From 1301465f2bf56731ee93fa42131826f642025d7f Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 5 Mar 2025 12:14:50 +0100
Subject: [PATCH 1/8] PKI templates

---
 templates/PKI/README.md                       | 17 ++++++
 .../PKI/certificate-bundle(structure).pem     |  9 ++++
 .../PKI/certificate-bundle(template).pem      | 53 +++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 templates/PKI/README.md
 create mode 100644 templates/PKI/certificate-bundle(structure).pem
 create mode 100644 templates/PKI/certificate-bundle(template).pem

diff --git a/templates/PKI/README.md b/templates/PKI/README.md
new file mode 100644
index 0000000..e239858
--- /dev/null
+++ b/templates/PKI/README.md
@@ -0,0 +1,17 @@
+# PKI
+
+### Templates
+Some utils files in order to have a ready solution in order to generate bundles. 
+
+**NB** via console is trivial : 
+
+Public CRT
+'cat SSE\ Lab\ Root\ CA_crt.pem >> certificate-bundle.pem
+cat SSE\ Lab\ Intermediate\ CA_crt.pem >> certificate-bundle.pem
+cat RUP\ Services_crt.pem >> certificate-bundle.pem'
+
+Private Key
+'cat RUP\ Services_prv.pem >> certificate-bundle.key'
+
+
+	
diff --git a/templates/PKI/certificate-bundle(structure).pem b/templates/PKI/certificate-bundle(structure).pem
new file mode 100644
index 0000000..6b5c56b
--- /dev/null
+++ b/templates/PKI/certificate-bundle(structure).pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+Root CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Intermediate CA public key data
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/templates/PKI/certificate-bundle(template).pem b/templates/PKI/certificate-bundle(template).pem
new file mode 100644
index 0000000..48ebb9e
--- /dev/null
+++ b/templates/PKI/certificate-bundle(template).pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIIEOzCCAyOgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDA4
+MjRaFw0zNTAzMDMxMDA4MjRaMIGQMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEPMA0GA1UECwwGU1NFTGFi
+MSowKAYJKoZIhvcNAQkBFhtmYWJpby5zaW5pYmFsZGlAaXN0aS5jbnIuaXQxFzAV
+BgNVBAMMDnNzZWxhYi1yb290LWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAnXup44PPzPSTDRkLBMGuUtXUk344tNZDn6h+rxXGlSw0T6qGrGPCAhqI
+6IuOkCE/wp/Sv1KEFp2OamPiEwA0mTIoOi2ACaNg7fhOHUNpgw2dpeaiVd6WCmY6
+MkLMcAH4jFlnOI/RnjkV01Yz3KGj7tpztd3wqD84INasRH+6zlZqiKG0HIxjlAUx
+eHOop2rOTzUSsiOZyaW3dlQNtup7ndkFGZYd6aN50Kd1tbOZGHBldFwonNQN/59I
+xUAsgX2BGQ97K1BoFN3bor3MwK9oKbjHY72/kPIN1IrblcreejyElq3Gt+B4UJ+R
+XZO7A/lCzqykNLJax3wQkU3ZfKk6ywIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQq
+FihPUE5zZW5zZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1Ud
+DgQWBBTYTk488gvOsh5qJ/VbKYxZRbQ/NzAfBgNVHSMEGDAWgBTYTk488gvOsh5q
+J/VbKYxZRbQ/NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAQEAH8sMS8XHZh4Jg6vBvwU1mufi9KeTW1MQP8p8FXV4hBZy
+jSPpeEyqJo4fms70AY9zqomjxIikKgBRnIi/pyJ5U3oKOrktHiXlzugeVIptR37P
+mUBPu/7yO1ttNdwKbX8OjSxR/BnJtP/rVwcKn2KnF0CQWHEsEpgTd+ayIEl7OEvJ
+icuN2//H71ytu/Le7tl+Ib6ZuoVA+n6JQenSOOWd31UUNNe8mANj0bzkHTaoIDzS
+oqhN9vfQ61E3p8E1X3IA3q8rggrJudR+fngwH7TeKtd2STP2nXtHYlhDBfVlUG6x
+riZKtbFI0oiwF0BFyV4dah2i6N98phZ5V23Iz7t0PA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCSVQx
+DTALBgNVBAgMBFBpc2ExDTALBgNVBAcMBFBpc2ExDTALBgNVBAoMBElTVEkxDzAN
+BgNVBAsMBlNTRUxhYjEqMCgGCSqGSIb3DQEJARYbZmFiaW8uc2luaWJhbGRpQGlz
+dGkuY25yLml0MRcwFQYDVQQDDA5zc2VsYWItcm9vdC1jYTAeFw0yNTAzMDUxMDEw
+MjZaFw0yODAzMDQxMDEwMjZaMIGHMQswCQYDVQQGEwJJVDENMAsGA1UECAwEUGlz
+YTENMAsGA1UEBwwEUGlzYTENMAsGA1UECgwESVNUSTEqMCgGCSqGSIb3DQEJARYb
+ZmFiaW8uc2luaWJhbGRpQGlzdGkuY25yLml0MR8wHQYDVQQDDBZzc2VsYWItaW50
+ZXJtZWRpYXRlLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+3H
+Vz7jnaGGew6LjeFhE5Dr+iIID+SdclrkB/ljz5ey3q4Rnsso4xnKVdyITSUinDee
+RiPk+R2h7mhGlL9Z25JpykV+exwzM5hPrU0GVaus9QljL9TCAsN82M6ww6R0+m1s
+vQp6/Y5oax/Mi/6K3dHqcjKEZ8GbHUns8xZtZ8sPCboyV1IFeAjfBIJYfr94CRqy
+A/H2JcY348fM3XMDzDhZXEydeMeaM8bQhtQml0IwRs3L1ZHFppNXjvQLW2IbF8EW
+VQNlTY7UwWpjsGDC3+3vrV0yOyE1hpi4YU3zcq9ds+HeVw4fUNEWCoDaEEah9wnX
+4O2yVxm+R31WEia3sQIDAQABo4GdMIGaMDcGCWCGSAGG+EIBDQQqFihPUE5zZW5z
+ZSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB0GA1UdDgQWBBRE3BNE
+555kVhkB6C1XKtrYY+QlZzAfBgNVHSMEGDAWgBTYTk488gvOsh5qJ/VbKYxZRbQ/
+NzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEAVbuglqJ2/vDBkFunvQa0SdR/OaL9cRtbfGqhYpc3sZVO2tDh7aKSrr9o
+7EeLFL+GKt9f8IqKMMTC33Ac/m+Ne6wvyv6sqpbTo84gdVlVV/YjWt9spEUivHa4
+TLxEhi7KeO2DmhMGYWI/ogTaNKWboUmZZ4PoBS0Z3Rz6I97UcPB89AcKLGAW0dtC
+fAQSHYVQ0Egm4Qf8ICJBcdwdnjffSUk3kkVcKg4qr+5kjVACjRJfqOm7PDrh2jmA
+gnMxtST45WTgWlWa4cS+/Bb9KreQCdfcN1xevOzOJSVecVYT40N8n8nwhCIkMPAM
+1QzsP1M6grD89nHeECK4LEpLTdBhvw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+Leaf Certificate public key data
+-----END CERTIFICATE-----
\ No newline at end of file

From cc4e145921100216d7a5d4a76311973241f62ded Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 5 Mar 2025 15:08:11 +0100
Subject: [PATCH 2/8] Initial  config

---
 dockerized/first-level-nginx/README.md        |  9 ++
 .../first-level-nginx/configs/node.conf       | 94 +++++++++++++++++++
 .../single_node/compose.yaml                  |  9 ++
 .../first-level-nginx/swarmed/compose.yaml    | 26 +++++
 4 files changed, 138 insertions(+)
 create mode 100644 dockerized/first-level-nginx/README.md
 create mode 100644 dockerized/first-level-nginx/configs/node.conf
 create mode 100644 dockerized/first-level-nginx/single_node/compose.yaml
 create mode 100644 dockerized/first-level-nginx/swarmed/compose.yaml

diff --git a/dockerized/first-level-nginx/README.md b/dockerized/first-level-nginx/README.md
new file mode 100644
index 0000000..df065fb
--- /dev/null
+++ b/dockerized/first-level-nginx/README.md
@@ -0,0 +1,9 @@
+## First Level NGINX
+
+This config allows for a default first level proxy to be put between FW and the other clusters
+
+### Single Node
+A multiple NGINX instances proxied by a single one
+
+### Swarmed
+4 Replicas
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/configs/node.conf b/dockerized/first-level-nginx/configs/node.conf
new file mode 100644
index 0000000..b15ee38
--- /dev/null
+++ b/dockerized/first-level-nginx/configs/node.conf
@@ -0,0 +1,94 @@
+# Main context (this is the global configuration)
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+
+    # Upstream block to define the Node.js backend servers
+    # Servers name come from compose definition
+
+    upstream swarm1_cluster {
+        server swarm1w1.sselab.ddns.net;
+        server swarm1w2.sselab.ddns.net;
+        server swarm1w3.sselab.ddns.net;
+        server swarm1w4.sselab.ddns.net;
+    }
+
+
+    #TODO manage certs
+    # server {
+    #     listen 443 ssl;  # Listen on port 443 for HTTPS
+    #     server_name localhost;
+
+    #     # SSL certificate settings
+    #     ssl_certificate /Users/nana/nginx-certs/nginx-selfsigned.crt;
+    #     ssl_certificate_key /Users/nana/nginx-certs/nginx-selfsigned.key;
+
+    #     # Proxying requests to Node.js cluster
+    #     location / {
+    #         proxy_pass http://nodejs_cluster;
+    #         proxy_set_header Host $host;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #     }
+    # }
+
+
+    # Optional server block for HTTP to HTTPS redirection
+    server {
+        listen 80;  # Listen on port 80 for HTTP
+        server_name *.sw1.sselab.ddns.net;
+
+        
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+
+    server {
+        listen 80;
+        server_name *.sw1.hassallab.it;
+
+        location / {
+            # Redirect all HTTP traffic to HTTPS
+            # TODO requires https
+            # return 301 https://$host$request_uri;
+
+            proxy_pass http://nodejs_cluster;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+
+
+    #Default Catch-all serving
+    server {
+        listen 80 default_server;
+        server_name _;
+        root /var/www/default;
+
+        location /{
+            try_files  $uri /$uri /index.php;
+        }
+    }
+}
diff --git a/dockerized/first-level-nginx/single_node/compose.yaml b/dockerized/first-level-nginx/single_node/compose.yaml
new file mode 100644
index 0000000..0ce2333
--- /dev/null
+++ b/dockerized/first-level-nginx/single_node/compose.yaml
@@ -0,0 +1,9 @@
+version: '3.7'
+
+services:
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '80:80'
+        - '443:443'
\ No newline at end of file
diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
new file mode 100644
index 0000000..ca98775
--- /dev/null
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -0,0 +1,26 @@
+version: '3.7'
+
+services:
+  # --- NGINX ---
+  nginx:
+      image: nginx:latest
+      ports:
+        - '80:80'
+        - '443:443'
+      deploy:
+        replicas: 4
+        update_config:
+          parallelism: 2
+          order: start-first
+          failure_action: rollback
+          delay: 10s
+        rollback_config:
+          parallelism: 0
+          order: stop-first
+        restart_policy:
+          condition: any
+          delay: 5s
+          max_attempts: 3
+          window: 120s
+      healthcheck:
+        test: ["CMD", "service", "nginx", "status"]
\ No newline at end of file

From 3d15630851aaf4361bda05bb43c2f4f742160079 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 5 Mar 2025 15:30:03 +0100
Subject: [PATCH 3/8] Default Content

---
 .../first-level-nginx/content/index.html      | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 dockerized/first-level-nginx/content/index.html

diff --git a/dockerized/first-level-nginx/content/index.html b/dockerized/first-level-nginx/content/index.html
new file mode 100644
index 0000000..3c7ee17
--- /dev/null
+++ b/dockerized/first-level-nginx/content/index.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Hassallab Landing Page</title>
+</head>
+
+<body>
+    <header>
+    </header>
+   
+    <div class="container">
+        <h2>Hassallab default landing page</h2>
+        <p>
+            Questa è la pagina di default.
+            Prova a visitare <br>
+            <a href="www.app.sw1.hassalab.it"> hassallab default</a>
+            <a href="www.app.sw1.sselab.ddns.it"> sselab default</a>
+        </p>
+    </div>
+    <footer>
+        <p>&copy; TechWorld with Nana. All Rights Reserved.</p>
+        <p>Follow us on:
+            <a href="#" style="color: #3b5998;">Linkedin</a> |
+            <a href="#" style="color: #00aced;">Twitter</a> |
+            <a href="#" style="color: #e4405f;">Instagram</a>
+        </p>
+    </footer>
+</body>
+
+</html>

From 337c3c9256c754e19438599051944f03faa8de96 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Wed, 5 Mar 2025 15:30:21 +0100
Subject: [PATCH 4/8] Volumes

---
 dockerized/first-level-nginx/single_node/compose.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dockerized/first-level-nginx/single_node/compose.yaml b/dockerized/first-level-nginx/single_node/compose.yaml
index 0ce2333..1f1b347 100644
--- a/dockerized/first-level-nginx/single_node/compose.yaml
+++ b/dockerized/first-level-nginx/single_node/compose.yaml
@@ -6,4 +6,7 @@ services:
       image: nginx:latest
       ports:
         - '80:80'
-        - '443:443'
\ No newline at end of file
+        - '443:443'
+        volumes: 
+        - ../configs/node.conf:/etc/nginx/nginx.conf:ro
+        - ../content/index.html:/var/www/default/index.html
\ No newline at end of file

From 65483178afab58e0d7a7fcac339976e1a9bd1bbd Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Fri, 7 Mar 2025 15:28:16 +0100
Subject: [PATCH 5/8] Added volumes

---
 dockerized/first-level-nginx/swarmed/compose.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
index ca98775..11826b3 100644
--- a/dockerized/first-level-nginx/swarmed/compose.yaml
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -23,4 +23,7 @@ services:
           max_attempts: 3
           window: 120s
       healthcheck:
-        test: ["CMD", "service", "nginx", "status"]
\ No newline at end of file
+        test: ["CMD", "service", "nginx", "status"]
+      volumes: 
+        - ../configs/node.conf:/etc/nginx/nginx.conf:ro
+        - ../content/index.html:/var/www/default/index.html
\ No newline at end of file

From 0d5949bd5e822bb1e08335d17e1e0fd055d443aa Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Fri, 7 Mar 2025 15:54:48 +0100
Subject: [PATCH 6/8] Fixed cluster reference and index.html

---
 dockerized/first-level-nginx/configs/node.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dockerized/first-level-nginx/configs/node.conf b/dockerized/first-level-nginx/configs/node.conf
index b15ee38..eaadf4e 100644
--- a/dockerized/first-level-nginx/configs/node.conf
+++ b/dockerized/first-level-nginx/configs/node.conf
@@ -48,7 +48,7 @@ http {
             # TODO requires https
             # return 301 https://$host$request_uri;
 
-            proxy_pass http://nodejs_cluster;
+            proxy_pass http://swarm1_cluster;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection 'upgrade';
@@ -69,7 +69,7 @@ http {
             # TODO requires https
             # return 301 https://$host$request_uri;
 
-            proxy_pass http://nodejs_cluster;
+            proxy_pass http://swarm1_cluster;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection 'upgrade';
@@ -88,7 +88,7 @@ http {
         root /var/www/default;
 
         location /{
-            try_files  $uri /$uri /index.php;
+            try_files  $uri /$uri /index.html;
         }
     }
 }

From 94eac31a1ae5a01e1fccba6791a6991925ddaf20 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Fri, 7 Mar 2025 16:40:23 +0100
Subject: [PATCH 7/8] From volume to Swarm config

---
 dockerized/first-level-nginx/swarmed/compose.yaml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
index 11826b3..091df6d 100644
--- a/dockerized/first-level-nginx/swarmed/compose.yaml
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -24,6 +24,15 @@ services:
           window: 120s
       healthcheck:
         test: ["CMD", "service", "nginx", "status"]
-      volumes: 
-        - ../configs/node.conf:/etc/nginx/nginx.conf:ro
-        - ../content/index.html:/var/www/default/index.html
\ No newline at end of file
+      configs:
+        - source: nginx_conf
+          target: /etc/nginx/nginx.conf
+        - source:
+          target: nginx_static
+          target: /var/www/default/index.html
+
+configs:
+  nginx_conf:
+    file: ../configs/node.conf
+  nginx_static:
+    file: ../content/index.html

From 764c5c8b83db7fbcf05f3101ea094a69a302c005 Mon Sep 17 00:00:00 2001
From: Fabio Sinibaldi <fabio.sinibaldi@isti.cnr.it>
Date: Fri, 7 Mar 2025 16:42:51 +0100
Subject: [PATCH 8/8] Fixed target declaration

---
 dockerized/first-level-nginx/swarmed/compose.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/dockerized/first-level-nginx/swarmed/compose.yaml b/dockerized/first-level-nginx/swarmed/compose.yaml
index 091df6d..9539955 100644
--- a/dockerized/first-level-nginx/swarmed/compose.yaml
+++ b/dockerized/first-level-nginx/swarmed/compose.yaml
@@ -27,8 +27,7 @@ services:
       configs:
         - source: nginx_conf
           target: /etc/nginx/nginx.conf
-        - source:
-          target: nginx_static
+        - source: nginx_static
           target: /var/www/default/index.html
 
 configs: