login will use reverse proxy nginx server, also some bug fixes comple…

…ted.
anatolicvs · Sep 13, 2020 · 77b7c7d · 77b7c7d
1 parent 0b2cdc5
commit 77b7c7d
Show file tree

Hide file tree

Showing 7 changed files with 201 additions and 10 deletions.
diff --git a/build.sh b/build.sh
@@ -108,12 +108,13 @@ if [ ! -z "$DOMAIN" ]; then
 fi
 
 # creating .env and nginx.conf files from generic version 
-rm -f search/.env portal/.env search/nginx/nginx.conf portal/nginx/nginx.conf
+rm -f search/.env portal/.env search/nginx/nginx.conf portal/nginx/nginx.conf login/nginx/nginx.conf
 
 cp search/.env_generic search/.env
 cp portal/.env_generic portal/.env
 cp search/nginx/nginx_generic.conf search/nginx/nginx.conf 
 cp portal/nginx/nginx_generic.conf portal/nginx/nginx.conf 
+cp login/nginx/nginx_generic.conf login/nginx/nginx.conf
 if [ "$MODE" == "prod" ];then
   SERVER_IP="147.100.20.44"
   # search customization
@@ -131,6 +132,10 @@ if [ "$MODE" == "prod" ];then
   sed -i -e "s,REACT_APP_IN_SYLVA_ELASTICSEARCH_URL=.*,REACT_APP_IN_SYLVA_ELASTICSEARCH_URL=http://${SERVER_IP}:9200/," portal/.env
   sed -i -e "s,REACT_APP_IN_SYLVA_KEYCLOAK_URL=.*,REACT_APP_IN_SYLVA_KEYCLOAK_URL=http://${SERVER_IP}:7000/keycloak/auth//," portal/.env
   sed -i -e "s,REACT_APP_IN_SYLVA_PORTAINER_URL=.*,REACT_APP_IN_SYLVA_PORTAINER_URL=http://${SERVER_IP}:9000/#/init/admin/," portal/.env
+
+
+  # login customization 
+  sed -i -e "s,server_name .,server_name ${DOMAIN}login/," login/nginx/nginx.conf
 fi
 
 # login customization
@@ -157,15 +162,15 @@ export IN_SYLVA_SEARCH_HOST=$(grep IN_SYLVA_LOGIN_HOST ipconfig.txt| awk '{print
 export IN_SYLVA_reCAPTCHA_site_key="6LflFcoZAAAAABawkeag3uWRAdeFZ9uSB7vJoeTg"
 
 if [ "$MODE" == "dev" ]; then
-  export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}:7000/keycloak" 
+  export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}:8081/keycloak" 
   export IN_SYLVA_PORTAL_HOST_FOR_LOGIN="${DOMAIN}:3000" 
   export IN_SYLVA_SEARCH_HOST_FOR_LOGIN="${DOMAIN}:3001" 
-  export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}:3000/gatekeeper" 
+  export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}:8081/gatekeeper" 
 else 
-  export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}search/keycloak"  
+  export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}login/keycloak"  
   export IN_SYLVA_PORTAL_HOST_FOR_LOGIN="${DOMAIN}portal" 
   export IN_SYLVA_SEARCH_HOST_FOR_LOGIN="${DOMAIN}search" 
-  export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}portal/gatekeeper" 
+  export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}login/gatekeeper" 
 fi
 
 echo $IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN
@@ -184,7 +189,7 @@ fi
 
 echo $publickey
 echo "IN-SYLVA project 'Docker images' list: "
-echo "        --> gatekeeper, keycloak, login, portal, postgresql, sourceman, search, search-api, doc"
+echo "        --> gatekeeper, keycloak, login,login-server ,portal, postgresql, sourceman, search, search-api, doc"
 echo ""
 echo -n "Enter the name of docker image you want to build locally: (ex:gatekeeper or || all): "
 
@@ -215,6 +220,11 @@ case $imageName in
         wait
         echo -e $"login image Successfully built\n"
         ;;
+    "login-server")
+        sh ./login/nginx/build.sh $KEY
+        wait
+        echo -e $"login-server image Successfully built\n"
+        ;;
     "portal")
         sh ./portal/build.sh $KEY
         wait
@@ -273,6 +283,9 @@ case $imageName in
       sh ./doc/build.sh $KEY
       wait
       echo $"doc image Successfully built\n"
+      sh ./login/nginx/build.sh $KEY
+      wait
+      echo -e $"login-server image Successfully built\n"
       ;;
     *)
       echo "Option not allowed. Restart the build script and read carefully !"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -395,15 +395,23 @@ services:
       IN_SYLVA_CLIENT_ID: "in-sylva.user.app"
       IN_SYLVA_GRANT_TYPE: "password"
       IN_SYLVA_REALM: "in-sylva"
-    ports:
-      - 8081:8081
     links:
       - gatekeeper
       - keycloak
     networks:
       - insylva-net
     restart: unless-stopped
 
+  login-server: 
+    image: in-sylva.login-server:latest
+    container_name: in-sylva.login-server
+    depends_on: [login,gatekeeper,keycloak]
+    ports:
+      - 8081:8081
+    networks:
+      - insylva-net
+    restart: unless-stopped
+
   search:
     image: in-sylva.search:latest
     container_name: in-sylva.search

diff --git a/login/Dockerfile b/login/Dockerfile
@@ -75,5 +75,3 @@ EXPOSE 8080
 WORKDIR /app/in-sylva.user.login/
 
 CMD [ "pm2-runtime", "npm","--", "start" ]
-
-# CMD  npm run start
diff --git a/login/nginx/Dockerfile b/login/nginx/Dockerfile
@@ -0,0 +1,15 @@
+# Base on offical NGINX Alpine image
+FROM nginx:alpine
+
+# Remove any existing config files
+RUN rm /etc/nginx/conf.d/*
+
+# Copy config files
+# *.conf files in conf.d/ dir get included in main config
+COPY ./nginx.conf /etc/nginx/conf.d/
+
+# Expose the listening port
+EXPOSE 8081
+
+# Launch NGINX
+CMD [ "nginx", "-g", "daemon off;" ]
diff --git a/login/nginx/build.sh b/login/nginx/build.sh
@@ -0,0 +1,3 @@
+
+
+docker build --no-cache --tag in-sylva.login-server ./login/nginx/.
diff --git a/login/nginx/nginx.conf b/login/nginx/nginx.conf
@@ -0,0 +1,77 @@
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off;
+
+upstream login_upstream {
+  server login:8080;
+}
+
+upstream backend_gatekeeper {
+  hash $remote_addr$remote_port consistent;
+
+  server gatekeeper:4000;    
+}
+
+upstream backend_keycloak {
+  hash $remote_addr$remote_port consistent;
+
+  server keycloak:8080;    
+}
+
+server {
+  listen 8081 default_server;
+
+  server_name -;
+
+  server_tokens off;
+
+  gzip on;
+  gzip_proxied any;
+  gzip_comp_level 4;
+  gzip_types text/css application/javascript image/svg+xml;
+
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection 'upgrade';
+  proxy_set_header Host $host;
+  proxy_cache_bypass $http_upgrade;
+
+  add_header Access-Control-Allow-Origin '*' always;
+  add_header Access-Control-Allow-Credentials 'true' always;
+  add_header Access-Control-Allow-Methods 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
+  add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
+
+  location /_next/static {
+    proxy_cache STATIC;
+    proxy_pass http://login_upstream;
+
+    # For testing cache - remove before deploying to production
+    add_header X-Cache-Status $upstream_cache_status;
+  }
+
+  location /static {
+    proxy_cache STATIC;
+    proxy_ignore_headers Cache-Control;
+    proxy_cache_valid 60m;
+    proxy_pass http://login_upstream;
+
+    # For testing cache - remove before deploying to production
+    add_header X-Cache-Status $upstream_cache_status;
+  }
+
+  location / {
+    proxy_pass http://login_upstream;
+
+ }
+
+  location /gatekeeper/ {
+     proxy_pass http://backend_gatekeeper/;
+
+  }
+
+  location /keycloak/ {
+      proxy_pass http://backend_keycloak/keycloak/;
+  }
+
+  location /keycloak/auth/ {
+      proxy_pass http://backend_keycloak/keycloak/auth/;
+  }
+}
diff --git a/login/nginx/nginx_generic.conf b/login/nginx/nginx_generic.conf
@@ -0,0 +1,77 @@
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off;
+
+upstream login_upstream {
+  server login:8080;
+}
+
+upstream backend_gatekeeper {
+  hash $remote_addr$remote_port consistent;
+
+  server gatekeeper:4000;    
+}
+
+upstream backend_keycloak {
+  hash $remote_addr$remote_port consistent;
+
+  server keycloak:8080;    
+}
+
+server {
+  listen 8081 default_server;
+
+  server_name -;
+
+  server_tokens off;
+
+  gzip on;
+  gzip_proxied any;
+  gzip_comp_level 4;
+  gzip_types text/css application/javascript image/svg+xml;
+
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection 'upgrade';
+  proxy_set_header Host $host;
+  proxy_cache_bypass $http_upgrade;
+
+  add_header Access-Control-Allow-Origin '*' always;
+  add_header Access-Control-Allow-Credentials 'true' always;
+  add_header Access-Control-Allow-Methods 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;
+  add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
+
+  location /_next/static {
+    proxy_cache STATIC;
+    proxy_pass http://login_upstream;
+
+    # For testing cache - remove before deploying to production
+    add_header X-Cache-Status $upstream_cache_status;
+  }
+
+  location /static {
+    proxy_cache STATIC;
+    proxy_ignore_headers Cache-Control;
+    proxy_cache_valid 60m;
+    proxy_pass http://login_upstream;
+
+    # For testing cache - remove before deploying to production
+    add_header X-Cache-Status $upstream_cache_status;
+  }
+
+  location / {
+    proxy_pass http://login_upstream;
+
+ }
+
+  location /gatekeeper/ {
+     proxy_pass http://backend_gatekeeper/;
+
+  }
+
+  location /keycloak/ {
+      proxy_pass http://backend_keycloak/keycloak/;
+  }
+
+  location /keycloak/auth/ {
+      proxy_pass http://backend_keycloak/keycloak/auth/;
+  }
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -75,5 +75,3 @@ EXPOSE 8080
		WORKDIR /app/in-sylva.user.login/

		CMD [ "pm2-runtime", "npm","--", "start" ]

		# CMD npm run start
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@


		docker build --no-cache --tag in-sylva.login-server ./login/nginx/.