From cc4e145921100216d7a5d4a76311973241f62ded Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 5 Mar 2025 15:08:11 +0100
Subject: [PATCH] Initial  config

---
 dockerized/first-level-nginx/README.md        |  9 ++
 .../first-level-nginx/configs/node.conf       | 94 +++++++++++++++++++
 .../single_node/compose.yaml                  |  9 ++
 .../first-level-nginx/swarmed/compose.yaml    | 26 +++++
 4 files changed, 138 insertions(+)
 create mode 100644 dockerized/first-level-nginx/README.md
 create mode 100644 dockerized/first-level-nginx/configs/node.conf
 create mode 100644 dockerized/first-level-nginx/single_node/compose.yaml
 create mode 100644 dockerized/first-level-nginx/swarmed/compose.yaml

diff --git a/dockerized/first-level-nginx/README.md b/dockerized/first-level-nginx/README.md
new file mode 100644
index 0000000..df065fb
--- /dev/null
+++ b/dockerized/first-level-nginx/README.md
@@ -0,0 +1,9 @@
+## First Level NGINX
+
+This config allows for a default first level proxy to be put between FW and the other clusters
+
+### Single Node
+A multiple NGINX instances proxied by a single one
+
+### Swarmed
+4 Replicas
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/configs/node.conf b/dockerized/first-level-nginx/configs/node.conf
new file mode 100644
index 0000000..b15ee38
--- /dev/null
+++ b/dockerized/first-level-nginx/configs/node.conf
@@ -0,0 +1,94 @@
+# Main context (this is the global configuration)
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+
+    # Upstream block to define the Node.js backend servers
+    # Servers name come from compose definition
+
+    upstream swarm1_cluster {
+        server swarm1w1.sselab.ddns.net;
+        server swarm1w2.sselab.ddns.net;
+        server swarm1w3.sselab.ddns.net;
+        server swarm1w4.sselab.ddns.net;
+    }
+
+
+    #TODO manage certs
+    # server {
+    #     listen 443 ssl;  # Listen on port 443 for HTTPS
+    #     server_name localhost;
+
+    #     # SSL certificate settings
+    #     ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
+    #     ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
+
+    #     # Proxying requests to Node.js cluster
+    #     location / {
+    #         proxy_pass http://nodejs_cluster;
+    #         proxy_set_header Host $host;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #     }
+    # }
+
+
+    # Optional server block for HTTP to HTTPS redirection
+    server {
+        listen 80;  # Listen on port 80 for HTTP
+        server_name *.sw1.sselab.ddns.net;
+
+        
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+
+    server {
+        listen 80;
+        server_name *.sw1.hassallab.it;
+
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+
+    #Default Catch-all serving
+    server {
+        listen 80 default_server;
+        server_name _;
+        root /var/www/default;
+
+        location /{
+            try_files  $uri /$uri /index.php;
+        }
+    }
+}
diff --git a/dockerized/first-level-nginx/single_node/compose.yaml b/dockerized/first-level-nginx/single_node/compose.yaml
new file mode 100644
index 0000000..0ce2333
--- /dev/null
+++ b/dockerized/first-level-nginx/single_node/compose.yaml
@@ -0,0 +1,9 @@
+version: '3.7'
+
+services:
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '80:80'
+        - '443:443'
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
new file mode 100644
index 0000000..ca98775
--- /dev/null
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -0,0 +1,26 @@
+version: '3.7'
+
+services:
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '80:80'
+        - '443:443'
+      deploy:
+        replicas: 4
+        update_config:
+          parallelism: 2
+          order: start-first
+          failure_action: rollback
+          delay: 10s
+        rollback_config:
+          parallelism: 0
+          order: stop-first
+        restart_policy:
+          condition: any
+          delay: 5s
+          max_attempts: 3
+          window: 120s
+      healthcheck:
+        test: ["CMD", "service", "nginx", "status"]
\ No newline at end of file