add service scripts

2018-02-03 09:02:45 -05:00
parent 9cfcc7de0b
commit d817d13607
26 changed files with 360 additions and 158 deletions
--- a/dockerfiles/services/sslproxy/docker-compose-prod.yml
+++ b/dockerfiles/services/sslproxy/docker-compose-prod.yml
@@ -5,7 +5,7 @@
 # DOCKER_HOST=dkhost:2376 docker stack deploy --with-registry-auth -c docker-compose-prod.yml sslproxy
 # DOCKER_HOST=dkhost:2376 docker stack ps sslproxy

-version: '3'
+version: '3.4'
 services:
  app:
    image: "dkregistry.xai-corp.net:5000/sslproxy:2.1"
@@ -21,13 +21,13 @@ services:
 #        syslog-address: "tcp+tls://logs6.papertrailapp.com:38577"
 #        tag: "{{.Name}}/{{.ID}}"

-#    logging:
-#      driver: fluentd#        tag: sslproxy
+    logging:
+      driver: fluentd
+        tag: sslproxy
+      options:
+        fluentd-address: "logs.xai-corp.net:24224"
+        fluentd-async-connect: 'true'

-
-#      options:
-#        fluentd-address: "logs.xai-corp.net:24224"
-#        fluentd-async-connect: 'true'
 #    logging:
 #      driver: syslog
 #      options:
@@ -39,11 +39,11 @@ services:
      restart_policy:
        condition: any
        delay: 6s
-        max_attempts: 10
-#      update_config:
-#        parallelism: 2
-#        delay: 2s
-#        order: start-first
+        max_attempts: 3
+      update_config:
+        parallelism: 1
+        delay: 2s
+        order: start-first
      resources:
        limits:
          cpus: '0.1'
@@ -52,14 +52,14 @@ services:
      labels:
        net.xai-corp.sslproxy.description:  proxy ssl calls to non ssl containers

-    networks:
-    - ingress
+#    networks:
+#    - ingress
 #    - prod

-networks:
-  ingress:
-    external:
-      name: ingress
-  prod:
-    external:
-      name: prod
+#networks:
+#  ingress:
+#    external:
+#      name: ingress
+#  prod:
+#    external:
+#      name: prod
--- a/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
+++ b/dockerfiles/services/sslproxy/hosts/abcapi.xai-corp.net.conf
@@ -5,10 +5,15 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/xai-corp.net/privkey.pem;

    #Strict-Transport-Security: max-age=15768000
-    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

    location / {
        proxy_pass http://dkhost.xai-corp.net:8084;
+        proxy_set_header Host              $host;   # required for docker client's sake
+        proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Connection $http_connection;
    }

 }