chore: do not expose useless ports

NOTICE

@@ -1,5 +1,5 @@
 Aether
-Copyright 2018 eHealth Africa
+Copyright 2019 eHealth Africa
 
 This product includes software developed at eHealth Africa
 (http://www.eHealthAfrica.org).

aether-ui/aether/ui/assets/conf/webpack.server.js

@@ -25,8 +25,8 @@ const webpack = require('webpack')
 const buildConfig = require('./webpack.common')
 
 const WEBPACK_PORT = 3004
-const WEBPACK_URL = `http://localhost:${WEBPACK_PORT}`
-const WEBPACK_HMR_PATH = '/__webpack_hmr'
+const WEBPACK_URL = `http://aether.local`
+const WEBPACK_HMR_PATH = '/ui-assets/__webpack_hmr'
 
 const HMR_URL = 'webpack-hot-middleware/client?' +
   '&path=' + WEBPACK_URL + WEBPACK_HMR_PATH +
@@ -44,7 +44,7 @@ const webpackOptions = Object.assign(
     output: {
       // Tell django to use this URL to load packages
       // and not use STATIC_URL + bundle_name
-      publicPath: WEBPACK_URL + '/static/'
+      publicPath: WEBPACK_URL + '/ui-assets/static/'
     },
 
     plugins: [
@@ -64,12 +64,6 @@ const serverOptions = {
 
   inline: true,
   historyApiFallback: true,
-
-  // Fixes:
-  //    Access to XXX at 'http://localhost:{port}/static/ZZZ' from origin
-  //    has been blocked by CORS policy
-  // Triggered by HMR
-  headers: { 'Access-Control-Allow-Origin': '*' },
   https: false,
 
   // It suppress error shown in console, so it has to be set to false.

docker-compose-base.yml

@@ -40,8 +40,6 @@ services:
     volumes:
       # enable cors for mobile app in-browser development:
       - ./local-setup/couchdb/config.ini:/usr/local/etc/couchdb/local.ini
-    ports:
-      - 5984:5984
 
   redis-base:
     image: redis:alpine
@@ -78,9 +76,7 @@ services:
     environment:
       MINIO_ACCESS_KEY: ${MINIO_STORAGE_ACCESS_KEY}
       MINIO_SECRET_KEY: ${MINIO_STORAGE_SECRET_KEY}
-    command: minio server --quiet --address minio:9000 /data
-    ports:
-      - 9000:9000
+    command: minio server --quiet --address minio:9090 /data
 
   keycloak-base:
     image: jboss/keycloak:latest
@@ -94,8 +90,6 @@ services:
       KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USERNAME}
       KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
       KEYCLOAK_HTTP_PORT: 8080
-    ports:
-      - 8080:8080
 
 
   # ---------------------------------
@@ -126,8 +120,8 @@ services:
       DJANGO_STORAGE_BACKEND: minio
       MINIO_STORAGE_ACCESS_KEY: ${MINIO_STORAGE_ACCESS_KEY}
       MINIO_STORAGE_SECRET_KEY: ${MINIO_STORAGE_SECRET_KEY}
-      MINIO_STORAGE_ENDPOINT: minio:9000
-      MINIO_STORAGE_MEDIA_URL: http://minio:9000/kernel
+      MINIO_STORAGE_ENDPOINT: minio:9090
+      MINIO_STORAGE_MEDIA_URL: http://minio:9090/kernel
       MINIO_STORAGE_AUTO_CREATE_MEDIA_BUCKET: "true"
       MINIO_STORAGE_AUTO_CREATE_MEDIA_POLICY: "true"
 
@@ -168,8 +162,6 @@ services:
       - ./.persistent_data/export/kernel:/tmp
       # backup folder
       - ./.persistent_data/backups/kernel:/backups
-    ports:
-      - 8100:8100
     command: start_dev
 
 
@@ -201,8 +193,8 @@ services:
       DJANGO_STORAGE_BACKEND: minio
       MINIO_STORAGE_ACCESS_KEY: ${MINIO_STORAGE_ACCESS_KEY}
       MINIO_STORAGE_SECRET_KEY: ${MINIO_STORAGE_SECRET_KEY}
-      MINIO_STORAGE_ENDPOINT: minio:9000
-      MINIO_STORAGE_MEDIA_URL: http://minio:9000/odk
+      MINIO_STORAGE_ENDPOINT: minio:9090
+      MINIO_STORAGE_MEDIA_URL: http://minio:9090/odk
       MINIO_STORAGE_AUTO_CREATE_MEDIA_BUCKET: "true"
       MINIO_STORAGE_AUTO_CREATE_MEDIA_POLICY: "true"
 
@@ -224,10 +216,7 @@ services:
       PGPORT: 5432
       PGUSER: postgres
 
-      # behind ngnix
       WEB_SERVER_PORT: 8102
-      # standalone (without nginx) (ODK Collect only accepts 443 and 8443 ports)
-      # WEB_SERVER_PORT: 8443
     volumes:
       - ./aether-odk-module:/code
       # to speed up SDK development changes
@@ -237,11 +226,6 @@ services:
       - ./.persistent_data/static/odk:/var/www/static
       # backup folder
       - ./.persistent_data/backups/odk:/backups
-    ports:
-      # behind ngnix
-      - 8102:8102
-      # standalone (without nginx)
-      # - 8443:8443
     command: start_dev
 
 
@@ -308,8 +292,6 @@ services:
       - ./.persistent_data/static/sync:/var/www/static
       # backup folder
       - ./.persistent_data/backups/sync:/backups
-    ports:
-      - 8106:8106
     command: start_dev
 
 
@@ -366,8 +348,6 @@ services:
       - ./.persistent_data/static/ui:/var/www/static
       # backup folder
       - ./.persistent_data/backups/ui:/backups
-    ports:
-      - 8104:8104
     command: start_dev
 
   ui-assets-base:
@@ -389,8 +369,6 @@ services:
       - ./aether-ui/aether/ui/assets/css:/code/css
       - ./aether-ui/aether/ui/assets/tests:/code/tests
       - ./aether-ui/aether/ui/assets/package.json:/code/package.json
-    ports:
-      - 3004:3004
     command: start_dev
 
 
@@ -408,8 +386,6 @@ services:
 
   kafka-base:
     image: confluentinc/cp-kafka:5.2.1
-    ports:
-      - 29092:29092
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ZOOKEEPER_CONNECT: zookeeper:32181
@@ -428,11 +404,15 @@ services:
     image: aether-producer
     build: ./aether-producer
     stdin_open: true
-    volumes:
-      - ./aether-producer:/code
     environment:
       PYTHONUNBUFFERED: 1
 
+      # default settings file
+      PRODUCER_SETTINGS_FILE: /code/producer/settings.json
+
+      PRODUCER_ADMIN_USER: ${PRODUCER_ADMIN_USER}
+      PRODUCER_ADMIN_PW: ${PRODUCER_ADMIN_PW}
+
       # These variables will override the ones indicated in the settings file
       KERNEL_URL: http://${NETWORK_DOMAIN}/kernel
       KERNEL_USERNAME: ${KERNEL_ADMIN_USERNAME}
@@ -449,12 +429,7 @@ services:
       OFFSET_DB_PASSWORD: ${KERNEL_DB_PASSWORD}
       OFFSET_DB_NAME: producer_offset_db
 
-      PRODUCER_ADMIN_USER: ${PRODUCER_ADMIN_USER}
-      PRODUCER_ADMIN_PW: ${PRODUCER_ADMIN_PW}
       SERVER_PORT: 5005
-
-      # default settings file
-      PRODUCER_SETTINGS_FILE: /code/producer/settings.json
-    ports:
-      - 5005:5005
+    volumes:
+      - ./aether-producer:/code
     command: start

docker-compose-test.yml

@@ -40,7 +40,7 @@ services:
     volumes:
       # volumes in tests
       - ./tmp/test/media:/data
-    command: minio server --quiet --address minio-test:9000 /data
+    command: minio server --quiet --address minio-test:9090 /data
 
 
   # ---------------------------------
@@ -56,8 +56,8 @@ services:
       BUCKET_NAME: test-kernel
       # use a different database when testing the integration with another container
       DB_NAME: ${TEST_KERNEL_DB_NAME:-test-kernel}
-      MINIO_STORAGE_ENDPOINT: minio-test:9000
-      MINIO_STORAGE_MEDIA_URL: http://minio-test:9000/test-kernel
+      MINIO_STORAGE_ENDPOINT: minio-test:9090
+      MINIO_STORAGE_MEDIA_URL: http://minio-test:9090/test-kernel
       MULTITENANCY: "true"
       PGHOST: db-test
       PROFILING_ENABLED: null
@@ -69,8 +69,6 @@ services:
       # volumes in tests
       - ./tmp/test/kernel/static:/var/www/static
       - ./tmp/test/kernel/tmp:/tmp
-    ports:
-      - 9100:9100
     command: start
 
 
@@ -103,8 +101,8 @@ services:
       APP_URL: /
       BUCKET_NAME: test-odk
       DB_NAME: test-odk
-      MINIO_STORAGE_ENDPOINT: minio-test:9000
-      MINIO_STORAGE_MEDIA_URL: http://minio-test:9000/test-odk
+      MINIO_STORAGE_ENDPOINT: minio-test:9090
+      MINIO_STORAGE_MEDIA_URL: http://minio-test:9090/test-odk
       MULTITENANCY: "true"
       ODK_COLLECT_ENDPOINT: collect-test/
       PGHOST: db-test
@@ -116,8 +114,6 @@ services:
     volumes:
       # volumes in tests
       - ./tmp/test/odk/static:/var/www/static
-    ports:
-      - 9102:9102
     command: start
 
 
@@ -143,8 +139,6 @@ services:
       TEST_PARALLEL: ${TEST_PARALLEL}
       TESTING: "true"
       WEB_SERVER_PORT: 9106
-    ports:
-      - 9106:9106
     command: start
 
 
@@ -167,8 +161,6 @@ services:
       TEST_PARALLEL: ${TEST_PARALLEL}
       TESTING: "true"
       WEB_SERVER_PORT: 9104
-    ports:
-      - 9104:9104
     command: start
 
   ui-assets-test:
@@ -227,9 +219,6 @@ services:
       PRODUCER_SETTINGS_FILE: /code/tests/conf/producer.json
 
       SERVER_PORT: 9005
-    ports:
-      - 9005:9005
-    command: start
 
 
   # ---------------------------------

local-setup/nginx/sites-enabled/aether.conf

@@ -44,6 +44,22 @@ server {
   }
 
 
+  # ----------------------------------------------------------------------------
+  # http://aether.local/minio/ (File Storage external browser UI)
+  location /minio/ {
+    resolver                127.0.0.11 valid=5s;
+    set $upstream_minio     minio;
+    proxy_pass              http://$upstream_minio:9090;
+    proxy_next_upstream     error http_502;
+
+    proxy_set_header        Host               $host;
+    proxy_set_header        X-Real-IP          $remote_addr;
+    proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Host   $host:80;
+    proxy_set_header        X-Forwarded-Server $host;
+    proxy_set_header        X-Forwarded-Port   80;
+  }
+
 
   # ----------------------------------------------------------------------------
   # http://aether.local/kernel/
@@ -124,6 +140,17 @@ server {
   }
 
 
+  # ----------------------------------------------------------------------------
+  # http://aether.local/ui-assets/ (UI assets, node server)
+  location /ui-assets/ {
+    resolver                127.0.0.11 valid=5s;
+    set $upstream_ui_assets ui-assets;
+    proxy_pass              http://$upstream_ui_assets:3004;
+    proxy_next_upstream     error http_502;
+
+    include /etc/nginx/uwsgi_params;
+  }
+
   # ----------------------------------------------------------------------------
   # http://aether.local/ (UI)
   location / {

scripts/aether_functions.sh

@@ -95,3 +95,31 @@ function create_readonly_user {
     docker-compose run --rm --no-deps kernel eval python /code/sql/create_readonly_user.py
     docker-compose kill
 }
+
+# Start database container and wait till is up and responding
+function start_db {
+    echo_message "Starting database server..."
+    docker-compose up -d db
+    until docker-compose run --rm --no-deps kernel eval pg_isready -q; do
+        >&2 echo "Waiting for database..."
+        sleep 2
+    done
+    echo_message "database is ready"
+}
+
+# Start container and wait till is up and responding
+# Usage:    start_container <container-name> <container-health-url>
+function start_container {
+    container=$1
+    url=$2
+
+    echo_message "Starting [$container] server..."
+    docker-compose up -d $container
+
+    CHECK_URL="docker-compose run --rm --no-deps kernel manage check_url -u"
+    until $CHECK_URL $url >/dev/null; do
+        >&2 echo "Waiting for [$container] at [$url]..."
+        sleep 2
+    done
+    echo_message "[$container] is ready"
+}