Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header redirect/lobby variable port number #9940

Merged
merged 2 commits into from Dec 26, 2021
Merged

Header redirect/lobby variable port number #9940

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
860ed08
Nginx Config: remove deprecated ssl property
DanVanAtta Dec 25, 2021
f68abbe
Nginx config to redirect to differing lobby depending on header version
DanVanAtta Dec 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 7 additions & 0 deletions infrastructure/ansible/group_vars/all.yml
View file
Open in desktop
Expand Up @@ -8,3 +8,10 @@ admin_user: "admin"
admin_home: "/home/{{ admin_user }}"
github_releases_url: https://github.com/triplea-game/triplea/releases/download
ansible_python_interpreter: /usr/bin/python3

# When adding a new lobby, update 'nginx' to redirect
# port numbers, 8080 -> old default, 9026 -> v2.6, 9027 -> v2.7
lobby_25_port: 8080
lobby_26_port: 9026
lobby_http_port: "{{ lobby_26_port }}"
lobby_name: lobby_26
6 changes: 5 additions & 1 deletion infrastructure/ansible/roles/lobby_server/README.md
View file
Open in desktop
@@ -1 +1,5 @@
Install dropwizard http server and lobby application
# Lobby Server

Installs the lobby server. We run lobby versions parallel to one another on different port numbers.
This allows us to run multiple lobbies on the same host. Further, we have magic config in nginx
to redirect to the correct server instance based on the `triplea-version` header value.
2 changes: 2 additions & 0 deletions infrastructure/ansible/roles/lobby_server/defaults/main.yml
View file
Open in desktop
@@ -1,5 +1,7 @@
lobby_server_user: lobby_server
lobby_name: lobby_default
lobby_version: "{{ version }}"
lobby_http_port: 8080
lobby_server_home_folder: "/home/{{ lobby_server_user }}/{{ lobby_version }}"
lobby_server_error_report_github_org: "triplea-game"
lobby_server_error_report_github_repo: "test"
Expand Down
4 changes: 2 additions & 2 deletions infrastructure/ansible/roles/lobby_server/tasks/main.yml
View file
Open in desktop
Expand Up @@ -49,7 +49,7 @@
register: service_script
template:
src: lobby_server.service.j2
dest: /lib/systemd/system/lobby_server.service
dest: /lib/systemd/system/{{ lobby_name }}.service
mode: "644"

- name: reload systemd
Expand All @@ -62,6 +62,6 @@
tags: [deploy]
when: (lobby_restart_on_new_deployment) and ((deploy_artifact.changed) or (service_script.changed))
service:
name: lobby_server
name: "{{ lobby_name }}"
state: restarted
enabled: yes
4 changes: 3 additions & 1 deletion infrastructure/ansible/roles/lobby_server/templates/lobby_server.service.j2
View file
Open in desktop
@@ -1,5 +1,5 @@
[Unit]
Description=TripleA Lobby Server
Description={{ lobby_name }}
Documentation=

[Service]
Expand All @@ -14,6 +14,8 @@ Environment=ERROR_REPORT_GITHUB_REPO=triplea
Environment=GITHUB_API_TOKEN={{ github_api_token }}
Environment=MAP_INDEXING_PERIOD_MINUTES={{ map_indexing_period_minutes }}
Environment=MAP_INDEXING_DELAY_SECONDS={{ map_indexing_task_delay_seconds }}
Environment=HTTP_PORT={{ lobby_http_port }}

WorkingDirectory={{ lobby_server_home_folder }}
User={{ lobby_server_user }}
Group={{ lobby_server_user }}
Expand Down
16 changes: 16 additions & 0 deletions infrastructure/ansible/roles/nginx/defaults/main.yml
View file
Open in desktop
Expand Up @@ -9,3 +9,19 @@ dhparams_pem_file: /etc/nginx/dhparam.pem
nginx_allowed_ports:
- 443
- 80

# 'lobby_proxy_pass' captures common selection logic for redirecting clients based on their
# TripleA Version.
#
# Note: header names automatically have dashes converted to underscores.
# Headers containing underscores are ignored entirely!
lobby_proxy_pass: |
if ($http_triplea_version = "") {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'if' is evil in NGINX apparently: https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

I tried a solution that used map to createa $lobbby_server variable - though that did not work at all for the websocket proxy_pass configurations.

proxy_pass http://localhost:{{ lobby_25_port }};
}
if ($http_triplea_version = "2.5") {
proxy_pass http://localhost:{{ lobby_25_port }};
}
if ($http_triplea_version = "2.6") {
proxy_pass http://localhost:{{ lobby_26_port }};
}
16 changes: 4 additions & 12 deletions infrastructure/ansible/roles/nginx/templates/etc_nginx_sites_enabled_default.j2
View file
Open in desktop
Expand Up @@ -6,7 +6,7 @@ server {

# warning: be sure that we can run certbot role and then re-run the nginx
# role without this file changing. If this file is changed (white-space included)
# then nginx will be restarting, disconnecting all active connections.
# then nginx will be restarted, disconnecting all active connections.

server {
listen 443 ssl http2;
Expand All @@ -15,7 +15,6 @@ server {
ssl_certificate {{ cert }}
ssl_certificate_key {{ cert_key }}

ssl on;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This 'ssl on' directive is deprecated. This line listen 443 ssl http2; is enough to enable SSL

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_prefer_server_ciphers on;
Expand All @@ -34,23 +33,17 @@ server {
add_header X-XSS-Protection "1; mode=block";

location / {

{{ lobby_proxy_pass }}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:8080;
proxy_read_timeout 90;

proxy_redirect https://localhost:443 https://localhost:8080;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This 'proxy_redirect' line is seemingly unneeded. While testing, this line did not seem to matter.

}

location /game-connection/ws {
proxy_pass http://localhost:8080;
{{ lobby_proxy_pass }}
proxy_http_version 1.1;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Expand All @@ -61,9 +54,8 @@ server {
}

location /player-connection/ws {
proxy_pass http://localhost:8080;
{{ lobby_proxy_pass }}
proxy_http_version 1.1;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Expand Down
2 changes: 1 addition & 1 deletion spitfire-server/dropwizard-server/configuration.yml
View file
Open in desktop
Expand Up @@ -81,7 +81,7 @@ logging:
server:
applicationConnectors:
- type: http
port: 8080
port: ${HTTP_PORT:-8080}
# useForwardedHeaders is important for when behind a reverse proxy (NGINX)
# Without this 'getRemoteAddr' will return the IP of the reverse proxy server.
# By default when building locally useForwardedPorts should be 'false', but
Expand Down