new sslproxy xai cli commands for build, deploy, rollback

dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf

@@ -1,25 +0,0 @@
-# fs.xai-corp.net
-upstream fs_upstream {
-   server dkhost.xai-corp.net:8081;
-#    server dkhost.xai-corp.net:8084   backup;
-}
-
-server {
-    # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
-
-    set $backend http://dkhost.xai-corp.net:8081;
-
-    listen  443 ssl ipv6only=off;
-    server_name fs.xai-corp.net;
-    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
-
-    #Strict-Transport-Security: max-age=15768000
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
-
-    location / {
-        proxy_pass $backend;
-    }
-
-}

dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf

@@ -3,14 +3,14 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size
 
 # git.xai-corp.net
 server {
+    listen 443;
+    server_name git.xai-corp.net;
+
     # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    #resolver 127.0.0.11 valid=30s;
 
     set $backend http://dkhost.xai-corp.net:10080;
 
-    listen  443 ipv6only=off;
-    listen [::]:43 ipv6only=on;
-    server_name git.xai-corp.net;
     ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
 

dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf

@@ -4,7 +4,7 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_
 # jenkins.xai-corp.net
 server {
     # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    #resolver 127.0.0.11 valid=30s;
 
     set $backend http://dkhost.xai-corp.net:8080;
 

dockerfiles/services/sslproxy/hosts/letsencrypt.conf

@@ -0,0 +1,18 @@
+# proxy for unsecured traffic for letsencrypt verification
+server {
+    listen  80 default_server;
+    resolver 127.0.0.11 valid=30s;
+
+    #server_name _
+    #server_name xai-corp.net
+
+    set $backend http://tasks.acme_certbot_app:83;
+
+    client_max_body_size 200m;
+
+    location / {
+        proxy_set_header Connection $http_connection;
+        proxy_pass $backend;
+    }
+
+}

dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf

@@ -1,12 +1,12 @@
 proxy_cache_path /data/nginx/cache/xaibox levels=1:2 keys_zone=xaibox:10m max_size=10g
                  inactive=60m use_temp_path=off;
 
-upstream xaibox_upstream {
-    server tasks.xaibox_app:8083;
-
-    server xaibox.xai-corp.net:8083   backup;
-    server dkhost.xai-corp.net:8083   backup;
-}
+#upstream xaibox_upstream {
+#    server tasks.xaibox_app:8083;
+#
+#    server xaibox.xai-corp.net:8083   backup;
+#    server dkhost.xai-corp.net:8083   backup;
+#}
 
 # xaibox.xai-corp.net
 server {
@@ -16,6 +16,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
 
     client_max_body_size 200m;
+    set $backend http://xaibox_app;
 
     #Strict-Transport-Security: max-age=15768000
     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
@@ -27,7 +28,7 @@ server {
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Host $host;
         proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass http://xaibox_upstream;
+        proxy_pass $backend;
     }
 
 }