6 files changed, 32 insertions(+), 17 deletions(-)

M .env
M CHANGELOG.md
M README.md
M chat.yml
M clients.yml
M server.yml

@@ 15,6 15,7 @@ OAUTH_CONSUMER_SECRET=osm.org > My Settings > oauth settings > page bottom
 # Necessary settings.
 #
 DOMAIN_NAME=damn-project.org
+WWW_REPO=https://git.sr.ht/~qeef/damn-www.git
 
 ####################################################
 #                                                  #


@@ 46,6 47,7 @@ SERVER_SUB=server
 DAMN_SERVER_VERSION=v0.7.0
 DAMN_CLIENTS=*,
 DB_HOST=damndb_server
+WWW_SUB=www
 
 # Optional client settings.
 #

@@ 12,6 12,11 @@ The format is based on [Keep a Changelog][] and this project adheres to
 Unreleased
 ==========
 
+Added
+-----
+
+- Web page service.
+
 
 0.8.0 - 2020-11-11
 ==================

@@ 43,6 43,13 @@ section for the database periodic upkeep scripts.
 Server setup
 ------------
 
+There are few services within the `server.yml` docker compose file. There is
+`db` and `api` services. These are the core services. `db` serves the database
+and the `api` is the JSON REST (Fast)API to the database. Then, there is the
+`upkeep` that runs periodic tasks on the database. (See the *Damn upkeep*
+section.) The next is the `www` service serving the web pages. Finally, the
+`traefik` service provides the gate to all the services above.
+
 1. Set environment variables in `.env` file. The following is the meaning:
 
     - `POSTGRES_PASSWORD`: Password to PostgreSQL database.


@@ 52,6 59,7 @@ Server setup
     - `OAUTH_CONSUMER_SECRET`: API secret, get from osm.org.
 
     - `DOMAIN_NAME`: Use your domain.
+    - `WWW_REPO`: Link to a docker git repository with web pages.
 
     The following are optinal settings. You don't need to change them. The
     defaults work good.


@@ 60,6 68,7 @@ Server setup
     - `DAMN_SERVER_VERSION`: Choose the version of the server.
     - `DAMN_CLIENTS`: Allow origins clients.
     - `DB_HOST`: Alias of `db` docker service, keep that value.
+    - `WWW_SUB`: The subdomain for the web pages.
 
 2. Set proper email address in `traefik.yml` file.
 

@@ 8,17 8,9 @@ services:
         env_file: .env
         restart: always
         labels:
-            - "traefik.http.routers.chat-unsec.entrypoints=web"
-            - "traefik.http.routers.chat-unsec.rule=Host(`${CHAT_SUB}.${DOMAIN_NAME}`)"
-            - "traefik.http.routers.chat-unsec.middlewares=redir@docker"
-            - "traefik.http.routers.chat.entrypoints=web-secure"
             - "traefik.http.routers.chat.rule=Host(`${CHAT_SUB}.${DOMAIN_NAME}`)"
             - "traefik.http.routers.chat.tls=true"
             - "traefik.http.routers.chat.tls.certresolver=le"
-            - "traefik.websocket.routers.chat-unsec.entrypoints=web"
-            - "traefik.websocket.routers.chat-unsec.rule=Host(`${CHAT_SUB}.${DOMAIN_NAME}`)"
-            - "traefik.websocket.routers.chat-unsec.middlewares=redir@docker"
-            - "traefik.websocket.routers.chat.entrypoints=web-secure"
             - "traefik.websocket.routers.chat.rule=Host(`${CHAT_SUB}.${DOMAIN_NAME}`)"
             - "traefik.websocket.routers.chat.tls=true"
             - "traefik.websocket.routers.chat.tls.certresolver=le"

@@ 16,10 16,6 @@ services:
         environment:
             - NGINX_HOST=${CLIENT_SUB}.${DOMAIN_NAME}
         labels:
-            - "traefik.http.routers.client-unsec.entrypoints=web"
-            - "traefik.http.routers.client-unsec.rule=Host(`${CLIENT_SUB}.${DOMAIN_NAME}`)"
-            - "traefik.http.routers.client-unsec.middlewares=redir@docker"
-            - "traefik.http.routers.client.entrypoints=web-secure"
             - "traefik.http.routers.client.rule=Host(`${CLIENT_SUB}.${DOMAIN_NAME}`)"
             - "traefik.http.routers.client.tls=true"
             - "traefik.http.routers.client.tls.certresolver=le"


@@ 35,10 31,6 @@ services:
         environment:
             - NGINX_HOST=${MANAGER_SUB}.${DOMAIN_NAME}
         labels:
-            - "traefik.http.routers.manager-unsec.entrypoints=web"
-            - "traefik.http.routers.manager-unsec.rule=Host(`${MANAGER_SUB}.${DOMAIN_NAME}`)"
-            - "traefik.http.routers.manager-unsec.middlewares=redir@docker"
-            - "traefik.http.routers.manager.entrypoints=web-secure"
             - "traefik.http.routers.manager.rule=Host(`${MANAGER_SUB}.${DOMAIN_NAME}`)"
             - "traefik.http.routers.manager.tls=true"
             - "traefik.http.routers.manager.tls.certresolver=le"

@@ 29,6 29,18 @@ services:
         env_file: .env
         links:
             - db
+    www:
+        build:
+            context: ${WWW_REPO}
+        restart: always
+        labels:
+            - "traefik.http.routers.www.rule=Host(`${WWW_SUB}.${DOMAIN_NAME}`) || Host(`${DOMAIN_NAME}`)"
+            - "traefik.http.routers.www.tls=true"
+            - "traefik.http.routers.www.tls.certresolver=le"
+            - "traefik.http.routers.www.middlewares=redir-www@docker"
+            - "traefik.http.middlewares.redir-www.redirectRegex.regex=^https://${DOMAIN_NAME}/(.*)"
+            - "traefik.http.middlewares.redir-www.redirectRegex.replacement=https://${WWW_SUB}.${DOMAIN_NAME}/$${1}"
+            - "traefik.http.middlewares.redir-www.redirectRegex.permanent=true"
     traefik:
         image: traefik:v2.0
         restart: always


@@ 40,6 52,9 @@ services:
             - 80:80
             - 443:443
         labels:
-            - "traefik.http.middlewares.redir.redirectscheme.scheme=https"
+            - "traefik.http.routers.redir-unsec.rule=HostRegexp(`{subdomain:[a-z]+}.${DOMAIN_NAME}`) || Host(`${DOMAIN_NAME}`)"
+            - "traefik.http.routers.redir-unsec.middlewares=redir-unsec@docker"
+            - "traefik.http.middlewares.redir-unsec.redirectscheme.scheme=https"
+            - "traefik.http.middlewares.redir-unsec.redirectscheme.permanent=true"
 volumes:
     damndb-volume: