Merge pull request #5 from teknologi-umum/feat/pph21

feat: pph21
teknologi-umum · Feb 3, 2024 · ce56bbe · ce56bbe
2 parents 69957e2 + b924ac1
commit ce56bbe
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 25 deletions.
diff --git a/bagetter/CaddyFile b/bagetter/CaddyFile
diff --git a/bagetter/Caddyfile b/bagetter/Caddyfile
@@ -0,0 +1,23 @@
+nuget.teknologiumum.com {
+    reverse_proxy 127.0.0.1:5000 {
+        transport http {
+            read_buffer 16KiB
+            write_buffer 16KiB
+            compression off
+        }
+    }
+
+    header {
+        Server "Teknologi Umum"
+        Permissions-Policy interest-cohort=()
+        ?Strict-Transport-Security "max-age=604800; includeSubDomains"
+        ?X-Content-Type-Options nosniff
+        ?X-Frame-Options DENY
+        ?Referrer-Policy no-referrer-when-downgrade
+        ?Content-Security-Policy "default-src 'none'; font-src 'self'; script-src 'self' blob:; manifest-src 'self'; media-src 'self' data: blob: about:; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'; connect-src 'self'; worker-src blob:;"
+        ?Vary Origin
+        ?X-XSS-Protection "1; mode=block"
+    }
+
+    tls opensource@teknologiumum.com
+}
diff --git a/bagetter/docker-compose.yml b/bagetter/docker-compose.yml
@@ -29,4 +29,4 @@ services:
 
 volumes:
   bagetter-storage:
-    external: true
+    external: true
diff --git a/bagetter/setup.sh b/bagetter/setup.sh
@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-docker volume create bagetter-storage
+docker volume create bagetter-storage
diff --git a/pph21/docker-compose.yml b/pph21/docker-compose.yml
@@ -0,0 +1,63 @@
+services:
+  pph21:
+    image: ghcr.io/teknologi-umum/pph21:edge
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=pph21"
+      - "traefik.http.routers.pph21.entrypoints=web,websecure"
+      - "traefik.http.routers.pph21.rule=Host(`pph21.teknologiumum.com`)"
+      - "traefik.http.routers.pph21.tls.certresolver=tlsresolver"
+      - "traefik.http.routers.pph21.middlewares=pph21-header,pph21-rate,pph21-redirectscheme"
+      - "traefik.http.services.pph21.loadbalancer.server.port=3000"
+      - "traefik.http.services.pph21.loadbalancer.server.scheme=http"
+      - "traefik.http.services.pph21.loadbalancer.healthcheck.interval=30s"
+      - "traefik.http.services.pph21.loadbalancer.healthcheck.path=/"
+      - "traefik.http.middlewares.pph21-rate.ratelimit.average=200"
+      - "traefik.http.middlewares.pph21-rate.ratelimit.burst=100"
+      - "traefik.http.middlewares.pph21-rate.ratelimit.period=1s"
+      - "traefik.http.middlewares.pph21-header.headers.addvaryheader=true"
+      - "traefik.http.middlewares.pph21-header.headers.frameDeny=true"
+      - "traefik.http.middlewares.pph21-header.headers.browserxssfilter=true"
+      - "traefik.http.middlewares.pph21-header.headers.stsSeconds=604800"
+      - "traefik.http.middlewares.pph21-header.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.pph21-header.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.pph21-header.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.pph21-header.headers.customResponseHeaders.server=Teknologi Umum"
+      - "traefik.http.middlewares.pph21-redirectscheme.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.pph21-redirectscheme.redirectscheme.permanent=true"
+      - "com.centurylinklabs.watchtower.enable=true"
+    platform: linux/amd64
+    healthcheck:
+      test: curl -f http://localhost:3000/ || exit 1
+      interval: 15s
+      timeout: 10s
+      retries: 5
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: unless-stopped
+        delay: 30s
+        window: 120s
+      resources:
+        limits:
+          memory: 500MB
+          cpus: '1'
+        reservations:
+          memory: 10M
+          cpus: '0.05'
+    networks:
+      - pph21
+    logging:
+      driver: json-file
+      options:
+        max-size: 10M
+        max-file: 1
+
+networks:
+  pph21:
+    driver: bridge
+    external: true
+    ipam:
+      config:
+        - subnet: 172.16.20.16/28
diff --git a/pph21/setup.sh b/pph21/setup.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+docker network create --subnet=172.16.20.16/28 pph21
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
@@ -83,6 +83,7 @@ services:
       - conference
       - gold
       - monitoring
+      - pph21
 
 networks:
   pesto:
@@ -126,3 +127,5 @@ networks:
     external: true
   monitoring:
     external: true
+  pph21:
+    external: true
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/usr/bin/env bash

		docker network create --subnet=172.16.20.16/28 pph21