diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..1f79d9c --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,17 @@ +name: Deploy OPEX-Nginx - Dev +on: + push: + branches: + - dev +jobs: + jenkinsJob: + name: Build OPEX-Nginx new dev version + runs-on: ubuntu-latest + steps: + - name: Trigger opex-nginx-dev on jenkins + uses: appleboy/jenkins-action@master + with: + url: ${{ secrets.JENKINS_URL }} + user: ${{ secrets.JENKINS_USER }} + token: ${{ secrets.JENKINS_TOKEN }} + job: "opex-nginx-dev" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..ae64f05 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,17 @@ +name: Deploy OPEX-Nginx - Demo +on: + push: + branches: + - main +jobs: + jenkinsJob: + name: Deploy OPEX-Nginx new demo version + runs-on: ubuntu-latest + steps: + - name: Trigger opex-nginx-demo on jenkins + uses: appleboy/jenkins-action@master + with: + url: ${{ secrets.JENKINS_URL }} + user: ${{ secrets.JENKINS_USER }} + token: ${{ secrets.JENKINS_TOKEN }} + job: "opex-nginx-demo" diff --git a/.gitignore b/.gitignore index 55fbb54..35542da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,7 @@ # IntelliJ -.idea/ \ No newline at end of file +.idea/ + +# Certificate +*.pem +*.crt +*.der \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 9c7884a..e1b65c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,2 +1,2 @@ FROM jboesl/docker-nginx-headers-more -COPY nginx.conf /etc/nginx/nginx.conf \ No newline at end of file +ADD nginx.conf opex.dev.crt private.pem /etc/nginx/ \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..fb9d3ea --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,55 @@ +pipeline { + agent any + + stages('Deploy') { + stage('Deliver') { + environment { + COMPOSE_PROJECT_NAME = 'demo-nginx' + DEFAULT_NETWORK_NAME = 'demo-opex' + } + steps { + withCredentials([ + file(credentialsId: 'private.pem', variable: 'PRIVATE'), + file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC') + ]) { + sh 'cp -f $PRIVATE ./private.pem' + sh 'cp -f $PUBLIC ./opex.dev.crt' + } + sh 'docker-compose up -d --build --remove-orphans' + sh 'docker image prune -f' + sh 'docker network prune -f' + } + } + } + + post { + always { + echo 'One way or another, I have finished' + } + success { + echo ':)' + setBuildStatus(":)", "SUCCESS") + } + unstable { + echo ':/' + setBuildStatus(":/", "UNSTABLE") + } + failure { + echo ':(' + setBuildStatus(":(", "FAILURE") + } + changed { + echo 'Things were different before...' + } + } +} + +void setBuildStatus(String message, String state) { + step([ + $class : "GitHubCommitStatusSetter", + reposSource : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"], + contextSource : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"], + errorHandlers : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]], + statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]] + ]) +} diff --git a/dev.Jenkinsfile b/dev.Jenkinsfile new file mode 100644 index 0000000..05af7e7 --- /dev/null +++ b/dev.Jenkinsfile @@ -0,0 +1,55 @@ +pipeline { + agent any + + stages('Deploy') { + stage('Deliver') { + environment { + COMPOSE_PROJECT_NAME = 'dev-nginx' + DEFAULT_NETWORK_NAME = 'dev-opex' + } + steps { + withCredentials([ + file(credentialsId: 'private.pem', variable: 'PRIVATE'), + file(credentialsId: 'opex.dev.crt', variable: 'PUBLIC') + ]) { + sh 'cp -f $PRIVATE ./private.pem' + sh 'cp -f $PUBLIC ./opex.dev.crt' + } + sh 'docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build --remove-orphans' + sh 'docker image prune -f' + sh 'docker network prune -f' + } + } + } + + post { + always { + echo 'One way or another, I have finished' + } + success { + echo ':)' + setBuildStatus(":)", "SUCCESS") + } + unstable { + echo ':/' + setBuildStatus(":/", "UNSTABLE") + } + failure { + echo ':(' + setBuildStatus(":(", "FAILURE") + } + changed { + echo 'Things were different before...' + } + } +} + +void setBuildStatus(String message, String state) { + step([ + $class : "GitHubCommitStatusSetter", + reposSource : [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/opexdev/OPEX-Nginx"], + contextSource : [$class: "ManuallyEnteredCommitContextSource", context: "ci/jenkins/build-status"], + errorHandlers : [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]], + statusResultSource: [$class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]]] + ]) +} diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml new file mode 100644 index 0000000..e8cc42d --- /dev/null +++ b/docker-compose.dev.yml @@ -0,0 +1,5 @@ +version: '3.8' +services: + nginx: + ports: + - '8443:443' \ No newline at end of file diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..5084fe0 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,5 @@ +version: '3.8' +services: + nginx: + ports: + - '443:443' \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 0e3b072..fd64b91 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,12 +2,13 @@ version: '3.8' services: nginx: build: . - ports: - - '127.0.0.1:80:80' volumes: - www:/data/www networks: - default + deploy: + restart_policy: + condition: on-failure volumes: www: external: false diff --git a/nginx.conf b/nginx.conf index 8a11672..c6a4d8f 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,12 +1,22 @@ -worker_processes 1; +worker_processes auto; events { worker_connections 1024; } http { + include /etc/nginx/mime.types; sendfile on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + keepalive_timeout 70; + + ssl_certificate opex.dev.crt; + ssl_certificate_key private.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + upstream docker-wallet { server wallet:8080; } @@ -31,13 +41,52 @@ http { server websocket:8080; } + upstream docker-web-app { + server app:80; + } + + upstream docker-ipg { + server payment:8080; + } + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name demo.opex.dev; + server_name demo.opex.dev:8443; + + location ^~ /auth { + resolver 127.0.0.11; + set $backend http://docker-auth; + proxy_pass $backend; + } + + location ~* \.(.*)$ { + resolver 127.0.0.11; + set $backend http://docker-web-app; + proxy_pass $backend; + } + + location / { + resolver 127.0.0.11; + set $backend http://docker-web-app; + proxy_pass $backend; + rewrite .* / break; + } + } + + server { + listen 443 ssl; + listen [::]:443 ssl; + server_name api.opex.dev; + server_name api.opex.dev:8443; more_set_headers 'Access-Control-Allow-Origin: *'; more_set_headers 'Access-Control-Allow-Headers: *'; @@ -53,7 +102,9 @@ http { } location /auth { - proxy_pass http://docker-auth; + resolver 127.0.0.11; + set $backend http://docker-auth; + proxy_pass $backend; } location /wallet/transfer { @@ -69,22 +120,30 @@ http { } location /wallet { - proxy_pass http://docker-wallet; + resolver 127.0.0.11; + set $backend http://docker-wallet; + proxy_pass $backend; rewrite ^/wallet/(.*)$ /$1 break; } location /gateway { - proxy_pass http://docker-matching-gateway; + resolver 127.0.0.11; + set $backend http://docker-matching-gateway; + proxy_pass $backend; rewrite ^/gateway/(.*)$ /$1 break; } location /storage { - proxy_pass http://docker-storage; + resolver 127.0.0.11; + set $backend http://docker-storage; + proxy_pass $backend; rewrite ^/storage/(.*)$ /$1 break; } location /stream { - proxy_pass http://docker-websocket; + resolver 127.0.0.11; + set $backend http://docker-websocket; + proxy_pass $backend; # WS config proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -93,19 +152,32 @@ http { rewrite ^/stream/(.*)$ /$1 break; } + location /ipg { + resolver 127.0.0.11; + set $backend http://docker-ipg; + proxy_pass $backend; + rewrite ^/ipg/(.*)$ /$1 break; + } + location /api { - proxy_pass http://docker-api; + resolver 127.0.0.11; + set $backend http://docker-api; + proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } location /sapi { - proxy_pass http://docker-api; + resolver 127.0.0.11; + set $backend http://docker-api; + proxy_pass $backend; rewrite ^/sapi/(.*)$ /$1 break; } location /binance { + resolver 127.0.0.11; + set $backend http://api.binance.com; proxy_set_header Host api.binance.com; - proxy_pass https://api.binance.com; + proxy_pass $backend; rewrite ^/binance/(.*)$ /$1 break; } }