From bd72d1d670c4bf86fef8092ea9d6c79dcda09d85 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 06:16:58 +0430 Subject: [PATCH 01/13] Separate auth api from admin panel Also config dynamic dns --- nginx.conf | 113 +++++++++++++++++++---------------------------------- 1 file changed, 41 insertions(+), 72 deletions(-) diff --git a/nginx.conf b/nginx.conf index 5324c4b..d6f2243 100644 --- a/nginx.conf +++ b/nginx.conf @@ -18,54 +18,6 @@ http { ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; - upstream docker-wallet { - server wallet:8080; - } - - upstream docker-auth { - server auth:8080; - } - - upstream docker-matching-gateway { - server matching-gateway:8080; - } - - upstream docker-api { - server api:8080; - } - - upstream docker-storage { - server storage:8080; - } - - upstream docker-websocket { - server websocket:8080; - } - - upstream docker-admin { - server admin:8080; - } - - upstream docker-web-app { - server web-app:80; - } - - upstream docker-admin-panel { - server admin-panel:80; - } - - upstream docker-ipg { - server payment:8080; - } - - upstream docker-referral { - server referral:8080; - } - - upstream docker-captcha { - server captcha:8080; - } - proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Headers; @@ -90,7 +42,6 @@ http { server_name dashbrd-demo.opex.dev; location / { - resolver 127.0.0.11; set $backend http://superset:8088; proxy_pass $backend; } @@ -103,11 +54,13 @@ http { server_name adm-demo.opex.dev; location ~* \.(.*)$ { - proxy_pass http://docker-admin-panel; + set $backend http://admin-panel; + proxy_pass $backend; } location / { - proxy_pass http://docker-admin-panel; + set $backend http://admin-panel; + proxy_pass $backend; rewrite .* / break; } } @@ -118,20 +71,31 @@ http { server_name demo.opex.dev; - location ^~ /auth { - proxy_pass http://docker-auth; - } - location ~* \.(.*)$ { - proxy_pass http://docker-web-app; + set $backend http://web-app; + proxy_pass $backend; } location / { - proxy_pass http://docker-web-app; + set $backend http://web-app; + proxy_pass $backend; rewrite .* / break; } } + + server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name auth-demo.opex.dev; + + location /auth { + set $backend http://auth:8080; + proxy_pass $backend; + } + } + server { listen 443 ssl; listen [::]:443 ssl; @@ -144,10 +108,6 @@ http { return 204; } - location /auth { - proxy_pass http://docker-auth; - } - location /wallet/transfer { return 403; } @@ -161,52 +121,61 @@ http { } location /wallet { - proxy_pass http://docker-wallet; + set $backend http://wallet:8080; + proxy_pass $backend; rewrite ^/wallet/(.*)$ /$1 break; } location /gateway { - proxy_pass http://docker-matching-gateway; + set $backend http://matching-gateway:8080; + proxy_pass $backend; rewrite ^/gateway/(.*)$ /$1 break; } location /storage { - proxy_pass http://docker-storage; + set $backend http://storage:8080; + proxy_pass $backend; rewrite ^/storage/(.*)$ /$1 break; } location /referral { - proxy_pass http://docker-referral; + set $backend http://referral:8080; + proxy_pass $backend; rewrite ^/referral/(.*)$ /$1 break; } location /stream { - proxy_pass http://docker-websocket; # WS config proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ########### + set $backend http://websocket:8080; + proxy_pass $backend; rewrite ^/stream/(.*)$ /$1 break; } location /ipg { - proxy_pass http://docker-ipg; + set $backend http://payment:8080; + proxy_pass $backend; rewrite ^/ipg/(.*)$ /$1 break; } location /admin { - proxy_pass http://docker-admin; + set $backend http://admin:8080; + proxy_pass $backend; rewrite ^/admin/(.*)$ /$1 break; } location /api { - proxy_pass http://docker-api; + set $backend http://api:8080; + proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } location /sapi { - proxy_pass http://docker-api; + set $backend http://api:8080; + proxy_pass $backend; rewrite ^/sapi/(.*)$ /$1 break; } @@ -216,12 +185,12 @@ http { add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; add_header Access-Control-Expose-Headers 'Captcha-Session-Key, Captcha-Expire-Timestamp' always; - proxy_pass http://docker-captcha; + set $backend http://captcha:8080; + proxy_pass $backend; rewrite ^/captcha/(.*)$ /$1 break; } location /binance { - resolver 127.0.0.11; proxy_set_header Host api.binance.com; proxy_set_header X-Real-IP ''; proxy_set_header X-Forwarded-For ''; From b293d32883602ad870b2965821dd0fe7a7e270c9 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 06:36:35 +0430 Subject: [PATCH 02/13] Add resolver --- nginx.conf | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nginx.conf b/nginx.conf index d6f2243..379d5fb 100644 --- a/nginx.conf +++ b/nginx.conf @@ -42,6 +42,7 @@ http { server_name dashbrd-demo.opex.dev; location / { + resolver 127.0.0.11 set $backend http://superset:8088; proxy_pass $backend; } @@ -54,11 +55,13 @@ http { server_name adm-demo.opex.dev; location ~* \.(.*)$ { + resolver 127.0.0.11 set $backend http://admin-panel; proxy_pass $backend; } location / { + resolver 127.0.0.11 set $backend http://admin-panel; proxy_pass $backend; rewrite .* / break; @@ -72,11 +75,13 @@ http { server_name demo.opex.dev; location ~* \.(.*)$ { + resolver 127.0.0.11 set $backend http://web-app; proxy_pass $backend; } location / { + resolver 127.0.0.11 set $backend http://web-app; proxy_pass $backend; rewrite .* / break; @@ -91,6 +96,7 @@ http { server_name auth-demo.opex.dev; location /auth { + resolver 127.0.0.11 set $backend http://auth:8080; proxy_pass $backend; } @@ -120,25 +126,35 @@ http { return 403; } + location /auth { + resolver 127.0.0.11 + set $backend http://auth:8080; + proxy_pass $backend; + } + location /wallet { + resolver 127.0.0.11 set $backend http://wallet:8080; proxy_pass $backend; rewrite ^/wallet/(.*)$ /$1 break; } location /gateway { + resolver 127.0.0.11 set $backend http://matching-gateway:8080; proxy_pass $backend; rewrite ^/gateway/(.*)$ /$1 break; } location /storage { + resolver 127.0.0.11 set $backend http://storage:8080; proxy_pass $backend; rewrite ^/storage/(.*)$ /$1 break; } location /referral { + resolver 127.0.0.11 set $backend http://referral:8080; proxy_pass $backend; rewrite ^/referral/(.*)$ /$1 break; @@ -150,30 +166,35 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ########### + resolver 127.0.0.11 set $backend http://websocket:8080; proxy_pass $backend; rewrite ^/stream/(.*)$ /$1 break; } location /ipg { + resolver 127.0.0.11 set $backend http://payment:8080; proxy_pass $backend; rewrite ^/ipg/(.*)$ /$1 break; } location /admin { + resolver 127.0.0.11 set $backend http://admin:8080; proxy_pass $backend; rewrite ^/admin/(.*)$ /$1 break; } location /api { + resolver 127.0.0.11 set $backend http://api:8080; proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } location /sapi { + resolver 127.0.0.11 set $backend http://api:8080; proxy_pass $backend; rewrite ^/sapi/(.*)$ /$1 break; @@ -185,6 +206,7 @@ http { add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; add_header Access-Control-Expose-Headers 'Captcha-Session-Key, Captcha-Expire-Timestamp' always; + resolver 127.0.0.11 set $backend http://captcha:8080; proxy_pass $backend; rewrite ^/captcha/(.*)$ /$1 break; @@ -195,6 +217,7 @@ http { proxy_set_header X-Real-IP ''; proxy_set_header X-Forwarded-For ''; proxy_set_header X-Forwarded-Host ''; + resolver 127.0.0.11 set $backend https://api.binance.com; proxy_pass $backend; rewrite ^/binance/(.*)$ /$1 break; From b175321f6c55be6e2a42ac75569f062944d6b736 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 06:41:06 +0430 Subject: [PATCH 03/13] Add cache to resolver --- nginx.conf | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/nginx.conf b/nginx.conf index 379d5fb..5bd277f 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,6 +35,8 @@ http { proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Port $EXPOSED_PORT; + resolver 172.0.0.11 valid=30s; + server { listen 443 ssl; listen [::]:443 ssl; @@ -42,7 +44,6 @@ http { server_name dashbrd-demo.opex.dev; location / { - resolver 127.0.0.11 set $backend http://superset:8088; proxy_pass $backend; } @@ -55,13 +56,11 @@ http { server_name adm-demo.opex.dev; location ~* \.(.*)$ { - resolver 127.0.0.11 set $backend http://admin-panel; proxy_pass $backend; } location / { - resolver 127.0.0.11 set $backend http://admin-panel; proxy_pass $backend; rewrite .* / break; @@ -75,13 +74,11 @@ http { server_name demo.opex.dev; location ~* \.(.*)$ { - resolver 127.0.0.11 set $backend http://web-app; proxy_pass $backend; } location / { - resolver 127.0.0.11 set $backend http://web-app; proxy_pass $backend; rewrite .* / break; @@ -96,7 +93,6 @@ http { server_name auth-demo.opex.dev; location /auth { - resolver 127.0.0.11 set $backend http://auth:8080; proxy_pass $backend; } @@ -127,34 +123,29 @@ http { } location /auth { - resolver 127.0.0.11 set $backend http://auth:8080; proxy_pass $backend; } location /wallet { - resolver 127.0.0.11 set $backend http://wallet:8080; proxy_pass $backend; rewrite ^/wallet/(.*)$ /$1 break; } location /gateway { - resolver 127.0.0.11 set $backend http://matching-gateway:8080; proxy_pass $backend; rewrite ^/gateway/(.*)$ /$1 break; } location /storage { - resolver 127.0.0.11 set $backend http://storage:8080; proxy_pass $backend; rewrite ^/storage/(.*)$ /$1 break; } location /referral { - resolver 127.0.0.11 set $backend http://referral:8080; proxy_pass $backend; rewrite ^/referral/(.*)$ /$1 break; @@ -166,35 +157,30 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ########### - resolver 127.0.0.11 set $backend http://websocket:8080; proxy_pass $backend; rewrite ^/stream/(.*)$ /$1 break; } location /ipg { - resolver 127.0.0.11 set $backend http://payment:8080; proxy_pass $backend; rewrite ^/ipg/(.*)$ /$1 break; } location /admin { - resolver 127.0.0.11 set $backend http://admin:8080; proxy_pass $backend; rewrite ^/admin/(.*)$ /$1 break; } location /api { - resolver 127.0.0.11 set $backend http://api:8080; proxy_pass $backend; rewrite ^/api/(.*)$ /$1 break; } location /sapi { - resolver 127.0.0.11 set $backend http://api:8080; proxy_pass $backend; rewrite ^/sapi/(.*)$ /$1 break; @@ -206,7 +192,6 @@ http { add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; add_header Access-Control-Expose-Headers 'Captcha-Session-Key, Captcha-Expire-Timestamp' always; - resolver 127.0.0.11 set $backend http://captcha:8080; proxy_pass $backend; rewrite ^/captcha/(.*)$ /$1 break; @@ -217,7 +202,6 @@ http { proxy_set_header X-Real-IP ''; proxy_set_header X-Forwarded-For ''; proxy_set_header X-Forwarded-Host ''; - resolver 127.0.0.11 set $backend https://api.binance.com; proxy_pass $backend; rewrite ^/binance/(.*)$ /$1 break; From f4adb1780c7cae30b00cc8c91723b8c15b75fd17 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 06:47:41 +0430 Subject: [PATCH 04/13] Fix resolver address --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 5bd277f..3b0dd28 100644 --- a/nginx.conf +++ b/nginx.conf @@ -35,7 +35,7 @@ http { proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Port $EXPOSED_PORT; - resolver 172.0.0.11 valid=30s; + resolver 127.0.0.11 valid=30s; server { listen 443 ssl; From 21d1714bfe189cdfffe81b02a2b36391ac6d394f Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 13:21:03 +0430 Subject: [PATCH 05/13] Fix auth url --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 3b0dd28..5e74345 100644 --- a/nginx.conf +++ b/nginx.conf @@ -92,7 +92,7 @@ http { server_name auth-demo.opex.dev; - location /auth { + location / { set $backend http://auth:8080; proxy_pass $backend; } From 446559a6ce725441d0011139a23d21a45abb07fe Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 13:36:29 +0430 Subject: [PATCH 06/13] Cleanup --- nginx.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 5e74345..9d46d1e 100644 --- a/nginx.conf +++ b/nginx.conf @@ -85,7 +85,6 @@ http { } } - server { listen 443 ssl; listen [::]:443 ssl; From 7db11ed5356bcfbca1c8dab735a7434cf70fc478 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 22:19:00 +0430 Subject: [PATCH 07/13] Update auth server config --- nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx.conf b/nginx.conf index 5e74345..62ad1f0 100644 --- a/nginx.conf +++ b/nginx.conf @@ -95,6 +95,7 @@ http { location / { set $backend http://auth:8080; proxy_pass $backend; + rewrite ^/(.)$ /auth/$1 break; } } From 6a64e0119db7526ecfd440de13402fdd0d0143b3 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 22:23:13 +0430 Subject: [PATCH 08/13] Fix auth server redirect regex --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 62ad1f0..837b06d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -95,7 +95,7 @@ http { location / { set $backend http://auth:8080; proxy_pass $backend; - rewrite ^/(.)$ /auth/$1 break; + rewrite ^/(.*)$ /auth/$1 break; } } From c6fe7e15dee8edc62f43ced1e9546e934daa015d Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Mon, 13 Jun 2022 22:36:48 +0430 Subject: [PATCH 09/13] Cleanup --- nginx.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 837b06d..76272ff 100644 --- a/nginx.conf +++ b/nginx.conf @@ -85,7 +85,6 @@ http { } } - server { listen 443 ssl; listen [::]:443 ssl; From c9815ea4045f0ae728547058453c079e10571f37 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Tue, 14 Jun 2022 00:02:47 +0430 Subject: [PATCH 10/13] Set allow origin header explicitly --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 76272ff..62d3faf 100644 --- a/nginx.conf +++ b/nginx.conf @@ -24,7 +24,7 @@ http { proxy_hide_header Access-Control-Allow-Methods; add_header Access-Control-Allow-Credentials false always; - add_header Access-Control-Allow-Origin * always; + add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; From 11af967f433e435dd2b905b862604a212cf7f479 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Tue, 14 Jun 2022 00:11:56 +0430 Subject: [PATCH 11/13] Set allow credentials header to true --- nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx.conf b/nginx.conf index 62d3faf..2f8dec4 100644 --- a/nginx.conf +++ b/nginx.conf @@ -23,7 +23,7 @@ http { proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Allow-Methods; - add_header Access-Control-Allow-Credentials false always; + add_header Access-Control-Allow-Credentials true always; add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; From 263b01818b986ba5a58f457ddee65af0ad07f868 Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Tue, 14 Jun 2022 00:17:48 +0430 Subject: [PATCH 12/13] Update CORS --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 2f8dec4..9cd9f25 100644 --- a/nginx.conf +++ b/nginx.conf @@ -187,8 +187,8 @@ http { } location /captcha { - add_header Access-Control-Allow-Credentials false always; - add_header Access-Control-Allow-Origin * always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Origin $http_origin always; add_header Access-Control-Allow-Headers * always; add_header Access-Control-Allow-Methods 'POST, PUT, PATCH, GET, DELETE, OPTIONS, HEAD' always; add_header Access-Control-Expose-Headers 'Captcha-Session-Key, Captcha-Expire-Timestamp' always; From 6b2739b96db1b0f09555c56ac4979eb11584213e Mon Sep 17 00:00:00 2001 From: ebrahimmfadae Date: Wed, 15 Jun 2022 12:06:08 +0430 Subject: [PATCH 13/13] Refactor EXPOSED_PORT usage --- .github/workflows/dev.yml | 1 - .github/workflows/main.yml | 1 - Dockerfile | 7 +++---- docker-compose.yml | 7 +++---- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 11ded4e..7aa0ea1 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -15,7 +15,6 @@ jobs: - name: Build Docker images env: TAG: dev - EXPOSED_PORT: 8443 run: docker-compose build - name: Login to GitHub Container Registry uses: docker/login-action@v1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 24599ff..efad59a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,6 @@ jobs: - name: Build Docker images env: TAG: latest - EXPOSED_PORT: 443 run: docker-compose build - name: Login to GitHub Container Registry uses: docker/login-action@v1 diff --git a/Dockerfile b/Dockerfile index 9cd27a2..3e5fb3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ FROM nginx:1.20.2 -COPY nginx.conf /etc/nginx/ -ARG EXPOSED_PORT=443 -ENV EXPOSED_PORT $EXPOSED_PORT -RUN envsubst '\$EXPOSED_PORT' < /etc/nginx/nginx.conf | tee /etc/nginx/nginx.conf +COPY nginx.conf /etc/nginx/nginx.conf.org +ENV EXPOSED_PORT 443 +ENTRYPOINT sh -c 'envsubst \$EXPOSED_PORT < /etc/nginx/nginx.conf.org | tee /etc/nginx/nginx.conf && nginx -g "daemon off;"' EXPOSE 443 diff --git a/docker-compose.yml b/docker-compose.yml index f5f1b5a..6658dd9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,6 @@ version: '3.8' services: nginx: image: ghcr.io/opexdev/nginx:$TAG - build: - context: . - args: - - EXPOSED_PORT=$EXPOSED_PORT + build: . + environment: + - EXPOSED_PORT=$EXPOSED_PORT