commit
4589aec248
|
@ -0,0 +1,9 @@
|
|||
## First Level NGINX
|
||||
|
||||
This config allows for a default first level proxy to be put between FW and the other clusters
|
||||
|
||||
### Single Node
|
||||
A multiple NGINX instances proxied by a single one
|
||||
|
||||
### Swarmed
|
||||
4 Replicas
|
|
@ -0,0 +1,94 @@
|
|||
# Main context (this is the global configuration)
|
||||
worker_processes 4;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
|
||||
# Upstream block to define the Node.js backend servers
|
||||
# Servers name come from compose definition
|
||||
|
||||
upstream swarm1_cluster {
|
||||
server swarm1w1.sselab.ddns.net;
|
||||
server swarm1w2.sselab.ddns.net;
|
||||
server swarm1w3.sselab.ddns.net;
|
||||
server swarm1w4.sselab.ddns.net;
|
||||
}
|
||||
|
||||
|
||||
#TODO manage certs
|
||||
# server {
|
||||
# listen 443 ssl; # Listen on port 443 for HTTPS
|
||||
# server_name localhost;
|
||||
|
||||
# # SSL certificate settings
|
||||
# ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
|
||||
# ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
|
||||
|
||||
# # Proxying requests to Node.js cluster
|
||||
# location / {
|
||||
# proxy_pass http://nodejs_cluster;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# }
|
||||
# }
|
||||
|
||||
|
||||
# Optional server block for HTTP to HTTPS redirection
|
||||
server {
|
||||
listen 80; # Listen on port 80 for HTTP
|
||||
server_name *.sw1.sselab.ddns.net;
|
||||
|
||||
|
||||
location / {
|
||||
# Redirect all HTTP traffic to HTTPS
|
||||
# TODO requires https
|
||||
# return 301 https://$host$request_uri;
|
||||
|
||||
proxy_pass http://swarm1_cluster;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name *.sw1.hassallab.it;
|
||||
|
||||
location / {
|
||||
# Redirect all HTTP traffic to HTTPS
|
||||
# TODO requires https
|
||||
# return 301 https://$host$request_uri;
|
||||
|
||||
proxy_pass http://swarm1_cluster;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#Default Catch-all serving
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
root /var/www/default;
|
||||
|
||||
location /{
|
||||
try_files $uri /$uri /index.html;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Hassallab Landing Page</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<header>
|
||||
</header>
|
||||
|
||||
<div class="container">
|
||||
<h2>Hassallab default landing page</h2>
|
||||
<p>
|
||||
Questa è la pagina di default.
|
||||
Prova a visitare <br>
|
||||
<a href="www.app.sw1.hassalab.it"> hassallab default</a>
|
||||
<a href="www.app.sw1.sselab.ddns.it"> sselab default</a>
|
||||
</p>
|
||||
</div>
|
||||
<footer>
|
||||
<p>© TechWorld with Nana. All Rights Reserved.</p>
|
||||
<p>Follow us on:
|
||||
<a href="#" style="color: #3b5998;">Linkedin</a> |
|
||||
<a href="#" style="color: #00aced;">Twitter</a> |
|
||||
<a href="#" style="color: #e4405f;">Instagram</a>
|
||||
</p>
|
||||
</footer>
|
||||
</body>
|
||||
|
||||
</html>
|
|
@ -0,0 +1,12 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
# --- NGINX ---
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
ports:
|
||||
- '80:80'
|
||||
- '443:443'
|
||||
volumes:
|
||||
- ../configs/node.conf:/etc/nginx/nginx.conf:ro
|
||||
- ../content/index.html:/var/www/default/index.html
|
|
@ -0,0 +1,37 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
# --- NGINX ---
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
ports:
|
||||
- '80:80'
|
||||
- '443:443'
|
||||
deploy:
|
||||
replicas: 4
|
||||
update_config:
|
||||
parallelism: 2
|
||||
order: start-first
|
||||
failure_action: rollback
|
||||
delay: 10s
|
||||
rollback_config:
|
||||
parallelism: 0
|
||||
order: stop-first
|
||||
restart_policy:
|
||||
condition: any
|
||||
delay: 5s
|
||||
max_attempts: 3
|
||||
window: 120s
|
||||
healthcheck:
|
||||
test: ["CMD", "service", "nginx", "status"]
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
- source: nginx_static
|
||||
target: /var/www/default/index.html
|
||||
|
||||
configs:
|
||||
nginx_conf:
|
||||
file: ../configs/node.conf
|
||||
nginx_static:
|
||||
file: ../content/index.html
|
|
@ -0,0 +1,17 @@
|
|||
# PKI
|
||||
|
||||
### Templates
|
||||
Some utils files in order to have a ready solution in order to generate bundles.
|
||||
|
||||
**NB** via console is trivial :
|
||||
|
||||
Public CRT
|
||||
'cat SSE\ Lab\ Root\ CA_crt.pem >> certificate-bundle.pem
|
||||
cat SSE\ Lab\ Intermediate\ CA_crt.pem >> certificate-bundle.pem
|
||||
cat RUP\ Services_crt.pem >> certificate-bundle.pem'
|
||||
|
||||
Private Key
|
||||
'cat RUP\ Services_prv.pem >> certificate-bundle.key'
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
Root CA public key data
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
Intermediate CA public key data
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
Leaf Certificate public key data
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,53 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
|
||||
DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
|
||||
BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
|
||||
dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDA4
|
||||
MjRaFw0zNTAzMDMxMDA4MjRaMIGQMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
|
||||
YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEPMA0GA1UECwwGU1NFTGFi
|
||||
MSowKAYJKoZIhvcNAQkBFhtmYWJpby5zaW5pYmFsZGlAaXN0aS5jbnIuaXQxFzAV
|
||||
BgNVBAMMDnNzZWxhYi1yb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAnXup44PPzPSTDRkLBMGuUtXUk344tNZDn6h+rxXGlSw0T6qGrGPCAhqI
|
||||
6IuOkCE/wp/Sv1KEFp2OamPiEwA0mTIoOi2ACaNg7fhOHUNpgw2dpeaiVd6WCmY6
|
||||
MkLMcAH4jFlnOI/RnjkV01Yz3KGj7tpztd3wqD84INasRH+6zlZqiKG0HIxjlAUx
|
||||
eHOop2rOTzUSsiOZyaW3dlQNtup7ndkFGZYd6aN50Kd1tbOZGHBldFwonNQN/59I
|
||||
xUAsgX2BGQ97K1BoFN3bor3MwK9oKbjHY72/kPIN1IrblcreejyElq3Gt+B4UJ+R
|
||||
XZO7A/lCzqykNLJax3wQkU3ZfKk6ywIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQq
|
||||
FihPUE5zZW5zZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1Ud
|
||||
DgQWBBTYTk488gvOsh5qJ/VbKYxZRbQ/NzAfBgNVHSMEGDAWgBTYTk488gvOsh5q
|
||||
J/VbKYxZRbQ/NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEAH8sMS8XHZh4Jg6vBvwU1mufi9KeTW1MQP8p8FXV4hBZy
|
||||
jSPpeEyqJo4fms70AY9zqomjxIikKgBRnIi/pyJ5U3oKOrktHiXlzugeVIptR37P
|
||||
mUBPu/7yO1ttNdwKbX8OjSxR/BnJtP/rVwcKn2KnF0CQWHEsEpgTd+ayIEl7OEvJ
|
||||
icuN2//H71ytu/Le7tl+Ib6ZuoVA+n6JQenSOOWd31UUNNe8mANj0bzkHTaoIDzS
|
||||
oqhN9vfQ61E3p8E1X3IA3q8rggrJudR+fngwH7TeKtd2STP2nXtHYlhDBfVlUG6x
|
||||
riZKtbFI0oiwF0BFyV4dah2i6N98phZ5V23Iz7t0PA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
|
||||
DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
|
||||
BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
|
||||
dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDEw
|
||||
MjZaFw0yODAzMDQxMDEwMjZaMIGHMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
|
||||
YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEqMCgGCSqGSIb3DQEJARYb
|
||||
ZmFiaW8uc2luaWJhbGRpQGlzdGkuY25yLml0MR8wHQYDVQQDDBZzc2VsYWItaW50
|
||||
ZXJtZWRpYXRlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+3H
|
||||
Vz7jnaGGew6LjeFhE5Dr+iIID+SdclrkB/ljz5ey3q4Rnsso4xnKVdyITSUinDee
|
||||
RiPk+R2h7mhGlL9Z25JpykV+exwzM5hPrU0GVaus9QljL9TCAsN82M6ww6R0+m1s
|
||||
vQp6/Y5oax/Mi/6K3dHqcjKEZ8GbHUns8xZtZ8sPCboyV1IFeAjfBIJYfr94CRqy
|
||||
A/H2JcY348fM3XMDzDhZXEydeMeaM8bQhtQml0IwRs3L1ZHFppNXjvQLW2IbF8EW
|
||||
VQNlTY7UwWpjsGDC3+3vrV0yOyE1hpi4YU3zcq9ds+HeVw4fUNEWCoDaEEah9wnX
|
||||
4O2yVxm+R31WEia3sQIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQqFihPUE5zZW5z
|
||||
ZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRE3BNE
|
||||
555kVhkB6C1XKtrYY+QlZzAfBgNVHSMEGDAWgBTYTk488gvOsh5qJ/VbKYxZRbQ/
|
||||
NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEAVbuglqJ2/vDBkFunvQa0SdR/OaL9cRtbfGqhYpc3sZVO2tDh7aKSrr9o
|
||||
7EeLFL+GKt9f8IqKMMTC33Ac/m+Ne6wvyv6sqpbTo84gdVlVV/YjWt9spEUivHa4
|
||||
TLxEhi7KeO2DmhMGYWI/ogTaNKWboUmZZ4PoBS0Z3Rz6I97UcPB89AcKLGAW0dtC
|
||||
fAQSHYVQ0Egm4Qf8ICJBcdwdnjffSUk3kkVcKg4qr+5kjVACjRJfqOm7PDrh2jmA
|
||||
gnMxtST45WTgWlWa4cS+/Bb9KreQCdfcN1xevOzOJSVecVYT40N8n8nwhCIkMPAM
|
||||
1QzsP1M6grD89nHeECK4LEpLTdBhvw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
Leaf Certificate public key data
|
||||
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue