added nginx implementation

Author: CodeShellDev

.github/templates/README.template.md

@@ -57,12 +57,30 @@ And add secure Token(s) to `api.tokens`. See [API TOKENs](#api-tokens).
 
 ### Reverse Proxy
 
+##### Traefik
+
 Take a look at the [traefik](https://github.com/traefik/traefik) implementation:
 
 ```yaml
-{ { file.examples/traefik.docker-compose.yaml } }
+{ { file.examples/traefik/traefik.docker-compose.yaml } }
+```
+
+#### NGINX Proxy
+
+This is the [NGINX](https://github.com/nginx/nginx) `docker-compose.yaml` file:
+
+```yaml
+{ { file.examples/nginx/nginx.docker-compose.yaml } }
 ```
 
+Create a `nginx.conf` file in the `docker-compose.yaml` folder and mount it to `etc/nginx/conf.d/default.conf`:
+
+```conf
+{ { file.examples/nginx/nginx.conf } }
+```
+
+Lastly add your `cert.key` and `cert.crt` into your `certs/` folder and mount it to `/etc/nginx/ssl`.
+
 ## Setup
 
 Before you can send messages via Secured Signal API you must first set up [Signal rAPI](https://github.com/bbernhard/signal-cli-rest-api/blob/master/doc/EXAMPLES.md)
@@ -137,7 +155,7 @@ you have to add `@` in front of any KeyValue Pair assignment.
 
 Supported types include **strings**, **ints** and **arrays**. See [Formatting](#string-to-type).
 
-## Security: Best Practices
+## Best Practices
 
 - Always use API tokens in production
 - Run behind a TLS-enabled [Reverse Proxy](#reverse-proxy) (Traefik, Nginx, Caddy)

examples/reverse-proxy/nginx/nginx.conf

@@ -0,0 +1,28 @@
+server {
+    # Allow SSL on Port 443
+    listen 443 ssl;
+
+    # Add allowed hostnames which nginx should respond to
+    # `_` for any
+    server_name localhost;
+
+    ssl_certificate /etc/nginx/ssl/cert.crt;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+
+    location / {
+        # Use whatever network alias you set in the docker-compose file
+        proxy_pass http://secured-signal-api:8880;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Fowarded-Proto $scheme;
+    }
+}
+
+# Redirect HTTP to HTTPs
+server {
+    listen 80;
+    server_name localhost;
+    return 301 https://$host$request_uri;
+}

examples/reverse-proxy/nginx/nginx.docker-compose.yaml

@@ -0,0 +1,33 @@
+services:
+  secured-signal:
+    image: ghcr.io/codeshelldev/secured-signal-api:latest
+    container_name: secured-signal-api
+    environment:
+      API__URL: http://signal-api:8080
+      SETTINGS__VARIABLES__RECIPIENTS: "[+123400002,+123400003,+123400004]"
+      SETTINGS__VARIABLES__NUMBER: "+123400001"
+      API__TOKENS: "[LOOOOOONG_STRING]"
+    restart: unless-stopped
+    networks:
+      backend:
+        aliases:
+          - secured-signal-api
+
+  nginx:
+    image: nginx:latest
+    container_name: secured-signal-proxy
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+      # Load SSL certificates: cert.key, cert.crt
+      - ./certs:/etc/nginx/ssl
+    ports:
+      - "443:443"
+      - "80:80"
+    restart: unless-stopped
+    networks:
+      frontend:
+      backend:
+
+networks:
+  backend:
+  frontend: