conf', 'https-redirect.conf']
+non_template_files = ['ssl.conf', 'forbid_unknown_domain.conf']
 
 root_template = Template(os.path.join(
     nginx_template_dir, 'root.conf.template'))