diff --git a/dockerfiles/services/sslproxy/docker-compose-prod.yml b/dockerfiles/services/sslproxy/docker-compose-prod.yml index bd95b06..496b149 100644 --- a/dockerfiles/services/sslproxy/docker-compose-prod.yml +++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml @@ -35,14 +35,14 @@ services: deploy: mode: replicated - replicas: 1 + replicas: 2 restart_policy: condition: any delay: 6s max_attempts: 3 update_config: parallelism: 1 - delay: 2s + delay: 5s order: start-first resources: limits: diff --git a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf index 3a29864..a19132c 100644 --- a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf @@ -1,13 +1,17 @@ proxy_cache_path /data/nginx/cache/abcapi levels=1:2 keys_zone=abcapi:10m max_size=10g inactive=60m use_temp_path=off; -upstream abcapi_upstream { - server tasks.abc-api_nginx:8084; - - server dkhost.xai-corp.net:8084 backup; -} +#upstream abcapi_upstream { +# server tasks.abc-api_nginx:8084; +# server dkhost.xai-corp.net:8084 backup; +#} server { + # this is the internal Docker DNS, cache only for 30s + resolver 127.0.0.11 valid=30s; + + set $backend http://tasks.abc-api_nginx:8084; + listen 443 ssl ipv6only=off; server_name abcapi.xai-corp.net; ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem; @@ -17,7 +21,7 @@ server { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; location / { - proxy_pass http://abcapi_upstream; + proxy_pass $upstream_addr; proxy_set_header Host $host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf index a70acf3..59f9a7b 100644 --- a/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf @@ -1,14 +1,17 @@ proxy_cache_path /data/nginx/cache/dkui levels=1:2 keys_zone=dkui:10m max_size=10g inactive=60m use_temp_path=off; -upstream portainer_upstream { - server tasks.dkui_app:9000; - - server dkhost.xai-corp.net:9000 backup; -} +#upstream portainer_upstream { +# server tasks.dkui_app:9000; +#} # dkui.xai-corp.net server { + # this is the internal Docker DNS, cache only for 30s + resolver 127.0.0.11 valid=30s; + + set $backend http://tasks.dkui_app:9000; + # listen 443 ssl ipv6only=off; listen 443 ssl; server_name dkui.xai-corp.net; @@ -25,7 +28,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://portainer_upstream; + proxy_pass $backend; proxy_connect_timeout 3s; # proxy_next_upstream_timeout 1.5s; diff --git a/dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf similarity index 58% rename from dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf rename to dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf index b60ba79..4523fc7 100644 --- a/dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf @@ -1,5 +1,15 @@ # fs.xai-corp.net +upstream fs_upstream { + server dkhost.xai-corp.net:8081; +# server dkhost.xai-corp.net:8084 backup; +} + server { + # this is the internal Docker DNS, cache only for 30s + resolver 127.0.0.11 valid=30s; + + set $backend http://dkhost.xai-corp.net:8081; + listen 443 ssl ipv6only=off; server_name fs.xai-corp.net; ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem; @@ -9,7 +19,7 @@ server { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; location / { - proxy_pass http://dkhost.xai-corp.net:8081; + proxy_pass $backend; } } diff --git a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf index 830ad15..7312fba 100644 --- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf @@ -1,12 +1,13 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size=10g inactive=60m use_temp_path=off; -upstream gitea_upstream { - server dkhost.xai-corp.net:10080; -} - # git.xai-corp.net server { + # this is the internal Docker DNS, cache only for 30s + resolver 127.0.0.11 valid=30s; + + set $backend http://dkhost.xai-corp.net:10080; + listen 443 ipv6only=off; listen [::]:43 ipv6only=on; server_name git.xai-corp.net; @@ -17,6 +18,6 @@ server { add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always; location / { - proxy_pass http://gitea_upstream; + proxy_pass $backend; } } diff --git a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf index 01fcc33..84a26e3 100644 --- a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf +++ b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf @@ -3,6 +3,11 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_ # jenkins.xai-corp.net server { + # this is the internal Docker DNS, cache only for 30s + resolver 127.0.0.11 valid=30s; + + set $backend http://dkhost.xai-corp.net:8080; + listen 443 ssl; server_name jenkins.xai-corp.net; ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem; @@ -18,7 +23,7 @@ server { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://dkhost.xai-corp.net:8080; + proxy_pass $backend; } }