From 74b5f18f5f2be644019c42ef8e60ffdc28616a92 Mon Sep 17 00:00:00 2001 From: Ebrahim Hoseiny Fadae Date: Sun, 26 Jun 2022 15:10:34 +0430 Subject: [PATCH 01/10] Close #9, Expose health check routes for spring modules (#10) * Expose health checks in a separate config file * Improve EXPOSED_PORT implementation --- Dockerfile | 1 + docker-compose.yml | 2 ++ health-check.conf | 6 ++++++ nginx.conf | 2 ++ 4 files changed, 11 insertions(+) create mode 100644 health-check.conf diff --git a/Dockerfile b/Dockerfile index 3e5fb3d..a2bc0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM nginx:1.20.2 COPY nginx.conf /etc/nginx/nginx.conf.org +COPY health-check.conf /etc/nginx/ ENV EXPOSED_PORT 443 ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' EXPOSE 443 diff --git a/docker-compose.yml b/docker-compose.yml index 6658dd9..f17834e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,5 +3,7 @@ services: nginx: image: ghcr.io/opexdev/nginx:$TAG build: . + ports: + - "$EXPOSED_PORT:443" environment: - EXPOSED_PORT=$EXPOSED_PORT diff --git a/health-check.conf b/health-check.conf new file mode 100644 index 0000000..7560892 --- /dev/null +++ b/health-check.conf @@ -0,0 +1,6 @@ +location ~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler|binance):8080\/actuator\/health$ { + rewrite ^\/(.*)\/actuator\/health$ $1; + set $backend http://$uri; + proxy_pass $backend; + rewrite .* /actuator/health break; +} diff --git a/nginx.conf b/nginx.conf index 9cd9f25..7ec6ac6 100644 --- a/nginx.conf +++ b/nginx.conf @@ -110,6 +110,8 @@ http { return 204; } + include /etc/nginx/health-check.conf; + location /wallet/transfer { return 403; } From 94ab095641d3fdaf2d6e5e6fc1cebaaa6489ee53 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Sun, 26 Jun 2022 15:36:18 +0430 Subject: [PATCH 02/10] Remove binance from health check --- health-check.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/health-check.conf b/health-check.conf index 7560892..c1c38d3 100644 --- a/health-check.conf +++ b/health-check.conf @@ -1,4 +1,4 @@ -location ~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler|binance):8080\/actuator\/health$ { +location ~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler):8080\/actuator\/health$ { rewrite ^\/(.*)\/actuator\/health$ $1; set $backend http://$uri; proxy_pass $backend; From e7887027079ceac47b547b911442c517195883cc Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Sun, 26 Jun 2022 15:47:54 +0430 Subject: [PATCH 03/10] Fix health check location rewrite --- health-check.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/health-check.conf b/health-check.conf index c1c38d3..f144c55 100644 --- a/health-check.conf +++ b/health-check.conf @@ -1,6 +1,6 @@ location ~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler):8080\/actuator\/health$ { rewrite ^\/(.*)\/actuator\/health$ $1; - set $backend http://$uri; + set $backend http://$uri:8080; proxy_pass $backend; rewrite .* /actuator/health break; } From d7f2fc64a7eebdd07d61f15f2ffc97f68b2ada68 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Sun, 26 Jun 2022 15:50:16 +0430 Subject: [PATCH 04/10] Remove port expose config --- docker-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f17834e..6658dd9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,5 @@ services: nginx: image: ghcr.io/opexdev/nginx:$TAG build: . - ports: - - "$EXPOSED_PORT:443" environment: - EXPOSED_PORT=$EXPOSED_PORT From c644419cb8b44236e96c1162bf2731684d8ee0d3 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Sun, 26 Jun 2022 15:53:55 +0430 Subject: [PATCH 05/10] Update health check location matching rule --- health-check.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/health-check.conf b/health-check.conf index f144c55..3fcbc1a 100644 --- a/health-check.conf +++ b/health-check.conf @@ -1,4 +1,4 @@ -location ~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler):8080\/actuator\/health$ { +location ^~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler):8080\/actuator\/health$ { rewrite ^\/(.*)\/actuator\/health$ $1; set $backend http://$uri:8080; proxy_pass $backend; From d4377cce50874f341cf37444168a81111ea13a70 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Sun, 26 Jun 2022 16:08:14 +0430 Subject: [PATCH 06/10] Update health check location matching rule --- health-check.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/health-check.conf b/health-check.conf index 3fcbc1a..30c07a3 100644 --- a/health-check.conf +++ b/health-check.conf @@ -1,4 +1,4 @@ -location ^~ ^\/(auth|wallet|gateway|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler):8080\/actuator\/health$ { +location ~ ^\/(auth|wallet|accountant|bc-gateway|gateway|eventlog|matching-engine|storage|referral|stream|ipg|admin|api|captcha|bitcoin-scanner|ethereum-scanner|bsc-scanner|tron-scanner|scanner-scheduler)\/actuator\/health$ { rewrite ^\/(.*)\/actuator\/health$ $1; set $backend http://$uri:8080; proxy_pass $backend; From 42adea5a31825605cfa51ca0b1588c29d1a117d3 Mon Sep 17 00:00:00 2001 From: Ebrahim Hoseiny Fadae Date: Tue, 28 Jun 2022 13:18:42 +0430 Subject: [PATCH 07/10] Close #11, Add net negar health check proxy (#12) * Update docker-compose config * Update health check location matching rule --- .github/workflows/dev.yml | 4 ++-- .github/workflows/main.yml | 4 ++-- Dockerfile | 2 +- docker-compose.build.yml | 5 +++++ docker-compose.yml | 10 +++++++++- netnegar.conf | 11 +++++++++++ nginx.conf | 2 ++ 7 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 docker-compose.build.yml create mode 100644 netnegar.conf diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 7aa0ea1..7db6cd3 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -15,7 +15,7 @@ jobs: - name: Build Docker images env: TAG: dev - run: docker-compose build + run: docker-compose -f docker-compose.build.yml build - name: Login to GitHub Container Registry uses: docker/login-action@v1 with: @@ -25,4 +25,4 @@ jobs: - name: Push images to GitHub Container Registry env: TAG: dev - run: docker-compose push + run: docker-compose -f docker-compose.build.yml push diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index efad59a..4f12254 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,7 @@ jobs: - name: Build Docker images env: TAG: latest - run: docker-compose build + run: docker-compose -f docker-compose.build.yml build - name: Login to GitHub Container Registry uses: docker/login-action@v1 with: @@ -25,4 +25,4 @@ jobs: - name: Push images to GitHub Container Registry env: TAG: latest - run: docker-compose push + run: docker-compose -f docker-compose.build.yml push diff --git a/Dockerfile b/Dockerfile index a2bc0a5..5a1dc52 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM nginx:1.20.2 COPY nginx.conf /etc/nginx/nginx.conf.org -COPY health-check.conf /etc/nginx/ +COPY health-check.conf netnegar.conf /etc/nginx/ ENV EXPOSED_PORT 443 ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' EXPOSE 443 diff --git a/docker-compose.build.yml b/docker-compose.build.yml new file mode 100644 index 0000000..fa71619 --- /dev/null +++ b/docker-compose.build.yml @@ -0,0 +1,5 @@ +version: '3.8' +services: + nginx: + image: ghcr.io/opexdev/nginx:$TAG + build: . \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 6658dd9..13916c6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,15 @@ version: '3.8' services: nginx: - image: ghcr.io/opexdev/nginx:$TAG + image: ghcr.io/opexdev/nginx build: . environment: - EXPOSED_PORT=$EXPOSED_PORT + secrets: + - opex_dev_crt + - private_pem +secrets: + opex_dev_crt: + file: opex.dev.crt + private_pem: + file: private.pem \ No newline at end of file diff --git a/netnegar.conf b/netnegar.conf new file mode 100644 index 0000000..1e5864e --- /dev/null +++ b/netnegar.conf @@ -0,0 +1,11 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name status.opex.dev; + + location / { + set $backend http://public.netnegar.io; + proxy_pass $backend; + } +} diff --git a/nginx.conf b/nginx.conf index 7ec6ac6..5e5b2d8 100644 --- a/nginx.conf +++ b/nginx.conf @@ -209,4 +209,6 @@ http { rewrite ^/binance/(.*)$ /$1 break; } } + + include /etc/nginx/netnegar.conf; } From 774636d275fd16e1dc0d3bda40856dd92cd10ec1 Mon Sep 17 00:00:00 2001 From: Ebrahim Hoseiny Fadae Date: Mon, 1 Aug 2022 12:36:49 +0430 Subject: [PATCH 08/10] Close #13, Inject server names from envs (#14) --- Dockerfile | 12 +++++++++++- docker-compose.yml | 7 ++++++- nginx.conf | 10 +++++----- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5a1dc52..a952c7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,5 +2,15 @@ FROM nginx:1.20.2 COPY nginx.conf /etc/nginx/nginx.conf.org COPY health-check.conf netnegar.conf /etc/nginx/ ENV EXPOSED_PORT 443 -ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' +ENV SERVER_NAME_DASHBOARD dashbrd-demo.opex.dev +ENV SERVER_NAME_ADMIN_PANEL adm-demo.opex.dev +ENV SERVER_NAME_WEB_APP demo.opex.dev +ENV SERVER_NAME_AUTH auth-demo.opex.dev +ENV SERVER_NAME_API api.opex.dev +ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT \ + \$SERVER_NAME_DASHBOARD \ + \$SERVER_NAME_ADMIN_PANEL \ + \$SERVER_NAME_WEB_APP \ + \$SERVER_NAME_AUTH \ + \$SERVER_NAME_API < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' EXPOSE 443 diff --git a/docker-compose.yml b/docker-compose.yml index 13916c6..a5db883 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,6 +5,11 @@ services: build: . environment: - EXPOSED_PORT=$EXPOSED_PORT + - SERVER_NAME_DASHBOARD=$SERVER_NAME_DASHBOARD + - SERVER_NAME_ADMIN_PANEL=$SERVER_NAME_ADMIN_PANEL + - SERVER_NAME_WEB_APP=$SERVER_NAME_WEB_APP + - SERVER_NAME_AUTH=$SERVER_NAME_AUTH + - SERVER_NAME_API=$SERVER_NAME_API secrets: - opex_dev_crt - private_pem @@ -12,4 +17,4 @@ secrets: opex_dev_crt: file: opex.dev.crt private_pem: - file: private.pem \ No newline at end of file + file: private.pem diff --git a/nginx.conf b/nginx.conf index 5e5b2d8..7f48334 100644 --- a/nginx.conf +++ b/nginx.conf @@ -41,7 +41,7 @@ http { listen 443 ssl; listen [::]:443 ssl; - server_name dashbrd-demo.opex.dev; + server_name $SERVER_NAME_DASHBOARD; location / { set $backend http://superset:8088; @@ -53,7 +53,7 @@ http { listen 443 ssl; listen [::]:443 ssl; - server_name adm-demo.opex.dev; + server_name $SERVER_NAME_ADMIN_PANEL; location ~* \.(.*)$ { set $backend http://admin-panel; @@ -71,7 +71,7 @@ http { listen 443 ssl; listen [::]:443 ssl; - server_name demo.opex.dev; + server_name $SERVER_NAME_WEB_APP; location ~* \.(.*)$ { set $backend http://web-app; @@ -89,7 +89,7 @@ http { listen 443 ssl; listen [::]:443 ssl; - server_name auth-demo.opex.dev; + server_name $SERVER_NAME_AUTH; location / { set $backend http://auth:8080; @@ -102,7 +102,7 @@ http { listen 443 ssl; listen [::]:443 ssl; - server_name api.opex.dev; + server_name $SERVER_NAME_API; limit_req zone=default burst=5 nodelay; From 5341192b1c4e4390e11effd8a7564b1bb6e430f3 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 1 Aug 2022 15:11:53 +0430 Subject: [PATCH 09/10] Fix envsubst command in Dockerfile --- Dockerfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index a952c7c..3315392 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,10 +7,9 @@ ENV SERVER_NAME_ADMIN_PANEL adm-demo.opex.dev ENV SERVER_NAME_WEB_APP demo.opex.dev ENV SERVER_NAME_AUTH auth-demo.opex.dev ENV SERVER_NAME_API api.opex.dev -ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT \ - \$SERVER_NAME_DASHBOARD \ - \$SERVER_NAME_ADMIN_PANEL \ - \$SERVER_NAME_WEB_APP \ - \$SERVER_NAME_AUTH \ - \$SERVER_NAME_API < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' +ENTRYPOINT sh -c 'envsubst \ +\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_API \ +< /etc/nginx/nginx.conf.org \ +| tee /etc/nginx/nginx.conf \ +&& nginx -g "daemon off;"' EXPOSE 443 From 5023ee606028e9d16a2df3624a2144431d91c114 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 1 Aug 2022 16:47:19 +0430 Subject: [PATCH 10/10] Update docker-compose configs --- docker-compose.build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.build.yml b/docker-compose.build.yml index fa71619..dbc8956 100644 --- a/docker-compose.build.yml +++ b/docker-compose.build.yml @@ -2,4 +2,4 @@ version: '3.8' services: nginx: image: ghcr.io/opexdev/nginx:$TAG - build: . \ No newline at end of file + build: .