parent
38d99c4718
commit
f51ba78bd5
11
Makefile
11
Makefile
|
@ -4,20 +4,18 @@ TERRAFORM=./scripts/terraform
|
|||
|
||||
check: generate validate
|
||||
$(MAKE) -C webapp check
|
||||
$(MAKE) -C proxy check
|
||||
|
||||
all: plugins master proxy
|
||||
all: plugins master
|
||||
|
||||
generate: generate-k8s
|
||||
|
||||
run: webapp proxy
|
||||
run: webapp
|
||||
docker-compose up
|
||||
|
||||
clean:
|
||||
rm -f build/git-refs.txt k8/generated
|
||||
docker-compose down || true
|
||||
$(MAKE) -C webapp clean
|
||||
$(MAKE) -C proxy clean
|
||||
|
||||
|
||||
## Build the Jenkins master image
|
||||
|
@ -50,9 +48,6 @@ build/agent-templates:
|
|||
|
||||
## Handle sub-projects
|
||||
###############################################################
|
||||
proxy:
|
||||
$(MAKE) -C proxy
|
||||
|
||||
webapp:
|
||||
$(MAKE) -C webapp
|
||||
###############################################################
|
||||
|
@ -106,4 +101,4 @@ k8s/generated:
|
|||
|
||||
.PHONY: clean all plugins master builder plan validate \
|
||||
deploy generate-k8s deploy-k8s webapp check generate \
|
||||
agent-templates proxy run tfinit
|
||||
agent-templates run tfinit
|
||||
|
|
|
@ -1,20 +1,6 @@
|
|||
---
|
||||
version: '3'
|
||||
services:
|
||||
proxy:
|
||||
image: 'rtyler/codevalet-proxy:latest'
|
||||
ports:
|
||||
- 8000:80
|
||||
- 8443:443
|
||||
environment:
|
||||
- WEBAPP_SERVICE_PORT=9292
|
||||
- WEBAPP_SERVICE_HOST=webapp
|
||||
# Example version of these variables for scripting/testing
|
||||
- JENKINS_CODEVALET_SERVICE_HOST=127.0.1.1
|
||||
- JENKINS_CODEVALET_SERVICE_PORT=80
|
||||
links:
|
||||
- webapp
|
||||
|
||||
webapp:
|
||||
image: 'rtyler/codevalet-webapp:latest'
|
||||
ports:
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
FROM ubuntu:xenial
|
||||
|
||||
RUN apt-get update && apt-get install -qy software-properties-common
|
||||
RUN add-apt-repository ppa:certbot/certbot && \
|
||||
apt-get update && \
|
||||
apt-get install -qy python-certbot-nginx nginx ruby dnsmasq supervisor
|
||||
|
||||
ADD nginx.conf /etc/nginx/
|
||||
RUN touch /etc/nginx/vars.conf /etc/nginx/monkeys.conf
|
||||
ADD conf.d/*.conf /etc/nginx/conf.d/
|
||||
|
||||
COPY run-nginx /usr/bin/
|
||||
COPY generate-nginx-locations /usr/bin/
|
||||
COPY manage-certificates /usr/bin/
|
||||
COPY supervisor.conf /etc/supervisor/conf.d/supervisor.conf
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 443
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisor.conf
|
|
@ -1,14 +0,0 @@
|
|||
IMAGE=rtyler/codevalet-proxy
|
||||
|
||||
check: container
|
||||
docker run --rm \
|
||||
-e JENKINS_CODEVALET_SERVICE_HOST=127.0.1.1 \
|
||||
-e JENKINS_CODEVALET_SERVICE_PORT=80 \
|
||||
-e JENKINS_FOOBAR_SERVICE_HOST=127.0.2.1 \
|
||||
-e JENKINS_FOOBAR_SERVICE_PORT=80 \
|
||||
$(IMAGE):latest /usr/bin/run-nginx test
|
||||
|
||||
container: Dockerfile
|
||||
docker build -t $(IMAGE) .
|
||||
|
||||
.PHONY: clean check container
|
|
@ -1,54 +0,0 @@
|
|||
# Basic configuration for the reverse proxy in front of "everything"
|
||||
#
|
||||
# This should manage the default proxying
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name codevalet.io;
|
||||
|
||||
location ^~ /.well-known/acme-challenge {
|
||||
root /var/www/letsencrypt;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name codevalet.io;
|
||||
|
||||
include /etc/nginx/vars.conf;
|
||||
|
||||
# Grab all the dynamically generated routes, blech.
|
||||
# Need to do this before the catch-all location below
|
||||
include /etc/nginx/monkeys.conf;
|
||||
|
||||
location /canary {
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
rewrite ^/canary/(.*) /$1 break;
|
||||
|
||||
proxy_pass http://$canary:$canary_port;
|
||||
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://$webapp:$webapp_port;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
# vim: sw=2 ts=2 et
|
|
@ -1,39 +0,0 @@
|
|||
#!/usr/bin/env ruby
|
||||
|
||||
require 'erb'
|
||||
|
||||
locations = {}
|
||||
|
||||
ENV.each_pair do |key, val|
|
||||
next unless key.match /JENKINS_(\w+)_SERVICE_(\w+)/
|
||||
user = $1.downcase.to_sym
|
||||
env_type = $2
|
||||
|
||||
locations[user] ||= {}
|
||||
|
||||
if env_type == 'HOST'
|
||||
locations[user][:host] = val
|
||||
elsif env_type == 'PORT'
|
||||
locations[user][:port] = val
|
||||
end
|
||||
end
|
||||
|
||||
File.open('/etc/nginx/monkeys.conf', 'w+') do |f|
|
||||
f.write(ERB.new(DATA.read).result)
|
||||
end
|
||||
|
||||
__END__
|
||||
|
||||
## THIS FILE IS AUTOGENERATED BY generate-nginx-locations
|
||||
# DO NOT EDIT
|
||||
#
|
||||
<% locations.each_pair do |name, data| %>
|
||||
|
||||
location = /u/<%= name %>/ {
|
||||
return 301 $scheme://$server_name/u/<%= name %>/blue/pipelines;
|
||||
}
|
||||
location /u/<%= name %> {
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://<%= data[:host] %>:<%= data[:port] %>;
|
||||
}
|
||||
<% end %>
|
|
@ -1,36 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DOMAIN=codevalet.io
|
||||
EMAIL=tyler--codevalet@monkeypox.org
|
||||
|
||||
sleep 10
|
||||
|
||||
printenv
|
||||
|
||||
while true; do
|
||||
|
||||
ls -lah /etc/letsencrypt
|
||||
cat /etc/letsencrypt/options-ssl-nginx.conf
|
||||
|
||||
echo ">> Beep boop.."
|
||||
|
||||
if [ ! "${LETSENCRYPT+x}" = "x" ]; then
|
||||
if [ -d /etc/letsencrypt/live ]; then
|
||||
echo ">> Let's Encrypt files appear to be on the filesystem";
|
||||
echo ">> .. attempting a renew";
|
||||
if [ $? -ne 0 ]; then
|
||||
certbot renew -n -d ${DOMAIN} -m ${EMAIL};
|
||||
fi;
|
||||
fi;
|
||||
else
|
||||
echo ">> Let's Encrypt files do not appear to exist, registering"
|
||||
certbot register -m ${EMAIL} --agree-tos;
|
||||
certbot certonly --webroot -w /usr/share/nginx/html -d ${DOMAIN} -m ${EMAIL} ;
|
||||
fi;
|
||||
|
||||
echo ">> Snoozing for a while.."
|
||||
|
||||
tail -n 500 /var/log/letsencrypt/*log
|
||||
# Let's nap for a whole day!
|
||||
sleep 3000
|
||||
done;
|
|
@ -1,30 +0,0 @@
|
|||
#user nginx;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /dev/stdout warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
include /etc/nginx/modules/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 4096;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
gzip on;
|
||||
resolver 127.0.0.1;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
||||
# vim: ft=conf sw=2 ts=2 et
|
|
@ -1,35 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This is a wrapper script to lay down some environment specific configuartion
|
||||
# before the daemon starts. This can be useful for pulling environment
|
||||
# variables into the application without requiring anything too terribly goofy
|
||||
# in the nginx runtime
|
||||
|
||||
cat > /etc/nginx/vars.conf << EOF
|
||||
# THIS FILE IS AUTOGENERATED BY run-nginx
|
||||
# DO NOT EDIT
|
||||
|
||||
set \$webapp ${WEBAPP_SERVICE_HOST:-dummy-host};
|
||||
set \$webapp_port ${WEBAPP_SERVICE_PORT:-80};
|
||||
|
||||
set \$canary ${CANARY_SERVICE_HOST:-dummy-host};
|
||||
set \$canary_port ${CANARY_SERVICE_PORT:-80};
|
||||
EOF
|
||||
|
||||
|
||||
if [ -f /etc/letsencrypt/live/codevalet.io/cert.pem ]; then
|
||||
cat >> /etc/nginx/vars.conf << EOF
|
||||
ssl_certificate_key /etc/letsencrypt/live/codevalet.io/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/codevalet.io/fullchain.pem;
|
||||
EOF
|
||||
fi;
|
||||
|
||||
/usr/bin/generate-nginx-locations
|
||||
|
||||
cat /etc/nginx/monkeys.conf
|
||||
|
||||
if [ "$1" = "test" ]; then
|
||||
exec /usr/sbin/nginx -t;
|
||||
else
|
||||
exec /usr/sbin/nginx -g "daemon off;";
|
||||
fi;
|
|
@ -1,26 +0,0 @@
|
|||
[supervisord]
|
||||
nodaemon=true
|
||||
|
||||
[program:nginx]
|
||||
command=/usr/bin/run-nginx
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
autorestart=true
|
||||
|
||||
[program:dnsmasq]
|
||||
command=/usr/sbin/dnsmasq --user=root --no-daemon
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
autorestart=true
|
||||
|
||||
[program:certs]
|
||||
command=/usr/bin/manage-certificates
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
autorestart=true
|
Loading…
Reference in New Issue