stain/docker-compose.override.yml

## docker-compose.override.yml
version: '2'
volumes:
  mongodata:
  rdfsink:
  virtuosodb:
services:
  server:
    environment:
      - NPS_PUBLIC_URL=https://openphacts.cs.man.ac.uk/nanopub/server/
  ldf:
    environment:
      - BASEURL=https://openphacts.cs.man.ac.uk/nanopub/ldf/
  grlc:
    environment:
      - GRLC_SERVER_NAME=openphacts.cs.man.ac.uk
  db:
    volumes:
      - mongodata:/data/db
  rdfsink:
    volumes:
      - rdfsink:/data
  virtuoso:
    volumes:
      - virtuosodb:/data

## girlc-config.ini
#(base) stain@ondex2:~/nanopub-server$ docker-compose exec grlc sh
# cat config.ini
[auth]
github_access_token =

[local]
local_sparql_dir = /home/grlc/queries/

[defaults]
# Default endpoint, if none specified elsewhere
sparql_endpoint = http://virtuoso:8890/sparql/
server_name = openphacts.cs.man.ac.uk
# endpoint default authentication
user = none
password = none
# Logging level
debug = True

## inner-nginx-default.conf
#docker-compose exec nginx sh
# cat /etc/nginx/conf.d/default.conf
server {
  listen 80;
  location ~ ^/$ {
    return 301 ./tapas/tapas.html;
  }
  location /tapas/ {
        root /var/www/;
  }
  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://grlc:80/;
  }
}

## ldf-config.json
// docker-compose exec ldf sh
// cat config.json
{
  "title": "My Linked Data Fragments server",

  "protocol": "http",
  "baseURL": "https://openphacts.cs.man.ac.uk/nanopub/ldf/",
  "datasources": {
    "np": {
      "title": "Nanopublications",
      "type": "SparqlDatasource",
      "description": "Nanopublications",
      "settings": { "endpoint": "http://virtuoso:8890/sparql" }
    }
  },

  "prefixes": {
    "rdf":         "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
    "rdfs":        "http://www.w3.org/2000/01/rdf-schema#",
    "xsd":         "http://www.w3.org/2001/XMLSchema#",
    "dc":          "http://purl.org/dc/terms/",
    "foaf":        "http://xmlns.com/foaf/0.1/",
    "dbpedia":     "http://dbpedia.org/resource/",
    "dbpedia-owl": "http://dbpedia.org/ontology/",
    "dbpprop":     "http://dbpedia.org/property/",
    "hydra":       "http://www.w3.org/ns/hydra/core#",
    "void":        "http://rdfs.org/ns/void#"
  }
}

## local-tapas-config.js
# docker-compose exec nginx sh
# cat /var/www/tapas/local-tapas-config.js
var grlcInstance = '..';
var defaultApi = 'local/local';
var defaultApiLongName = 'Nanopublication API';
var defaultApiShortName = 'nanopub-api';
var apiChangeable = false;

## nanopub-index.html
<!DOCTYPE html>
<html lang="en">
<head><title>Nanopublication server openphacts.cs.man.ac.uk</title>
<body>
<h1>Nanopublication server openphacts.cs.man.ac.uk</h1>
<ul>
  <li><a href="server/">server</a> - NanoPub server API</li>
  <li><a href="ldf/np">ldf</a> - Linked Data Fragments API</li>
  <li><a href="grlc/">grlc</a> - GRLC SPARQ-to-REST API</li>
</ul>
<address><a href="https://twitter.com/soilandreyes">@soilandreyes</a></address>
</body>
</html>

## nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";
        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


## sites-enabled--default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }


}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

server {

        # SSL configuration

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
    server_name openphacts.cs.man.ac.uk;


        location /nanopub/server {
             proxy_pass http://localhost:7880/;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Forwarded-Port $server_port;

        }
        location /nanopub/grlc {
                proxy_pass http://localhost:7881/;
                proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Forwarded-Port $server_port;

        }
        location /nanopub/ldf {
                proxy_pass http://localhost:7882;
                proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Forwarded-Port $server_port;

        }
        location /nanopub {
            try_files $uri $uri/ =404;
        }
        location /nanopub-server {
           rewrite ^/nanopub-server(.*) https://openphacts.cs.man.ac.uk/nanopub/server$1 permanent;
           return 301;
        }

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;


             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
             proxy_set_header X-Forwarded-Port $server_port;
        }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/openphacts.cs.man.ac.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/openphacts.cs.man.ac.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

# Client certificate for code-server
## https://gist.github.com/mtigas/952344
ssl_client_certificate /root/ca/intermediate/certs/ca-chain.cert.pem;
ssl_verify_client optional;


}
server {

        location /.well-known {
                try_files $uri $uri/ =404;
        }


    if ($host = ondex2.cs.man.ac.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = openphacts.cs.man.ac.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 ;
        listen [::]:80 ;
    server_name openphacts.cs.man.ac.uk ondex2.cs.man.ac.uk;
    return 301 https://openphacts.cs.man.ac.uk/;


}
	version: '2'
	volumes:
	mongodata:
	rdfsink:
	virtuosodb:
	services:
	server:
	environment:
	- NPS_PUBLIC_URL=https://openphacts.cs.man.ac.uk/nanopub/server/
	ldf:
	environment:
	- BASEURL=https://openphacts.cs.man.ac.uk/nanopub/ldf/
	grlc:
	environment:
	- GRLC_SERVER_NAME=openphacts.cs.man.ac.uk
	db:
	volumes:
	- mongodata:/data/db
	rdfsink:
	volumes:
	- rdfsink:/data
	virtuoso:
	volumes:
	- virtuosodb:/data
	#(base) stain@ondex2:~/nanopub-server$ docker-compose exec grlc sh
	# cat config.ini
	[auth]
	github_access_token =

	[local]
	local_sparql_dir = /home/grlc/queries/

	[defaults]
	# Default endpoint, if none specified elsewhere
	sparql_endpoint = http://virtuoso:8890/sparql/
	server_name = openphacts.cs.man.ac.uk
	# endpoint default authentication
	user = none
	password = none
	# Logging level
	debug = True
	#docker-compose exec nginx sh
	# cat /etc/nginx/conf.d/default.conf
	server {
	listen 80;
	location ~ ^/$ {
	return 301 ./tapas/tapas.html;
	}
	location /tapas/ {
	root /var/www/;
	}
	location / {
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://grlc:80/;
	}
	}
	// docker-compose exec ldf sh
	// cat config.json
	{
	"title": "My Linked Data Fragments server",

	"protocol": "http",
	"baseURL": "https://openphacts.cs.man.ac.uk/nanopub/ldf/",
	"datasources": {
	"np": {
	"title": "Nanopublications",
	"type": "SparqlDatasource",
	"description": "Nanopublications",
	"settings": { "endpoint": "http://virtuoso:8890/sparql" }
	}
	},

	"prefixes": {
	"rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
	"rdfs": "http://www.w3.org/2000/01/rdf-schema#",
	"xsd": "http://www.w3.org/2001/XMLSchema#",
	"dc": "http://purl.org/dc/terms/",
	"foaf": "http://xmlns.com/foaf/0.1/",
	"dbpedia": "http://dbpedia.org/resource/",
	"dbpedia-owl": "http://dbpedia.org/ontology/",
	"dbpprop": "http://dbpedia.org/property/",
	"hydra": "http://www.w3.org/ns/hydra/core#",
	"void": "http://rdfs.org/ns/void#"
	}
	}
	# docker-compose exec nginx sh
	# cat /var/www/tapas/local-tapas-config.js
	var grlcInstance = '..';
	var defaultApi = 'local/local';
	var defaultApiLongName = 'Nanopublication API';
	var defaultApiShortName = 'nanopub-api';
	var apiChangeable = false;
	<!DOCTYPE html>
	<html lang="en">
	<head><title>Nanopublication server openphacts.cs.man.ac.uk</title>
	<body>
	<h1>Nanopublication server openphacts.cs.man.ac.uk</h1>
	<ul>
	<li><a href="server/">server</a> - NanoPub server API</li>
	<li><a href="ldf/np">ldf</a> - Linked Data Fragments API</li>
	<li><a href="grlc/">grlc</a> - GRLC SPARQ-to-REST API</li>
	</ul>
	<address><a href="https://twitter.com/soilandreyes">@soilandreyes</a></address>
	</body>
	</html>
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 768;
	# multi_accept on;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";
	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}
	##
	# You should look at the following URL's in order to grasp a solid understanding
	# of Nginx configuration files in order to fully unleash the power of Nginx.
	# http://wiki.nginx.org/Pitfalls
	# http://wiki.nginx.org/QuickStart
	# http://wiki.nginx.org/Configuration
	#
	# Generally, you will want to move this file somewhere, and start with a clean
	# file but keep this around for reference. Or just disable in sites-enabled.
	#
	# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
	##

	# Default server configuration
	#
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ =404;
	}



	}


	# Virtual Host configuration for example.com
	#
	# You can move that to a different file under sites-available/ and symlink that
	# to sites-enabled/ to enable it.
	#
	#server {
	# listen 80;
	# listen [::]:80;
	#
	# server_name example.com;
	#
	# root /var/www/example.com;
	# index index.html;
	#
	# location / {
	# try_files $uri $uri/ =404;
	# }
	#}

	server {

	# SSL configuration

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
	server_name openphacts.cs.man.ac.uk;


	location /nanopub/server {
	proxy_pass http://localhost:7880/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Port $server_port;

	}
	location /nanopub/grlc {
	proxy_pass http://localhost:7881/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Port $server_port;

	}
	location /nanopub/ldf {
	proxy_pass http://localhost:7882;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Port $server_port;

	}
	location /nanopub {
	try_files $uri $uri/ =404;
	}
	location /nanopub-server {
	rewrite ^/nanopub-server(.*) https://openphacts.cs.man.ac.uk/nanopub/server$1 permanent;
	return 301;
	}

	location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ =404;


	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-Port $server_port;
	}
	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/openphacts.cs.man.ac.uk/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/openphacts.cs.man.ac.uk/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	# Client certificate for code-server
	## https://gist.github.com/mtigas/952344
	ssl_client_certificate /root/ca/intermediate/certs/ca-chain.cert.pem;
	ssl_verify_client optional;



	}
	server {

	location /.well-known {
	try_files $uri $uri/ =404;
	}


	if ($host = ondex2.cs.man.ac.uk) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	if ($host = openphacts.cs.man.ac.uk) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80 ;
	listen [::]:80 ;
	server_name openphacts.cs.man.ac.uk ondex2.cs.man.ac.uk;
	return 301 https://openphacts.cs.man.ac.uk/;



	}