update the host files to point to accessible docker container names for backends

added testing for this, including mock backend server.
2020-06-03 22:08:52 -04:00
parent 764aa9c8ed
commit 857bf699de
21 changed files with 138 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,5 +14,5 @@ roles/vendor/

 !.idea/
 password.txt
-!/dockerfiles/services/sslproxy/letsencrypt/live/
+!/dockerfiles/services/sslproxy/certs/live/

--- a/.idea/sshConfigs.xml
+++ b/.idea/sshConfigs.xml
@@ -5,7 +5,7 @@
      <sshConfig host="192.168.2.11" id="70bdbabf-db45-47a0-b2da-6be7a975b6fa" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.22" id="c31798ce-5b4f-4118-bdf5-5cb9558d855a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="home02.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
      <sshConfig host="192.168.2.18" id="3d088a15-cbe4-479f-9805-05b8a7059f5a" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
-      <sshConfig host="192.168.2.18" id="0cb617df-eee4-4433-ba5c-874ed3d6cb97" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
+      <sshConfig host="192.168.2.18" id="a4ebeb2f-1c23-4fa8-a856-2d3c9902b799" keyPath="$USER_HOME$/.ssh/id_rsa" port="22" customName="web01.xai-corp.net" nameFormat="CUSTOM" username="ansible" />
    </configs>
  </component>
 </project>
--- a/dockerfiles/services/sslproxy/certs/xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/certs/xai-corp.net.conf
--- a/dockerfiles/services/sslproxy/cli/build
+++ b/dockerfiles/services/sslproxy/cli/build
@@ -28,24 +28,25 @@ build() {
 build_test() {
  echo -e "\e[33mtesting the image\e[39m"

-  dc up -d
+  dc up -d --force-recreate
  docker ps | grep sslproxy

-  sleep 2
-  assertBadGateway https abcapi.xai-corp.net
-  assertBadGateway https dkui.xai-corp.net
-  assertBadGateway https git.xai-corp.net
-  assertBadGateway https jenkins.xai-corp.net
-  assertBadGateway https xaibox.xai-corp.net
-  assertBadGateway https metrics.xai-corp.net
+  sleep 5
+  assertTeapot https abcapi.xai-corp.net
+  assertTeapot https dkui.xai-corp.net
+  assertTeapot https git.xai-corp.net
+  assertTeapot https jenkins.xai-corp.net
+  assertTeapot https xaibox.xai-corp.net
  assertMisdirectedRequest https not.xai-corp.net
-  assertBadGateway http xai-corp.net
-  assertBadGateway http abcapi.xai-corp.net
-  assertBadGateway http dkui.xai-corp.net
-  assertBadGateway http git.xai-corp.net
-  assertBadGateway http jenkins.xai-corp.net
-  assertBadGateway http xaibox.xai-corp.net
-  assertBadGateway http metrics.xai-corp.net
+
+  #cert renewal
+  assertTeapot http xai-corp.net
+  assertTeapot http abcapi.xai-corp.net
+  assertTeapot http dkui.xai-corp.net
+  assertTeapot http git.xai-corp.net
+  assertTeapot http jenkins.xai-corp.net
+  assertTeapot http xaibox.xai-corp.net
+  assertTeapot http metrics.xai-corp.net
 }

 function assertMisdirectedRequest() {
@@ -53,7 +54,7 @@ function assertMisdirectedRequest() {
  domain=$2
  set -e
  echo -e "\033[94m${proto}://${domain}\033[39m testing for mistrected request"
-  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
+  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "421 Misdirected Request"
 }

 function assertBadGateway() {
@@ -61,7 +62,16 @@ function assertBadGateway() {
  domain=$2
  set -e
  echo -e "\033[94m${proto}://${domain}\033[39m"
-  curl --no-progress-meter -skH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
+  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "502 Bad Gateway"
+}
+
+
+function assertTeapot() {
+  proto=$1
+  domain=$2
+  set -e
+  echo -e "\033[94m${proto}://${domain}\033[39m"
+  curl --no-progress-meter -IskH "Host: ${domain}" "${proto}://localhost" | tee "$LOG" | grep "418"
 }

 build_save() {
--- a/dockerfiles/services/sslproxy/cli/create-cert
+++ b/dockerfiles/services/sslproxy/cli/create-cert
@@ -3,7 +3,7 @@ set -e

 echo -e "\033[36mCreate\033[39m: self-signed certificates"

-CERTS_DIR=letsencrypt/live/xai-corp.net
+CERTS_DIR=certs/live/xai-corp.net

 function make_cert() {
 mkdir -p $CERTS_DIR
@@ -11,7 +11,7 @@ mkdir -p $CERTS_DIR
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \
  -keyout $CERTS_DIR/privkey.pem \
  -out $CERTS_DIR/fullchain.pem \
-  -config certs/localhost.conf
+  -config certs/xai-corp.net.conf

 #tell chrome to trust the cert
  certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "www.xai-corp.net" -i $CERTS_DIR/fullchain.pem
--- a/dockerfiles/services/sslproxy/cli/exec
+++ b/dockerfiles/services/sslproxy/cli/exec
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -e
+
+export DOCKER_HOST=${DOCKER_HOST:-'dkhost:2376'}
+
+docker exec $@
+#docker network inspect ingress
--- a/dockerfiles/services/sslproxy/cli/exec.help
+++ b/dockerfiles/services/sslproxy/cli/exec.help
@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/exec.usage
+++ b/dockerfiles/services/sslproxy/cli/exec.usage
@@ -0,0 +1 @@
+ARGS...
--- a/dockerfiles/services/sslproxy/cli/up
+++ b/dockerfiles/services/sslproxy/cli/up
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -e
+#set -x
+
+LOCAL_IMAGE=sslproxy
+TAG=2.2.${BUILD_NUMBER:-dev}
+REMOTE_IMAGE=dkregistry.xai-corp.net:5000/${LOCAL_IMAGE}:${TAG}
+
+LOG=$(mktemp)
+
+export LOCAL_IMAGE
+export REMOTE_IMAGE
+export TAG
+
+    # shellcheck disable=SC2068
+    docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose.build.yml \
+    up $@
--- a/dockerfiles/services/sslproxy/cli/up.help
+++ b/dockerfiles/services/sslproxy/cli/up.help
@@ -0,0 +1,3 @@
+ARGS  - The arguments you wish to provide to this command
+
+TODO: Fill out the help information for this command.
--- a/dockerfiles/services/sslproxy/cli/up.usage
+++ b/dockerfiles/services/sslproxy/cli/up.usage
@@ -0,0 +1 @@
+ARGS...
--- a/dockerfiles/services/sslproxy/docker-compose.build.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.build.yml
@@ -7,3 +7,19 @@ services:
    build:
      context: .
      dockerfile: Dockerfile
+
+
+  mock:
+    image: library/nginx:alpine
+    volumes:
+      - ./test.conf:/etc/nginx/nginx.conf
+    networks:
+      default:
+        aliases:
+          - abc-api_nginx
+          - dkui_app
+          - gitea_app
+          - jenkins_app
+          - sslproxy_renew
+          - xaibox_app
+
--- a/dockerfiles/services/sslproxy/docker-compose.yml
+++ b/dockerfiles/services/sslproxy/docker-compose.yml
@@ -14,15 +14,10 @@ services:
  app:
    image: ${LOCAL_IMAGE}:${TAG}
    volumes:
-      - ./letsencrypt:/etc/letsencrypt
+      - ./certs:/etc/letsencrypt
      - ./hosts:/etc/nginx/conf.d:ro
      - ./nginx.conf:/etc/nginx/nginx.conf
      - cache:/data/nginx/cache
    ports:
      - 443:443
      - 80:80
-
-#  certbot:
-#    image: "dkregistry.xai-corp.net:5000/sslproxy:latest"
-#    build:
-#      context: certbot
--- a/dockerfiles/services/sslproxy/hosts-disabled/metrics.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts-disabled/metrics.xai-corp.net.conf
@@ -17,6 +17,11 @@ server {

    client_max_body_size 200m;

+    # this is the internal Docker DNS, cache only for 30s
+    resolver 127.0.0.11 valid=5s;
+
+    set $backend http://metrics_app:3001;
+
    #Strict-Transport-Security: max-age=15768000
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;

--- a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
@@ -8,7 +8,7 @@ proxy_cache_path /data/nginx/cache/abcapi levels=1:2 keys_zone=abcapi:10m max_si

 server {
    # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;

    set $backend http://abc-api_nginx;

--- a/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf
@@ -8,9 +8,9 @@ proxy_cache_path /data/nginx/cache/dkui levels=1:2 keys_zone=dkui:10m max_size=1
 # dkui.xai-corp.net
 server {
    # this is the internal Docker DNS, cache only for 30s
-    resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;

-    set $backend http://tasks.dkui_app:9000;
+    set $backend http://dkui_app:9000;

 #    listen  443 ssl ipv6only=off;
    listen  443 ssl;
--- a/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf
@@ -7,9 +7,10 @@ server {
    server_name git.xai-corp.net;

    # this is the internal Docker DNS, cache only for 30s
-    #resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;

-    set $backend http://dkhost.xai-corp.net:10080;
+    set $backend http://gitea_app:10080;
+    #set $backend http://dkhost.xai-corp.net:10080;

    ssl_certificate     /etc/letsencrypt/live/xai-corp.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;
--- a/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf
@@ -4,9 +4,9 @@ proxy_cache_path /data/nginx/cache/jenkins levels=1:2 keys_zone=jenkins:10m max_
 # jenkins.xai-corp.net
 server {
    # this is the internal Docker DNS, cache only for 30s
-    #resolver 127.0.0.11 valid=30s;
+    resolver 127.0.0.11 valid=5s;

-    set $backend http://dkhost.xai-corp.net:8080;
+    set $backend http://jenkins_app:8080;

    listen  443 ssl;
    server_name jenkins.xai-corp.net;
--- a/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
+++ b/dockerfiles/services/sslproxy/hosts/letsencrypt.conf
@@ -6,7 +6,7 @@ server {
    #server_name _
    #server_name xai-corp.net

-    set $backend http://tasks.acme_certbot_app:83;
+    set $backend http://sslproxy_renew:80;

    client_max_body_size 200m;

--- a/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf
@@ -16,6 +16,9 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;

    client_max_body_size 200m;
+
+    # this is the internal Docker DNS, cache only for 30s
+    resolver 127.0.0.11 valid=5s;
    set $backend http://xaibox_app;

    #Strict-Transport-Security: max-age=15768000
--- a/dockerfiles/services/sslproxy/test.conf
+++ b/dockerfiles/services/sslproxy/test.conf
@@ -0,0 +1,39 @@
+
+user  nginx;
+worker_processes  1;
+
+error_log /proc/self/fd/2 info;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /proc/self/fd/2  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen 80 default_server;
+        listen 10080 default_server;
+        listen 8080 default_server;
+        listen 9000 default_server;
+
+        return 418;
+    }
+}