Add proxy configuration

surevine · Aug 4, 2022 · dc3c01a · dc3c01a
1 parent 83b84af
commit dc3c01a
Show file tree

Hide file tree

Showing 12 changed files with 1,644 additions and 0 deletions.
diff --git a/proxy/README.md b/proxy/README.md
@@ -0,0 +1,56 @@
+# Proxy configuration
+
+Running `./start.sh` will perform some cleanup then start the containers with an optional proxy.
+When running, the system looks like this:
+
+```
+                    +--------------------------+
+                    |                          |
+                    |      172.60.0.99         |
+                    |      +--------+          |
+(XMPP-C2S)   55222 -|      |        |          |
+(XMPP-S2S)   55269 -|------|  Nginx +          |
+(HTTP-Admin) 59090 -|      |        |          |
+(BOSH)       57070 -|      +----+---+          |
+                    |           |              |
+                    |           |              |
+                    |      172.60.0.10         |
+                    |      +--------+          |
+(XMPP-C2S)    5222 -|      |        |          |
+(XMPP-S2S)    5269 -|------| XMPP 1 +          |
+(HTTP-Admin)  9090 -|      |        |          |
+(BOSH)        7070 -|      +----+---+          |
+                    |           |              |
+                    |           |              |
+                    |       +---+--+           |
+                    |       |      |           |
+(Database)    5432 -|-------|  DB  +           |
+                    |       |      |           |
+                    |       +------+           |
+                    |      172.60.0.11         |
+                    |                          |
+                    +-----172.60.0.0/24--------+
+```
+
+Openfire is configured with the following XMPP domain:
+
+* `xmpp.localhost.example`
+
+Openfire is configured with the following FQDN:
+
+* `xmpp1.localhost.example`
+
+The following users are configured:
+
+* `admin` `admin`
+* `user1` `password`
+* `user2` `password`
+
+The following MUC rooms are configured:
+
+* `muc1`
+* `muc2`
+
+## Network
+
+The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24`.
diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml
@@ -0,0 +1,69 @@
+version: '3.7'
+
+services:
+
+  db:
+    image: library/postgres:9.6.24-alpine
+    ports:
+      - "5432:5432"
+    environment:
+      - "POSTGRES_DB=openfire"
+      - "POSTGRES_USER=openfire"
+      - "POSTGRES_PASSWORD=hunter2"
+    volumes:
+      - ./sql:/docker-entrypoint-initdb.d
+    networks:
+      openfire-net:
+        ipv4_address: 172.60.0.11
+
+  proxy:
+    image: nginx:stable
+    ports:
+      - "55222:55222"
+      - "55269:55269"
+      - "55270:55270"
+      - "57070:57070"
+      - "57443:57443"
+      - "59090:59090"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+    networks:
+      openfire-net:
+        ipv4_address: 172.60.0.99
+
+  xmpp:
+    image: "openfire:${OPENFIRE_TAG}"
+    ports:
+      - "5222:5222"
+      - "5269:5269"
+      - "7070:7070"
+      - "7443:7443"
+      - "9090:9090"
+    depends_on:
+      - "db"
+    volumes:
+      - ./_data/xmpp/conf:/var/lib/openfire/conf
+      - ./_data/plugins:/opt/plugins
+      - ../_common/wait-for-it.sh:/wait-for-it.sh
+    command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"]
+    networks:
+      openfire-net:
+        ipv4_address: 172.60.0.10
+    extra_hosts:
+      - "xmpp1.localhost.example:172.60.0.10"
+      - "conference.xmpp1.localhost.example:172.60.0.10"
+
+  dozzle:
+    image: amir20/dozzle:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 9999:8080
+
+networks:
+  openfire-net:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.60.0.0/24
diff --git a/proxy/nginx/nginx.conf b/proxy/nginx/nginx.conf
@@ -0,0 +1,73 @@
+# error_log stdout debug;
+
+stream {
+    upstream xmpp {
+        server 172.60.0.10:5222;
+    }
+    server {
+        listen 55222;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s; 
+        proxy_timeout 12h; # Set this lower to be more flappy
+        proxy_pass xmpp;
+    }
+
+    upstream bosh {
+        server 172.60.0.10:7070;
+    }
+    server {
+        listen 57070;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s; 
+        proxy_timeout 12h; # Set this lower to be more flappy
+        proxy_pass bosh;
+    }
+
+    upstream boshs {
+        server 172.60.0.10:7443;
+    }
+    server {
+        listen 57443;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s; 
+        proxy_timeout 30s;
+        proxy_pass boshs;
+    }
+
+    upstream s2s {
+        server 172.60.0.10:5269;
+    }
+    server {
+        listen 55269;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s; 
+        proxy_timeout 1m;
+        proxy_pass s2s;
+    }
+
+    upstream s2slegacy {
+        server 172.60.0.10:5270;
+    }
+    server {
+        listen 55270;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s; 
+        proxy_timeout 1m;
+        proxy_pass s2slegacy;
+    }
+}
+
+http {
+    server {
+        listen 59090;
+        tcp_nodelay on;
+        proxy_connect_timeout 10s;
+
+        location / {
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://172.60.0.10:9090;
+        }
+    }
+}
+
+events {}
diff --git a/proxy/plugins/jsxc.jar b/proxy/plugins/jsxc.jar