Skip to content
This repository has been archived by the owner on Dec 27, 2022. It is now read-only.

Commit

Permalink
✨ init global prod ops
Browse files Browse the repository at this point in the history
  • Loading branch information
bohendo committed Oct 6, 2020
1 parent 5f250e0 commit c7adb49
Show file tree
Hide file tree
Showing 13 changed files with 268 additions and 120 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ config-prod.json
**/.pyEnv
**/.rpt2_cache
**/.test-store
**/.tmp
**/cache/**

# Data Storage
Expand Down
6 changes: 6 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,12 @@ ethprovider: contracts $(shell find modules/contracts/ops $(find_options))
docker tag $(project)_ethprovider $(project)_ethprovider:$(commit)
$(log_finish) && mv -f $(totalTime) .flags/$@

nats: $(shell find ops/nats $(find_options))
$(log_start)
docker build --file ops/nats/Dockerfile $(image_cache) --tag $(project)_nats ops/nats
docker tag $(project)_nats $(project)_nats:$(commit)
$(log_finish) && mv -f $(totalTime) .flags/$@

global-proxy: $(shell find ops/proxy $(find_options))
$(log_start)
docker build $(image_cache) --tag $(project)_global_proxy ops/proxy/global
Expand Down
24 changes: 24 additions & 0 deletions modules/auth/ops/entry.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,30 @@ if [[ -d "modules/auth" ]]
then cd modules/auth
fi

if [[ -z "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY" && -n "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE" ]]
then
echo "Loading public key from file: $VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE"
export VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY="`cat $VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE`"
elif [[ -n "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY" && -z "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE" ]]
then
echo "Using public key provided by env var"
else
echo "public key must be provided via either a secret or an env var. Not both, not neither."
exit 1
fi

if [[ -z "$VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY" && -n "$VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY_FILE" ]]
then
echo "Loading private key from file: $VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY_FILE"
export VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY="`cat $VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY_FILE`"
elif [[ -n "$VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY" && -z "$VECTOR_NATS_JWT_SIGNER_PRIVATE_KEY_FILE" ]]
then
echo "Using private key provided by env var"
else
echo "Private key must be provided via either a secret or an env var. Not both, not neither."
exit 1
fi

node_bin="`pwd`/node_modules/.bin"
nodemon="$node_bin/nodemon"
pino="$node_bin/pino-pretty"
Expand Down
5 changes: 5 additions & 0 deletions ops/nats/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
FROM provide/nats-server:indra
WORKDIR /root
RUN apk add --update --no-cache bash
COPY entry.sh entry.sh
ENTRYPOINT ["bash", "entry.sh"]
12 changes: 12 additions & 0 deletions ops/nats/entry.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash
set -e

if [[ -z "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY" && -n "$VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE" ]]
then
echo "Loading key from file: $VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE"
export VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY="`cat $VECTOR_NATS_JWT_SIGNER_PUBLIC_KEY_FILE`"
else
echo "Using key provided by env var"
fi

exec /bin/nats-server -D
24 changes: 20 additions & 4 deletions ops/proxy/global/entry.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,11 @@
echo "Proxy container launched in env:"
echo "VECTOR_DOMAINNAME=$VECTOR_DOMAINNAME"
echo "VECTOR_EMAIL=$VECTOR_EMAIL"
echo "VECTOR_NODE_URL=$VECTOR_NODE_URL"
echo "VECTOR_AUTH_URL=$VECTOR_AUTH_URL"
echo "VECTOR_NATS_HOST=$VECTOR_NATS_HOST"

export $VECTOR_NATS_TCP_URL="$VECTOR_NATS_HOST:4222"
export $VECTOR_NATS_WS_URL="$VECTOR_NATS_HOST:4221"

# Provide a message indicating that we're still waiting for everything to wake up
function loading_msg {
Expand All @@ -18,9 +22,21 @@ loading_pid="$!"
# Wait for downstream services to wake up
# Define service hostnames & ports we depend on

echo "waiting for $VECTOR_NODE_URL..."
wait-for -t 60 $VECTOR_NODE_URL 2> /dev/null
while ! curl -s $VECTOR_NODE_URL > /dev/null
echo "waiting for $VECTOR_AUTH_URL..."
wait-for -t 60 $VECTOR_AUTH_URL 2> /dev/null
while ! curl -s $VECTOR_AUTH_URL > /dev/null
do sleep 2
done

echo "waiting for $VECTOR_NATS_TCP_URL..."
wait-for -t 60 $VECTOR_NATS_TCP_URL 2> /dev/null
while ! curl -s $VECTOR_NATS_TCP_URL > /dev/null
do sleep 2
done

echo "waiting for $VECTOR_NATS_WS_URL..."
wait-for -t 60 $VECTOR_NATS_WS_URL 2> /dev/null
while ! curl -s $VECTOR_NATS_WS_URL > /dev/null
do sleep 2
done

Expand Down
38 changes: 31 additions & 7 deletions ops/proxy/global/http.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,18 +16,42 @@ defaults
timeout server 300000 # 5 minutes

frontend public_http
acl messaging_path path_beg /api/messaging
acl auth_path path_beg /auth
acl nats_ws_path path_beg /ws-nats
bind *:80
default_backend node
default_backend auth
http-response del-header Access-Control-Allow-Headers
http-response del-header Access-Control-Allow-Methods
http-response del-header Access-Control-Allow-Origin
http-response add-header Access-Control-Allow-Headers "Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With"
http-response add-header Access-Control-Allow-Headers "*"
http-response del-header Access-Control-Allow-Methods "*"
http-response add-header Access-Control-Allow-Origin "*"
option forwardfor
use_backend auth if auth_path
use_backend nats_ws if nats_ws_path

backend node
http-request replace-path /api/(.*) /\1
http-request replace-path /vector/(.*) /\1
frontend public_nats_ws
bind *:4221
default_backend nats_ws
mode tcp
option tcplog

frontend public_nats_tcp
bind *:4222
default_backend nats_tcp
mode tcp
option tcplog

backend nats_tcp
mode tcp
server nats "$VECTOR_NATS_TCP_URL"

backend nats_ws
http-request replace-path /ws-nats/(.*) /\1
http-response add-header Access-Control-Allow-Methods "GET, OPTIONS"
server nats "$VECTOR_NATS_WS_URL"

backend auth
http-request replace-path /auth/(.*) /\1
http-response add-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
server node "$VECTOR_NODE_URL"
server auth "$VECTOR_AUTH_URL"
37 changes: 29 additions & 8 deletions ops/proxy/global/https.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,26 +27,47 @@ frontend public_http

frontend public_https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
acl messaging_path path_beg /api/messaging
acl url_static path_beg /static /images /img /css
acl url_static path_end .css .gif .html .jpg .js .png
acl webserver path_beg /sockjs-node
acl auth_path path_beg /auth
acl nats_ws_path path_beg /ws-nats
bind *:443 ssl crt "/root/$VECTOR_DOMAINNAME.pem"
default_backend node
default_backend auth
http-request add-header X-Forwarded-Proto: https
http-response del-header Access-Control-Allow-Headers
http-response del-header Access-Control-Allow-Methods
http-response del-header Access-Control-Allow-Origin
http-response add-header Access-Control-Allow-Headers "Accept, Accept-Encoding, Authorization, Cache-Control, Content-Length, Content-Type, Origin, User-Agent, X-CSRF-Token, X-Requested-With"
http-response add-header Access-Control-Allow-Headers "*"
http-response add-header Access-Control-Allow-Origin "*"
option forwardfor
use_backend auth if auth_path
use_backend letsencrypt_backend if letsencrypt-acl
use_backend nats_ws if nats_ws_path

frontend public_nats_ws
bind *:4221
default_backend nats_ws
mode tcp
option tcplog

frontend public_nats_tcp
bind *:4222
default_backend nats_tcp
mode tcp
option tcplog

backend nats_tcp
mode tcp
server nats "$VECTOR_NATS_TCP_URL"

backend letsencrypt_backend
server letsencrypt "127.0.0.1:$VECTOR_CERTBOT_PORT"

backend node
backend nats_ws
http-request replace-path /ws-nats/(.*) /\1
http-response add-header Access-Control-Allow-Methods "GET, OPTIONS"
server nats "$VECTOR_NATS_WS_URL"

backend auth
http-request replace-path /api/(.*) /\1
http-request replace-path /vector/(.*) /\1
http-response add-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
server node "$VECTOR_NODE_URL"
server auth "$VECTOR_NODE_URL"
7 changes: 2 additions & 5 deletions ops/start-duet.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,16 @@ registry="`cat $root/package.json | grep '"registry":' | head -n 1 | cut -d '"'
docker swarm init 2> /dev/null || true
docker network create --attachable --driver overlay $project 2> /dev/null || true

####################
# Load Config

if [[ -n "`docker stack ls --format '{{.Name}}' | grep "$stack"`" ]]
then echo "A $stack stack is already running" && exit 0;
else echo; echo "Preparing to launch $stack stack"
fi

config="`cat $root/config-node.json`"

####################
# Misc Config

config="`cat $root/config-node.json`"

version="latest"

common="networks:
Expand Down
Loading

0 comments on commit c7adb49

Please sign in to comment.