From 771dfabd69926fdf192efd84c41b06776e9512f2 Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Sun, 31 Dec 2017 13:00:40 -0500
Subject: [PATCH] add abcapi to sslproxy

---
 .../letsencrypt/docker-compose-install.yml    |  3 +-
 .../letsencrypt/docker-compose-update.yml     | 11 +++++--
 .../services/postgres/docker-compose.yml      | 12 -------
 .../services/memcached/docker-compose.yml     |  3 +-
 .../services/postgres/docker-compose.yml      | 32 +++++++++++++++++++
 .../services/sslproxy/docker-compose-prod.yml | 19 +++++++++--
 .../services/sslproxy/docker-compose.yml      |  4 +--
 .../sslproxy/hosts/abcapi.xai-corp.net.conf   | 14 ++++++++
 .../templates/xai-corp.net.internal.j2        |  1 +
 9 files changed, 77 insertions(+), 22 deletions(-)
 delete mode 100644 dockerfiles/services/postgres/docker-compose.yml
 create mode 100644 dockerfiles/services/services/postgres/docker-compose.yml
 create mode 100644 dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf

diff --git a/dockerfiles/services/letsencrypt/docker-compose-install.yml b/dockerfiles/services/letsencrypt/docker-compose-install.yml
index cd9ae55..7b4e3a6 100644
--- a/dockerfiles/services/letsencrypt/docker-compose-install.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose-install.yml
@@ -14,7 +14,7 @@ services:
       - 83:80
 #      - 443:443
     volumes:
-      - /opt/shared/letsencrypt:/etc/letsencrypt
+      - /opt/shared/letsencrypt-2:/etc/letsencrypt
     environment:
       LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
       LETSENCRYPT_HTTPS_ENABLED: "false"
@@ -32,6 +32,7 @@ services:
       LETSENCRYPT_DOMAIN9: office.xai-corp.net
       LETSENCRYPT_DOMAIN10: www.xai-corp.net
       LETSENCRYPT_DOMAIN11: mail.xai-corp.net
+      LETSENCRYPT_DOMAIN12: abcapi.xai-corp.net
     command:
       - install
       - --expand
diff --git a/dockerfiles/services/letsencrypt/docker-compose-update.yml b/dockerfiles/services/letsencrypt/docker-compose-update.yml
index e3a33d2..b852a12 100644
--- a/dockerfiles/services/letsencrypt/docker-compose-update.yml
+++ b/dockerfiles/services/letsencrypt/docker-compose-update.yml
@@ -9,18 +9,19 @@ version: '3'
 services:
 
   updates:
-    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
+#    image: "dkregistry.xai-corp.net:5000/letsencrypt:latest"
+    image: "blacklabelops/letsencrypt"
     ports:
       - 83:80
 #      - 443:443
     volumes:
-      - /opt/shared/letsencrypt:/etc/letsencrypt
+      - /opt/shared/letsencrypt-2:/etc/letsencrypt
     environment:
       LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
       LETSENCRYPT_HTTPS_ENABLED: "false"
       LETSENCRYPT_TESTCERT: "false"
       LETSENCRYPT_DEBUG: "true"
-      LETSENCRYPT_JOB_TIME: "0 1 */12 * * 0"
+      LETSENCRYPT_JOB_TIME: "0 */30 * * * 0"
       LETSENCRYPT_DOMAIN1: xai-corp.net
       LETSENCRYPT_DOMAIN2: git.xai-corp.net
       LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
@@ -32,6 +33,10 @@ services:
       LETSENCRYPT_DOMAIN9: office.xai-corp.net
       LETSENCRYPT_DOMAIN10: www.xai-corp.net
       LETSENCRYPT_DOMAIN11: mail.xai-corp.net
+      LETSENCRYPT_DOMAIN12: abcapi.xai-corp.net
+    command:
+      - newcert
+      - --expand
 
     deploy:
       mode: replicated
diff --git a/dockerfiles/services/postgres/docker-compose.yml b/dockerfiles/services/postgres/docker-compose.yml
deleted file mode 100644
index 03efbad..0000000
--- a/dockerfiles/services/postgres/docker-compose.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-version: '2'
-services:
-  postgres:
-    container_name: postgres-9.6
-    restart: always
-    image: "postgres:9.6-alpine"
-    volumes:
-      - /opt/shared/postgres/data:/data
-    ports:
-      - "5432:5432"
-    environment:
-      - POSTGRES_PASSWORD=alphapass1
diff --git a/dockerfiles/services/services/memcached/docker-compose.yml b/dockerfiles/services/services/memcached/docker-compose.yml
index 2cf89a4..90190d4 100644
--- a/dockerfiles/services/services/memcached/docker-compose.yml
+++ b/dockerfiles/services/services/memcached/docker-compose.yml
@@ -2,6 +2,7 @@
 # docker-compose file for memcached
 # DOCKER_HOST=dkhost:2376 docker-compose up -d
 # DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+# DOCKER_HOST=dkhost:2376 docker service ps services_memcached
 
 version: '3'
 services:
@@ -16,7 +17,7 @@ services:
 
     deploy:
       mode: replicated
-      replicas: 1
+      replicas: 3
       restart_policy:
         condition: any
         delay: "1s"
diff --git a/dockerfiles/services/services/postgres/docker-compose.yml b/dockerfiles/services/services/postgres/docker-compose.yml
new file mode 100644
index 0000000..80ae671
--- /dev/null
+++ b/dockerfiles/services/services/postgres/docker-compose.yml
@@ -0,0 +1,32 @@
+# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
+# DOCKER_HOST=dkhost:2376 docker service ps services_postgres
+
+version: '3'
+services:
+  postgres:
+    volumes:
+      - /opt/shared/postgres/data:/data
+    image: postgres:alpine
+    environment:
+      POSTGRES_PASSWORD: snqioxni1sw
+      POSTGRES_USER: xaicorp_admin
+      POSTGRES_DB: xaicorp_default
+    ports:
+      - 5432:5432
+
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: any
+        delay: "1s"
+        max_attempts: 1
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 128M
+
+networks:
+  default:
+    external:
+      name: prod-private
diff --git a/dockerfiles/services/sslproxy/docker-compose-prod.yml b/dockerfiles/services/sslproxy/docker-compose-prod.yml
index a9b6d89..49368c9 100644
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml
@@ -1,18 +1,19 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
 # docker login dkregistry.xai-corp.net:5000
-# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
+# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.1
 # DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
 # DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
 
 version: '3'
 services:
   app:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
+    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
     volumes:
       - /opt/shared/letsencrypt-2:/etc/letsencrypt:ro
     ports:
       - "443:443"
+      - "80:80" # required for letsencrypt
 
 #    logging:
 #      driver: syslog
@@ -37,7 +38,7 @@ services:
       mode: global
       restart_policy:
         condition: any
-        delay: 5s
+        delay: 6s
         max_attempts: 10
 #      update_config:
 #        parallelism: 2
@@ -50,3 +51,15 @@ services:
 
       labels:
         net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers
+
+    networks:
+    - ingress
+    - prod-private
+
+networks:
+  ingress:
+    external:
+      name: ingress
+  prod-private:
+    external:
+      name: prod-private
diff --git a/dockerfiles/services/sslproxy/docker-compose.yml b/dockerfiles/services/sslproxy/docker-compose.yml
index 38442dd..e2bcaa1 100644
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -1,7 +1,7 @@
 ---
 # DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
 # docker login dkregistry.xai-corp.net:5000
-# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
+# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.1
 # DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose.yml sslproxy
 # DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
 
@@ -9,7 +9,7 @@ version: '3'
 services:
 
   app:
-    image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
+    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
     build:
       context: .
       dockerfile: Dockerfile
diff --git a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
new file mode 100644
index 0000000..02b85e9
--- /dev/null
+++ b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
@@ -0,0 +1,14 @@
+server {
+    listen  443 ssl ipv6only=off;
+    server_name abcapi.xai-corp.net;
+    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
+
+    #Strict-Transport-Security: max-age=15768000
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+
+    location / {
+        proxy_pass http://abc-api_nginx;
+    }
+
+}
diff --git a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
index 7075f0e..36c1368 100644
--- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -61,4 +61,5 @@ xaibox                  IN CNAME    dkhost
 office                  IN CNAME    dkhost
 www                     IN CNAME    dkhost
 mail                    IN CNAME    dkhost
+abcapi                  IN CNAME    dkhost
 ; xai-corp.net.           IN CNAME    dkhost