feat: Migrating to Envoy proxy instead of Nginx
This commit is contained in:
Ahmed Bouhuolia
@@ -3,24 +3,17 @@
|
||||
version: '3.3'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
container_name: bigcapital-nginx-gateway
|
||||
build:
|
||||
context: ./docker/nginx
|
||||
args:
|
||||
- SERVER_PROXY_PORT=3000
|
||||
- WEB_SSL=false
|
||||
- SELF_SIGNED=false
|
||||
volumes:
|
||||
- ./data/logs/nginx/:/var/log/nginx
|
||||
- ./docker/certbot/certs/:/var/certs
|
||||
proxy:
|
||||
image: envoyproxy/envoy:v1.30-latest
|
||||
depends_on:
|
||||
- server
|
||||
- webapp
|
||||
ports:
|
||||
- '${PUBLIC_PROXY_PORT:-80}:80'
|
||||
- '${PUBLIC_PROXY_SSL_PORT:-443}:443'
|
||||
tty: true
|
||||
depends_on:
|
||||
- server
|
||||
- webapp
|
||||
volumes:
|
||||
- ./docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml
|
||||
restart: on-failure
|
||||
networks:
|
||||
- bigcapital_network
|
||||
@@ -46,6 +39,8 @@ services:
|
||||
- mongo
|
||||
- redis
|
||||
restart: on-failure
|
||||
networks:
|
||||
- bigcapital_network
|
||||
environment:
|
||||
# Mail
|
||||
- MAIL_HOST=${MAIL_HOST}
|
||||
@@ -127,8 +122,6 @@ services:
|
||||
- S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}
|
||||
- S3_ENDPOINT=${S3_ENDPOINT}
|
||||
- S3_BUCKET=${S3_BUCKET}
|
||||
networks:
|
||||
- bigcapital_network
|
||||
|
||||
database_migration:
|
||||
container_name: bigcapital-database-migration
|
||||
|
||||
62
docker/envoy/envoy.yaml
Normal file
62
docker/envoy/envoy.yaml
Normal file
@@ -0,0 +1,62 @@
|
||||
static_resources:
|
||||
listeners:
|
||||
- name: listener_0
|
||||
address:
|
||||
socket_address:
|
||||
address: 0.0.0.0
|
||||
port_value: 80
|
||||
filter_chains:
|
||||
- filters:
|
||||
- name: envoy.filters.network.http_connection_manager
|
||||
typed_config:
|
||||
'@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
||||
stat_prefix: ingress_http
|
||||
route_config:
|
||||
name: local_route
|
||||
virtual_hosts:
|
||||
- name: backend
|
||||
domains: ['*']
|
||||
routes:
|
||||
- match:
|
||||
prefix: '/api'
|
||||
route:
|
||||
cluster: dynamic_server
|
||||
- match:
|
||||
prefix: '/'
|
||||
route:
|
||||
cluster: webapp
|
||||
http_filters:
|
||||
- name: envoy.filters.http.router
|
||||
typed_config:
|
||||
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
||||
|
||||
clusters:
|
||||
- name: dynamic_server
|
||||
connect_timeout: 0.25s
|
||||
type: STRICT_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: dynamic_server
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: server
|
||||
port_value: 3000
|
||||
|
||||
- name: webapp
|
||||
connect_timeout: 0.25s
|
||||
type: STRICT_DNS
|
||||
dns_lookup_family: V4_ONLY
|
||||
lb_policy: ROUND_ROBIN
|
||||
load_assignment:
|
||||
cluster_name: webapp
|
||||
endpoints:
|
||||
- lb_endpoints:
|
||||
- endpoint:
|
||||
address:
|
||||
socket_address:
|
||||
address: webapp
|
||||
port_value: 80
|
||||
@@ -1,21 +0,0 @@
|
||||
FROM nginx:1.11
|
||||
|
||||
RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf
|
||||
ADD nginx.conf /etc/nginx/
|
||||
|
||||
COPY scripts /root/scripts/
|
||||
COPY certs /etc/ssl/
|
||||
|
||||
COPY sites /etc/nginx/templates
|
||||
|
||||
ARG SERVER_PROXY_PORT=3000
|
||||
ARG WEB_SSL=false
|
||||
ARG SELF_SIGNED=false
|
||||
|
||||
ENV SERVER_PROXY_PORT=$SERVER_PROXY_PORT
|
||||
ENV WEB_SSL=$WEB_SSL
|
||||
ENV SELF_SIGNED=$SELF_SIGNED
|
||||
|
||||
RUN /bin/bash /root/scripts/build-nginx.sh
|
||||
|
||||
CMD nginx
|
||||
@@ -1,33 +0,0 @@
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
daemon off;
|
||||
|
||||
events {
|
||||
worker_connections 2048;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http {
|
||||
server_tokens off;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 15;
|
||||
types_hash_max_size 2048;
|
||||
client_max_body_size 20M;
|
||||
open_file_cache max=100;
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-available/*;
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
for conf in /etc/nginx/templates/*.conf; do
|
||||
mv $conf "/etc/nginx/sites-available/"$(basename $conf) > /dev/null
|
||||
done
|
||||
|
||||
for template in /etc/nginx/templates/*.template; do
|
||||
envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf"
|
||||
done
|
||||
@@ -1,16 +0,0 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
||||
location /api {
|
||||
proxy_pass http://server:${SERVER_PROXY_PORT};
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://webapp;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user