fix build and deploy of sslproxy

2020-06-06 01:25:44 -04:00
parent 7175a4fb2d
commit 4439ae493d
15 changed files with 98 additions and 25 deletions
--- a/dockerfiles/services/sslproxy/Dockerfile
+++ b/dockerfiles/services/sslproxy/Dockerfile
@@ -2,3 +2,4 @@ FROM nginx:alpine
 COPY ./nginx.conf /etc/nginx/nginx.conf
 COPY ./hosts /etc/nginx/conf.d/
 RUN rm /etc/nginx/conf.d/default.conf
--- a/dockerfiles/services/sslproxy/cli/build
+++ b/dockerfiles/services/sslproxy/cli/build
@@ -77,8 +77,8 @@ function assertTeapot() {
 build_save() {
  echo push to registry
-  docker tag $LOCAL_IMAGE $REMOTE_IMAGE
+  docker tag "$LOCAL_IMAGE:$TAG" "$REMOTE_IMAGE"
-  docker push $REMOTE_IMAGE
+  docker push "$REMOTE_IMAGE"
 }
 function trap_exit() {
--- a/dockerfiles/services/sslproxy/cli/deploy
+++ b/dockerfiles/services/sslproxy/cli/deploy
@@ -4,7 +4,7 @@ set -e
 LOCAL_IMAGE=sslproxy
 TAG=2.2.${BUILD_NUMBER:-dev}
-TAG=2.1
+#TAG=2.1
 REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
 APP_NAME=sslproxy_app
@@ -25,10 +25,10 @@ function deploy() {
    -c docker-compose.prod.yml \
    sslproxy
  docker stack ps sslproxy
  sleep 2
-  docker service ps --filter "desired-state=Running" sslproxy_app
+  docker stack ps sslproxy
 #  docker service ps --filter "desired-state=Running" sslproxy_app
  wait_for_completed
 }
@@ -41,6 +41,7 @@ wait_for_completed() {
    sleep 3
    state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
  done
  sleep 5
 }
 function deploy_test() {
@@ -57,8 +58,8 @@ function deploy_test() {
 function deploy_save() {
  #tag as latest
-  docker tag "$REMOTE_IMAGE" latest
+  docker tag "$REMOTE_IMAGE" "${REMOTE_IMAGE//${TAG}/latest}"
-  docker push latest
+  docker push "${REMOTE_IMAGE//${TAG}/latest}"
 }
 dc() {
--- a/dockerfiles/services/sslproxy/cli/deploy.help
+++ b/dockerfiles/services/sslproxy/cli/deploy.help
@@ -1,3 +1,8 @@
-ARGS  - The arguments you wish to provide to this command
+-d deploy
 -t test the deployment
 -s mark the deployment as complete
-TODO: Fill out the help information for this command.
+Environment Variables:
 BUILD_NUMBER : is used in the image tag 2.2.$BUILD_NUMBER
 DOCKER_HOST
--- a/dockerfiles/services/sslproxy/cli/deploy.usage
+++ b/dockerfiles/services/sslproxy/cli/deploy.usage
@@ -1 +1 @@
-ARGS...
+[-d][-t][-s]
--- a/dockerfiles/services/sslproxy/cli/exec
+++ b/dockerfiles/services/sslproxy/cli/exec
@@ -3,9 +3,13 @@ set -e
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
-#docker exec $@
+container=$(docker ps -qn1)
 # shellcheck disable=SC2068
 docker exec -it "$container" $@
 #docker network inspect ingress
 #docker service $@
-docker $@
+#docker $@
 #wget --no-check-certificate --spider -S --header='Host: abcapi.xai-corp.net' https://localhost/
--- a/dockerfiles/services/sslproxy/cli/inspect
+++ b/dockerfiles/services/sslproxy/cli/inspect
@@ -0,0 +1,26 @@
 #!/usr/bin/env bash
 set -e
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
 #container=$(docker service ps -q --filter "desired-state=Running" sslproxy_app | head -n 1)
 inspect_service() {
  docker service ps --filter "desired-state=Running" sslproxy_app
 }
 inspect_stack() {
  docker stack ps --filter "desired-state=Running" sslproxy
 }
 inspect_containers() {
  docker ps -n2
 }
 if [ "$1" == "service" ]; then
  inspect_service
 elif [ "$1" == "stack" ]; then
  inspect_stack
 else
  inspect_containers
 fi
--- a/dockerfiles/services/sslproxy/cli/inspect.help
+++ b/dockerfiles/services/sslproxy/cli/inspect.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/inspect.usage
+++ b/dockerfiles/services/sslproxy/cli/inspect.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/docker-compose.build.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.build.yml
@@ -7,6 +7,10 @@ services:
    build:
      context: .
      dockerfile: Dockerfile
    volumes: []
    networks:
      - prod_ui
      - prod_tasks
  mock:
@@ -14,13 +18,29 @@ services:
    volumes:
      - ./test.conf:/etc/nginx/nginx.conf
    networks:
-      default:
+      prod_ui:
        aliases:
          - abc-api_nginx
          - dkui_app
          - abc-api_nginx
          - gitea_app
          - jenkins_app
          - sslproxy_renew
          - xaibox_app
      prod_app:
        aliases:
          - xaibox_app
          - abc-api_nginx
      prod_tasks:
        aliases:
          - sslproxy_renew
      prod_ingress:
        aliases:
          - xaibox.xai-corp.net
          - xai-corp.net
 networks:
  prod_ui:
  prod_tasks:
  prod_app:
  prod_ingress:
--- a/dockerfiles/services/sslproxy/docker-compose.prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.prod.yml
@@ -20,11 +20,11 @@ services:
      - "80:80" # required for letsencrypt
 #    healthcheck:
-#      test: ["CMD", "wget", "--spider", "'Host: dkui.xai-corp.net'", "https://localhost/"]
+#      test: ["CMD", "wget", "--spider", "--no-check-certificate", "--header", "Host: dkui.xai-corp.net", "https://localhost/"]
 #      interval: 10s
-#      timeout: 5s
+#      timeout: 2s
 #      retries: 3
-#      start_period: 10s
+#      start_period: 5s
    logging:
      driver: fluentd
@@ -54,8 +54,12 @@ services:
    networks:
      - prod_ui
      - prod_tasks
 networks:
  prod_ui:
    external:
      name: prod_ui
  prod_tasks:
    external:
      name: prod_tasks
--- a/dockerfiles/services/sslproxy/docker-compose.tools.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml
@@ -14,6 +14,8 @@ services:
      - certbot
      - certonly
      - --standalone
    networks:
      - prod_tasks:
  certificates:
    image: ${LETSENCRYPT_IMAGE}
@@ -33,3 +35,11 @@ services:
      - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
    ports:
      - 80:80
 networks:
  prod_ui:
    external:
      name: prod_ui
  prod_tasks:
    external:
      name: prod_tasks
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -15,8 +15,6 @@ services:
    image: ${LOCAL_IMAGE}:${TAG}
    volumes:
      - ./certs:/etc/letsencrypt
      - ./hosts:/etc/nginx/conf.d:ro
      - ./nginx.conf:/etc/nginx/nginx.conf
      - cache:/data/nginx/cache
    ports:
      - 443:443
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -3,12 +3,12 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size
 # git.xai-corp.net
 server {
    listen 443;
    server_name git.xai-corp.net;
    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=5s;
    listen  443 ssl;
    server_name git.xai-corp.net;
    set $backend http://gitea_app:3000;
    #set $backend http://dkhost.xai-corp.net:10080;
--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -19,14 +19,14 @@ server {
    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=5s;
-    set $backend http://xaibox.xai-corp.net:8083;
+    set $backend http://xaibox_app;
    #Strict-Transport-Security: max-age=15768000
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    location / {
        proxy_set_header        Connection $http_connection;
-        proxy_set_header        Host $host:$server_port;
+        proxy_set_header        Host xaibox.xai-corp.net:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Host $host;
		`@@ -0,0 +1,3 @@`
							`ARGS - The arguments you wish to provide to this command`

							`TODO: Fill out the help information for this command.`