update the host files to point to accessible docker container names for backends

added testing for this, including mock backend server.
2020-06-03 22:08:52 -04:00
parent 764aa9c8ed
commit 857bf699de
21 changed files with 138 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,5 +14,5 @@ roles/vendor/
 !.idea/
 password.txt
-!/dockerfiles/services/sslproxy/letsencrypt/live/
+!/dockerfiles/services/sslproxy/certs/live/
--- a/.idea/sshConfigs.xml
+++ b/.idea/sshConfigs.xml
@@ -5,7 +5,7 @@
      <sshConfig host="192.168.2.11" id="70bdbabf-db45-47a0-b2da-6be7a975b6fa" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.22" id="c31798ce-5b4f-4118-bdf5-5cb9558d855a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home02.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.18" id="3d088a15-cbe4-479f-9805-05b8a7059f5a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
-      <sshConfig host="192.168.2.18" id="0cb617df-eee4-4433-ba5c-874ed3d6cb97" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
+      <sshConfig host="192.168.2.18" id="a4ebeb2f-1c23-4fa8-a856-2d3c9902b799" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
    </configs>
  </component>
 </project>
--- a/dockerfiles/services/sslproxy/certs/xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/certs/xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/cli/build
+++ b/dockerfiles/services/sslproxy/cli/build
@@ -28,24 +28,25 @@ build() {
 build_test() {
  echo -e "\e[33mtesting the image\e[39m"
-  dc up -d
+  dc up -d --force-recreate
  docker ps | grep sslproxy
-  sleep 2
+  sleep 5
-  assertBadGateway https abcapi.xai-corp.net
+  assertTeapot https abcapi.xai-corp.net
-  assertBadGateway https dkui.xai-corp.net
+  assertTeapot https dkui.xai-corp.net
-  assertBadGateway https git.xai-corp.net
+  assertTeapot https git.xai-corp.net
-  assertBadGateway https jenkins.xai-corp.net
+  assertTeapot https jenkins.xai-corp.net
-  assertBadGateway https xaibox.xai-corp.net
+  assertTeapot https xaibox.xai-corp.net
  assertBadGateway https metrics.xai-corp.net
  assertMisdirectedRequest https not.xai-corp.net
-  assertBadGateway http xai-corp.net
+
-  assertBadGateway http abcapi.xai-corp.net
+  #cert renewal
-  assertBadGateway http dkui.xai-corp.net
+  assertTeapot http xai-corp.net
-  assertBadGateway http git.xai-corp.net
+  assertTeapot http abcapi.xai-corp.net
-  assertBadGateway http jenkins.xai-corp.net
+  assertTeapot http dkui.xai-corp.net
-  assertBadGateway http xaibox.xai-corp.net
+  assertTeapot http git.xai-corp.net
-  assertBadGateway http metrics.xai-corp.net
+  assertTeapot http jenkins.xai-corp.net
  assertTeapot http xaibox.xai-corp.net
  assertTeapot http metrics.xai-corp.net
 }
 function assertMisdirectedRequest() {
@@ -53,7 +54,7 @@ function assertMisdirectedRequest() {
  domain=$2
  set -e
  echo -e "\033[94m${proto}://${domain}\033[39m testing for mistrected request"
-  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
+  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
 }
 function assertBadGateway() {
@@ -61,7 +62,16 @@ function assertBadGateway() {
  domain=$2
  set -e
  echo -e "\033[94m${proto}://${domain}\033[39m"
-  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
+  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
 }
 function assertTeapot() {
  proto=$1
  domain=$2
  set -e
  echo -e "\033[94m${proto}://${domain}\033[39m"
  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "418"
 }
 build_save() {
--- a/dockerfiles/services/sslproxy/cli/create-cert
+++ b/dockerfiles/services/sslproxy/cli/create-cert
@@ -3,7 +3,7 @@ set -e
 echo -e "\033[36mCreate\033[39m: self-signed certificates"
-CERTS_DIR=letsencrypt/live/xai-corp.net
+CERTS_DIR=certs/live/xai-corp.net
 function make_cert() {
 mkdir -p $CERTS_DIR
@@ -11,7 +11,7 @@ mkdir -p $CERTS_DIR
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
  -keyout $CERTS_DIR/privkey.pem \
  -out $CERTS_DIR/fullchain.pem \
-  -config certs/localhost.conf
+  -config certs/xai-corp.net.conf
 #tell chrome to trust the cert
  certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "www.xai-corp.net" -i $CERTS_DIR/fullchain.pem
--- a/dockerfiles/services/sslproxy/cli/exec
+++ b/dockerfiles/services/sslproxy/cli/exec
@@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 set -e
 export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
 docker exec $@
 #docker network inspect ingress
--- a/dockerfiles/services/sslproxy/cli/exec.help
+++ b/dockerfiles/services/sslproxy/cli/exec.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/exec.usage
+++ b/dockerfiles/services/sslproxy/cli/exec.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/cli/up
+++ b/dockerfiles/services/sslproxy/cli/up
@@ -0,0 +1,19 @@
 #!/usr/bin/env bash
 set -e
 #set -x
 LOCAL_IMAGE=sslproxy
 TAG=2.2.${BUILD_NUMBER:-dev}
 REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
 LOG=$(mktemp)
 export LOCAL_IMAGE
 export REMOTE_IMAGE
 export TAG
    # shellcheck disable=SC2068
    docker-compose \
    -f docker-compose.yml \
    -f docker-compose.build.yml \
    up $@
--- a/dockerfiles/services/sslproxy/cli/up.help
+++ b/dockerfiles/services/sslproxy/cli/up.help
@@ -0,0 +1,3 @@
 ARGS  - The arguments you wish to provide to this command
 TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/up.usage
+++ b/dockerfiles/services/sslproxy/cli/up.usage
@@ -0,0 +1 @@
 ARGS...
--- a/dockerfiles/services/sslproxy/docker-compose.build.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.build.yml
@@ -7,3 +7,19 @@ services:
    build:
      context: .
      dockerfile: Dockerfile
  mock:
    image: library/nginx:alpine
    volumes:
      - ./test.conf:/etc/nginx/nginx.conf
    networks:
      default:
        aliases:
          - abc-api_nginx
          - dkui_app
          - gitea_app
          - jenkins_app
          - sslproxy_renew
          - xaibox_app
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -14,15 +14,10 @@ services:
  app:
    image: ${LOCAL_IMAGE}:${TAG}
    volumes:
-      - ./letsencrypt:/etc/letsencrypt
+      - ./certs:/etc/letsencrypt
      - ./hosts:/etc/nginx/conf.d:ro
      - ./nginx.conf:/etc/nginx/nginx.conf
      - cache:/data/nginx/cache
    ports:
      - 443:443
      - 80:80
 #  certbot:
 #    image: "dkregistry.xai-corp.net:5000/sslproxy:latest"
 #    build:
 #      context: certbot
--- a/dockerfiles/services/sslproxy/hosts-disabled/metrics.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/metrics.xai-corp.net.conf
@@ -17,6 +17,11 @@ server {
    client_max_body_size 200m;
    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=5s;
    set $backend http://metrics_app:3001;
    #Strict-Transport-Security: max-age=15768000
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
--- a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
@@ -8,7 +8,7 @@ proxy_cache_path /data/nginx/cache/abcapi levels=1:2 keys_zone=abcapi:10m max_si
 server {
    # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;
    set $backend http://abc-api_nginx;
--- a/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
@@ -8,9 +8,9 @@ proxy_cache_path /data/nginx/cache/dkui levels=1:2 keys_zone=dkui:10m max_size=1
 # dkui.xai-corp.net
 server {
    # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;
-    set $backend http://tasks.dkui_app:9000;
+    set $backend http://dkui_app:9000;
 #    listen  443 ssl ipv6only=off;
    listen  443 ssl;
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -7,9 +7,10 @@ server {
    server_name git.xai-corp.net;
    # this is the internal Docker DNS, cache only for 30s
-    #resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;
-    set $backend http://dkhost.xai-corp.net:10080;
+    set $backend http://gitea_app:10080;
    #set $backend http://dkhost.xai-corp.net:10080;
    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
--- a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
@@ -4,9 +4,9 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_
 # jenkins.xai-corp.net
 server {
    # this is the internal Docker DNS, cache only for 30s
-    #resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;
-    set $backend http://dkhost.xai-corp.net:8080;
+    set $backend http://jenkins_app:8080;
    listen  443 ssl;
    server_name jenkins.xai-corp.net;
--- a/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
+++ b/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
@@ -6,7 +6,7 @@ server {
    #server_name _
    #server_name xai-corp.net
-    set $backend http://tasks.acme_certbot_app:83;
+    set $backend http://sslproxy_renew:80;
    client_max_body_size 200m;
--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -16,6 +16,9 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
    client_max_body_size 200m;
    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=5s;
    set $backend http://xaibox_app;
    #Strict-Transport-Security: max-age=15768000
--- a/dockerfiles/services/sslproxy/test.conf
+++ b/dockerfiles/services/sslproxy/test.conf
@@ -0,0 +1,39 @@
 user  nginx;
 worker_processes  1;
 error_log /proc/self/fd/2 info;
 pid        /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /proc/self/fd/2  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    server {
        listen 80 default_server;
        listen 10080 default_server;
        listen 8080 default_server;
        listen 9000 default_server;
        return 418;
    }
 }
		`@@ -0,0 +1,3 @@`
							`ARGS - The arguments you wish to provide to this command`

							`TODO: Fill out the help information for this command.`