From 8601fce2a9b1645f67f62bd698f758fd73cd974a Mon Sep 17 00:00:00 2001
From: Leonid Podolinskiy <leonidp@lightrun.com>
Date: Sun, 22 Sep 2024 13:52:15 +0300
Subject: [PATCH 1/3] upd broker files to L7

---
 lightrun-broker/Readme.md                     |  9 ++-
 .../conf/certs/tls.crt_placeholder            |  0
 .../conf/certs/tls.key_placeholder            |  0
 lightrun-broker/conf/default.template         | 68 ++++++++++++++++---
 lightrun-broker/docker-compose.yaml           | 13 ++--
 5 files changed, 76 insertions(+), 14 deletions(-)
 create mode 100644 lightrun-broker/conf/certs/tls.crt_placeholder
 create mode 100644 lightrun-broker/conf/certs/tls.key_placeholder

diff --git a/lightrun-broker/Readme.md b/lightrun-broker/Readme.md
index 521f963..eaaec5a 100644
--- a/lightrun-broker/Readme.md
+++ b/lightrun-broker/Readme.md
@@ -41,14 +41,19 @@ Open the `docker-compose.yaml` file in your preferred code editor, and change th
 
 > Note: *The `LIGHTRUN_SERVER` parameter should be in a `<tenant>.client.lightrun.com` format.*
 
-#### Step 2: Start the Lightrun Broker
+#### Step 2: Add certificate
+Add `tls.crt` and `tls.key` files with an appropriate content to the `/conf/certs`  
+> [!WARNING]  
+> _Don't forget to delete `tls.crt_placeholder` and `tls.key_placeholder` files_
+
+#### Step 3: Start the Lightrun Broker
 Start the Lightrun broker image with the following command. 
 
 ```
 docker-compose up -d
 ```
 
-#### Step 3: Confirm your connection
+#### Step 4: Confirm your connection
 Enter your Lightrun Server URL value into your browser. The connection should pass through the Lightrun Broker before going to the Lightrun server. 
 
 > Important: *Be sure that within your network **lightrun server** is resolved to IP of Lightrun broker.*
diff --git a/lightrun-broker/conf/certs/tls.crt_placeholder b/lightrun-broker/conf/certs/tls.crt_placeholder
new file mode 100644
index 0000000..e69de29
diff --git a/lightrun-broker/conf/certs/tls.key_placeholder b/lightrun-broker/conf/certs/tls.key_placeholder
new file mode 100644
index 0000000..e69de29
diff --git a/lightrun-broker/conf/default.template b/lightrun-broker/conf/default.template
index e702176..79878e5 100644
--- a/lightrun-broker/conf/default.template
+++ b/lightrun-broker/conf/default.template
@@ -1,14 +1,66 @@
-stream {
-    log_format basic '$remote_addr [$time_local] '
-                 '$protocol $status $bytes_sent $bytes_received '
-                 '$session_time';
+http {
     upstream lightrun {
-        server ${LIGHTRUN_SERVER}:443;
+        zone lightrun 64k;
+        server ${LIGHTRUN_SERVER}:443 max_fails=0;
+        keepalive 2;
     }
 
     server {
-        access_log /dev/stdout basic;
-        listen 443;
-        proxy_pass lightrun;
+      listen 8443 ssl;
+      server_name _ ; 
+      ssl_certificate          /etc/nginx/conf.d/certs/tls.crt;
+      ssl_certificate_key      /etc/nginx/conf.d/certs/tls.key;
+      ssl_prefer_server_ciphers on;
+
+      location / {
+        client_body_buffer_size    512k;
+        client_max_body_size       25m;
+
+
+        proxy_connect_timeout                   90s;
+        proxy_send_timeout                      90s;
+        proxy_read_timeout                      90s;
+
+        proxy_buffering                         on;
+        proxy_buffer_size                       1m;
+        proxy_buffers                           4 1m;
+        
+        proxy_max_temp_file_size                1024m;
+        
+        proxy_request_buffering                 on;
+        proxy_http_version                      1.1;
+        
+        proxy_cookie_domain                     off;
+        proxy_cookie_path                       off;
+        
+        proxy_pass https://lightrun;
+
+        proxy_set_header        Host ${LIGHTRUN_SERVER};
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+
+      }
+
+      location /socket {
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host ${LIGHTRUN_SERVER};
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_pass https://lightrun;
+
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+      }
+
+      error_page 500 502 503 504 /50x.html;
+      location = /50x.html {
+        root /usr/share/nginx/html;
+      }
     }
 }
diff --git a/lightrun-broker/docker-compose.yaml b/lightrun-broker/docker-compose.yaml
index c6ab633..03ba973 100644
--- a/lightrun-broker/docker-compose.yaml
+++ b/lightrun-broker/docker-compose.yaml
@@ -1,15 +1,20 @@
-version: "3.3"
+version: "3.9"
 services:
   nginx:
-    image: lightruncom/lightrun-broker:latest.layer4
+    image: lightruncom/lightrun-broker:0.1.0.layer7
     ports:
-    - "443:443"
+    - "443:8443"
     environment:
       LIGHTRUN_SERVER: <tenant>.client.lightrun.com
     volumes:
+      - type: bind
+        source: ./conf/certs/
+        target: /etc/nginx/conf.d/certs/
       - type: bind
         source: ./conf/default.template
         target: /tmp/default.template
     restart: always
     dns:
-      - 8.8.8.8 # Set here your public DNS for resolving original Lightrun endpoint
+      - 8.8.8.8
+
+

From 1d78a17d01c9d688cc37bcdba25c935b9ba3a8d3 Mon Sep 17 00:00:00 2001
From: Leonid Podolinskiy <leonidp@lightrun.com>
Date: Sun, 22 Sep 2024 14:13:14 +0300
Subject: [PATCH 2/3] remove version from docker compose

---
 lightrun-broker/docker-compose.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lightrun-broker/docker-compose.yaml b/lightrun-broker/docker-compose.yaml
index 03ba973..acf91e6 100644
--- a/lightrun-broker/docker-compose.yaml
+++ b/lightrun-broker/docker-compose.yaml
@@ -1,4 +1,3 @@
-version: "3.9"
 services:
   nginx:
     image: lightruncom/lightrun-broker:0.1.0.layer7
@@ -16,5 +15,3 @@ services:
     restart: always
     dns:
       - 8.8.8.8
-
-

From ff74feb59ac6357920816d6eb9d71a1058eadad1 Mon Sep 17 00:00:00 2001
From: Leonid Podolinskiy <leonidp@lightrun.com>
Date: Sun, 22 Sep 2024 14:29:48 +0300
Subject: [PATCH 3/3] add user root

---
 lightrun-broker/docker-compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lightrun-broker/docker-compose.yaml b/lightrun-broker/docker-compose.yaml
index acf91e6..7c8e4d6 100644
--- a/lightrun-broker/docker-compose.yaml
+++ b/lightrun-broker/docker-compose.yaml
@@ -3,6 +3,7 @@ services:
     image: lightruncom/lightrun-broker:0.1.0.layer7
     ports:
     - "443:8443"
+    user: root # may be requred for permissions to certificates
     environment:
       LIGHTRUN_SERVER: <tenant>.client.lightrun.com
     volumes: