build: remove nginx from docker compose

[gulfaraz]

To do

• Get ibf-dashboard setup working locally
• Get ibf-dashboard setup working on ibf-test
• Get connection to api-service/geoserver working
• secure access
• Clean up and update VM_SETUP.md
• Review
• Merge + release + setup on ibf-demo
• Setup on ibf-prod

Handover notes

Goal based on issue description

The goal is to remove the dependency of nginx in IBF deployments. This ties in with the Orca alerts as the nginx image is flagged as a concern. From a devops perspective, this change will allow IBF to be setup behind other web servers like Apache. However, the config we provide support for is nginx because that is what we use for our own deployments.

Plan on local to commit

1. Remove nginx image from main docker compose file. ✅
2. Add nginx image to docker compose override for use in dev setup. ✅
3. Move the nginx conf into the tools folder for our own deployments. ✅
   1. We will (manually) use this conf when we setup the VM. ✅
   2. We will use this conf for dev setup. ✅
4. Expose the necessary ports in docker compose.
   1. Before, the web server routing was within the docker network so the ports did not need to be exposed.
   2. Now, nginx will run on the VM and it will route incoming requests to the respective ports.
   3. The urls should be changed in the nginx conf file accordingly at the time of setup. I was planning to have a commented line http://localhost:3000 below http://ibf-api-service:3000. Then we can (manually) swap this line when we setup the VM for deploy.
5. Update the VM setup docs to include instructions for the manual nginx VM setup.

Plan on VMs

1. Update the test env with the new config.
   1. Deploy the new version.
   2. Install/enable nginx on the VM.
   3. Update the nginx conf and reload nginx.
   4. Install and run certbot on the VM using certbot --nginx -d ibf-test.510.global. https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
   5. Check whether the web server routes properly. The dashboard should load, the api are responsive directly and via the dashboard, geoserver loads via the dashboard.
2. If needed, revise the nginx VM setup docs.
3. Follow nginx VM setup doc on demo.
4. If needed, revise the nginx VM setup docs.
5. Follow nginx VM setup docs on prod.

Scenarios to consider

1. The new setup should create the required images. When the containers run, the dashboard should be present on the host VM.
2. Containers are stopped and restarted.
3. Images are removed and rebuilt.
4. CI setup should work. This can be checked by manually running deploy.sh.
   • I noticed that when node_modules and www are present but have no content. Then they don’t get filled with the required files. I believe but unsure if this can be addressed by removing the folders in the deploy.sh script after the docker compose down.
5. Check if the setup works when a node module is changed. I want to confirm if the node modules get updated if we change something in package.json.
6. Manually delete the contents of node modules and the www folders to check if they get rebuilt.

I rely on adjusting the above based on what I encounter during execution. So take the above as a general direction and update accordingly. Let me know if you have questions @jannisvisser

---

Describe your changes

Brief description of your changes - not in-depth because the bulk of the description should be in the task on DevOps.

Checklist before requesting a review

• I have performed a self-review of my code
• I have added tests wherever relevant
• I have made sure that all automated checks pass before requesting a review

Notes for the reviewer

1. Any helpful instructions or clarifications...

[jannisvisser]

@gulfaraz general overview is clear, but I guess I will run into the details when I actually dive into it. So be it.

[gulfaraz]

Nice, thank you for reviewing the handover.

[jannisvisser]

Status

• I spent 2 sessions of around 4 hours each now, in which I have made progress but are still not there.
• FYI I have tried developing/testing this by checking out this branch on ibf-test. Reverse this through:
  • git reset --hard origin/master
  • sudo service nginx stop
  • . ./tools/deploy.sh
• Update session 2:
  • I first discovered an error in the build with @rollup/rollup-linux-x64-musl. I resolved this by changing the ibf dashboard node_modules volume to a named volume. This means node_volumes is no longer actually in sync with the host, but I don't think that's a problem.
  • Then I had a lot of permission issue with the www volume, which I managed to work around first locally and then on ibf-test (see instructions in VM_SETUP.md. But I think we still want to try to achieve this without full permissions..
  • Now I am at the situation where Swagger works correctly (http://ibf-test.510.global/docs) and the API is also directly accessible (http://ibf-test.510.global/api > returns 'API working'), but API-calls made from either Swagger or the portal have no response.
  • Also the site opens as 'Not secure' still, so there's something to fix there.
  • I've spent so much time already in 2 sessions now though, that I'm going to wait until Gulfaraz is back to (1) proceed more effectively together and/or (2) re-evaluate the value vs effort of this, compared to other potential alternatives.

[gulfaraz]

Closing this PR in favour of #1815