refactor docker swarm to use just home without workers for now

add caching at nginx level for portainer and gitea
2018-04-07 08:11:23 -04:00
parent 3ed65eefe9
commit 83ec6809d6
45 changed files with 438 additions and 192 deletions
--- a/dockerfiles/services/sslproxy/build.sh
+++ b/dockerfiles/services/sslproxy/build.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -ex
+
+docker login -u richard -p $DKREGISTRY_PASS http://$DKREGISTRY
+
+(docker-compose -f docker-compose.yml build)
+
+docker push dkregistry.xai-corp.net:5000/sslproxy:2.1
--- a/dockerfiles/services/sslproxy/deploy.sh
+++ b/dockerfiles/services/sslproxy/deploy.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -ex
+
+export DOCKER_HOST=dkmanager:2376
+
+docker login -u richard -p $DKREGISTRY_PASS $DKREGISTRY
+
+docker stack deploy --with-registry-auth --prune -c docker-compose-prod.yml sslproxy
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml
@@ -6,27 +6,25 @@
 # DOCKER_HOST=dkhost:2376 docker stack ps sslproxy

 version: '3.4'
+volumes:
+  cache:
+
 services:
  app:
    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
    volumes:
      - /opt/shared/letsencrypt-2:/etc/letsencrypt:ro
+      - cache:/data/nginx/cache
    ports:
      - "443:443"
      - "80:80" # required for letsencrypt
-
+#
 #    logging:
-#      driver: syslog
+#      driver: fluentd
 #      options:
-#        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
-#        tag: "{{.Name}}/{{.ID}}"
-
-    logging:
-      driver: fluentd
-      options:
-        fluentd-address: "logs.xai-corp.net:24224"
-        fluentd-async-connect: 'true'
-        tag: sslproxy
+#        fluentd-address: "logs.xai-corp.net:24224"
+#        fluentd-async-connect: 'true'
+#        tag: sslproxy

 #    logging:
 #      driver: syslog
@@ -34,8 +32,16 @@ services:
 #        syslog-address: "udp://logs.xai-corp.net:31514"
 #        tag: sslproxy

+#    logging:
+#      driver: syslog
+#      options:
+#        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
+#        tag: "{{.Name}}/{{.ID}}"
+
+
    deploy:
-      mode: global
+      mode: replicated
+      replicas: 1
      restart_policy:
        condition: any
        delay: 6s
@@ -52,6 +58,14 @@ services:
      labels:
        net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers

+    networks:
+      - prod_ui
+
+networks:
+  prod_ui:
+    external:
+      name: prod_ui
+
 #    networks:
 #    - ingress
 #    - prod
--- a/dockerfiles/services/sslproxy/hosts-disabled/abcapi.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/abcapi.xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/hosts-disabled/dkregistry.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/dkregistry.xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/fs.xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/hosts-disabled/jenkins.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/jenkins.xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/hosts-disabled/letsencrypt.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/letsencrypt.conf
--- a/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
@@ -1,6 +1,16 @@
+proxy_cache_path /data/nginx/cache/dkui levels=1:2 keys_zone=dkui:10m max_size=10g
+                 inactive=60m use_temp_path=off;
+
+upstream portainer_upstream {
+    server tasks.dkui_app:9000;
+
+    server dkhost.xai-corp.net:9000   backup;
+}
+
 # dkui.xai-corp.net
 server {
-    listen  443 ssl ipv6only=off;
+#    listen  443 ssl ipv6only=off;
+    listen  443 ssl;
    server_name dkui.xai-corp.net;
    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
@@ -15,7 +25,10 @@ server {
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Host $host;
        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass http://dkhost.xai-corp.net:9000;
+        proxy_pass http://portainer_upstream;
+
+        proxy_connect_timeout   3s;
+#        proxy_next_upstream_timeout 1.5s;
    }

 }
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -1,3 +1,12 @@
+proxy_cache_path /data/nginx/cache/gitea levels=1:2 keys_zone=gitea:10m max_size=10g
+                 inactive=60m use_temp_path=off;
+
+upstream gitea_upstream {
+    server tasks.gitea_app:10080;
+
+    server dkhost.xai-corp.net:10080   backup;
+}
+
 # git.xai-corp.net
 server {
    listen  443 ssl ipv6only=off;
@@ -9,7 +18,6 @@ server {
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

    location / {
-        proxy_pass http://dkhost.xai-corp.net:10080;
+        proxy_pass http://gitea_upstream;
    }
-
 }
--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -1,6 +1,16 @@
+proxy_cache_path /data/nginx/cache/xaibox levels=1:2 keys_zone=xaibox:10m max_size=10g
+                 inactive=60m use_temp_path=off;
+
+upstream xaibox_upstream {
+    server tasks.xaibox_web:8083;
+
+    server xaibox.xai-corp.net:8083   backup;
+    server dkhost.xai-corp.net:8083   backup;
+}
+
 # xaibox.xai-corp.net
 server {
-    listen  443 ssl ipv6only=off;
+    listen  443 ssl;
    server_name xaibox.xai-corp.net;
    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
@@ -12,7 +22,7 @@ server {

    location / {
        proxy_set_header Connection $http_connection;
-        proxy_pass http://dkhost.xai-corp.net:8083;
+        proxy_pass http://xaibox_upstream;
    }

 }