feat: nginx proxy with self-signed https mode

gmus-backend/certificates/cert.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF0zCCA7ugAwIBAgIUdh1Z5iFt2wJTotTlNEVOy/c04B0wDQYJKoZIhvcNAQEL
+BQAweTELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxDzANBgNVBAcMBkxv
+bmRvbjEQMA4GA1UECgwHbXkuZ211czEQMA4GA1UEAwwHbXkuZ211czEjMCEGCSqG
+SIb3DQEJARYUZmVsYW1hc2xlbkBnbWFpbC5jb20wHhcNMjEwMjE2MTEyNTUyWhcN
+MzEwMjE0MTEyNTUyWjB5MQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEP
+MA0GA1UEBwwGTG9uZG9uMRAwDgYDVQQKDAdteS5nbXVzMRAwDgYDVQQDDAdteS5n
+bXVzMSMwIQYJKoZIhvcNAQkBFhRmZWxhbWFzbGVuQGdtYWlsLmNvbTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPk4PaHBvW2sPhHRBCOEz+kkfeEkiy5g
+PGO6EpH18+ohE6OkFNIQhJFSaEqKmRFB5witTAQxcVazehJ3yCsnr0Yj8ig5utcZ
+PregbUUiCS+SamNVSRzkGShD8WzD210wTQBssjDNmXsjuKtLempurMfIY4RT3h7F
+7z9Wo3PQGD5jpGlQX1A5hTXYJmebZj0482wqDGby/mm0IYpe+F0T8mw17PlhPYHL
+fYYH3ELnyBmdSO2RFhxo7DCj0MTRIDT2sPcjyQXjnATRgVr2BoarF8UNhMPoiVhq
+N/YTxrxkzEUeRIpwUtqv8TC7QHjQD7ac75g76bmIFzDpmdw4AUkeXN3qY6kQXv40
+n3BmQN86TIfbfjJiyDs14IxtXIMZSR+c5jxsibMZKU4P8YXE1Gh/MsSVMmP+nnHA
+19jm7UoOpboW3y6jdqRwThh8H1ZYdyH7Y/vxuj8FMOepOo42CAfnm2h7lwfF9Zqi
+HJ9lp72Ns7n96U64hwld8VCLUwYW1al66nmR3j/ppGSoso1UjkZ8kl9BUFZOQbg6
+uTknI47tfvT3QAbSigRVU6xGljiKVOy1uZx7CjMTpi6sjzUKFKiq7csjXgRbxWbw
++wwEdi6rZhkgyq34UETRhFhKp6pSlBLd9EfcTO16LVzd9ataA92ydxclmfUOX44L
+Dk7bL6wkKrKzAgMBAAGjUzBRMB0GA1UdDgQWBBTG25eq5Gm2gsR9oPJrWQpVJ2I3
+zTAfBgNVHSMEGDAWgBTG25eq5Gm2gsR9oPJrWQpVJ2I3zTAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA2lfgN/iAXld9PVkelCBuVYeeyKwplxy44
+ZwS9FUYxZZ+wonwphg4BJ63gsqqhyc/W0XvSjiczYNZyH37P6xE8ZCM0WcxACDrK
+UL8+p+Q9bvWi0z+I7EC8TMiHCU9GSCsXTBOsRY8rLorC7FPdyjhf5W/mzjcxvuAN
+LYkWt3L4jyItsPbIAqvUIZ2DTqUINLACZAmISVndvy0E3d8KdolQ31R7a4DnK1MO
+BqolyqOeLCSogg1pZLZgmLasBE57IedqyltHpFcDURzOb3AOlcZFd+2Goyy1qkRD
+P+dE6X2i2TDinUL0Hz3GZmK9b2FDkCVnMWvom5t+rcnmumG+cVbrxN9xm7KJTsND
+r2YXHQnwR/akTNSM9k9Fto2wjFGKTwQQ8vkk2y3EF9yp8Xo/UPim1o/46vPvADk3
+d4vAvNwz1agkVoO8GWQ3iVdmTATO7iow3Lq0O2Wer0znuk7DnRbtv4XV9YlxRtFJ
+w8F40COMLexdmm00qe2AeULj+4vtUUU24RMfEYdLpgGw/OdxqqcrsO03jXxe5SSm
+TjQERWGuPVaJUk71lRFoExDRA6hUbKtRU7PBgS2jgxL846pK/x9zZJqldzt59agH
+iVlkdyaNVQRdKZsaDq1mfTq+5N1c65gYTKUvxSiNJIzYp1bwa/NZQDNTPwKwXyUv
+/Ls43CIT4Q==
+-----END CERTIFICATE-----

gmus-backend/certificates/key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQD5OD2hwb1trD4R
+0QQjhM/pJH3hJIsuYDxjuhKR9fPqIROjpBTSEISRUmhKipkRQecIrUwEMXFWs3oS
+d8grJ69GI/IoObrXGT63oG1FIgkvkmpjVUkc5BkoQ/Fsw9tdME0AbLIwzZl7I7ir
+S3pqbqzHyGOEU94exe8/VqNz0Bg+Y6RpUF9QOYU12CZnm2Y9OPNsKgxm8v5ptCGK
+XvhdE/JsNez5YT2By32GB9xC58gZnUjtkRYcaOwwo9DE0SA09rD3I8kF45wE0YFa
+9gaGqxfFDYTD6IlYajf2E8a8ZMxFHkSKcFLar/Ewu0B40A+2nO+YO+m5iBcw6Znc
+OAFJHlzd6mOpEF7+NJ9wZkDfOkyH234yYsg7NeCMbVyDGUkfnOY8bImzGSlOD/GF
+xNRofzLElTJj/p5xwNfY5u1KDqW6Ft8uo3akcE4YfB9WWHch+2P78bo/BTDnqTqO
+NggH55toe5cHxfWaohyfZae9jbO5/elOuIcJXfFQi1MGFtWpeup5kd4/6aRkqLKN
+VI5GfJJfQVBWTkG4Ork5JyOO7X7090AG0ooEVVOsRpY4ilTstbmcewozE6YurI81
+ChSoqu3LI14EW8Vm8PsMBHYuq2YZIMqt+FBE0YRYSqeqUpQS3fRH3Eztei1c3fWr
+WgPdsncXJZn1Dl+OCw5O2y+sJCqyswIDAQABAoICAA8W2KRyloWNaDSr8xQzdmMn
+UnfPPp4QNZfULEuqGJqUZhwCU0Bkv6IM20OoIJxq4RIla/TVCYe2Vi3IEtaKEJKu
+mnrVA/sCDEoR7IvDA8tdkhNxlnupU9ycQIHVWfLKed8Mtb0+tYw/HW9BoqfPC6cM
++vmIGmrCkTnEhSD9+HnOjqXRt/Ojh+06qRic0BPk3tgts5KII99CiMVX+rGoA4WJ
+vk9bE95H89GpqCxk3DiwzTmVD0GpGKPZR0qjXs/WH+DWydURcuDXzn0zaDG/KjFE
+IEW8TpSL2deMWvwNHlERBBVdt6aGAJRywfSOpGTqG5ecCQqysrTDcA1lVq6WqAip
+Eg5PefeUmezR3zRq6xg7U5BErrvcx1P4GnN1HX1JLzKBbIuelPYxcjNp6LZEUNnT
+m7x5OMdLy9YLYZUbM0jpEmt8i0j8giTEXJ8qfbihQADaB4aHut1q7zJeNsLd+Ox/
+/NbgbL7GYCTJUreASxWMFZhuALBXSk7BbZf7NeR44n9nK55d4nkcCc6fCaE64y22
+WNnT1ShHRlwUFpkmfaT5FgXUwuDA+LsIudWUTb/9Z3zOR37eVSWh6fO3RwYSQNBZ
+Naa96ysMpckleCjQkRQe6Lh8qEWsu8O+YLZmNc8pjguMn2BiyszwcRjey9hfOHYo
+Fj0geLMKeVOnRBsdeNwBAoIBAQD9+gUsKFwxqo0QShL2TjdR6Q2wkzIAvJCulSMc
+tQ0oFrou1S3wGagn1SodjyNG8SgU5BCZU/ImkEAQUa0klfcAGTFecPUCV4IGfjjE
+VfBdhyVdclSV2rebzKtDEpHvVIWmJv/JrmSYHmtkffp7FoVIRsHVb4402zvyzow/
+fa2Z0rd8bfg6mmjZHOnmPQNVx8WkMG5802F3phIfxqj9R0yRXGcK+vvjHlL2B7i2
+5LW8IcqMEk1rDfOWSXOB8Hel6iTHLUCQk0F6qspigoOlslzCwo2IMjmRu//lzNpL
+sTBdY54BQRe/Ocg/ZOjm/6LLErAmVmxpC5F+K6xIkPCZyeF9AoIBAQD7NITTKcpc
+qnlIzRoQaXdZVnW2ZoyYCBBtVRSo54e0AVXQWNcF7UaGiXa+Ou+77RYFG71l/ANv
+wUjjiQA3+MmEfngs1+i7smBcw/wWZR8aNXoPnIZamfwQvpOh2o1oCEZjSWUQsI2U
+YqTxMfeGD2jkZmNdV5aERSyc4c3rGAEelCBtgHBcZ3fHI2b9RNuiYMFB3MwpPQqa
+55TOan7mfRyb47GqF/euf+3dqXKG1iGcNRjJh5CjLJ7Cr7chQUQIsvdDB3pF6U9H
+ztmuQTK3pPtV+jruAP2BwRa1FVfWnWB6jTzHwrzQ8IBH+4N9CO3NiC84RUMNNdMO
+JuKI1EGh3RvvAoIBAQDySedPVf2F4BeM1625TarWuIc30WSdcUZxVpNVmp8/hFb/
+wJ1/dWqG/YOdCWV1EzDSpTP0ojHbejezmcecpHgrnt0LJKWII2VGvnl3TCjvgLMz
+r5NkFnCc8Cbd6MRR1oddl8zjYTxUJoj7KHehnz1tUxste6vlXtSU8Vi4ZTQNEAm9
+aceqWI33ue6ll8Uru1YgKZft+1X7Z/HYYJPsdG1mKwmeXwuXguFQFtOvnwaEwJPT
+Bs7Wd0vPLqlD59ys6m9FmDUE94Y6+N30FmBy3XJC1olgydFD517boo8KMLJcFWGx
+/qAh7ITNfX32iR+LrXtgR4hKuh+FhzJnU+ZEQGSdAoIBAHScubgo4zbHMEw6YgoS
+W4QOXdCRpFyDCdUnNNL/wAAwynxQcWjf7+hOcd/3DgjoE1vFt9Na/OFpEYQGuiJB
+jJLD/teaVwCi2pbVp/VhdeG9x27t03TFnLzNK01sXk5X4Q0AKjloLCEg9b692lDS
+YHf+i8vt+AJo9j/Rlry2xPZD/xW2FPLgWTsJVSrnRyoGzk/bxq6yFnU4Ydy8lTI8
+DAbV2UjDnYfU/T/0BCVRzAJup5YOJ3eIJB7uYQ2/9WwwYBYup3VCzDnibSy2OWwE
+22PbKHYJ4aTVVMw1HzSSlBHv9LIq1WoM6w//Ute9SF8sA/eUN38vaE1egbTRC7Kv
+KOMCggEARizMf0re/LXeYI3Eu67l8j9MIEEERaU+cmCVtKaytC5LwxrP+DbIhQAm
+dduI3Mko7hgdhcceDQu0AKnaWXY979we8KnsLEqMsyn0HWAtZMwA4mJa0p1UYSwl
+UJ2B5MiwJXumeR5F745xrfvX9yROQk4EBuqQd+zvUqZEJ0g73O2GCUElDSo8Mtkn
+zawwBkehQF1Qbyu+6TTUFMdvdCnnorJDjhMFOeDkAnGfnc9ss16XvjTrwnIePy3B
+a0wDB/WaCccIFmintIyEmsNwezO2PSPd34EpnK7Kv2DL2VeQJ6bdb18CH//P+Jb6
+Yp2K0vlyKXRvIIbarSNtYrocAGKhnw==
+-----END PRIVATE KEY-----

gmus-backend/docker-compose.yml

@@ -1,5 +1,20 @@
 version: "2"
 services:
+  nginx:
+    image: nginx:alpine
+    container_name: gmus_nginx
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./certificates:/etc/certificates
+    links:
+      - gmus-backend:gmus-backend
+    networks:
+      - net_gmus_dev
+    ports:
+      - ${PORT}:80
+      - ${PORT_SECURE}:443
+    env_file:
+      - .env
   gmus-backend:
     container_name: gmus-backend
     build:
@@ -7,19 +22,20 @@ services:
     volumes:
       - .:/app
       - /app/bin
+      - ${LIBRARY_DIRECTORY}:/library
     links:
       - gmus-db:db
       - gmus-redis:redis
     networks:
       - net_gmus_dev
     ports:
-      - 3002:80
+      - 3000
     env_file:
       - .env
     environment:
       GO_ENV: development
       HOST: 0.0.0.0
-      PORT: 80
+      PORT: 3000
       POSTGRES_HOST: db
       POSTGRES_DATABASE: music_player
       POSTGRES_USER: docker

gmus-backend/nginx.conf

@@ -0,0 +1,57 @@
+events {
+  worker_connections 768;
+}
+
+http {
+  server {
+    listen 80;
+    access_log off; # this is handled by the container
+    error_log off;
+
+    server_name my.gmus;
+
+    location / {
+      proxy_pass http://gmus-backend:3000;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /pubsub {
+      proxy_pass http://gmus-backend:3000/pubsub;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "Upgrade";
+      proxy_set_header Host $host;
+    }
+  }
+
+  server {
+    listen 443 ssl http2;
+    access_log off; # this is handled by the container
+    error_log off;
+
+    # self-signed (development mode)
+    ssl_certificate /etc/certificates/cert.pem;
+    ssl_certificate_key /etc/certificates/key.pem;
+
+    server_name my.budget;
+
+    location / {
+      proxy_pass http://gmus-backend:3000;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /pubsub {
+      proxy_pass http://gmus-backend:3000/pubsub;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "Upgrade";
+      proxy_set_header Host $host;
+    }
+  }
+}