diff options
| -rw-r--r-- | .gitignore | 11 | ||||
| -rw-r--r-- | data/proxy/haproxy/.keep | 0 | ||||
| -rw-r--r-- | data/proxy/nginx/default/html/index.html | 25 | ||||
| -rw-r--r-- | data/proxy/nginx/log/.keep | 0 | ||||
| -rw-r--r-- | data/proxy/nginx/nginx.conf | 37 | ||||
| -rw-r--r-- | data/proxy/nginx/sites-enabled/.keep | 0 | ||||
| -rw-r--r-- | data/proxy/nginx/sites.template.scalelite-cluster | 77 | ||||
| -rw-r--r-- | data/proxy/nginx/sites.template.scalelite-proxy | 75 | ||||
| -rw-r--r-- | docker-compose-dev.yml | 156 |
9 files changed, 375 insertions, 6 deletions
@@ -1,17 +1,16 @@ .env -/nginx/log* -/nginx/sites-available* -/nginx/sites-enabled* -/nginx/letsencrypt/live/* - /redis/log* /scalelite/log* /scalelite/tmp* /data/* -!/data/nginx/ +/data/proxy/nginx/log/* +!/data/proxy/nginx/log/.keep +/data/proxy/nginx/sites-enabled/* +!/data/proxy/nginx/sites-enabled/.keep +!/data/proxy/ /tmp* diff --git a/data/proxy/haproxy/.keep b/data/proxy/haproxy/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/data/proxy/haproxy/.keep diff --git a/data/proxy/nginx/default/html/index.html b/data/proxy/nginx/default/html/index.html new file mode 100644 index 0000000..2ca3b95 --- /dev/null +++ b/data/proxy/nginx/default/html/index.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> +<head> +<title>Welcome to nginx!</title> +<style> + body { + width: 35em; + margin: 0 auto; + font-family: Tahoma, Verdana, Arial, sans-serif; + } +</style> +</head> +<body> +<h1>Welcome to nginx!</h1> +<p>If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.</p> + +<p>For online documentation and support please refer to +<a href="http://nginx.org/">nginx.org</a>.<br/> +Commercial support is available at +<a href="http://nginx.com/">nginx.com</a>.</p> + +<p><em>Thank you for using nginx.</em></p> +</body> +</html> diff --git a/data/proxy/nginx/log/.keep b/data/proxy/nginx/log/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/data/proxy/nginx/log/.keep diff --git a/data/proxy/nginx/nginx.conf b/data/proxy/nginx/nginx.conf new file mode 100644 index 0000000..981c619 --- /dev/null +++ b/data/proxy/nginx/nginx.conf @@ -0,0 +1,37 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/sites-enabled/*; +} diff --git a/data/proxy/nginx/sites-enabled/.keep b/data/proxy/nginx/sites-enabled/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/data/proxy/nginx/sites-enabled/.keep diff --git a/data/proxy/nginx/sites.template.scalelite-cluster b/data/proxy/nginx/sites.template.scalelite-cluster new file mode 100644 index 0000000..395fabe --- /dev/null +++ b/data/proxy/nginx/sites.template.scalelite-cluster @@ -0,0 +1,77 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api-1:80 max_fails=3 fail_timeout=30s; + server scalelite-api-2:80 max_fails=3 fail_timeout=30s; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings-1:80 max_fails=3 fail_timeout=30s; + server scalelite-recordings-2:80 max_fails=3 fail_timeout=30s; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location / { + proxy_pass http://docker-scalelite-recordings; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/data/proxy/nginx/sites.template.scalelite-proxy b/data/proxy/nginx/sites.template.scalelite-proxy new file mode 100644 index 0000000..64462f2 --- /dev/null +++ b/data/proxy/nginx/sites.template.scalelite-proxy @@ -0,0 +1,75 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location / { + proxy_pass http://docker-scalelite-recordings; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml new file mode 100644 index 0000000..6f511cf --- /dev/null +++ b/docker-compose-dev.yml @@ -0,0 +1,156 @@ +version: '3' + +volumes: + postgres-data-dev: + driver: local + driver_opts: + type: 'none' + o: 'bind' + device: '${DOCKER_VOL_POSTGRES_DATA}' + redis-data-dev: + driver: local + driver_opts: + type: 'none' + o: 'bind' + device: '${DOCKER_VOL_REDIS_DATA}' + scalelite-api-dev: + driver: local + driver_opts: + type: 'none' + o: 'bind' + device: '${DOCKER_VOL_SCALELITE_API}' + +services: + postgres: + image: postgres:11-alpine + container_name: postgres + restart: unless-stopped + volumes: + - postgres-data-dev:/var/lib/postgresql/data + environment: + - POSTGRES_USER=${POSTGRES_USER:-postgres} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} + + redis: + image: redis:5.0-alpine + command: ["redis-server", "--appendonly", "yes"] + container_name: redis + restart: unless-stopped + volumes: + - redis-data-dev:/data + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - ./log/certbot/:/var/log/letsencrypt + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/www/:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + + scalelite-proxy: + image: nginx:latest + container_name: scalelite-proxy + restart: unless-stopped + volumes: + - ./data/proxy/nginx/log/:/var/log/nginx + - ./data/proxy/nginx/nginx.conf:/etc/nginx/nginx.conf + - ./data/proxy/nginx/sites-enabled:/etc/nginx/sites-enabled + - ./data/proxy/nginx/sites.template.${SITES_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites-available/sites.template + - ./data/proxy/nginx/default/html/:/var/www/html + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/www/:/var/www/certbot + ports: + - "80:80" + - "443:443" + environment: + - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com} + depends_on: + - certbot + - scalelite-api + - scalelite-recordings + command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && exec nginx -g 'daemon off;'" + logging: + driver: journald + + scalelite-nginx: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-nginx + container_name: scalelite-nginx + restart: unless-stopped + # ports: + # - "80:80" + # - "443:443" + volumes: + - ./log/nginx/:/var/log/nginx + - ./data/certbot/conf/:/etc/nginx/ssl + - ./data/certbot/www/:/var/www/certbot + - ./data/nginx/scalelite/:/etc/nginx/conf.d/scalelite + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published + environment: + - NGINX_SSL=${NGINX_SSL-true} + - URL_HOST=${URL_HOST} + depends_on: + - scalelite-api + + scalelite-recordings: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-nginx + container_name: scalelite-recordings + restart: unless-stopped + volumes: + - ./log/recordings/:/var/log/nginx + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published + environment: + - NGINX_RECORDINGS_ONLY=true + depends_on: + - scalelite-api + + scalelite-api: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-api + container_name: scalelite-api + restart: unless-stopped + volumes: + - ./log/scalelite/:/app/log + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton + environment: + - SECRET_KEY_BASE=${SECRET_KEY_BASE} + - LOADBALANCER_SECRET=${LOADBALANCER_SECRET} + - REDIS_URL=${REDIS_URL:-redis://redis:6379} + - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + - URL_HOST=${URL_HOST} + depends_on: + - postgres + - redis + logging: + driver: journald + + scalelite-poller: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-poller + container_name: scalelite-poller + restart: unless-stopped + environment: + - REDIS_URL=${REDIS_URL:-redis://redis:6379} + - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + depends_on: + - postgres + - redis + - scalelite-api + logging: + driver: journald + + scalelite-recording-importer: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-recording-importer + container_name: scalelite-recording-importer + restart: unless-stopped + environment: + - REDIS_URL=${REDIS_URL:-redis://redis:6379} + - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + - RECORDING_DISABLED=false + volumes: + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/spool:/var/bigbluebutton/spool + depends_on: + - postgres + - redis + - scalelite-api + logging: + driver: journald |