xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

reworked letsencrypt to use docker containers instead of certbot on the host.

Browse Source
This commit is contained in:
richard
2017-10-02 06:32:53 -04:00
parent de1e0d66c3
commit 92950ffd2d
57 changed files with 632 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
dockerfiles/services/dkregistry/docker-compose.yml Normal file
View File

@@ -0,0 +1,41 @@
---
# docker-compose file for logstash
# - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
#
# DOCKER_HOST=dkhost03:2376 docker-compose up -d
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services
version: '3'
services:
registry:
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_HTTP_SECRET: aabuioqlwlcpp2
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/live/dkregistry.xai-corp.net/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/live/dkregistry.xai-corp.net/privkey.pem
# REGISTRY_HTTP_LETSENCRYPT_CACHEFILE: /var/run/letsencrypt.cache
# REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
REGISTRY_HTTP_HOST: https://dkregistry.xai-corp.net:5000
# REGISTRY_HTTP_ADDR: dkregistry.xai-corp.net:5000
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /opt/shared/dkregistry/data:/var/lib/registry
- /etc/letsencrypt:/certs
- /opt/shared/dkregistry/auth:/auth
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 15
resources:
limits:
cpus: '0.1'
memory: 256M

3
dockerfiles/services/filesystem/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM kyma/docker-nginx
COPY src/ /var/www
CMD 'nginx'

0
dockerfiles/services/filesystem/docker.vhost.conf Normal file
View File

24
dockerfiles/services/gitea/docker-compose.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml sslproxy
version: '3'
services:
app:
image: "gitea/gitea:latest"
volumes:
- /var/lib/gitea:/data
ports:
- "10022:22"
- "10080:3000"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "5s"
max_attempts: 3
labels:
net.xai-corp.sslproxy.description: proxy ssl calls to non ssl containers

50
dockerfiles/services/graylog/docker-compose.yml Normal file
View File

@@ -0,0 +1,50 @@
---
# docker-compose file for graylog
# DOCKER_HOST=dkhost03:2376 docker-compose up -d
# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml graylog
version: '3'
services:
graylog:
image: graylog2/server:latest
volumes:
- /opt/shared/graylog/data/journal:/usr/share/graylog/data/journal
- /opt/shared/graylog/config:/usr/share/graylog/data/config
environment:
GRAYLOG_PASSWORD_SECRET: gsahu1dj901hdaiuafg3g1q
GRAYLOG_ROOT_PASSWORD_SHA2: d0fc133359968fbc38a267f29606c9dc805af7bcc231df9b9acd2e8e6e894ede
GRAYLOG_WEB_ENDPOINT_URI: https://logs.xai-corp.net/api/
GRAYLOG_REST_LISTEN_URI: http://0.0.0.0:9000/api/
GRAYLOG_MONGODB_URI: mongodb://mongo/graylog
GRAYLOG_ELASTICSEARCH_CLUSTER_NAME: es.xai-corp.net
depends_on:
- mongo
- elasticsearch
ports:
- "10090:9000"
- "12201:12201/udp"
- "1514:1514/udp"
- "514:514/udp"
# logging:
# driver: gelf
# options:
# gelf-address: "udp://logs.xai-corp.net:12201"
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: none
delay: "1s"
max_attempts: 3
resources:
limits:
cpus: '1'
memory: 1G
networks:
default:
external:
name: prod-private

28
dockerfiles/services/jenkins/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml jenkins
version: '3'
services:
app:
# restart: always
privileged: true
image: "jenkins:alpine"
volumes:
- /var/lib/jenkins:/var/jenkins_home
ports:
- "8080:8080"
- "50000:50000"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "5s"
max_attempts: 1
networks:
default:
external:
name: prod-private

18
dockerfiles/services/jira/docker-compose.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# https://hub.docker.com/r/cptactionhank/atlassian-jira/
# docker run --detach --publish 8080:8080 cptactionhank/atlassian-jira:latest
# DOCKER_HOST=dkhost02:2376 docker-compose up -d
version: '2'
services:
app:
restart: always
privileged: true
image: "cptactionhank/atlassian-jira:latest"
# volumes:
# - /var/atlassian/jira
# - /opt/atlassian/jira/logs
ports:
# - "80:80"
- "8088:8080"

48
dockerfiles/services/letsencrypt/docker-compose-staging-install.yml Normal file
View File

@@ -0,0 +1,48 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

45
dockerfiles/services/letsencrypt/docker-compose-staging-update.yml Normal file
View File

@@ -0,0 +1,45 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-staging-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

47
dockerfiles/services/letsencrypt/docker-compose-update.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt:/etc/letsencrypt
environment:
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_TESTCERT: "true"
LETSENCRYPT_DEBUG: "true"
LETSENCRYPT_JOB_TIME: "0 0 1 15 * *"
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

84
dockerfiles/services/letsencrypt/docker-compose.yml Normal file
View File

@@ -0,0 +1,84 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

48
dockerfiles/services/letsencrypt/readme.md Normal file
View File

@@ -0,0 +1,48 @@
#Letsencrypt container
run this as a regular container via cron job
note that this container only takes 2 parameters, so we can use --staging and --merge. maybe we should build our own.
todo: set this up as a cron
#install new certs
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt install
```
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt_updates \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt
```

5
dockerfiles/services/logstash/Dockerfile Normal file
View File

@@ -0,0 +1,5 @@
FROM docker.elastic.co/logstash/logstash:5.4.1
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
ADD ./pipeline /usr/share/logstash/pipeline/
ADD ./config /usr/share/logstash/config/

0
dockerfiles/services/logstash/config/logstash.yml Normal file
View File

33
dockerfiles/services/logstash/docker-compose.yml Normal file
View File

@@ -0,0 +1,33 @@
---
# docker-compose file for logstash
# - see https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
#
# DOCKER_HOST=dkhost03:2376 docker-compose up -d
# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml services
version: '3'
services:
logstash:
build:
context: .
image: "dkregistry.xai-corp.net/services/logstash"
# command: "elasticsearch -Des.cluster.name='es.xai-corp.net'"
# volumes:
# - /opt/shared/logstash/pipeline/:/usr/share/logstash/pipeline/
ports:
# - "9350:9350"
# - "9300:9300"
- "9200:9200"
# - "10091:80"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 3
resources:
limits:
cpus: '1'
memory: 512M

14
dockerfiles/services/orangescrum/docker-compose.yml Normal file
View File

@@ -0,0 +1,14 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
version: '2'
services:
app:
restart: always
# privileged: true
image: "orangescrum/official"
ports:
- "8085:80"
# - "80:80"
entrypoint:
- start.sh

4
dockerfiles/services/owncloud/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM nextcloud:12
RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*

51
dockerfiles/services/owncloud/docker-compose-prod.yml Normal file
View File

@@ -0,0 +1,51 @@
---
# docker-compose file for owncloud server
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-prod.yml owncloud
version: '3'
services:
owncloud:
image: dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
ports:
- 8083:80
# - 9083:9000
volumes:
- /opt/shared/nextcloud/data:/var/www/html/data
- /opt/shared/nextcloud/config:/var/www/html/config
- /opt/shared/nextcloud/apps:/var/www/html/custom_apps
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 5
resources:
limits:
cpus: '1'
memory: 512M
collabora:
image: collabora/code
ports:
- 9980:9980
environment:
domain: office\\.xai-corp\\.net
username: admin
password: ah8031qhnbc
server_name: office.xai-corp.net
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: "1s"
max_attempts: 5
resources:
limits:
cpus: '1'
memory: 512M

51
dockerfiles/services/owncloud/docker-compose.yml Normal file
View File

@@ -0,0 +1,51 @@
---
# docker-compose file for nextcloud server
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml owncloud
version: '3'
services:
owncloud:
image: "dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest"
build:
context: .
dockerfile: Dockerfile
ports:
- 8083:80
# - 9083:9000
volumes:
- ./data:/var/www/html
collabora:
image: collabora/code
ports:
- 9980:9980
environment:
domain: office\\.xai-corp\\.net
username: admin
password: ah8031qhnbc
server_name: office.xai-corp.net
# letsencrypt:
# image: linuxserver/letsencrypt
# volumes:
# - ./letsencrypt:/config
# environment:
# URL: xai-corp.net
# SUBDOMAINS: www,sql,xaibox,office
# TZ: America/Montreal
# EMAIL: r_morgan@sympatico.ca
#TODO:
# cron:
http:
image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
volumes:
- ./letsencrypt:/etc/letsencrypt:ro
ports:
- "443:443"

12
dockerfiles/services/postgres/docker-compose.yml Normal file
View File

@@ -0,0 +1,12 @@
version: '2'
services:
postgres:
container_name: postgres-9.6
restart: always
image: "postgres:9.6-alpine"
volumes:
- /opt/shared/postgres/data:/data
ports:
- "5432:5432"
environment:
- POSTGRES_PASSWORD=alphapass1

0
dockerfiles/services/cron/Dockerfile → dockerfiles/services/services/cron/Dockerfile
View File

2
dockerfiles/services/cron/docker-compose.yml → dockerfiles/services/services/cron/docker-compose.yml
View File

@@ -10,7 +10,7 @@ services:
cron:
image: "dkregistry.xai-corp.net:5000/cron:latest"
build:
context: .
context: ""
dockerfile: Dockerfile
deploy:

0
dockerfiles/services/cron/periodic/15min/helloworld → dockerfiles/services/services/cron/periodic/15min/helloworld
View File

0
dockerfiles/services/elasticsearch/docker-compose.yml → dockerfiles/services/services/elasticsearch/docker-compose.yml
View File

0
dockerfiles/services/mariadb/docker-compose.yml → dockerfiles/services/services/mariadb/docker-compose.yml
View File

0
dockerfiles/services/memcached/docker-compose.yml → dockerfiles/services/services/memcached/docker-compose.yml
View File

100
dockerfiles/services/services/minio/docker-compose.yml Normal file
View File

@@ -0,0 +1,100 @@
---
#minio s3 clone
#https://docs.minio.io/docs/deploy-minio-on-docker-swarm
# DOCKER_HOST=dkhost:2376 docker-compose up -d
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml s3
version: '3.1'
services:
minio1:
image: minio/minio:RELEASE.2017-08-05T00-00-53Z
volumes:
- minio1-data:/export
ports:
- "9061:9000"
networks:
- minio_distributed
deploy:
restart_policy:
delay: 10s
max_attempts: 10
window: 60s
command: server http://s3_minio1/export
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
secrets:
- s3_secret_key
- s3_access_key
# minio2:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio2-data:/export
# ports:
# - "9062:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
#
# minio3:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio3-data:/export
# ports:
# - "9063:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
#
# minio4:
# image: minio/minio:RELEASE.2017-08-05T00-00-53Z
# volumes:
# - minio4-data:/export
# ports:
# - "9064:9000"
# networks:
# - minio_distributed
# deploy:
# restart_policy:
# delay: 10s
# max_attempts: 10
# window: 60s
# command: server http://minio1/export http://minio2/export http://minio3/export http://minio4/export
# secrets:
# - s3_secret_key
# - s3_access_key
volumes:
minio1-data:
minio2-data:
minio3-data:
minio4-data:
networks:
minio_distributed:
driver: overlay
secrets:
s3_secret_key:
external: true
s3_access_key:
external: true

0
dockerfiles/services/mongo/docker-compose.yml → dockerfiles/services/services/mongo/docker-compose.yml
View File

0
dockerfiles/services/redis/docker-compose.yml → dockerfiles/services/services/redis/docker-compose.yml
View File

43
dockerfiles/services/shipyard/docker-compose.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# docker-compose file for docker shipyard
# DOCKER_HOST=dkhost03:2376 docker-compose up -d
version: '2'
services:
shipyard-rethinkdb:
restart: always
image: rethinkdb
shipyard-discovery:
restart: always
image: microbox/etcd
ports:
- 4001:4001
- 7001:7001
command:
- -name
- discovery
shipyard-swarm-manager:
restart: always
image: swarm:latest
command:
- manage
- --host
- tcp://0.0.0.0:3375
- etcd://192.168.2.53:4001
shipyard-controller:
restart: always
privileged: true
image: "shipyard/shipyard:latest"
ports:
- "8080:8080"
links:
- shipyard-rethinkdb:rethinkdb
- shipyard-swarm-manager:swarm
command:
- server
- -d
- tcp://swarm:3375

4
dockerfiles/services/sslproxy/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM nginx:alpine
COPY ./nginx.conf /etc/nginx/nginx.conf
COPY ./hosts /etc/nginx/conf.d/

4
dockerfiles/services/sslproxy/cetbot/Dockerfile Normal file
View File

@@ -0,0 +1,4 @@
FROM nginx:alpine
COPY ./nginx.conf /etc/nginx/nginx.conf
COPY ./hosts /etc/nginx/conf.d/

31
dockerfiles/services/sslproxy/docker-compose-prod.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
# DOCKER_HOST=dkhost01:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
# DOCKER_HOST=dkhost01:2376 docker stack ps sslproxy
version: '3'
services:
app:
image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
volumes:
- /etc/letsencrypt:/etc/letsencrypt:ro
ports:
- "443:443"
# logging:
# driver: syslog
# options:
# syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
# tag: "{{.Name}}/{{.ID}}"
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: any
delay: 5s
max_attempts: 10
labels:
net.xai-corp.sslproxy.description: proxy ssl calls to non ssl containers

25
dockerfiles/services/sslproxy/docker-compose.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/sslproxy:2.0
# DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose.yml sslproxy
# DOCKER_HOST=dkhost:2376 docker stack ps sslproxy
version: '3'
services:
app:
image: "dkregistry.xai-corp.net:5000/sslproxy:2.0"
build:
context: .
dockerfile: Dockerfile
volumes:
- /etc/letsencrypt:/etc/letsencrypt:ro
ports:
- "443:443"
# certbot:
# image: "dkregistry.xai-corp.net:5000/sslproxy:latest"
# build:
# context: certbot

57
dockerfiles/services/sslproxy/hosts/dkregistry.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,57 @@
# dkregistry.xai-corp.net
## Set a variable to help us decide if we need to add the
## 'Docker-Distribution-Api-Version' header.
## The registry always sets this header.
## In the case of nginx performing auth, the header will be unset
## since nginx is auth-ing before proxying.
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}
server {
listen 443 ssl;
server_name dkregistry.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/dkregistry.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dkregistry.xai-corp.net/privkey.pem;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
# To add basic authentication to v2 use auth_basic setting.
auth_basic "Registry realm";
auth_basic_user_file /opt/shared/dkregistry/auth/htpasswd;
## If $docker_distribution_api_version is empty, the header will not be added.
## See the map directive above where this variable is defined.
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection $http_connection;
proxy_pass http://dkhost.xai-corp.net:5000;
proxy_read_timeout 900;
}
}

21
dockerfiles/services/sslproxy/hosts/dkui.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,21 @@
# dkui.xai-corp.net
server {
listen 443 ssl;
server_name dkui.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/dkui.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dkui.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_set_header Connection $http_connection;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://dkhost.xai-corp.net:9000;
}
}

15
dockerfiles/services/sslproxy/hosts/fs.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,15 @@
# fs.xai-corp.net
server {
listen 443 ssl;
server_name fs.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/fs.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fs.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
location / {
proxy_pass http://dkhost.xai-corp.net:8081;
}
}

15
dockerfiles/services/sslproxy/hosts/git.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,15 @@
# git.xai-corp.net
server {
listen 443 ssl;
server_name git.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/git.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
location / {
proxy_pass http://dkhost.xai-corp.net:10080;
}
}

21
dockerfiles/services/sslproxy/hosts/jenkins.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,21 @@
# jenkins.xai-corp.net
server {
listen 443 ssl;
server_name jenkins.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/jenkins.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jenkins.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://dkhost.xai-corp.net:8080;
}
}

15
dockerfiles/services/sslproxy/hosts/logs.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,15 @@
# logs.xai-corp.net
server {
listen 443 ssl;
server_name logs.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/logs.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/logs.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_set_header Connection $http_connection;
proxy_pass http://dkhost.xai-corp.net:10090;
}
}

14
dockerfiles/services/sslproxy/hosts/tripbuilder.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,14 @@
# tripbuilder.xai-corp.net
server {
listen 443 ssl;
server_name tripbuilder.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
location / {
proxy_pass http://dkhost.xai-corp.net:8080;
}
}

18
dockerfiles/services/sslproxy/hosts/xaibox.xai-corp.net.conf Normal file
View File

@@ -0,0 +1,18 @@
# xaibox.xai-corp.net
server {
listen 443 ssl;
server_name xaibox.xai-corp.net;
ssl_certificate /etc/letsencrypt/live/xaibox.xai-corp.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xaibox.xai-corp.net/privkey.pem;
client_max_body_size 200m;
#Strict-Transport-Security: max-age=15768000
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
location / {
proxy_set_header Connection $http_connection;
proxy_pass http://dkhost.xai-corp.net:8083;
}
}

32
dockerfiles/services/sslproxy/nginx.conf Normal file
View File

@@ -0,0 +1,32 @@
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

1
dockerfiles/services/sslproxy/readme.md Normal file
View File

@@ -0,0 +1 @@
DOCKER_HOST=dkhost02:2376 docker-compose up -d --build

1
dockerfiles/services/sslproxy/testdata/_first.txt vendored Normal file
View File

@@ -0,0 +1 @@
something elses.

28
dockerfiles/services/ui/docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# DOCKER_HOST=192.168.2.41:2376 docker-compose up -d
# DOCKER_HOST=dkhost03:2376 docker stack deploy -c docker-compose.yml dkui
version: '3'
services:
app:
restart: always
privileged: true
image: "portainer/portainer"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/shared/portainer/data:/data
ports:
# - "80:80"
- "9000:9000"
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
delay: 5s
max_attempts: 10
labels:
net.xai-corp.dkui.description: portainer ui for docker host and swarm management