From 77b7c7d84423fabf46f3221d7096dbdd7055d109 Mon Sep 17 00:00:00 2001 From: Aytac Ozkan Date: Sun, 13 Sep 2020 14:56:22 +0200 Subject: [PATCH] login will use reverse proxy nginx server, also some bug fixes completed. --- build.sh | 25 ++++++++--- docker-compose.yml | 12 +++++- login/Dockerfile | 2 - login/nginx/Dockerfile | 15 +++++++ login/nginx/build.sh | 3 ++ login/nginx/nginx.conf | 77 ++++++++++++++++++++++++++++++++++ login/nginx/nginx_generic.conf | 77 ++++++++++++++++++++++++++++++++++ 7 files changed, 201 insertions(+), 10 deletions(-) create mode 100644 login/nginx/Dockerfile create mode 100644 login/nginx/build.sh create mode 100644 login/nginx/nginx.conf create mode 100644 login/nginx/nginx_generic.conf diff --git a/build.sh b/build.sh index 88f4ca4..9266687 100755 --- a/build.sh +++ b/build.sh @@ -108,12 +108,13 @@ if [ ! -z "$DOMAIN" ]; then fi # creating .env and nginx.conf files from generic version -rm -f search/.env portal/.env search/nginx/nginx.conf portal/nginx/nginx.conf +rm -f search/.env portal/.env search/nginx/nginx.conf portal/nginx/nginx.conf login/nginx/nginx.conf cp search/.env_generic search/.env cp portal/.env_generic portal/.env cp search/nginx/nginx_generic.conf search/nginx/nginx.conf cp portal/nginx/nginx_generic.conf portal/nginx/nginx.conf +cp login/nginx/nginx_generic.conf login/nginx/nginx.conf if [ "$MODE" == "prod" ];then SERVER_IP="147.100.20.44" # search customization @@ -131,6 +132,10 @@ if [ "$MODE" == "prod" ];then sed -i -e "s,REACT_APP_IN_SYLVA_ELASTICSEARCH_URL=.*,REACT_APP_IN_SYLVA_ELASTICSEARCH_URL=http://${SERVER_IP}:9200/," portal/.env sed -i -e "s,REACT_APP_IN_SYLVA_KEYCLOAK_URL=.*,REACT_APP_IN_SYLVA_KEYCLOAK_URL=http://${SERVER_IP}:7000/keycloak/auth//," portal/.env sed -i -e "s,REACT_APP_IN_SYLVA_PORTAINER_URL=.*,REACT_APP_IN_SYLVA_PORTAINER_URL=http://${SERVER_IP}:9000/#/init/admin/," portal/.env + + + # login customization + sed -i -e "s,server_name .,server_name ${DOMAIN}login/," login/nginx/nginx.conf fi # login customization @@ -157,15 +162,15 @@ export IN_SYLVA_SEARCH_HOST=$(grep IN_SYLVA_LOGIN_HOST ipconfig.txt| awk '{print export IN_SYLVA_reCAPTCHA_site_key="6LflFcoZAAAAABawkeag3uWRAdeFZ9uSB7vJoeTg" if [ "$MODE" == "dev" ]; then - export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}:7000/keycloak" + export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}:8081/keycloak" export IN_SYLVA_PORTAL_HOST_FOR_LOGIN="${DOMAIN}:3000" export IN_SYLVA_SEARCH_HOST_FOR_LOGIN="${DOMAIN}:3001" - export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}:3000/gatekeeper" + export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}:8081/gatekeeper" else - export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}search/keycloak" + export IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN="${DOMAIN}login/keycloak" export IN_SYLVA_PORTAL_HOST_FOR_LOGIN="${DOMAIN}portal" export IN_SYLVA_SEARCH_HOST_FOR_LOGIN="${DOMAIN}search" - export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}portal/gatekeeper" + export IN_SYLVA_GATEKEEPER_HOST_FOR_LOGIN="${DOMAIN}login/gatekeeper" fi echo $IN_SYLVA_KEYCLOAK_HOST_FOR_LOGIN @@ -184,7 +189,7 @@ fi echo $publickey echo "IN-SYLVA project 'Docker images' list: " -echo " --> gatekeeper, keycloak, login, portal, postgresql, sourceman, search, search-api, doc" +echo " --> gatekeeper, keycloak, login,login-server ,portal, postgresql, sourceman, search, search-api, doc" echo "" echo -n "Enter the name of docker image you want to build locally: (ex:gatekeeper or || all): " @@ -215,6 +220,11 @@ case $imageName in wait echo -e $"login image Successfully built\n" ;; + "login-server") + sh ./login/nginx/build.sh $KEY + wait + echo -e $"login-server image Successfully built\n" + ;; "portal") sh ./portal/build.sh $KEY wait @@ -273,6 +283,9 @@ case $imageName in sh ./doc/build.sh $KEY wait echo $"doc image Successfully built\n" + sh ./login/nginx/build.sh $KEY + wait + echo -e $"login-server image Successfully built\n" ;; *) echo "Option not allowed. Restart the build script and read carefully !" diff --git a/docker-compose.yml b/docker-compose.yml index d0ad513..a16b145 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -395,8 +395,6 @@ services: IN_SYLVA_CLIENT_ID: "in-sylva.user.app" IN_SYLVA_GRANT_TYPE: "password" IN_SYLVA_REALM: "in-sylva" - ports: - - 8081:8081 links: - gatekeeper - keycloak @@ -404,6 +402,16 @@ services: - insylva-net restart: unless-stopped + login-server: + image: in-sylva.login-server:latest + container_name: in-sylva.login-server + depends_on: [login,gatekeeper,keycloak] + ports: + - 8081:8081 + networks: + - insylva-net + restart: unless-stopped + search: image: in-sylva.search:latest container_name: in-sylva.search diff --git a/login/Dockerfile b/login/Dockerfile index be783fe..e627272 100644 --- a/login/Dockerfile +++ b/login/Dockerfile @@ -75,5 +75,3 @@ EXPOSE 8080 WORKDIR /app/in-sylva.user.login/ CMD [ "pm2-runtime", "npm","--", "start" ] - -# CMD npm run start \ No newline at end of file diff --git a/login/nginx/Dockerfile b/login/nginx/Dockerfile new file mode 100644 index 0000000..7f54436 --- /dev/null +++ b/login/nginx/Dockerfile @@ -0,0 +1,15 @@ +# Base on offical NGINX Alpine image +FROM nginx:alpine + +# Remove any existing config files +RUN rm /etc/nginx/conf.d/* + +# Copy config files +# *.conf files in conf.d/ dir get included in main config +COPY ./nginx.conf /etc/nginx/conf.d/ + +# Expose the listening port +EXPOSE 8081 + +# Launch NGINX +CMD [ "nginx", "-g", "daemon off;" ] \ No newline at end of file diff --git a/login/nginx/build.sh b/login/nginx/build.sh new file mode 100644 index 0000000..0ef9ede --- /dev/null +++ b/login/nginx/build.sh @@ -0,0 +1,3 @@ + + +docker build --no-cache --tag in-sylva.login-server ./login/nginx/. \ No newline at end of file diff --git a/login/nginx/nginx.conf b/login/nginx/nginx.conf new file mode 100644 index 0000000..f80ae98 --- /dev/null +++ b/login/nginx/nginx.conf @@ -0,0 +1,77 @@ +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off; + +upstream login_upstream { + server login:8080; +} + +upstream backend_gatekeeper { + hash $remote_addr$remote_port consistent; + + server gatekeeper:4000; +} + +upstream backend_keycloak { + hash $remote_addr$remote_port consistent; + + server keycloak:8080; +} + +server { + listen 8081 default_server; + + server_name -; + + server_tokens off; + + gzip on; + gzip_proxied any; + gzip_comp_level 4; + gzip_types text/css application/javascript image/svg+xml; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + add_header Access-Control-Allow-Origin '*' always; + add_header Access-Control-Allow-Credentials 'true' always; + add_header Access-Control-Allow-Methods 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always; + add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always; + + location /_next/static { + proxy_cache STATIC; + proxy_pass http://login_upstream; + + # For testing cache - remove before deploying to production + add_header X-Cache-Status $upstream_cache_status; + } + + location /static { + proxy_cache STATIC; + proxy_ignore_headers Cache-Control; + proxy_cache_valid 60m; + proxy_pass http://login_upstream; + + # For testing cache - remove before deploying to production + add_header X-Cache-Status $upstream_cache_status; + } + + location / { + proxy_pass http://login_upstream; + + } + + location /gatekeeper/ { + proxy_pass http://backend_gatekeeper/; + + } + + location /keycloak/ { + proxy_pass http://backend_keycloak/keycloak/; + } + + location /keycloak/auth/ { + proxy_pass http://backend_keycloak/keycloak/auth/; + } +} \ No newline at end of file diff --git a/login/nginx/nginx_generic.conf b/login/nginx/nginx_generic.conf new file mode 100644 index 0000000..f80ae98 --- /dev/null +++ b/login/nginx/nginx_generic.conf @@ -0,0 +1,77 @@ +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off; + +upstream login_upstream { + server login:8080; +} + +upstream backend_gatekeeper { + hash $remote_addr$remote_port consistent; + + server gatekeeper:4000; +} + +upstream backend_keycloak { + hash $remote_addr$remote_port consistent; + + server keycloak:8080; +} + +server { + listen 8081 default_server; + + server_name -; + + server_tokens off; + + gzip on; + gzip_proxied any; + gzip_comp_level 4; + gzip_types text/css application/javascript image/svg+xml; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + add_header Access-Control-Allow-Origin '*' always; + add_header Access-Control-Allow-Credentials 'true' always; + add_header Access-Control-Allow-Methods 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always; + add_header Access-Control-Allow-Headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always; + + location /_next/static { + proxy_cache STATIC; + proxy_pass http://login_upstream; + + # For testing cache - remove before deploying to production + add_header X-Cache-Status $upstream_cache_status; + } + + location /static { + proxy_cache STATIC; + proxy_ignore_headers Cache-Control; + proxy_cache_valid 60m; + proxy_pass http://login_upstream; + + # For testing cache - remove before deploying to production + add_header X-Cache-Status $upstream_cache_status; + } + + location / { + proxy_pass http://login_upstream; + + } + + location /gatekeeper/ { + proxy_pass http://backend_gatekeeper/; + + } + + location /keycloak/ { + proxy_pass http://backend_keycloak/keycloak/; + } + + location /keycloak/auth/ { + proxy_pass http://backend_keycloak/keycloak/auth/; + } +} \ No newline at end of file