From a6e93f19e3147e2e21d4a838e6e232c9a99f8684 Mon Sep 17 00:00:00 2001 From: jfederico Date: Sat, 25 Apr 2020 09:58:29 -0400 Subject: Added new version Updated init-letsencrypt updated init-letsencrypt with docker-compose-init updated init-letsencrypt with docker-compose-init restored init-letsencrypt updates to certbot updates to certbot updates to certbot updates to certbot updates to certbot updates to certbot updates to certbot added certbot to scalelite-nginx fixed settings for acme-challenge added blacklist updated init-letsencrypt for working with scaleite-nginx Removed unnecessary files percisted certbot logs and added env options to init-letsencrypt --- .gitignore | 9 +- README.md | 383 --------------------------- data/nginx/scalelite/acme-challenge.location | 3 + data/nginx/scalelite/blacklist | 9 + docker-compose.yml | 141 +++++----- dotenv | 26 +- init-letsencrypt.sh | 17 +- nginx/default/html/index.html | 25 -- nginx/nginx.conf | 37 --- nginx/sites.template | 55 ---- nginx/ssl/.placeholder_for_ssl_certificates | 0 redis/.keep | 0 scalelite/bin/start | 34 --- scalelite/bin/start-poller | 5 - scalelite/config/database.yml | 23 -- scalelite/dotenv | 2 - scripts/README.md | 13 - scripts/build.sh | 90 ------- scripts/deploy.sh | 18 -- scripts/scalelite-auto-deployer.service | 9 - scripts/scalelite-auto-deployer.timer | 12 - scripts/scalelite-run.service | 18 -- scripts/start.sh | 6 - scripts/stop.sh | 6 - 24 files changed, 122 insertions(+), 819 deletions(-) delete mode 100644 README.md create mode 100644 data/nginx/scalelite/acme-challenge.location create mode 100644 data/nginx/scalelite/blacklist delete mode 100644 nginx/default/html/index.html delete mode 100644 nginx/nginx.conf delete mode 100644 nginx/sites.template delete mode 100644 nginx/ssl/.placeholder_for_ssl_certificates delete mode 100644 redis/.keep delete mode 100755 scalelite/bin/start delete mode 100755 scalelite/bin/start-poller delete mode 100644 scalelite/config/database.yml delete mode 100644 scalelite/dotenv delete mode 100644 scripts/README.md delete mode 100755 scripts/build.sh delete mode 100755 scripts/deploy.sh delete mode 100644 scripts/scalelite-auto-deployer.service delete mode 100644 scripts/scalelite-auto-deployer.timer delete mode 100644 scripts/scalelite-run.service delete mode 100755 scripts/start.sh delete mode 100755 scripts/stop.sh diff --git a/.gitignore b/.gitignore index 4e4d46f..9ad8c05 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,5 @@ .env -/data* - /nginx/log* /nginx/sites-available* /nginx/sites-enabled* @@ -11,3 +9,10 @@ /scalelite/log* /scalelite/tmp* + +/data/* +!/data/nginx/ + +/tmp* + +/log* diff --git a/README.md b/README.md deleted file mode 100644 index 99bec7a..0000000 --- a/README.md +++ /dev/null @@ -1,383 +0,0 @@ -# scalelite-run - -This document provides instructions on how to quickly [Scalelite](https://github.com/blindsidenetworks/scalelite), a stateful BigBlueButton load balancer, using docker-compose. - -This can be performed as an [All-In-One-Box Deployment](#all-in-one-box-deployment) or making use of distributed services in the cloud (or virtual private cloud) through a cloud computing provider as a [Distributed Deployment](#distributed-deployment). - - - -## Prerequisites - -Scalelite requires a server with 4 CPU cores and 8 Gig of memory. Since all the component run under docker, the underlying OS need only support docker and docker-compose. - -These steps were written for an Ubuntu 18.04 machine. It is assumed that your machine has the same (or a compatible version). - -You need to have a fully qualified domain name (FQDN) for the Scalelite server, such as bbb-lb.example.com, that resolves to the public IP address of the server. - -To setup the server, first install both [docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04) and [docker-compose](https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-18-04). - -Next, clone the `scalelite-run` repository - -``` -git clone git@github.com:blindsidenetworks/scalelite-run.git -cd scalelite-run -``` - - - -## I. All-In-One-Box Deployment - - - -### 1. Initial settings - -Copy `dotenv` file located in the root of the project as `.env` and edit it. - -``` -cp dotenv .env -``` - -You need to replace the variable `HOST_NAME=sl.xlab.blindside-dev.com` with a hostname under your own domain name (e.g. `HOST_NAME=sl.john.blindside-dev.com`) or delegated sub-domain. - -``` -vi .env -``` - -Copy `dotenv` file located in the scalelite directory as `.env` and in the same way as before, edit it: - -``` -cp scalelite/dotenv scalelite/.env -``` - -You can start it as is, but you may want to replace both variables with your own values. - -- `SECRET_KEY_BASE` is the Ruby On Rails secret key and must be replaced with a random one generated with `openssl rand -hex 64`. -- `LOADBALANCER_SECRET` is the shared secret used by external applications for accessing Scalelite LoadBalancer as if it was a BigBlueButton server. This variable must be defined in order for the application to start. A secret can be generated with `openssl rand -hex 24` - -``` -vi scalelite/.env -``` - - - -### 2. SSL Certificate - -The docker-compose scripts come configured for using SSL Certificates, but you may want not to use an SSL certificate. If this is the case see the section [Removing SSL Certificate](#removing-ssl-certificate) in [Special Cases](#special-cases). - -The procedure for setting up the SSL Certificate will be different depending if [Let's Encrypt SSL CA](#letsencrypt-ssl-ca) CA or [Other SSL CA](#other-ssl-ca) will be used. - - - -#### 2.1. Using Let's Encrypt SSL CA - -There are also two paths that can be followed whether the box where Scalelite is going to be installed is [visible from the Internet](#letsencrypt-ssl-public-network) or [NOT visible from the Internet](#letsencrypt-ssl-private-network). - - - -##### 2.1.1. Server is visible from the Internet - -If all the previous steps were properly followed and the machine is accessible in the Internet, only execute: - -``` -./init-letsencrypt.sh -``` - -This will generate the SSL certificates and run scalelite for the first time, so all the required files are automatically generated. - - - -##### 2.1.2. Server is NOT visible from the Internet - -If you are trying to install scalelite locally or in a private network, the SSL certificate must be generated manually using certbot and by adding the manual challenge to the DNS. - -Install Let's Encrypt - -``` -sudo apt-get update -sudo apt-get -y install letsencrypt -``` - -Become root - -``` -sudo -i -``` - -Start creating the certificates - -``` -certbot certonly --manual -d sl..blindside-dev.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges=dns --email hostmaster@blindsdie-dev.com --server https://acme-v02.api.letsencrypt.org/directory -``` - -The output should look like this example - -``` --server https://acme-v02.api.letsencrypt.org/directory -Saving debug log to /var/log/letsencrypt/letsencrypt.log -Plugins selected: Authenticator manual, Installer None -Obtaining a new certificate -Performing the following challenges: -dns-01 challenge for gl..blindside-dev.com -dns-01 challenge for gl..blindside-dev.com - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please deploy a DNS TXT record under the name -_acme-challenge.sl..blindside-dev.com with the following value: - -2dxWYkcETHnimmQmCL0MCbhneRNxMEMo9yjk6P_17kE - -Before continuing, verify the record is deployed. -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Press Enter to Continue -``` - -Create a TXT record in the DNS for -`_acme-challenge.sl..blindside-dev.com` with the challenge string as -its value `2dxWYkcETHnimmQmCL0MCbhneRNxMEMo9yjk6P_17kE` - -Copy the certificates to the scalelite-run directory. Although `/etc/letsencrypt/live/` -holds the latest certificate, they are only symbolic links. The real files must be copied and renamed - -``` -cp -R /etc/letsencrypt /scalelite-run/data/certbot/conf -``` - - - -#### 2.2. Using Other SSL CA - -For adding an SSL certificate from an CA other than Let's Encrypt, - -DO NOT execute the `./init-letsencrypt.sh` script - -Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as `fullchain.pem` and `privkey.pem`. -E.g. -``` -cd ~/ -cat your_domain_name.crt Intermediate.crt >> bundle.crt -cp bundle.crt /scalelite/nginx/ssl/fullchain.pem -cp private.key /scalelite/nginx/ssl/privkey.pem -``` - -Edit the template for nginx. -``` -cd /scalelite -vi nginx/sites.template -``` -Comment the lines referencing the Let's Encrypt Certificate and uncomment the other two. After that, it should look like this: - -``` -... - ## Configuration for Letsencrypt SSL Certificate - #ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; - #ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; - - ## Configuration for SSL Certificate from a CA other than Letsencrypt - ssl_certificate /etc/ssl/fullchain.pem; - ssl_certificate_key /etc/ssl/privkey.pem; -... -``` - -Comment out in `docker-compose.yml` the certbot container. After that, it should look like this: - -``` -... -## Configuration for Letsencrypt SSL Certificate -## comment out when using an SSL Certificate from a CA other than Letsencrypt -# certbot: -# image: certbot/certbot -# volumes: -# - ./data/certbot/conf:/etc/letsencrypt -# - ./data/certbot/www:/var/www/certbot -# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" -... -``` - -Start the containers as usual. - - - -### 3. Start Up - -And finally, start the application with docker-compose - -``` -cd /scalelite-run -docker-compose up -``` - -If everything goes well, the logs will show ip in the console for all the containers starting and scalelite will be available at: - -``` -https://sl..blindside-dev.com/bigbluebutton/api -``` - -Note that the application can be run in the background with `docker-compose up -d` - - - -### 4. Final Steps - - - -#### 4.1. Initializing pool of servers -Since there are no servers added by default, atleast 1 server must be added and enabled in order to get started. - -Open a new console and get the IDs of the docker containers running: - -``` -docker ps -``` - -Get into the container running the api - -``` -docker exec -it sh -``` - -Once inside, all the rails commands can be executed as needed. In this case, and assuming that the current current BigBlueButton server is going to be enabled. - -``` -bundle exec rake servers:add[BIGBLUEBUTTON_SERVER_URL,BIGBLUEBUTTON_SERVER_SECRET] -bundle exec rake servers -bundle exec rake servers:enable["SERVER_ID_AS SHOWN"] -``` - -For more information on what rake commands can be executed, see [scalelite documentation](https://github.com/blindsidenetworks/scalelite#administration). - - - -#### 4.2. Rolling-out updates - -Scalelite is constantly updated. Either because of bug fixes or improvements. It is recommended to keep the deployment updated with the latest image available, which corresponds to the latest stable release. - -Those updates can be performed manually (recommended for a production alike environment) or automatically. - - - -##### 4.2.1. Manual updates - -Simply run the `deploy.sh` script included under `scripts`. - -``` -cd /scalelite-run -sudo .scripts/deploy.sh -``` - - - -##### 4.2.2. Automatic updates - -Use the scripts provided. - -``` -sudo ln -s /scalelite-run/scripts/deploy.sh /usr/local/bin/scalelite-deploy -sudo cp /scalelite-run/scripts/scalelite-auto-deployer.service /etc/systemd/system/scalelite-auto-deployer.service -sudo cp /scalelite-run/scripts/scalelite-auto-deployer.timer /etc/systemd/system/scalelite-auto-deployer.timer -sudo systemctl daemon-reload -sudo systemctl enable scalelite-auto-deployer.service -sudo systemctl enable scalelite-auto-deployer.timer -sudo systemctl start scalelite-auto-deployer.timer -``` - - - -##### 4.2.3. Automatic start - -Use the scripts provided. - -``` -``` - - - -## II. Distributed Deployment - -On a real production environment Scalelite should be deployed using distributed services in the cloud (or virtual private cloud) through a cloud computing provider like [AWS](https://aws.amazon.com/), [Google Cloud](https://cloud.google.com/), [Azure](https://azure.microsoft.com/en-ca/), [Digital Ocean](https://www.digitalocean.com/), [Alibaba Cloud](https://www.alibabacloud.com/), etc. - -Contact us at [Blindside Networks Contact](https://blindsidenetworks.com/contact/) getting recommendations on best practices with any of those cloud providers. - - - -## III. Special cases - - - -### Building Docker image - -If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number. - -``` -cd /scalelite -docker build -t blindsidenetwks/scalelite:latest . -``` - -or - -``` -cd /scalelite -../scalelite-run/scripts/build.sh blindsidenetwks/scalelite latest -``` - -Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml. - - - -### Removing SSL Certificate - -DO NOT execute the `./init-letsencrypt.sh` script - -Edit the template for nginx. -``` -cd /scalelite -vi nginx/sites.template -``` -Comment out all the lines from 13 to 34. The sites.template file should look like this: - -``` -... -listen [::]:80; - -# location /.well-known/acme-challenge/ { -# root /var/www/certbot; -# } -# -# location / { -# return 301 https://$host$request_uri; -# } -#} -# -#server { -# server_name $NGINX_HOSTNAME; -# -# listen 443 ssl; -# listen [::]:443; -# -# ## Configuration for Letsencrypt SSL Certificate -# ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; -# -# ## Configuration for SSL Certificate from a CA other than Letsencrypt -# #ssl_certificate /etc/ssl/fullchain.pem; -# #ssl_certificate_key /etc/ssl/privkey.pem; - - location / { -... -``` - -Comment out in `docker-compose.yml` the certbot container. After that, it should look like this: - -``` -... -## Configuration for Letsencrypt SSL Certificate -## comment out when using an SSL Certificate from a CA other than Letsencrypt -# certbot: -# image: certbot/certbot -# volumes: -# - ./data/certbot/conf:/etc/letsencrypt -# - ./data/certbot/www:/var/www/certbot -# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" -... -``` - -Start the containers as usual. diff --git a/data/nginx/scalelite/acme-challenge.location b/data/nginx/scalelite/acme-challenge.location new file mode 100644 index 0000000..9343507 --- /dev/null +++ b/data/nginx/scalelite/acme-challenge.location @@ -0,0 +1,3 @@ +location /.well-known/acme-challenge/ { + root /var/www/certbot; +} diff --git a/data/nginx/scalelite/blacklist b/data/nginx/scalelite/blacklist new file mode 100644 index 0000000..876c6d4 --- /dev/null +++ b/data/nginx/scalelite/blacklist @@ -0,0 +1,9 @@ +## Deny access to IPs or subnets. +# deny IP; +# deny subnet; +# e.g. +# deny 192.168.0.1; +# deny 192.168.0.0/24; + +## Allow access to everything else. +allow all; diff --git a/docker-compose.yml b/docker-compose.yml index 777ee8a..b287803 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,99 +1,100 @@ version: '3' volumes: - database_data: - driver: local + postgres-data: + redis-data: services: - nginx: - image: nginx:latest - restart: "no" - volumes: - - ./nginx/nginx.conf:/etc/nginx/nginx.conf - - ./nginx/sites-enabled:/etc/nginx/sites-enabled - - ./nginx/sites.template:/etc/nginx/sites-available/sites.template - - ./nginx/default/html:/var/www/html - - ./nginx/log/nginx:/var/log/nginx - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot - - ./nginx/ssl/:/etc/ssl + postgres: + image: postgres:11.5-alpine + container_name: postgres + restart: unless-stopped ports: - - "80:80" - - "443:443" + - "127.0.0:5432:5432" + volumes: + - postgres-data:/var/lib/postgresql/data environment: - - NGINX_HOSTNAME=${HOST_NAME:-sl.xlab.blindside-dev.com} - depends_on: - - scalelite.api - command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'" + - POSTGRES_USER=${POSTGRES_USER:-postgres} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} + redis: + image: redis:5.0-alpine + container_name: redis + restart: on-failure + ports: + - 127.0.0.1:6379:6379 + volumes: + - redis-data:/data -## Configuration for Letsencrypt SSL Certificate -## comment out when using an SSL Certificate from a CA other than Letsencrypt certbot: image: certbot/certbot + container_name: certbot volumes: + - ./log/certbot:/var/log/letsencrypt - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - - redis: - image: redis:5.0-alpine - restart: "no" + scalelite-nginx: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-nginx + container_name: scalelite-nginx + restart: unless-stopped ports: - - 127.0.0.1:6379:6379 - volumes: - - ./data/redis/:/data - - - postgres: - image: postgres:11.7-alpine - restart: "no" - ports: - - 127.0.0.1:5432:5432 + - "80:80" + - "443:443" volumes: - - ./data/postgres/:/var/lib/postgresql/data + - ./log/nginx/:/var/log/nginx + - ./data/certbot/conf:/etc/nginx/ssl + - ./data/certbot/www:/var/www/certbot + - ./data/nginx/scalelite:/etc/nginx/conf.d/scalelite + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published environment: - - POSTGRES_DB=postgres - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=password - + - NGINX_SSL=${NGINX_SSL-true} + - URL_HOST=${URL_HOST} + depends_on: + - scalelite-api - scalelite.api: - entrypoint: [bin/start] - image: blindsidenetwks/scalelite:latest - restart: "no" + scalelite-api: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-api + container_name: scalelite-api + restart: unless-stopped ports: - - 127.0.0.1:3000:3000 - links: - - redis - - postgres + - "3000:3000" volumes: - - ./scalelite/log/api:/srv/scalelite/log - - ./scalelite/bin/start:/srv/scalelite/bin/start - - ./scalelite/config/database.yml:/srv/scalelite/config/database.yml - - ./scalelite/tmp/pids/:/usr/src/app/tmp/pids - - ./scalelite/tmp/sockets/:/usr/src/app/tmp/sockets - - ./scalelite/tmp/cache/assets:/usr/src/app/tmp/cache/assets - env_file: ./scalelite/.env + - ./log/scalelite/:/app/log + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton environment: + - SECRET_KEY_BASE=${SECRET_KEY_BASE} + - LOADBALANCER_SECRET=${LOADBALANCER_SECRET} - REDIS_URL=${REDIS_URL:-redis://redis:6379} - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - URL_HOST=${HOST_NAME:-sl.xlab.blindside-dev.com} - + - URL_HOST=${URL_HOST} + depends_on: + - postgres + - redis - scalelite.poller: - entrypoint: [bin/start-poller] - image: blindsidenetwks/scalelite:latest - restart: "no" - ports: - - 127.0.0.1:3001:3000 - links: + scalelite-poller: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-poller + container_name: scalelite-poller + restart: unless-stopped + environment: + - REDIS_URL=${REDIS_URL:-redis://redis:6379} + - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + depends_on: + - postgres - redis - volumes: - - ./scalelite/log/poller:/srv/scalelite/log - - ./scalelite/bin/start-poller:/srv/scalelite/bin/start-poller - env_file: ./scalelite/.env + - scalelite-api + + scalelite-recording-importer: + image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-recording-importer + container_name: scalelite-recording-importer + restart: unless-stopped environment: - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - URL_HOST=${HOST_NAME:-sl.xlab.blindside-dev.com} + - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + volumes: + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton + depends_on: + - postgres + - redis + - scalelite-api diff --git a/dotenv b/dotenv index 133332d..1b22b76 100644 --- a/dotenv +++ b/dotenv @@ -1,3 +1,23 @@ -HOST_NAME=sl.xlab.blindside-dev.com -REDIS_URL=redis://redis:6379 -DATABASE_URL=postgres://postgres:password@postgres:5432/scalelite?pool=5 +### Required by scalelite-api +# SECRET_KEY_BASE= +# LOADBALANCER_SECRET= +# +### Required by scalelite-api and scalelite-poller +# REDIS_URL= +# +### Required by scalelite-api and scalelite-recording-importer +# DATABASE_URL= +# SCALELITE_RECORDING_DIR=/mnt/scalelite-recordings/var/bigbluebutton +# +### Required by scalelite-nginx (only When using SSL) +# NGINX_SSL=true +# SCALELITE_NGINX_EXTRA_OPTS=--mount type=bind,source=/etc/letsencrypt,target=/etc/nginx/ssl,readonly +# URL_HOST= +# +### Required when when specific repo or version (other than defaults) are needed +# SCALELITE_REPO=blindsidenetwks +# SCALELITE_TAG=v1 +# +### Optional for postgres when using docker-compose +# POSTGRES_USER= +# POSTGRES_PASSWORD= diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh index 1a4d3e3..e6c2c3d 100755 --- a/init-letsencrypt.sh +++ b/init-letsencrypt.sh @@ -5,13 +5,14 @@ if ! [ -x "$(command -v docker-compose)" ]; then exit 1 fi -HOST_NAME=$(grep HOST_NAME .env | cut -d '=' -f2) +URL_HOST=$(grep URL_HOST .env | cut -d '=' -f2) +echo $URL_HOST -domains=($HOST_NAME) +domains=($URL_HOST) rsa_key_size=4096 data_path="./data/certbot" -email="" # Adding a valid address is strongly recommended -staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits +email="$LETSENCRYPT_EMAIL" # Adding a valid address is strongly recommended +staging=${LETSENCRYPT_STAGING:-0} # Set to 1 if you're testing your setup to avoid hitting request limits if [ -d "$data_path" ]; then read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision @@ -40,8 +41,8 @@ docker-compose run --rm --entrypoint "\ echo -echo "### Starting nginx ..." -docker-compose up --force-recreate -d nginx +echo "### Starting scalelite-nginx ..." +docker-compose up --force-recreate -d scalelite-nginx echo echo "### Deleting dummy certificate for $domains ..." @@ -78,5 +79,5 @@ docker-compose run --rm --entrypoint "\ --force-renewal" certbot echo -echo "### Reloading nginx ..." -docker-compose exec nginx nginx -s reload +echo "### Reloading scalelite-nginx ..." +docker-compose exec scalelite-nginx nginx -s reload diff --git a/nginx/default/html/index.html b/nginx/default/html/index.html deleted file mode 100644 index 2ca3b95..0000000 --- a/nginx/default/html/index.html +++ /dev/null @@ -1,25 +0,0 @@ - - - -Welcome to nginx! - - - -

Welcome to nginx!

-

If you see this page, the nginx web server is successfully installed and -working. Further configuration is required.

- -

For online documentation and support please refer to -nginx.org.
-Commercial support is available at -nginx.com.

- -

Thank you for using nginx.

- - diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 981c619..0000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,37 +0,0 @@ -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/sites-enabled/*; -} diff --git a/nginx/sites.template b/nginx/sites.template deleted file mode 100644 index 29e5366..0000000 --- a/nginx/sites.template +++ /dev/null @@ -1,55 +0,0 @@ -#### For <$NGINX_HOSTNAME> - -upstream docker-scalelite { - server scalelite.api:3000; -} - -server { - server_name $NGINX_HOSTNAME; - - listen 80; - listen [::]:80; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - server_name $NGINX_HOSTNAME; - - listen 443 ssl; - listen [::]:443; - - ## Configuration for Letsencrypt SSL Certificate - ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; - - ## Configuration for SSL Certificate from a CA other than Letsencrypt - #ssl_certificate /etc/ssl/fullchain.pem; - #ssl_certificate_key /etc/ssl/privkey.pem; - - location / { - proxy_pass http://docker-scalelite; - proxy_read_timeout 60s; - proxy_redirect off; - - proxy_set_header Host $http_host; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Cookie "$http_cookie; ip=$remote_addr"; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - rewrite ~/(.*)$ /$1 break; - } -} diff --git a/nginx/ssl/.placeholder_for_ssl_certificates b/nginx/ssl/.placeholder_for_ssl_certificates deleted file mode 100644 index e69de29..0000000 diff --git a/redis/.keep b/redis/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/scalelite/bin/start b/scalelite/bin/start deleted file mode 100755 index 2887034..0000000 --- a/scalelite/bin/start +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -if [ "$LOADBALNCER_SECRET" == "loadbalancer_secret" ] || [ "$SECRET_KEY_BASE" == "secret_key_base" ]; then - echo "ERROR: Detected default SECRET_KEY_BASE or LOADBALANCER_SECRET. Please generate a random value." - echo "Exiting..." - exit 1 -fi - -servers="$(RAILS_ENV=$RAILS_ENV bundle exec rake servers 2>&1)" -echo $servers - -if [ "$RAILS_ENV" = "production" ] && [ "$DB_ADAPTER" = "postgresql" ]; then - while ! curl http://$DB_HOST:${DB_PORT:-5432}/ 2>&1 | grep '52' - do - echo "Waiting for postgres to start up ..." - sleep 1 - done -fi - -db_create="$(RAILS_ENV=$RAILS_ENV bundle exec rake db:create 2>&1)" -echo $db_create - -if [[ $db_create == *"already exists"* ]]; then - echo ">>> Database migration" - bundle exec rake db:migrate -else - echo ">>> Database initialization" - bundle exec rake db:schema:load -fi - -exec tini -- bundle exec puma -C config/puma.rb "$@" -#tail -f /dev/null -#bundle exec puma -C config/puma.rb -#bundle exec rails s -b 0.0.0.0 -p 3000 diff --git a/scalelite/bin/start-poller b/scalelite/bin/start-poller deleted file mode 100755 index 608e81c..0000000 --- a/scalelite/bin/start-poller +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -echo "Poller is starting..." -exec tini -- bundle exec rake poll["$INTERVAL"] -#tail -f /dev/null diff --git a/scalelite/config/database.yml b/scalelite/config/database.yml deleted file mode 100644 index 80a0afd..0000000 --- a/scalelite/config/database.yml +++ /dev/null @@ -1,23 +0,0 @@ -default: &default - pool: <%= ENV.fetch('RAILS_MAX_THREADS') { 5 } %> - timeout: 5000 - adapter: postgresql - host: <%= ENV['DB_HOST'] %> - username: <%= ENV['DB_USERNAME'] %> - password: <%= ENV['DB_PASSWORD'] %> - encoding: unicode - -development: - <<: *default - database: scalelite_development - -# Warning: The database defined as "test" will be erased and -# re-generated from your development database when you run "rake". -# Do not set this db to the same as development or production. -test: - <<: *default - database: scalelite_test - -production: - <<: *default - database: <%= ENV['DB_NAME'] || 'scalelite' %> diff --git a/scalelite/dotenv b/scalelite/dotenv deleted file mode 100644 index 5d25411..0000000 --- a/scalelite/dotenv +++ /dev/null @@ -1,2 +0,0 @@ -SECRET_KEY_BASE=secret_key_base -LOADBALANCER_SECRET=loadbalancer_secret diff --git a/scripts/README.md b/scripts/README.md deleted file mode 100644 index c7d4cd9..0000000 --- a/scripts/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Helpers - -## Running automatic updates - -``` -sudo ln -s /home/ubuntu/scalelite-run/scripts/deploy.sh /usr/local/bin/scalelite-deploy -sudo cp /home/ubuntu/scalelite-run/scripts/scalelite-auto-deployer.service /etc/systemd/system/scalelite-auto-deployer.service -sudo cp /home/ubuntu/scalelite-run/scripts/scalelite-auto-deployer.timer /etc/systemd/system/scalelite-auto-deployer.timer -sudo systemctl daemon-reload -sudo systemctl enable scalelite-auto-deployer.service -sudo systemctl enable scalelite-auto-deployer.timer -sudo systemctl start scalelite-auto-deployer.timer -``` diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index 66f9613..0000000 --- a/scripts/build.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash - -################################################################################ -# For this script to work properly it is required to define some environment variables -# in the CI/CD Env variable declaration, while others should be passed as parameters. -# -#------------------------------------------------------------------------------ -# Defined as part of the CD/CI Env Variables: -# -# CD_DOCKER_USERNAME -# A DockerHub username to be used for uploading the build. -# -# CD_DOCKER_PASSWORD -# A DockerHub password to be used for uploading the build. -# -# CD_DOCKER_REPO -# A DockerHub repository. By default the CD_REF_SLUG is also used as the docker repo. -# -# CD_BUILD_ALL -# As the build is supposed to be done only for master (for a nightly deployments) and for releases -# (like 'release-2.0.5' for production deployments), it is additionally required to include this -# variable in order to build any other brnach, as it may be required for testing or reviewing work -# as part of the development process. -# - -display_usage() { - echo "This script should be used as part of a CI strategy." - echo -e "Usage:\n build_image.sh [ARGUMENTS]" - echo -e "\nMandatory arguments \n" - echo -e " repo_slug The git repository (e.g. blindsidenetworks/scalelite)" - echo -e "\nOptional arguments \n" - echo -e " branch | tag The branch (e.g. master | release-2.0.5)" -} - -# if less than two arguments supplied, display usage -if [ $# -le 0 ]; then - display_usage - exit 1 -fi - -# check whether user had supplied -h or --help . If yes display usage -if [[ ($# == "--help") || $# == "-h" ]]; then - display_usage - exit 0 -fi - -export CD_REF_SLUG=$1 -export CD_REF_NAME=$2 -if [ -z $CD_REF_NAME ]; then - export CD_REF_NAME=$(git branch | grep \* | cut -d ' ' -f2) -fi - -if [ "$CD_REF_NAME" != "master" ] && [[ "$CD_REF_NAME" != *"release"* ]] && ( [ -z "$CD_BUILD_ALL" ] || [ "$CD_BUILD_ALL" != "true" ] ); then - echo "#### Docker image for $CD_REF_SLUG:$CD_REF_NAME won't be built" - exit 0 -fi - -# Set the version tag when it is a release or the commit sha was included. -if [[ "$CD_REF_NAME" == *"v"* ]]; then - export CD_BUILD_NUMBER=${CD_REF_NAME:1} -else - export CD_BUILD_NUMBER="$CD_REF_NAME ($(eval git rev-parse --short=7 HEAD))" -fi - -# Build the image -if [ -z $CD_DOCKER_REPO ]; then - export CD_DOCKER_REPO=$CD_REF_SLUG -fi -echo "#### Docker image $CD_DOCKER_REPO:$CD_REF_NAME is being built" -docker build --build-arg BUILD_NUMBER="${CD_BUILD_NUMBER}" -t $CD_DOCKER_REPO:$CD_REF_NAME . - -if [ -z "$CD_DOCKER_USERNAME" ] || [ -z "$CD_DOCKER_PASSWORD" ]; then - echo "#### Docker image for $CD_DOCKER_REPO can't be published because CD_DOCKER_USERNAME or CD_DOCKER_PASSWORD are missing (Ignore this warning if running outside a CD/CI environment)" - exit 0 -fi - -# Publish the image -docker login -u="$CD_DOCKER_USERNAME" -p="$CD_DOCKER_PASSWORD" -echo "#### Docker image $CD_DOCKER_REPO:$CD_REF_NAME is being published" -docker push $CD_DOCKER_REPO - -# Publish image as latest and v2 if it is a release (excluding alpha and beta) -if [[ "$CD_REF_NAME" == *"v"* ]] && [[ "$CD_REF_NAME" != *"alpha"* ]] && [[ "$CD_REF_NAME" != *"beta"* ]]; then - docker_image_id=$(docker images | grep -E "^$CD_DOCKER_REPO.*$CD_REF_NAME" | awk -e '{print $3}') - docker tag $docker_image_id $CD_DOCKER_REPO:latest - docker push $CD_DOCKER_REPO:latest - docker tag $docker_image_id $CD_DOCKER_REPO:v2 - docker push $CD_DOCKER_REPO:v2 -fi -exit 0 diff --git a/scripts/deploy.sh b/scripts/deploy.sh deleted file mode 100755 index bd78599..0000000 --- a/scripts/deploy.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -DIR="$(cd "$(dirname "$0")" && pwd)" -STATUS="Status: Downloaded newer image for blindsidenetwks/scalelite:latest" - -new_status=$(sudo docker pull blindsidenetwks/scalelite:latest | grep Status:) - -echo $new_status - -if [ "$STATUS" == "$new_status" ] -then - cd $DIR/.. - docker-compose down - docker rmi $(docker images -f dangling=true -q) - docker-compose up -d -fi - -exit 0 diff --git a/scripts/scalelite-auto-deployer.service b/scripts/scalelite-auto-deployer.service deleted file mode 100644 index 55a70f4..0000000 --- a/scripts/scalelite-auto-deployer.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=ScaleLite Auto Deployer - -[Service] -ExecStart=/bin/bash /opt/scalelite-run/scripts/deploy.sh - -[Install] -WantedBy=multi-user.target -Alias=scalelite-auto-deployer diff --git a/scripts/scalelite-auto-deployer.timer b/scripts/scalelite-auto-deployer.timer deleted file mode 100644 index ec51cc1..0000000 --- a/scripts/scalelite-auto-deployer.timer +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Runs scalelite-deploy every minute - -[Timer] -# Time to wait after booting before we run first time -OnBootSec=1min -# Time between running each consecutive time -OnUnitActiveSec=1m -Unit=scalelite-auto-deployer.service - -[Install] -WantedBy=multi-user.target diff --git a/scripts/scalelite-run.service b/scripts/scalelite-run.service deleted file mode 100644 index 0d895e1..0000000 --- a/scripts/scalelite-run.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=ScaleLite Run -After=network.target -After=systemd-user-sessions.service -After=network-online.target - -[Service] -ExecStart=/bin/bash /opt/scalelite-run/scripts/start.sh -ExecStop=/bin/bash /opt/scalelite-run/scripts/stop.sh -TimeoutSec=30 -Restart=on-failure -RestartSec=30 -StartLimitInterval=350 -StartLimitBurst=10 - -[Install] -WantedBy=multi-user.target -Alias=scalelite-run diff --git a/scripts/start.sh b/scripts/start.sh deleted file mode 100755 index d320c52..0000000 --- a/scripts/start.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -DIR="$(cd "$(dirname "$0")" && pwd)" - -cd $DIR/.. -docker-compose up -d diff --git a/scripts/stop.sh b/scripts/stop.sh deleted file mode 100755 index 34a3a51..0000000 --- a/scripts/stop.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -DIR="$(cd "$(dirname "$0")" && pwd)" - -cd $DIR/.. -docker-compose down -- cgit v1.2.3