# Reverse proxy

A docker implementation of a `nginx` reverse proxy with ambition to serve [LabKey][labkeyDocker].

# Installation and use

After cloning, copy `bin/envProxy.sh.sample` to `bin/envProxy.sh`. Typically, settings should be OK, 
bit `envProxy.sh` let's you set:
- `COMPOSE`: the compose file used in running reverse proxy
- `CONTAINER_NAME`: what name to set to the docker container service
- `NETWORK`: name of the network container will be attached to. Serving services should be attached
to the network of the same name in respective compose files.
- `DOCKERCOMPOSE`: which docker compose to use, legacy version came with a dash.

## Building the configuration

The configuration for nginx sites should be placed in `config/conf.d`, and `http.conf.off` is an example
forserving a (trivial) http only site. For starters, change suffixes of all other files in `conf.d` to 
`conf.off` and only enable `http.conf`, and start the server via:

```bash
bin/startRProxy.sh
```

Accessing `http://localhost` should show you the default landing page with some text attesting to the fact.

EXPERT CORNER: The `rproxy` server out of the box provides a `nginx.conf` file, where a statement
drives the proxy to include files ending in `.conf`. Changing suffix to `conf.off` discards such files from `nginx`
consideration

For SSL, you should obtain SSL certificate either through your own CA or a CA service like [certbot][]. Then
update `https.conf.off` accordingly and activate it by changing suffix to `.conf`, and disable plain http by
adding suffix `.off`. For the first test, disable client verification (set `ssl_verify_client` to `off`). Try 
accessing the page again to validate for SSL access. If you have a client certificate matching the CA, you can 
set verification to `on` and check client verification as well.

For redirecting to embedded service like labkey, look at `labkey.conf.off` and adjust `proxy_pass` directive
to reflect your setup. You may use directory based or server name based redirection to services, in the 
later case `server_name` directive will drive service selection.

## Starting, stopping and reloading

Utility scripts in `bin` allow to start, `startRproxy.sh`, stop `stopRproxy.sh` and reload configuration, `reloadRproxy.sh`.

EXPERT CORNER: There are also `startNetwork.sh` and `stopNetwork.sh` utility scripts, where range of IP addresses
can be set, which can be useful in local IP clash avoidance.

[certbot]: https://certbot.eff.org