updates to deploy testing and certbot commands
This commit is contained in:
@@ -0,0 +1,24 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEGjCCAwKgAwIBAgIUZ2R4JeFPIi3G1leHHfJGlf6IWQYwDQYJKoZIhvcNAQEL
|
||||
BQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u
|
||||
dHJlYWwxGDAWBgNVBAoMD1hhaSBDb3Jwb3JhdGlvbjEUMBIGA1UECwwLRGV2ZWxv
|
||||
cG1lbnQxGTAXBgNVBAMMEHd3dy54YWktY29ycC5uZXQwHhcNMjAwNjA0MDIwOTM2
|
||||
WhcNMjEwNjA0MDIwOTM2WjB8MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGUXVlYmVj
|
||||
MREwDwYDVQQHDAhNb250cmVhbDEYMBYGA1UECgwPWGFpIENvcnBvcmF0aW9uMRQw
|
||||
EgYDVQQLDAtEZXZlbG9wbWVudDEZMBcGA1UEAwwQd3d3LnhhaS1jb3JwLm5ldDCC
|
||||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzYwesOX5FAc9IbsRfzRkVs
|
||||
Nzja1Zk6uBt4kQsAGfdwMvaOMzNrTdeltzckqf+ivxsdc5ZfYXR/xlWJXbD199/2
|
||||
PWtRjTQjADxfMvEzRiKNUXxKNMFr4I0vTIGwxduGIYr1H+xjXB7YdcxyIk/LkzOZ
|
||||
GsUNrmtEKf+RUyjPnDjduCrajm22ndhdTxC1PIYcJkdNbAtE8qTtqAtPnJauUmYF
|
||||
FtKiWnD4Wddt8h5ftHCcLVuz3IIwOO8QrptaK2JA1eRPdSCN1RGtouHyJjd9T3We
|
||||
nQRPTFrEljuX6DxotqLldGf8HJaPp0LLTw/Zju9WV6aZh6awRbB+hcTA8qw+P9kC
|
||||
AwEAAaOBkzCBkDCBjQYDVR0RBIGFMIGCggx4YWktY29ycC5uZXSCEHd3dy54YWkt
|
||||
Y29ycC5uZXSCEGFiYy54YWktY29ycC5uZXSCEWRrdWkueGFpLWNvcnAubmV0ghBn
|
||||
aXQueGFpLWNvcnAubmV0ghRqZW5raW5zLnhhaS1jb3JwLm5ldIITeGFpYm94Lnhh
|
||||
aS1jb3JwLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAWrG470Bp1rVK7084hrGt2EQU
|
||||
A9vIh2mHFANUG+wtL6cDSbmBMhq3BTxzHaol5lqS4MHHJZ9jWnLcsvUWaKHh8H1Z
|
||||
TBwuk/kYwfaUpUVASq9EloEhAnphzIJsJGgDPyB4n82+5TF2WftDINHGd2xOyJvE
|
||||
1C0i9fAgaspPzUVI3LXMMSl1CeKeGi4iZa8Anbo8LLpCqREAEalWqMS1uDxq7YcF
|
||||
ngDde5BToPETQREA/nLeY0S/agHkLdlBd+uMBmtRDj9tnww0ThYmQNbKvSgBqvX4
|
||||
R/Bu9qu7gVW2mYNQpFrEI4GuT6iC9iLl4i8SdItX12ekEYhGHGSaU++5TzJbqQ==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC82MHrDl+RQHPS
|
||||
G7EX80ZFbDc42tWZOrgbeJELABn3cDL2jjMza03Xpbc3JKn/or8bHXOWX2F0f8ZV
|
||||
iV2w9fff9j1rUY00IwA8XzLxM0YijVF8SjTBa+CNL0yBsMXbhiGK9R/sY1we2HXM
|
||||
ciJPy5MzmRrFDa5rRCn/kVMoz5w43bgq2o5ttp3YXU8QtTyGHCZHTWwLRPKk7agL
|
||||
T5yWrlJmBRbSolpw+FnXbfIeX7RwnC1bs9yCMDjvEK6bWitiQNXkT3UgjdURraLh
|
||||
8iY3fU91np0ET0xaxJY7l+g8aLai5XRn/ByWj6dCy08P2Y7vVlemmYemsEWwfoXE
|
||||
wPKsPj/ZAgMBAAECggEBAJ1XzFpYY2/WT6njwK2/1/DHtUr9qbI9pl/dGJwdvYTY
|
||||
St36pNZWtUjTnc+oEKwZoTiqVUAYwE4cl9d02Ec06Q4FUC82h3vFHdEvUHZ+zhTD
|
||||
wfzYpxPxGesIWapE6tV48EGi8rI2Ju7cU2nAPq5VY5Q+IHvGZmihJoz1PGBoejU1
|
||||
uG1zWYMjonVMngrotoL89lJSd2lnOq1+uXGlXH5+pOiNxrPKLn9zV+9gNXzyRDo2
|
||||
ZiRQ9Bbrkuyxov6L8F1BH0hhp159YelB9fBH2L1m9CgvX0ObBFMkGDiqOCyOtXPF
|
||||
PVY2errlRfnVH3Sc8fCFkjiqjfxxj652SbTKejyoegECgYEA3mXyMT3cwAHMQCwu
|
||||
YKJ8mDpSYIU3pH74S7R9+3MxMJ4tYnSVyuF7dWk3e2zSIMZOydL4tYL/0vAZeFSC
|
||||
ZLTYcYcQqbuA+WksgtaRVqWUaJBNamvjBIWYyecVImh7FGOhRma4dA+efsHxu79g
|
||||
KIiX5cF35WLAhGWpkPInO5rMNjECgYEA2WEV3Tjdr0nPNZn9F1tiOcvA2H8tCQoQ
|
||||
252K9RQiS1KfWstzfISyNeaDjdRg/rTPfzN7tVWRYaANlgecsJlo7vGA9P0ZAhvR
|
||||
hiBayUgi149HmTyKUtSprDPLNmPrrIy98Gc58JILPWYJe91de7eEKnQe9V2TBRXF
|
||||
ElNlh400MikCgYA5lJuINEQbUlvXoZjAXFF1+GOrqdImPNl8gFa9660osUt+2kCO
|
||||
LqMQWxWKVzpwUefESWMrW6dwrclqZjb8a/Y+LoIZ7/oMmTZ1CajHjkdGa1Yf357/
|
||||
ZLeSTsoiBnsXZFQ1LhNDuWeH2h8ERSBYXkU1r0mjklXV8ZxdctTFkeadgQKBgQCj
|
||||
0Wt1vP4rtHcIkRTPvlmG7stVHHpm/oP3zYFD8rlphEl9ViehJitbPW3Uu8GhEcfx
|
||||
t226GVMnfEPg1bm6yNHwiGXDut1W3noHF2jzmX5QbrTpgVtI0uVPVfUF90VLUwFt
|
||||
I43hg14fFj99bjSeII3kpIAUL0G1qlNK3Th9b+dvCQKBgC6at6Vg6PT+U7SObRWq
|
||||
vADazLSb9hACfzxg30L0XEzOH71lmI1cyjpDlaRWzPe+BcTmh/5/31BEAyv948EM
|
||||
lxzaJNUm32adGfxWusTSpZ+Meqf7cWz95ndXk56DR1YPDPD9KPGcHNGgbjmQA3ji
|
||||
EMxMX9XMtV7aioijPd5zfKuS
|
||||
-----END PRIVATE KEY-----
|
||||
@@ -1,13 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
#set -x
|
||||
set -x
|
||||
|
||||
LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
|
||||
LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
|
||||
CERT_NAME=xai-corp.net
|
||||
|
||||
export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
export LETSENCRYPT_MOUNT
|
||||
export LETSENCRYPT_IMAGE
|
||||
export CERT_NAME
|
||||
|
||||
run() {
|
||||
docker-compose \
|
||||
@@ -22,10 +24,4 @@ run_help() {
|
||||
}
|
||||
|
||||
|
||||
while getopts h name
|
||||
do
|
||||
case $name in
|
||||
h) run_help $@;;
|
||||
*) run $@;;
|
||||
esac
|
||||
done
|
||||
run $@
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
#set -x
|
||||
set -x
|
||||
|
||||
LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot
|
||||
LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2-staging
|
||||
CERT_NAME=xai-corp.net
|
||||
|
||||
LOG=$(mktemp)
|
||||
|
||||
@@ -25,11 +26,12 @@ update() {
|
||||
export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
export LETSENCRYPT_MOUNT
|
||||
export LETSENCRYPT_IMAGE
|
||||
export CERT_NAME
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
docker-compose \
|
||||
-f docker-compose.tools.yml \
|
||||
run renew ${OPTIONS}
|
||||
run --name sslproxy_renew renew ${OPTIONS}
|
||||
}
|
||||
|
||||
function trap_exit() {
|
||||
@@ -58,12 +60,12 @@ print_usage() {
|
||||
######
|
||||
|
||||
ENVIRONMENT=dev
|
||||
OPTIONS=''
|
||||
OPTIONS="--cert-name ${CERT_NAME}"
|
||||
while getopts de: name
|
||||
do
|
||||
case $name in
|
||||
d)
|
||||
OPTIONS="$OPTIONS --dryrun"
|
||||
OPTIONS="$OPTIONS --dry-run"
|
||||
;;
|
||||
e)
|
||||
if [ $OPTARG == 'prod' ]; then
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -x
|
||||
#set -x
|
||||
|
||||
LOCAL_IMAGE=sslproxy
|
||||
#TAG=2.2.${BUILD_NUMBER:-dev}
|
||||
TAG=2.2.${BUILD_NUMBER:-dev}
|
||||
TAG=2.1
|
||||
REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
|
||||
APP_NAME=sslproxy_app
|
||||
@@ -18,19 +18,40 @@ export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
|
||||
###
|
||||
function deploy() {
|
||||
docker pull "$REMOTE_IMAGE"
|
||||
|
||||
docker stack deploy \
|
||||
--with-registry-auth \
|
||||
--prune \
|
||||
-c docker-compose.prod.yml \
|
||||
sslproxy
|
||||
|
||||
(cd ../ && chmod +x ./scaleout.sh && ./scaleout.sh sslproxy_app 30)
|
||||
docker stack ps sslproxy
|
||||
|
||||
sleep 2
|
||||
docker service ps --filter "desired-state=Running" sslproxy_app
|
||||
|
||||
wait_for_completed
|
||||
}
|
||||
|
||||
wait_for_completed() {
|
||||
#states supported: "rollback_completed", "updating", "completed"
|
||||
state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
|
||||
while [ "completed" != "$state" ]; do
|
||||
echo "$state"
|
||||
sleep 3
|
||||
state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
|
||||
done
|
||||
}
|
||||
|
||||
function deploy_test() {
|
||||
docker ps | grep sslproxy_app
|
||||
|
||||
curl -If https://git.xai-corp.net/
|
||||
# assertOK https abcapi.xai-corp.net
|
||||
assertOK https dkui.xai-corp.net
|
||||
assertOK https git.xai-corp.net
|
||||
assertOK https jenkins.xai-corp.net
|
||||
assertOK https xaibox.xai-corp.net
|
||||
# curl -If https://git.xai-corp.net/
|
||||
# curl -If -H "Host: not.xai-corp.net" https://dkhost
|
||||
}
|
||||
|
||||
@@ -48,11 +69,21 @@ dc() {
|
||||
$@
|
||||
}
|
||||
|
||||
function assertOK() {
|
||||
proto=$1
|
||||
domain=$2
|
||||
set -e
|
||||
echo -e "\033[94m${proto}://${domain}\033[39m"
|
||||
curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://dkhost.xai-corp.net" \
|
||||
| tee "$LOG" | grep -P "200 OK|302 Found|403 Forbidden"
|
||||
}
|
||||
|
||||
function trap_exit() {
|
||||
code=$?
|
||||
docker service ls | grep "${APP_NAME}"
|
||||
if [ $code -gt 0 ]; then
|
||||
echo
|
||||
cat "$LOG"
|
||||
rm "$LOG"
|
||||
echo -e "\033[31mFailed to deploy ${REMOTE_IMAGE} \033[39m"
|
||||
exit $code
|
||||
|
||||
@@ -3,5 +3,9 @@ set -e
|
||||
|
||||
export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
|
||||
docker exec $@
|
||||
#docker exec $@
|
||||
#docker network inspect ingress
|
||||
|
||||
#docker service $@
|
||||
|
||||
docker $@
|
||||
|
||||
@@ -18,12 +18,26 @@ export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
|
||||
###
|
||||
|
||||
function rollback() {
|
||||
docker service inspect ${APP_NAME}
|
||||
# docker service inspect ${APP_NAME}
|
||||
docker service update --rollback "${APP_NAME}"
|
||||
docker service scale "${APP_NAME}=2"
|
||||
|
||||
wait_for_completed
|
||||
# docker service scale "${APP_NAME}=2"
|
||||
}
|
||||
|
||||
wait_for_completed() {
|
||||
#states supported: "rollback_completed", "updating", "completed"
|
||||
state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
|
||||
while [ "rollback_completed" != "$state" ]; do
|
||||
echo "$state"
|
||||
sleep 3
|
||||
state=$(docker service inspect sslproxy_app | jq -r .[0].UpdateStatus.State)
|
||||
done
|
||||
}
|
||||
|
||||
function rollback_test() {
|
||||
docker service ps --filter "desired-state=Running" sslproxy_app
|
||||
|
||||
docker ps | grep "${APP_NAME}"
|
||||
|
||||
curl -If https://git.xai-corp.net/
|
||||
|
||||
@@ -22,4 +22,5 @@ services:
|
||||
- jenkins_app
|
||||
- sslproxy_renew
|
||||
- xaibox_app
|
||||
- xaibox.xai-corp.net
|
||||
|
||||
|
||||
@@ -20,8 +20,8 @@ services:
|
||||
- "80:80" # required for letsencrypt
|
||||
|
||||
# healthcheck:
|
||||
# test: ["CMD", "wget", "--spider", "--header", "'Host: dkui.xai-corp.net'", "https://localhost/"]
|
||||
# interval: 1m30s
|
||||
# test: ["CMD", "wget", "--spider", "'Host: dkui.xai-corp.net'", "https://localhost/"]
|
||||
# interval: 10s
|
||||
# timeout: 5s
|
||||
# retries: 3
|
||||
# start_period: 10s
|
||||
|
||||
@@ -4,19 +4,16 @@ version: '3.4'
|
||||
services:
|
||||
|
||||
renew:
|
||||
container_name: certbot
|
||||
image: ${LETSENCRYPT_IMAGE}
|
||||
volumes:
|
||||
- ${LETSENCRYPT_MOUNT}:/etc/letsencrypt:ro
|
||||
- ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
|
||||
ports:
|
||||
- 80:80
|
||||
command:
|
||||
entrypoint:
|
||||
- certbot
|
||||
- certonly
|
||||
- -n
|
||||
- --standalone
|
||||
- --test-cert
|
||||
- --dryrun
|
||||
networks:
|
||||
- prod_ui
|
||||
|
||||
certificates:
|
||||
image: ${LETSENCRYPT_IMAGE}
|
||||
@@ -36,10 +33,3 @@ services:
|
||||
- ${LETSENCRYPT_MOUNT}:/etc/letsencrypt
|
||||
ports:
|
||||
- 80:80
|
||||
|
||||
|
||||
|
||||
networks:
|
||||
prod_ui:
|
||||
external:
|
||||
name: prod_ui
|
||||
|
||||
@@ -9,7 +9,7 @@ server {
|
||||
# this is the internal Docker DNS, cache only for 30s
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
|
||||
set $backend http://gitea_app:10080;
|
||||
set $backend http://gitea_app:3000;
|
||||
#set $backend http://dkhost.xai-corp.net:10080;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
# proxy for unsecured traffic for letsencrypt verification
|
||||
server {
|
||||
listen 80 default_server;
|
||||
resolver 127.0.0.11 valid=30s;
|
||||
resolver 127.0.0.11 valid=2s;
|
||||
|
||||
#server_name _
|
||||
#server_name xai-corp.net
|
||||
|
||||
set $backend http://sslproxy_renew:80;
|
||||
set $backend http://sslproxy_renew;
|
||||
|
||||
client_max_body_size 200m;
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ server {
|
||||
|
||||
# this is the internal Docker DNS, cache only for 30s
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend http://xaibox_app;
|
||||
set $backend http://xaibox.xai-corp.net:8083;
|
||||
|
||||
#Strict-Transport-Security: max-age=15768000
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
|
||||
@@ -30,8 +30,9 @@ http {
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen 10080 default_server;
|
||||
listen 3000 default_server;
|
||||
listen 8080 default_server;
|
||||
listen 8083 default_server;
|
||||
listen 9000 default_server;
|
||||
|
||||
return 418;
|
||||
|
||||
Reference in New Issue
Block a user