diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 9edff2ef0..3efa13fc1 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -3,24 +3,17 @@ version: '3.3' services: - nginx: - container_name: bigcapital-nginx-gateway - build: - context: ./docker/nginx - args: - - SERVER_PROXY_PORT=3000 - - WEB_SSL=false - - SELF_SIGNED=false - volumes: - - ./data/logs/nginx/:/var/log/nginx - - ./docker/certbot/certs/:/var/certs + proxy: + image: envoyproxy/envoy:v1.30-latest + depends_on: + - server + - webapp ports: - '${PUBLIC_PROXY_PORT:-80}:80' - '${PUBLIC_PROXY_SSL_PORT:-443}:443' tty: true - depends_on: - - server - - webapp + volumes: + - ./docker/envoy/envoy.yaml:/etc/envoy/envoy.yaml restart: on-failure networks: - bigcapital_network @@ -46,6 +39,8 @@ services: - mongo - redis restart: on-failure + networks: + - bigcapital_network environment: # Mail - MAIL_HOST=${MAIL_HOST} @@ -127,8 +122,6 @@ services: - S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY} - S3_ENDPOINT=${S3_ENDPOINT} - S3_BUCKET=${S3_BUCKET} - networks: - - bigcapital_network database_migration: container_name: bigcapital-database-migration diff --git a/docker/envoy/envoy.yaml b/docker/envoy/envoy.yaml new file mode 100644 index 000000000..7758341eb --- /dev/null +++ b/docker/envoy/envoy.yaml @@ -0,0 +1,62 @@ +static_resources: + listeners: + - name: listener_0 + address: + socket_address: + address: 0.0.0.0 + port_value: 80 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: backend + domains: ['*'] + routes: + - match: + prefix: '/api' + route: + cluster: dynamic_server + - match: + prefix: '/' + route: + cluster: webapp + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + clusters: + - name: dynamic_server + connect_timeout: 0.25s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: dynamic_server + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: server + port_value: 3000 + + - name: webapp + connect_timeout: 0.25s + type: STRICT_DNS + dns_lookup_family: V4_ONLY + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: webapp + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: webapp + port_value: 80 diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile deleted file mode 100644 index c48d3a8c5..000000000 --- a/docker/nginx/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM nginx:1.11 - -RUN mkdir /etc/nginx/sites-available && rm /etc/nginx/conf.d/default.conf -ADD nginx.conf /etc/nginx/ - -COPY scripts /root/scripts/ -COPY certs /etc/ssl/ - -COPY sites /etc/nginx/templates - -ARG SERVER_PROXY_PORT=3000 -ARG WEB_SSL=false -ARG SELF_SIGNED=false - -ENV SERVER_PROXY_PORT=$SERVER_PROXY_PORT -ENV WEB_SSL=$WEB_SSL -ENV SELF_SIGNED=$SELF_SIGNED - -RUN /bin/bash /root/scripts/build-nginx.sh - -CMD nginx \ No newline at end of file diff --git a/docker/nginx/certs/.gitkeep b/docker/nginx/certs/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf deleted file mode 100644 index 593fc336d..000000000 --- a/docker/nginx/nginx.conf +++ /dev/null @@ -1,33 +0,0 @@ -user www-data; -worker_processes auto; -pid /run/nginx.pid; -daemon off; - -events { - worker_connections 2048; - use epoll; -} - -http { - server_tokens off; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 15; - types_hash_max_size 2048; - client_max_body_size 20M; - open_file_cache max=100; - gzip on; - gzip_disable "msie6"; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-available/*; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; -} \ No newline at end of file diff --git a/docker/nginx/scripts/build-nginx.sh b/docker/nginx/scripts/build-nginx.sh deleted file mode 100644 index ae47d3498..000000000 --- a/docker/nginx/scripts/build-nginx.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -for conf in /etc/nginx/templates/*.conf; do - mv $conf "/etc/nginx/sites-available/"$(basename $conf) > /dev/null -done - -for template in /etc/nginx/templates/*.template; do - envsubst < $template > "/etc/nginx/sites-available/"$(basename $template)".conf" -done \ No newline at end of file diff --git a/docker/nginx/sites/server.template b/docker/nginx/sites/server.template deleted file mode 100644 index fa962501c..000000000 --- a/docker/nginx/sites/server.template +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 80 default_server; - - location /api { - proxy_pass http://server:${SERVER_PROXY_PORT}; - } - - location / { - proxy_pass http://webapp; - } - - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt/; - log_not_found off; - } -} \ No newline at end of file