new sslproxy xai cli commands for build, deploy, rollback

.idea/inspectionProfiles/Project_Default.xml

@@ -3,9 +3,7 @@
     <option name="myName" value="Project Default" />
     <inspection_tool class="Php7ReadinessInspection" enabled="false" level="ERROR" enabled_by_default="false" />
     <inspection_tool class="PhpAbstractStaticMethodInspection" enabled="false" level="WARNING" enabled_by_default="false" />
-    <inspection_tool class="PhpCSValidationInspection" enabled="true" level="WEAK WARNING" enabled_by_default="true">
-      <option name="CODING_STANDARD" value="PSR2" />
-    </inspection_tool>
+    <inspection_tool class="PhpCSValidationInspection" enabled="true" level="WEAK WARNING" enabled_by_default="true" />
     <inspection_tool class="PhpConstantReassignmentInspection" enabled="false" level="WARNING" enabled_by_default="false" />
     <inspection_tool class="PhpDeprecationInspection" enabled="false" level="WEAK WARNING" enabled_by_default="false" />
     <inspection_tool class="PhpDocMissingReturnTagInspection" enabled="false" level="WEAK WARNING" enabled_by_default="false" />
@@ -54,5 +52,8 @@
     <inspection_tool class="PhpWrongCatchClausesOrderInspection" enabled="false" level="WARNING" enabled_by_default="false" />
     <inspection_tool class="PhpWrongForeachArgumentTypeInspection" enabled="false" level="WARNING" enabled_by_default="false" />
     <inspection_tool class="PhpWrongStringConcatenationInspection" enabled="false" level="WARNING" enabled_by_default="false" />
+    <inspection_tool class="ShellCheck" enabled="true" level="ERROR" enabled_by_default="true">
+      <shellcheck_settings value="SC2010" />
+    </inspection_tool>
   </profile>
 </component>

dockerfiles/services/sslproxy/Jenkinsfile

@@ -28,12 +28,13 @@ pipeline {
         stage('build') {
             steps {
                 dir(WORKDIR) {
-                    script {
-                        docker.withRegistry('http://dkregistry.xai-corp.net:5000', 'b11d7f1a-81ac-4daf-8842-56afc0d2370e') {
-                            def customImage = docker.build("dkregistry.xai-corp.net:5000/sslproxy:2.1", "-f ${DOCKERFILE} .")
-                            customImage.push()
-                        }
-                    }
+                sh "xai build"
+//                     script {
+//                         docker.withRegistry('http://dkregistry.xai-corp.net:5000', 'b11d7f1a-81ac-4daf-8842-56afc0d2370e') {
+//                             def customImage = docker.build("dkregistry.xai-corp.net:5000/sslproxy:2.1", "-f ${DOCKERFILE} .")
+//                             customImage.push()
+//                         }
+//                     }
                 }
             }
         }

dockerfiles/services/sslproxy/certs/localhost.conf

@@ -0,0 +1,37 @@
+[req]
+default_bits       = 2048
+default_keyfile    = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+x509_extensions    = v3_ca
+prompt             = yes
+
+[req_distinguished_name]
+countryName                 = Country Name (2 letter code)
+countryName_default         = CA
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = Quebec
+localityName                = Locality Name (eg, city)
+localityName_default        = Montreal
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Xai Corporation
+organizationalUnitName      = organizationalunit
+organizationalUnitName_default = Development
+commonName                  = server FQDN
+commonName_default          = www.xai-corp.net
+commonName_max              = 128
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1   = xai-corp.net
+DNS.2   = www.xai-corp.net
+DNS.3   = abc.xai-corp.net
+DNS.4   = dkui.xai-corp.net
+DNS.5   = git.xai-corp.net
+DNS.6   = jenkins.xai-corp.net
+DNS.7   = xaibox.xai-corp.net

dockerfiles/services/sslproxy/cli/build

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LOCAL_IMAGE=sslproxy
+TAG=2.2.${BUILD_NUMBER:-dev}
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+
+LOG=$(mktemp)
+
+export LOCAL_IMAGE
+export REMOTE_IMAGE
+export TAG
+
+dc() {
+    # shellcheck disable=SC2068
+    docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose.build.yml \
+    $@
+}
+
+###
+build() {
+  dc build
+}
+
+build_test() {
+  echo -e "\e[33mtesting the image\e[39m"
+
+  dc up -d
+  docker ps | grep sslproxy
+
+  sleep 2
+  assertBadGateway https abcapi.xai-corp.net
+  assertBadGateway https dkui.xai-corp.net
+  assertBadGateway https git.xai-corp.net
+  assertBadGateway https jenkins.xai-corp.net
+  assertBadGateway https xaibox.xai-corp.net
+  assertBadGateway https metrics.xai-corp.net
+  assertMisdirectedRequest https not.xai-corp.net
+  assertBadGateway http xai-corp.net
+  assertBadGateway http abcapi.xai-corp.net
+  assertBadGateway http dkui.xai-corp.net
+  assertBadGateway http git.xai-corp.net
+  assertBadGateway http jenkins.xai-corp.net
+  assertBadGateway http xaibox.xai-corp.net
+  assertBadGateway http metrics.xai-corp.net
+}
+
+function assertMisdirectedRequest() {
+  proto=$1
+  domain=$2
+  set -e
+  echo -e "\033[94m${proto}://${domain}\033[39m testing for mistrected request"
+  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
+}
+
+function assertBadGateway() {
+  proto=$1
+  domain=$2
+  set -e
+  echo -e "\033[94m${proto}://${domain}\033[39m"
+  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
+}
+
+build_save() {
+  echo push to registry
+
+  docker tag $LOCAL_IMAGE $REMOTE_IMAGE
+  docker push $REMOTE_IMAGE
+}
+
+function trap_exit() {
+  code=$?
+  dc down
+  if [ $code -gt 0 ]; then
+    echo
+    cat "$LOG"
+    rm "$LOG"
+    dc logs --tail=10
+    echo -e "\033[31mFailed to build functional image\033[39m"
+    exit $code
+  fi
+
+  rm "$LOG"
+  echo -e "\033[32mSuccess:\033[39m ${LOCAL_IMAGE}:${TAG} successfully built"
+}
+trap  trap_exit EXIT
+
+print_usage() {
+  printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+  echo -b build
+  echo -t test
+  echo -s push to registry
+  echo -h help
+  exit 0
+}
+
+######
+if [ -z "$1" ]; then
+  build && build_test && build_save
+  exit
+fi
+
+while getopts btdhs name
+do
+    case $name in
+    b)    build;;
+    t)    build_test;;
+    s)    build_save;;
+    *)    print_usage;;
+    esac
+done

dockerfiles/services/sslproxy/cli/build.help

@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.

dockerfiles/services/sslproxy/cli/build.usage

@@ -0,0 +1 @@
+[-b] [-t] [-d] [-h]

dockerfiles/services/sslproxy/cli/create-cert

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -e
+
+echo -e "\033[36mCreate\033[39m: self-signed certificates"
+
+CERTS_DIR=letsencrypt/live/xai-corp.net
+
+function make_cert() {
+mkdir -p $CERTS_DIR
+
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
+  -keyout $CERTS_DIR/privkey.pem \
+  -out $CERTS_DIR/fullchain.pem \
+  -config certs/localhost.conf
+
+#tell chrome to trust the cert
+  certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "www.xai-corp.net" -i $CERTS_DIR/fullchain.pem
+}
+
+function test_cert() {
+  ls -l $CERTS_DIR | grep privkey.pem
+  ls -l $CERTS_DIR | grep fullchain.pem
+}
+
+function trap_exit() {
+  code=$?
+  if [ $code -gt 0 ]; then
+    echo
+    echo -e "\033[31mFailed to create certificates\033[39m"
+    exit $code
+  fi
+}
+trap  trap_exit EXIT
+
+# RUN
+make_cert && test_cert

dockerfiles/services/sslproxy/cli/create-cert.help

@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.

dockerfiles/services/sslproxy/cli/create-cert.usage

@@ -0,0 +1 @@
+ARGS...

dockerfiles/services/sslproxy/cli/deploy

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -e
+set -x
+
+LOCAL_IMAGE=sslproxy
+#TAG=2.2.${BUILD_NUMBER:-dev}
+TAG=2.1
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+APP_NAME=sslproxy_app
+
+LOG=$(mktemp)
+
+export LOCAL_IMAGE
+export REMOTE_IMAGE
+export TAG
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+###
+function deploy() {
+  docker stack deploy \
+    --with-registry-auth \
+    --prune \
+    -c docker-compose.prod.yml \
+    sslproxy
+
+  (cd ../ && chmod +x ./scaleout.sh && ./scaleout.sh sslproxy_app 30)
+}
+
+function deploy_test() {
+  docker ps | grep sslproxy_app
+
+  curl -If https://git.xai-corp.net/
+#  curl -If -H "Host: not.xai-corp.net" https://dkhost
+}
+
+function deploy_save() {
+  #tag as latest
+  docker tag "$REMOTE_IMAGE" latest
+  docker push latest
+}
+
+dc() {
+    # shellcheck disable=SC2068
+    docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose.prod.yml \
+    $@
+}
+
+function trap_exit() {
+  code=$?
+  docker service ls | grep "${APP_NAME}"
+  if [ $code -gt 0 ]; then
+    echo
+    rm "$LOG"
+    echo -e "\033[31mFailed to deploy ${REMOTE_IMAGE} \033[39m"
+    exit $code
+  fi
+
+  rm "$LOG"
+  echo -e "\033[32mSuccess:\033[39m ${REMOTE_IMAGE} successfully deployed"
+}
+trap  trap_exit EXIT
+
+print_usage() {
+  printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+  echo -d deploy
+  echo -t smoke tests
+  echo -s tag as latest
+  echo -h help
+  exit 0
+}
+
+######
+if [ -z "$1" ]; then
+  deploy && deploy_test && deploy_save
+  exit
+fi
+
+while getopts tdhs name
+do
+    case $name in
+    d)    deploy;;
+    t)    deploy_test;;
+    s)    deploy_save;;
+    *)    print_usage;;
+    esac
+done

dockerfiles/services/sslproxy/cli/deploy.help

@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.

dockerfiles/services/sslproxy/cli/deploy.usage

@@ -0,0 +1 @@
+ARGS...

dockerfiles/services/sslproxy/cli/rollback

@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LOCAL_IMAGE=sslproxy
+TAG=2.2.${BUILD_NUMBER:-dev}
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+APP_NAME=sslproxy_app
+
+LOG=$(mktemp)
+
+#export LOCAL_IMAGE
+export REMOTE_IMAGE
+#export TAG
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+###
+
+function rollback() {
+  docker service inspect ${APP_NAME}
+  docker service update --rollback "${APP_NAME}"
+  docker service scale "${APP_NAME}=2"
+}
+
+function rollback_test() {
+  docker ps | grep "${APP_NAME}"
+
+  curl -If https://git.xai-corp.net/
+}
+
+function rollback_save() {
+  echo TODO
+}
+
+
+function trap_exit() {
+  code=$?
+  docker service ls | grep ${APP_NAME}
+  if [ $code -gt 0 ]; then
+    echo
+    rm "$LOG"
+    echo -e "\033[31mFailed rolling back ${APP_NAME} \033[39m"
+    exit $code
+  fi
+
+  rm "$LOG"
+  echo -e "\033[32mSuccess:\033[39m ${APP_NAME} successfully rolled back"
+}
+trap  trap_exit EXIT
+
+print_usage() {
+  printf "Usage: %s: [-b] [-t] [-s] \n" "$0"
+  echo -r rollback
+  echo -t smoke tests
+  echo -s tag as latest
+  echo -h help
+  exit 0
+}
+
+######
+if [ -z "$1" ]; then
+  rollback && rollback_test && rollback_save
+  exit
+fi
+
+while getopts tdhs name
+do
+    case $name in
+    d)    rollback;;
+    t)    rollback_test;;
+    s)    rollback_save;;
+    *)    print_usage;;
+    esac
+done

dockerfiles/services/sslproxy/cli/rollback.help

@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.

dockerfiles/services/sslproxy/cli/rollback.usage

@@ -0,0 +1 @@
+ARGS...

dockerfiles/services/sslproxy/docker-compose.build.yml

@@ -0,0 +1,9 @@
+---
+version: '3.4'
+
+services:
+
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile

dockerfiles/services/sslproxy/docker-compose.prod.yml

@@ -11,7 +11,7 @@ volumes:
 
 services:
   app:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
+    image: ${REMOTE_IMAGE}
     volumes:
       - /opt/shared/letsencrypt-2:/etc/letsencrypt:ro
       - cache:/data/nginx/cache

dockerfiles/services/sslproxy/docker-compose.yml

@@ -5,19 +5,22 @@
 # DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose.yml sslproxy
 # DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
 
-version: '3'
+version: '3.4'
+volumes:
+  cache:
+
 services:
 
   app:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
-    build:
-      context: .
-      dockerfile: Dockerfile
-
+    image: ${LOCAL_IMAGE}:${TAG}
     volumes:
-      - /etc/letsencrypt:/etc/letsencrypt:ro
+      - ./letsencrypt:/etc/letsencrypt
+      - ./hosts:/etc/nginx/conf.d:ro
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - cache:/data/nginx/cache
     ports:
-      - "443:443"
+      - 443:443
+      - 80:80
 
 #  certbot:
 #    image: "dkregistry.xai-corp.net:5000/sslproxy:latest"

dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf

@@ -3,14 +3,14 @@ proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size
 
 # git.xai-corp.net
 server {
+    listen 443;
+    server_name git.xai-corp.net;
+
     # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    #resolver 127.0.0.11 valid=30s;
 
     set $backend http://dkhost.xai-corp.net:10080;
 
-    listen  443 ipv6only=off;
-    listen [::]:43 ipv6only=on;
-    server_name git.xai-corp.net;
     ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
 

dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf

@@ -4,7 +4,7 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_
 # jenkins.xai-corp.net
 server {
     # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    #resolver 127.0.0.11 valid=30s;
 
     set $backend http://dkhost.xai-corp.net:8080;
 

dockerfiles/services/sslproxy/hosts/letsencrypt.conf

@@ -1,13 +1,18 @@
 # proxy for unsecured traffic for letsencrypt verification
 server {
     listen  80 default_server;
-    server_name _
+    resolver 127.0.0.11 valid=30s;
+
+    #server_name _
+    #server_name xai-corp.net
+
+    set $backend http://tasks.acme_certbot_app:83;
 
     client_max_body_size 200m;
 
     location / {
         proxy_set_header Connection $http_connection;
-        proxy_pass http://dkhost.xai-corp.net:83;
+        proxy_pass $backend;
     }
 
 }

dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf

@@ -1,12 +1,12 @@
 proxy_cache_path /data/nginx/cache/xaibox levels=1:2 keys_zone=xaibox:10m max_size=10g
                  inactive=60m use_temp_path=off;
 
-upstream xaibox_upstream {
-    server tasks.xaibox_app:8083;
-
-    server xaibox.xai-corp.net:8083   backup;
-    server dkhost.xai-corp.net:8083   backup;
-}
+#upstream xaibox_upstream {
+#    server tasks.xaibox_app:8083;
+#
+#    server xaibox.xai-corp.net:8083   backup;
+#    server dkhost.xai-corp.net:8083   backup;
+#}
 
 # xaibox.xai-corp.net
 server {
@@ -16,6 +16,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
 
     client_max_body_size 200m;
+    set $backend http://xaibox_app;
 
     #Strict-Transport-Security: max-age=15768000
     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
@@ -27,7 +28,7 @@ server {
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Host $host;
         proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass http://xaibox_upstream;
+        proxy_pass $backend;
     }
 
 }

dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/fullchain.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwKgAwIBAgIULbQEK4iaDmSK8Q1YfECc68c2eScwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBlF1ZWJlYzERMA8GA1UEBwwITW9u
+dHJlYWwxGDAWBgNVBAoMD1hhaSBDb3Jwb3JhdGlvbjEUMBIGA1UECwwLRGV2ZWxv
+cG1lbnQxGTAXBgNVBAMMEHd3dy54YWktY29ycC5uZXQwHhcNMjAwNTI5MTIxNzM3
+WhcNMjEwNTI5MTIxNzM3WjB8MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGUXVlYmVj
+MREwDwYDVQQHDAhNb250cmVhbDEYMBYGA1UECgwPWGFpIENvcnBvcmF0aW9uMRQw
+EgYDVQQLDAtEZXZlbG9wbWVudDEZMBcGA1UEAwwQd3d3LnhhaS1jb3JwLm5ldDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUxDfARL54LvmZq1Ef4LAec
+K4RJhdRG6R4vNCdc7Lskb7bYNo5n5w8dx1X2Wb2j2Dt4ReXBedq3Fw4e+C8zxwSY
+XGheU98j7XRJwlOOtUokcIxiSgwF0e0mEIrtkF+J4H3Rudn/3HEdVz7c4kMxlS8a
+cEEl41hNEyEJw6d5t86mFdkht8nhsk0+6s0RA8aYHr7ruwuHyWvHbFyLgphmt+hG
+GdRNijcFWfhRm9a/DciW2rYVDpJIcpPHIUrG06vzxThuBdyaCsWHBwH1sVR3hYsi
+R7jmzu9LPFVUQpSG/d1aaWvhQ6kFlud9qCzz2yoi57qcf3lUt/22z5gSmBQ8ZNMC
+AwEAAaOBkzCBkDCBjQYDVR0RBIGFMIGCggx4YWktY29ycC5uZXSCEHd3dy54YWkt
+Y29ycC5uZXSCEGFiYy54YWktY29ycC5uZXSCEWRrdWkueGFpLWNvcnAubmV0ghBn
+aXQueGFpLWNvcnAubmV0ghRqZW5raW5zLnhhaS1jb3JwLm5ldIITeGFpYm94Lnhh
+aS1jb3JwLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEANjXv0L9pTlk5eVfmyrgQz2Uf
+qe3nLZWRpwwOwDwdI32OQWB7VJwQtp13iRsvT+91xDGrpy7R52uz5Xxmf5vPcWtt
+nh2J60oeqRIkuh+cyyBAlAElRFw5Lqk37XjAWXbRvyFiUEnTu2k2jlYq55Az/+0U
+AXUj9LJbkBLZ89ZOEe9CNnlpV1mur1wGysxpRwh+lTan0WVdSy9nYnqsx5t8EOKM
+6pUZxqJmmQk988dajVFEodb+TNom6apcbjAwymjx6ggJmCF0zAFuJ1S8EfbuK665
+B10krT5BbEcV14V4W7Jne8tgxsN5wWkxytV029gsoBVes7EzuqQhGpUQ8mQ4KQ==
+-----END CERTIFICATE-----

dockerfiles/services/sslproxy/letsencrypt/live/xai-corp.net/privkey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVMQ3wES+eC75m
+atRH+CwHnCuESYXURukeLzQnXOy7JG+22DaOZ+cPHcdV9lm9o9g7eEXlwXnatxcO
+HvgvM8cEmFxoXlPfI+10ScJTjrVKJHCMYkoMBdHtJhCK7ZBfieB90bnZ/9xxHVc+
+3OJDMZUvGnBBJeNYTRMhCcOnebfOphXZIbfJ4bJNPurNEQPGmB6+67sLh8lrx2xc
+i4KYZrfoRhnUTYo3BVn4UZvWvw3Iltq2FQ6SSHKTxyFKxtOr88U4bgXcmgrFhwcB
+9bFUd4WLIke45s7vSzxVVEKUhv3dWmlr4UOpBZbnfags89sqIue6nH95VLf9ts+Y
+EpgUPGTTAgMBAAECggEACPIcAZzXAKzBeo61BagWQON+t/hV00h+c7PLXnN5w4iN
+34BHGcamXW4EdUj3DwwXALfVRwTNVi4km4UVKPXlPf4esopyvoRFbIHD07nDRa8t
+wdZGASclXewg+ZNqYXfpoZ3xTIJ9/4kZphuiqusjtWxIlZM/bO8fBF3ihd6HpfYi
+gN/BWYWxhNnhIrctWGZmEmk1hB8oT6VWPNGaydwcorL9fHIxvfVEojByIIIqHS/K
+krZN1nlZuPRLGackUGD5xJwAAvN6xwBQOqP+Eei7jBwQEABIoDaggZYuJLfCMpPq
+7K1E7BsOtyAxXzWkW9Hrzx1VmmZYzw1uhDvU7nyesQKBgQD6vmzh4aB5r13rf0XE
+sOBbzzf/otZujcotGkcsWp0Ylqj7EgcLjvlgy+STV6m1sdAeOEsHjiwGDa+geyk5
+hFIclTlRRO8bvU3w4fsjl8qvd51cCPBwFHMQVeTubtFDKyeE3/3Bi0t1AUrAAkAg
+VGfjfjaCrCcYVegkQ983YOEu/wKBgQDZqRyEnPCxlY6FHPw04lr/vg73y05zvaBa
+bUolI6NosSjs6iXlOnpS9rR/YLVnCz3qPscu+QQEDCQokNmOSKbbsKHvtbC7CuoH
+4uP1oridxVvx004A+RNPiePnVWGtEtEB6GctFtcZsK4c6XGs69wxAmOvvzgfnkol
+3iEGABreLQKBgQDuyp0M/QAEAuOR29JIwB3asVxmIuDNxlCtZWI0tlL30Ls65+83
+rcCG04ZqX8jqlV1a+kdR+a6pUS1ZyxD2irJcMCy23cxNAZqRddTjD7LiKir9NDIu
+uvrdqr9r5rN5oUZwf5S9VnfVBRb4BuylHV0WxOMKzQIqZd2/c7fHmIa7ZwKBgQCO
+jicCZ/Nwq74zSp+YV2Q4OZd+DabtQRYEA65bErNUvytJt7VoI9u3+KKRBproyUEc
+6U71YdySdg08kFocyVKXcmEtKXd9mZFb5utclt2JX5hvkvB0zK0sG+irO42EmF1R
+fZANxPbOeZwfjXmJQtTtOF5n3bp5Yue3U3uXfXwbZQKBgFn9PZJBHDrxQ1C1+2hG
+ImKqz0Qvl79YXNTIezQynz7Fxz9UPcf9GkC5hHvD5d6pCrG7xLDGSnBdzwBZYyw/
+3dmqhAjJzzPBlRd660CNOGWt5I7pQpb66hD+///KUg8DJtwuTXKrDeE+1j+ZWSDy
+V5aOKsQb/RDKGeI0rnlTfhNt
+-----END PRIVATE KEY-----

dockerfiles/services/sslproxy/nginx.conf

@@ -2,7 +2,7 @@
 user  nginx;
 worker_processes  1;
 
-error_log  /var/log/nginx/error.log warn;
+error_log /proc/self/fd/2 info;
 pid        /var/run/nginx.pid;
 
 
@@ -19,7 +19,7 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log  main;
+    access_log  /proc/self/fd/2  main;
 
     sendfile        on;
     #tcp_nopush     on;
@@ -28,5 +28,14 @@ http {
 
     #gzip  on;
 
+    server {
+        #listen 80 default_server;
+        listen 443 default_server;
+        ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
+
+        return 421;
+    }
+
     include /etc/nginx/conf.d/*.conf;
 }