diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
index 06e7eb4..b8a0a81 100644
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -3,9 +3,7 @@
-
-
-
+
@@ -54,5 +52,8 @@
+
+
+
\ No newline at end of file
diff --git a/dockerfiles/services/sslproxy/Jenkinsfile b/dockerfiles/services/sslproxy/Jenkinsfile
index f4a2202..0a0e7e1 100644
--- a/dockerfiles/services/sslproxy/Jenkinsfile
+++ b/dockerfiles/services/sslproxy/Jenkinsfile
@@ -28,12 +28,13 @@ pipeline {
stage('build') {
steps {
dir(WORKDIR) {
- script {
- docker.withRegistry('http://dkregistry.xai-corp.net:5000', 'b11d7f1a-81ac-4daf-8842-56afc0d2370e') {
- def customImage = docker.build("dkregistry.xai-corp.net:5000/sslproxy:2.1", "-f ${DOCKERFILE} .")
- customImage.push()
- }
- }
+ sh "xai build"
+// script {
+// docker.withRegistry('http://dkregistry.xai-corp.net:5000', 'b11d7f1a-81ac-4daf-8842-56afc0d2370e') {
+// def customImage = docker.build("dkregistry.xai-corp.net:5000/sslproxy:2.1", "-f ${DOCKERFILE} .")
+// customImage.push()
+// }
+// }
}
}
}
diff --git a/dockerfiles/services/sslproxy/certs/localhost.conf b/dockerfiles/services/sslproxy/certs/localhost.conf
new file mode 100644
index 0000000..47779a7
--- /dev/null
+++ b/dockerfiles/services/sslproxy/certs/localhost.conf
@@ -0,0 +1,37 @@
+[req]
+default_bits = 2048
+default_keyfile = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = v3_ca
+prompt = yes
+
+[req_distinguished_name]
+countryName = Country Name (2 letter code)
+countryName_default = CA
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Quebec
+localityName = Locality Name (eg, city)
+localityName_default = Montreal
+organizationName = Organization Name (eg, company)
+organizationName_default = Xai Corporation
+organizationalUnitName = organizationalunit
+organizationalUnitName_default = Development
+commonName = server FQDN
+commonName_default = www.xai-corp.net
+commonName_max = 128
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = xai-corp.net
+DNS.2 = www.xai-corp.net
+DNS.3 = abc.xai-corp.net
+DNS.4 = dkui.xai-corp.net
+DNS.5 = git.xai-corp.net
+DNS.6 = jenkins.xai-corp.net
+DNS.7 = xaibox.xai-corp.net
diff --git a/dockerfiles/services/sslproxy/cli/.bash_cli b/dockerfiles/services/sslproxy/cli/.bash_cli
new file mode 100644
index 0000000..e69de29
diff --git a/dockerfiles/services/sslproxy/cli/build b/dockerfiles/services/sslproxy/cli/build
new file mode 100755
index 0000000..f85f281
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/build
@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LOCAL_IMAGE=sslproxy
+TAG=2.2.${BUILD_NUMBER:-dev}
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+
+LOG=$(mktemp)
+
+export LOCAL_IMAGE
+export REMOTE_IMAGE
+export TAG
+
+dc() {
+ # shellcheck disable=SC2068
+ docker-compose \
+ -f docker-compose.yml \
+ -f docker-compose.build.yml \
+ $@
+}
+
+###
+build() {
+ dc build
+}
+
+build_test() {
+ echo -e "\e[33mtesting the image\e[39m"
+
+ dc up -d
+ docker ps | grep sslproxy
+
+ sleep 2
+ assertBadGateway https abcapi.xai-corp.net
+ assertBadGateway https dkui.xai-corp.net
+ assertBadGateway https git.xai-corp.net
+ assertBadGateway https jenkins.xai-corp.net
+ assertBadGateway https xaibox.xai-corp.net
+ assertBadGateway https metrics.xai-corp.net
+ assertMisdirectedRequest https not.xai-corp.net
+ assertBadGateway http xai-corp.net
+ assertBadGateway http abcapi.xai-corp.net
+ assertBadGateway http dkui.xai-corp.net
+ assertBadGateway http git.xai-corp.net
+ assertBadGateway http jenkins.xai-corp.net
+ assertBadGateway http xaibox.xai-corp.net
+ assertBadGateway http metrics.xai-corp.net
+}
+
+function assertMisdirectedRequest() {
+ proto=$1
+ domain=$2
+ set -e
+ echo -e "\033[94m${proto}://${domain}\033[39m testing for mistrected request"
+ curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
+}
+
+function assertBadGateway() {
+ proto=$1
+ domain=$2
+ set -e
+ echo -e "\033[94m${proto}://${domain}\033[39m"
+ curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
+}
+
+build_save() {
+ echo push to registry
+
+ docker tag $LOCAL_IMAGE $REMOTE_IMAGE
+ docker push $REMOTE_IMAGE
+}
+
+function trap_exit() {
+ code=$?
+ dc down
+ if [ $code -gt 0 ]; then
+ echo
+ cat "$LOG"
+ rm "$LOG"
+ dc logs --tail=10
+ echo -e "\033[31mFailed to build functional image\033[39m"
+ exit $code
+ fi
+
+ rm "$LOG"
+ echo -e "\033[32mSuccess:\033[39m ${LOCAL_IMAGE}:${TAG} successfully built"
+}
+trap trap_exit EXIT
+
+print_usage() {
+ printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+ echo -b build
+ echo -t test
+ echo -s push to registry
+ echo -h help
+ exit 0
+}
+
+######
+if [ -z "$1" ]; then
+ build && build_test && build_save
+ exit
+fi
+
+while getopts btdhs name
+do
+ case $name in
+ b) build;;
+ t) build_test;;
+ s) build_save;;
+ *) print_usage;;
+ esac
+done
diff --git a/dockerfiles/services/sslproxy/cli/build.help b/dockerfiles/services/sslproxy/cli/build.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/build.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/build.usage b/dockerfiles/services/sslproxy/cli/build.usage
new file mode 100644
index 0000000..cfaeb8e
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/build.usage
@@ -0,0 +1 @@
+[-b] [-t] [-d] [-h]
diff --git a/dockerfiles/services/sslproxy/cli/create-cert b/dockerfiles/services/sslproxy/cli/create-cert
new file mode 100755
index 0000000..547a92a
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/create-cert
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -e
+
+echo -e "\033[36mCreate\033[39m: self-signed certificates"
+
+CERTS_DIR=letsencrypt/live/xai-corp.net
+
+function make_cert() {
+mkdir -p $CERTS_DIR
+
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
+ -keyout $CERTS_DIR/privkey.pem \
+ -out $CERTS_DIR/fullchain.pem \
+ -config certs/localhost.conf
+
+#tell chrome to trust the cert
+ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "www.xai-corp.net" -i $CERTS_DIR/fullchain.pem
+}
+
+function test_cert() {
+ ls -l $CERTS_DIR | grep privkey.pem
+ ls -l $CERTS_DIR | grep fullchain.pem
+}
+
+function trap_exit() {
+ code=$?
+ if [ $code -gt 0 ]; then
+ echo
+ echo -e "\033[31mFailed to create certificates\033[39m"
+ exit $code
+ fi
+}
+trap trap_exit EXIT
+
+# RUN
+make_cert && test_cert
diff --git a/dockerfiles/services/sslproxy/cli/create-cert.help b/dockerfiles/services/sslproxy/cli/create-cert.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/create-cert.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/create-cert.usage b/dockerfiles/services/sslproxy/cli/create-cert.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/create-cert.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/cli/deploy b/dockerfiles/services/sslproxy/cli/deploy
new file mode 100755
index 0000000..e26c045
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/deploy
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -e
+set -x
+
+LOCAL_IMAGE=sslproxy
+#TAG=2.2.${BUILD_NUMBER:-dev}
+TAG=2.1
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+APP_NAME=sslproxy_app
+
+LOG=$(mktemp)
+
+export LOCAL_IMAGE
+export REMOTE_IMAGE
+export TAG
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+###
+function deploy() {
+ docker stack deploy \
+ --with-registry-auth \
+ --prune \
+ -c docker-compose.prod.yml \
+ sslproxy
+
+ (cd ../ && chmod +x ./scaleout.sh && ./scaleout.sh sslproxy_app 30)
+}
+
+function deploy_test() {
+ docker ps | grep sslproxy_app
+
+ curl -If https://git.xai-corp.net/
+# curl -If -H "Host: not.xai-corp.net" https://dkhost
+}
+
+function deploy_save() {
+ #tag as latest
+ docker tag "$REMOTE_IMAGE" latest
+ docker push latest
+}
+
+dc() {
+ # shellcheck disable=SC2068
+ docker-compose \
+ -f docker-compose.yml \
+ -f docker-compose.prod.yml \
+ $@
+}
+
+function trap_exit() {
+ code=$?
+ docker service ls | grep "${APP_NAME}"
+ if [ $code -gt 0 ]; then
+ echo
+ rm "$LOG"
+ echo -e "\033[31mFailed to deploy ${REMOTE_IMAGE} \033[39m"
+ exit $code
+ fi
+
+ rm "$LOG"
+ echo -e "\033[32mSuccess:\033[39m ${REMOTE_IMAGE} successfully deployed"
+}
+trap trap_exit EXIT
+
+print_usage() {
+ printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+ echo -d deploy
+ echo -t smoke tests
+ echo -s tag as latest
+ echo -h help
+ exit 0
+}
+
+######
+if [ -z "$1" ]; then
+ deploy && deploy_test && deploy_save
+ exit
+fi
+
+while getopts tdhs name
+do
+ case $name in
+ d) deploy;;
+ t) deploy_test;;
+ s) deploy_save;;
+ *) print_usage;;
+ esac
+done
diff --git a/dockerfiles/services/sslproxy/cli/deploy.help b/dockerfiles/services/sslproxy/cli/deploy.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/deploy.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/deploy.usage b/dockerfiles/services/sslproxy/cli/deploy.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/deploy.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/cli/rollback b/dockerfiles/services/sslproxy/cli/rollback
new file mode 100755
index 0000000..4401b4d
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/rollback
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LOCAL_IMAGE=sslproxy
+TAG=2.2.${BUILD_NUMBER:-dev}
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+APP_NAME=sslproxy_app
+
+LOG=$(mktemp)
+
+#export LOCAL_IMAGE
+export REMOTE_IMAGE
+#export TAG
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+###
+
+function rollback() {
+ docker service inspect ${APP_NAME}
+ docker service update --rollback "${APP_NAME}"
+ docker service scale "${APP_NAME}=2"
+}
+
+function rollback_test() {
+ docker ps | grep "${APP_NAME}"
+
+ curl -If https://git.xai-corp.net/
+}
+
+function rollback_save() {
+ echo TODO
+}
+
+
+function trap_exit() {
+ code=$?
+ docker service ls | grep ${APP_NAME}
+ if [ $code -gt 0 ]; then
+ echo
+ rm "$LOG"
+ echo -e "\033[31mFailed rolling back ${APP_NAME} \033[39m"
+ exit $code
+ fi
+
+ rm "$LOG"
+ echo -e "\033[32mSuccess:\033[39m ${APP_NAME} successfully rolled back"
+}
+trap trap_exit EXIT
+
+print_usage() {
+ printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+ echo -r rollback
+ echo -t smoke tests
+ echo -s tag as latest
+ echo -h help
+ exit 0
+}
+
+######
+if [ -z "$1" ]; then
+ rollback && rollback_test && rollback_save
+ exit
+fi
+
+while getopts tdhs name
+do
+ case $name in
+ d) rollback;;
+ t) rollback_test;;
+ s) rollback_save;;
+ *) print_usage;;
+ esac
+done
diff --git a/dockerfiles/services/sslproxy/cli/rollback.help b/dockerfiles/services/sslproxy/cli/rollback.help
new file mode 100644
index 0000000..7aa5493
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/rollback.help
@@ -0,0 +1,3 @@
+ARGS - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
diff --git a/dockerfiles/services/sslproxy/cli/rollback.usage b/dockerfiles/services/sslproxy/cli/rollback.usage
new file mode 100644
index 0000000..5226895
--- /dev/null
+++ b/dockerfiles/services/sslproxy/cli/rollback.usage
@@ -0,0 +1 @@
+ARGS...
diff --git a/dockerfiles/services/sslproxy/docker-compose.build.yml b/dockerfiles/services/sslproxy/docker-compose.build.yml
new file mode 100644
index 0000000..2699cf1
--- /dev/null
+++ b/dockerfiles/services/sslproxy/docker-compose.build.yml
@@ -0,0 +1,9 @@
+---
+version: '3.4'
+
+services:
+
+ app:
+ build:
+ context: .
+ dockerfile: Dockerfile
diff --git a/dockerfiles/services/sslproxy/docker-compose-prod.yml b/dockerfiles/services/sslproxy/docker-compose.prod.yml
similarity index 96%
rename from dockerfiles/services/sslproxy/docker-compose-prod.yml
rename to dockerfiles/services/sslproxy/docker-compose.prod.yml
index 496b149..5e117a9 100644
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.prod.yml
@@ -11,7 +11,7 @@ volumes:
services:
app:
- image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
+ image: ${REMOTE_IMAGE}
volumes:
- /opt/shared/letsencrypt-2:/etc/letsencrypt:ro
- cache:/data/nginx/cache
diff --git a/dockerfiles/services/sslproxy/docker-compose.yml b/dockerfiles/services/sslproxy/docker-compose.yml
index e2bcaa1..2913bf0 100644
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -5,19 +5,22 @@
# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose.yml sslproxy
# DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
-version: '3'
+version: '3.4'
+volumes:
+ cache:
+
services:
app:
- image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
- build:
- context: .
- dockerfile: Dockerfile
-
+ image: ${LOCAL_IMAGE}:${TAG}
volumes:
- - /etc/letsencrypt:/etc/letsencrypt:ro
+ - ./letsencrypt:/etc/letsencrypt
+ - ./hosts:/etc/nginx/conf.d:ro
+ - ./nginx.conf:/etc/nginx/nginx.conf
+ - cache:/data/nginx/cache
ports:
- - "443:443"
+ - 443:443
+ - 80:80
# certbot:
# image: "dkregistry.xai-corp.net:5000/sslproxy:latest"
diff --git a/dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf
similarity index 100%
rename from dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf
rename to dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf
diff --git a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
index 7312fba..d8a764b 100644
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -3,14 +3,14 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size
# git.xai-corp.net
server {
+ listen 443;
+ server_name git.xai-corp.net;
+
# this is the internal Docker DNS, cache only for 30s
- resolver 127.0.0.11 valid=30s;
+ #resolver 127.0.0.11 valid=30s;
set $backend http://dkhost.xai-corp.net:10080;
- listen 443 ipv6only=off;
- listen [::]:43 ipv6only=on;
- server_name git.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
diff --git a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
index 84a26e3..c9cfc2f 100644
--- a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
@@ -4,7 +4,7 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_
# jenkins.xai-corp.net
server {
# this is the internal Docker DNS, cache only for 30s
- resolver 127.0.0.11 valid=30s;
+ #resolver 127.0.0.11 valid=30s;
set $backend http://dkhost.xai-corp.net:8080;
diff --git a/dockerfiles/services/sslproxy/hosts-disabled/letsencrypt.conf b/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
similarity index 56%
rename from dockerfiles/services/sslproxy/hosts-disabled/letsencrypt.conf
rename to dockerfiles/services/sslproxy/hosts/letsencrypt.conf
index de86b66..ebb41cf 100644
--- a/dockerfiles/services/sslproxy/hosts-disabled/letsencrypt.conf
+++ b/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
@@ -1,13 +1,18 @@
# proxy for unsecured traffic for letsencrypt verification
server {
listen 80 default_server;
- server_name _
+ resolver 127.0.0.11 valid=30s;
+
+ #server_name _
+ #server_name xai-corp.net
+
+ set $backend http://tasks.acme_certbot_app:83;
client_max_body_size 200m;
location / {
proxy_set_header Connection $http_connection;
- proxy_pass http://dkhost.xai-corp.net:83;
+ proxy_pass $backend;
}
}
diff --git a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
index c104a22..3b64805 100644
--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -1,12 +1,12 @@
proxy_cache_path /data/nginx/cache/xaibox levels=1:2 keys_zone=xaibox:10m max_size=10g
inactive=60m use_temp_path=off;
-upstream xaibox_upstream {
- server tasks.xaibox_app:8083;
-
- server xaibox.xai-corp.net:8083 backup;
- server dkhost.xai-corp.net:8083 backup;
-}
+#upstream xaibox_upstream {
+# server tasks.xaibox_app:8083;
+#
+# server xaibox.xai-corp.net:8083 backup;
+# server dkhost.xai-corp.net:8083 backup;
+#}
# xaibox.xai-corp.net
server {
@@ -16,6 +16,7 @@ server {
ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
client_max_body_size 200m;
+ set $backend http://xaibox_app;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
@@ -27,7 +28,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://xaibox_upstream;
+ proxy_pass $backend;
}
}
diff --git a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
new file mode 100644
index 0000000..3979622
--- /dev/null
+++ b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwKgAwIBAgIULbQEK4iaDmSK8Q1YfECc68c2eScwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u
+dHJlYWwxGDAWBgNVBAoMD1hhaSBDb3Jwb3JhdGlvbjEUMBIGA1UECwwLRGV2ZWxv
+cG1lbnQxGTAXBgNVBAMMEHd3dy54YWktY29ycC5uZXQwHhcNMjAwNTI5MTIxNzM3
+WhcNMjEwNTI5MTIxNzM3WjB8MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGUXVlYmVj
+MREwDwYDVQQHDAhNb250cmVhbDEYMBYGA1UECgwPWGFpIENvcnBvcmF0aW9uMRQw
+EgYDVQQLDAtEZXZlbG9wbWVudDEZMBcGA1UEAwwQd3d3LnhhaS1jb3JwLm5ldDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUxDfARL54LvmZq1Ef4LAec
+K4RJhdRG6R4vNCdc7Lskb7bYNo5n5w8dx1X2Wb2j2Dt4ReXBedq3Fw4e+C8zxwSY
+XGheU98j7XRJwlOOtUokcIxiSgwF0e0mEIrtkF+J4H3Rudn/3HEdVz7c4kMxlS8a
+cEEl41hNEyEJw6d5t86mFdkht8nhsk0+6s0RA8aYHr7ruwuHyWvHbFyLgphmt+hG
+GdRNijcFWfhRm9a/DciW2rYVDpJIcpPHIUrG06vzxThuBdyaCsWHBwH1sVR3hYsi
+R7jmzu9LPFVUQpSG/d1aaWvhQ6kFlud9qCzz2yoi57qcf3lUt/22z5gSmBQ8ZNMC
+AwEAAaOBkzCBkDCBjQYDVR0RBIGFMIGCggx4YWktY29ycC5uZXSCEHd3dy54YWkt
+Y29ycC5uZXSCEGFiYy54YWktY29ycC5uZXSCEWRrdWkueGFpLWNvcnAubmV0ghBn
+aXQueGFpLWNvcnAubmV0ghRqZW5raW5zLnhhaS1jb3JwLm5ldIITeGFpYm94Lnhh
+aS1jb3JwLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEANjXv0L9pTlk5eVfmyrgQz2Uf
+qe3nLZWRpwwOwDwdI32OQWB7VJwQtp13iRsvT+91xDGrpy7R52uz5Xxmf5vPcWtt
+nh2J60oeqRIkuh+cyyBAlAElRFw5Lqk37XjAWXbRvyFiUEnTu2k2jlYq55Az/+0U
+AXUj9LJbkBLZ89ZOEe9CNnlpV1mur1wGysxpRwh+lTan0WVdSy9nYnqsx5t8EOKM
+6pUZxqJmmQk988dajVFEodb+TNom6apcbjAwymjx6ggJmCF0zAFuJ1S8EfbuK665
+B10krT5BbEcV14V4W7Jne8tgxsN5wWkxytV029gsoBVes7EzuqQhGpUQ8mQ4KQ==
+-----END CERTIFICATE-----
diff --git a/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
new file mode 100644
index 0000000..219ebd8
--- /dev/null
+++ b/dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVMQ3wES+eC75m
+atRH+CwHnCuESYXURukeLzQnXOy7JG+22DaOZ+cPHcdV9lm9o9g7eEXlwXnatxcO
+HvgvM8cEmFxoXlPfI+10ScJTjrVKJHCMYkoMBdHtJhCK7ZBfieB90bnZ/9xxHVc+
+3OJDMZUvGnBBJeNYTRMhCcOnebfOphXZIbfJ4bJNPurNEQPGmB6+67sLh8lrx2xc
+i4KYZrfoRhnUTYo3BVn4UZvWvw3Iltq2FQ6SSHKTxyFKxtOr88U4bgXcmgrFhwcB
+9bFUd4WLIke45s7vSzxVVEKUhv3dWmlr4UOpBZbnfags89sqIue6nH95VLf9ts+Y
+EpgUPGTTAgMBAAECggEACPIcAZzXAKzBeo61BagWQON+t/hV00h+c7PLXnN5w4iN
+34BHGcamXW4EdUj3DwwXALfVRwTNVi4km4UVKPXlPf4esopyvoRFbIHD07nDRa8t
+wdZGASclXewg+ZNqYXfpoZ3xTIJ9/4kZphuiqusjtWxIlZM/bO8fBF3ihd6HpfYi
+gN/BWYWxhNnhIrctWGZmEmk1hB8oT6VWPNGaydwcorL9fHIxvfVEojByIIIqHS/K
+krZN1nlZuPRLGackUGD5xJwAAvN6xwBQOqP+Eei7jBwQEABIoDaggZYuJLfCMpPq
+7K1E7BsOtyAxXzWkW9Hrzx1VmmZYzw1uhDvU7nyesQKBgQD6vmzh4aB5r13rf0XE
+sOBbzzf/otZujcotGkcsWp0Ylqj7EgcLjvlgy+STV6m1sdAeOEsHjiwGDa+geyk5
+hFIclTlRRO8bvU3w4fsjl8qvd51cCPBwFHMQVeTubtFDKyeE3/3Bi0t1AUrAAkAg
+VGfjfjaCrCcYVegkQ983YOEu/wKBgQDZqRyEnPCxlY6FHPw04lr/vg73y05zvaBa
+bUolI6NosSjs6iXlOnpS9rR/YLVnCz3qPscu+QQEDCQokNmOSKbbsKHvtbC7CuoH
+4uP1oridxVvx004A+RNPiePnVWGtEtEB6GctFtcZsK4c6XGs69wxAmOvvzgfnkol
+3iEGABreLQKBgQDuyp0M/QAEAuOR29JIwB3asVxmIuDNxlCtZWI0tlL30Ls65+83
+rcCG04ZqX8jqlV1a+kdR+a6pUS1ZyxD2irJcMCy23cxNAZqRddTjD7LiKir9NDIu
+uvrdqr9r5rN5oUZwf5S9VnfVBRb4BuylHV0WxOMKzQIqZd2/c7fHmIa7ZwKBgQCO
+jicCZ/Nwq74zSp+YV2Q4OZd+DabtQRYEA65bErNUvytJt7VoI9u3+KKRBproyUEc
+6U71YdySdg08kFocyVKXcmEtKXd9mZFb5utclt2JX5hvkvB0zK0sG+irO42EmF1R
+fZANxPbOeZwfjXmJQtTtOF5n3bp5Yue3U3uXfXwbZQKBgFn9PZJBHDrxQ1C1+2hG
+ImKqz0Qvl79YXNTIezQynz7Fxz9UPcf9GkC5hHvD5d6pCrG7xLDGSnBdzwBZYyw/
+3dmqhAjJzzPBlRd660CNOGWt5I7pQpb66hD+///KUg8DJtwuTXKrDeE+1j+ZWSDy
+V5aOKsQb/RDKGeI0rnlTfhNt
+-----END PRIVATE KEY-----
diff --git a/dockerfiles/services/sslproxy/nginx.conf b/dockerfiles/services/sslproxy/nginx.conf
index e4bad8d..a9f0afb 100644
--- a/dockerfiles/services/sslproxy/nginx.conf
+++ b/dockerfiles/services/sslproxy/nginx.conf
@@ -2,7 +2,7 @@
user nginx;
worker_processes 1;
-error_log /var/log/nginx/error.log warn;
+error_log /proc/self/fd/2 info;
pid /var/run/nginx.pid;
@@ -19,7 +19,7 @@ http {
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
+ access_log /proc/self/fd/2 main;
sendfile on;
#tcp_nopush on;
@@ -28,5 +28,14 @@ http {
#gzip on;
+ server {
+ #listen 80 default_server;
+ listen 443 default_server;
+ ssl_certificate /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
+
+ return 421;
+ }
+
include /etc/nginx/conf.d/*.conf;
}