Skip to content
Snippets Groups Projects
Commit 83aa627a authored by schnarkus's avatar schnarkus
Browse files

set up tls and dns for dev environment

parent 88c48974
No related branches found
No related tags found
No related merge requests found
Pipeline #68731 passed
up:
podman-compose up -d
post-up:
./update_hosts.sh
deploy: up post-up
server {
listen 8443 ssl;
server_name webservice.local;
ssl_certificate /etc/nginx/certs/nginx.crt;
ssl_certificate_key /etc/nginx/certs/nginx.key;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
version: "3.8"
services:
traefik:
image: traefik:v2.5
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
- "--certificatesresolvers.mytlschallenge.acme.email=masi9606@bht-berlin.de"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/podman/podman.sock:/var/run/docker.sock"
- "./traefik/traefik.yml:/etc/traefik/traefik.yml"
- "./letsencrypt:/letsencrypt"
networks:
- backend
extra_hosts:
- "app.local:127.0.0.1"
- "prometheus.local:127.0.0.1"
- "grafana.local:127.0.0.1"
app:
image: registry.bht-berlin.de:443/masi9606/webservice:dev
deploy:
replicas: 2
networks:
- backend
labels:
- "traefik.http.routers.app.rule=Host(`app.local`)"
- "traefik.http.routers.app.tls=true"
- "traefik.http.services.app.loadbalancer.server.port=8080"
extra_hosts:
- "app.local:127.0.0.1"
prometheus:
image: prom/prometheus:latest
volumes:
- "./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml"
networks:
- backend
labels:
- "traefik.http.routers.prometheus.rule=Host(`prometheus.local`)"
- "traefik.http.routers.prometheus.tls=true"
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
extra_hosts:
- "prometheus.local:127.0.0.1"
grafana:
image: grafana/grafana:latest
networks:
- backend
labels:
- "traefik.http.routers.grafana.rule=Host(`grafana.local`)"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
extra_hosts:
- "grafana.local:127.0.0.1"
redis:
image: redis:latest
networks:
- backend
ports:
- "6379:6379"
environment:
- REDIS_PASSWORD=
networks:
backend:
#!/bin/bash
IMAGE_NAME="registry.bht-berlin.de:443/masi9606/webservice:dev"
CONTAINER_NAME="webservice_container"
CONTAINER_HTTP_PORT="8080"
CONTAINER_HTTPS_PORT="8443"
NGINX_CONF="/etc/nginx/sites-available/default"
CERT_DIR="/etc/nginx/certs"
DOMAIN_NAME="webservice.local"
# Stop old containers
podman stop $CONTAINER_NAME
podman rm -f $CONTAINER_NAME
# Pull image
podman pull $IMAGE_NAME
# Run container on both ports
podman run -d -p $CONTAINER_HTTP_PORT:$CONTAINER_HTTP_PORT -p $CONTAINER_HTTPS_PORT:$CONTAINER_HTTPS_PORT --name $CONTAINER_NAME $IMAGE_NAME
# Install packages
podman exec -it $CONTAINER_NAME apt-get update
podman exec -it $CONTAINER_NAME apt-get install -y openssl nginx systemctl curl
# Generate SSL certificate and key
podman exec -it $CONTAINER_NAME bash -c "mkdir -p $CERT_DIR && \
openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
-keyout $CERT_DIR/nginx.key -out $CERT_DIR/nginx.crt \
-subj '/CN=$DOMAIN_NAME'"
podman cp default.conf $CONTAINER_NAME:$NGINX_CONF
# Restart Nginx to apply the changes
podman exec -it $CONTAINER_NAME systemctl restart nginx
# Wait
podman exec -it $CONTAINER_NAME sleep 5
# Add entry to /etc/hosts
podman exec -it $CONTAINER_NAME bash -c "echo '127.0.0.1 webservice.local' >> /etc/hosts"
echo "Setup complete..."
echo "Testing from inside..."
podman exec -it $CONTAINER_NAME curl -k https://$DOMAIN_NAME:$CONTAINER_HTTPS_PORT/
echo "Testing from outside..."
sudo bash -c "echo '127.0.0.1 webservice.local' >> /etc/hosts"
curl -k https://$DOMAIN_NAME:$CONTAINER_HTTPS_PORT/
\ No newline at end of file
http:
routers:
web:
rule: "Host(`app.local`)"
entryPoints:
- web
websecure:
rule: "Host(`app.local`)"
entryPoints:
- websecure
tls:
certResolver: mytlschallenge
#!/bin/bash
declare -A domains
domains=(
["app.local"]="127.0.0.1"
["prometheus.local"]="127.0.0.1"
["grafana.local"]="127.0.0.1"
)
for domain in "${!domains[@]}"; do
ip=${domains[$domain]}
if ! grep -q "$domain" /etc/hosts; then
echo "$ip $domain" | sudo tee -a /etc/hosts > /dev/null
echo "Added $domain to /etc/hosts"
else
echo "$domain is already in /etc/hosts"
fi
done
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment