updated

2023-02-24 13:58:20 +00:00
parent 9e33312b6a
commit 0c16317414
10 changed files with 242 additions and 104 deletions
--- a/firewall-letsencrypt.json
+++ b/firewall-letsencrypt.json
@@ -8,7 +8,6 @@
 			"IMAGE": "registry.format.hu/firewall",
 			"NAME": "firewall",
 			"MEMORY": "64M",
-			"IP": "null",
 			"NETWORK": "host",
 			"SCALE": "0",
 			"VOLUMES": [
@@ -22,6 +21,11 @@
 				"DEST": "/services",
 				"TYPE": "ro"
 				},
+				{
+                                "SOURCE": "/etc/system/data/dns/hosts.local", 
+                                "DEST": "/etc/dns/hosts.local",
+                                "TYPE": "ro"
+                                },
 				{
                                 "SOURCE": "/var/run/docker.sock",
                                 "DEST": "/var/run/docker.sock",
@@ -41,7 +45,7 @@
 				],
                        "ENVS": [ 
               			{ "CHAIN": "DOCKER-USER" },
-                                { "SOURCE": "smarthost_loadbalancer" },
+                                { "SOURCE": "smarthostloadbalancer" },
                                { "TARGET": "letsencrypt" },
                                { "TYPE": "tcp" },
                                { "TARGET_PORT": "80" },
--- a/firewall-smarthost-backend-dns.json
+++ b/firewall-smarthost-backend-dns.json
@@ -6,9 +6,9 @@
 	"containers": [
 		{ 
 			"IMAGE": "registry.format.hu/firewall",
+			"UDAPE": "true",
 			"NAME": "firewall",
 			"MEMORY": "64M",
-			"IP": "null",
 			"NETWORK": "host",
 			"SCALE": "0",
 			"VOLUMES": [
@@ -22,6 +22,11 @@
 				"DEST": "/services",
 				"TYPE": "ro"
 				},
+				{
+				"SOURCE": "/etc/system/data/dns/hosts.local",
+				"DEST": "/etc/dns/hosts.local",
+				"TYPE": "ro"
+				},
 				{
                                 "SOURCE": "/var/run/docker.sock",
                                 "DEST": "/var/run/docker.sock",
@@ -41,20 +46,18 @@
 				],
                        "ENVS": [
               			{ "CHAIN": "DOCKER-USER" },
-                                { "SOURCE": "smarthost_loadbalancer" },
-                                { "TARGET": "proxy_dns" },
+                                { "SOURCE": "smarthostbackend" },
+                                { "TARGET": "coredns" },
                                { "TYPE": "udp" },
-                                { "TARGET_PORT_1": "53" },
-                                { "TARGET_PORT_2": "67" },
-                                { "TARGET_PORT_3": "68" },
-                                { "COMMENT": "smarthost_proxy_dns" }
+                                { "TARGET_PORT": "53" },
+                                { "COMMENT": "smarthost backend1 access for local dns" }
                                ], 
 			"EXTRA": "--privileged --rm",
 			"DEPEND": "null",
 			"START_ON_BOOT": "false",
-			"CMD": "null",
-			"PRE_START": "null",
-			"POST_START": "null"
+			"CMD": "",
+			"PRE_START": [],
+			"POST_START": []
 		}
 	]
 }
--- a/firewall-smarthost-loadbalancer-dns.json
+++ b/firewall-smarthost-loadbalancer-dns.json
@@ -0,0 +1,63 @@
+{
+	"main": {
+		"SERVICE_NAME": "firewalls",
+		"DOMAIN": "null" 
+	},
+	"containers": [
+		{ 
+			"IMAGE": "registry.format.hu/firewall",
+			"UDAPE": "true",
+			"NAME": "firewall",
+			"MEMORY": "64M",
+			"NETWORK": "host",
+			"SCALE": "0",
+			"VOLUMES": [
+				{
+				"SOURCE": "/run/",
+				"DEST": "/run/",
+				"TYPE": "rw"
+				},
+				{
+				"SOURCE": "/etc/user/config/services",
+				"DEST": "/services",
+				"TYPE": "ro"
+				},
+				{
+				"SOURCE": "/etc/system/data/dns/hosts.local",
+				"DEST": "/etc/dns/hosts.local",
+				"TYPE": "ro"
+				},
+				{
+                                 "SOURCE": "/var/run/docker.sock",
+                                 "DEST": "/var/run/docker.sock",
+                                 "TYPE": "rw"
+                                 },
+                                 {
+                                 "SOURCE": "/usr/bin/docker",
+                                 "DEST": "/usr/bin/docker",
+                                 "TYPE": "ro"
+                                 }
+				],
+			"PORTS": [ ],
+			"READYNESS": [
+			        {"tcp": ""},
+			        {"HTTP": ""},
+				{"EXEC": "/ready.sh"}
+				],
+                        "ENVS": [
+               			{ "CHAIN": "DOCKER-USER" },
+                                { "SOURCE": "smarthostloadbalancer" },
+                                { "TARGET": "coredns" },
+                                { "TYPE": "udp" },
+                                { "TARGET_PORT": "53" },
+                                { "COMMENT": "smarthost loadbalancer dns" }
+                                ], 
+			"EXTRA": "--privileged --rm",
+			"DEPEND": "null",
+			"START_ON_BOOT": "false",
+			"CMD": "",
+			"PRE_START": [],
+			"POST_START": []
+		}
+	]
+}
--- a/firewall-smarthost-to-backend.json
+++ b/firewall-smarthost-to-backend.json
@@ -0,0 +1,64 @@
+{
+	"main": {
+		"SERVICE_NAME": "firewalls",
+		"DOMAIN": "null" 
+	},
+	"containers": [
+		{ 
+			"IMAGE": "registry.format.hu/firewall",
+			"UPDATE": "true",
+			"NAME": "firewall",
+			"MEMORY": "64M",
+			"NETWORK": "host",
+			"SCALE": "0",
+			"VOLUMES": [
+				{
+				"SOURCE": "/run/",
+				"DEST": "/run/",
+				"TYPE": "rw"
+				},
+				{
+				"SOURCE": "/etc/user/config/services",
+				"DEST": "/services",
+				"TYPE": "ro"
+				},
+				{
+                                "SOURCE": "/etc/system/data/dns/hosts.local", 
+                                "DEST": "/etc/dns/hosts.local",
+                                "TYPE": "ro"
+                                },
+				{
+                                 "SOURCE": "/var/run/docker.sock",
+                                 "DEST": "/var/run/docker.sock",
+                                 "TYPE": "rw"
+                                 },
+                                 {
+                                 "SOURCE": "/usr/bin/docker",
+                                 "DEST": "/usr/bin/docker",
+                                 "TYPE": "ro"
+                                 }
+				],
+			"PORTS": [ ],
+			"READYNESS": [
+			        {"tcp": ""},
+			        {"HTTP": ""},
+				{"EXEC": "/ready.sh"}
+				],
+                        "ENVS": [ 
+               			{ "CHAIN": "DOCKER-USER" },
+                                { "SOURCE": "smarthostloadbalancer" },
+                                { "TARGET": "smarthostbackend" },
+                                { "TYPE": "tcp" },
+                                { "TARGET_PORT_1": "80" },
+                                { "TARGET_PORT_2": "443" },
+                                { "COMMENT": "smarthost loadbalancer access smarthost backends" }
+                                ], 
+			"EXTRA": "--privileged --rm",
+			"DEPEND": "null",
+			"START_ON_BOOT": "false",
+			"CMD": "null",
+			"PRE_START": "null",
+			"POST_START": "null"
+		}
+	]
+}
--- a/firewall-smarthostloadbalancer-from-publicbackend.json
+++ b/firewall-smarthostloadbalancer-from-publicbackend.json
@@ -6,9 +6,9 @@
 	"containers": [
 		{ 
 			"IMAGE": "registry.format.hu/firewall",
+			"UPDATE": "true",
 			"NAME": "firewall",
 			"MEMORY": "64M",
-			"IP": "null",
 			"NETWORK": "host",
 			"SCALE": "0",
 			"VOLUMES": [
@@ -22,6 +22,11 @@
 				"DEST": "/services",
 				"TYPE": "ro"
 				},
+				{
+                                "SOURCE": "/etc/system/data/dns/hosts.local", 
+                                "DEST": "/etc/dns/hosts.local",
+                                "TYPE": "ro"
+                                },
 				{
                                 "SOURCE": "/var/run/docker.sock",
                                 "DEST": "/var/run/docker.sock",
@@ -41,12 +46,12 @@
 				],
                        "ENVS": [ 
               			{ "CHAIN": "DOCKER-USER" },
-                                { "SOURCE": "smarthost_loadbalancer" },
-                                { "TARGET": "smarthost_backend" },
+                                { "SOURCE": "publicbackend" },
+                                { "TARGET": "smarthostloadbalancer" },
                                { "TYPE": "tcp" },
                                { "TARGET_PORT_1": "80" },
                                { "TARGET_PORT_2": "443" },
-                                { "COMMENT": "smarthost-backend" }
+                                { "COMMENT": "public backend access smarthost loadbalancer" }
                                ], 
 			"EXTRA": "--privileged --rm",
 			"DEPEND": "null",
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -0,0 +1,57 @@
+global
+  log stdout format raw local0 debug
+defaults
+  mode http
+  option redispatch
+  option http-server-close
+  log global
+  timeout connect 5s
+  timeout client 24h
+  timeout server 24h
+  option srvtcpka
+  option clitcpka
+
+frontend default
+
+bind :80 accept-proxy
+    mode http
+    option httpclose
+    option httplog
+    http-request add-header X-Forwarded-For %[src]
+
+acl letsencrypt path_beg /.well-known/acme-challenge/
+use_backend letsencrypt if letsencrypt
+
+default_backend backend-default
+
+backend letsencrypt
+  server letsencrypt letsencrypt:80 send-proxy
+
+backend backend-default
+  mode http
+  option httplog
+  #option log-health-checks
+  option redispatch
+  log global
+  balance roundrobin
+  server backend-1 smarthostbackend-1:80 check send-proxy
+  server backend-2 smarthostbackend-2:80 check send-proxy
+
+frontend default_https
+
+bind :443 accept-proxy
+  mode tcp
+  option forwardfor
+  option tcplog
+  option dontlognull
+
+default_backend backend_default_https
+backend backend_default_https
+  mode tcp
+  option tcplog
+  # option log-health-checks
+  # option redispatch
+  log global
+  balance roundrobin
+  server backend-1 smarthostbackend-1:443 check send-proxy
+  server backend-2 smarthostbackend-2:443 check send-proxy
--- a/letsencrypt.json
+++ b/letsencrypt.json
@@ -18,7 +18,7 @@
 			"NAME": "letsencrypt",
 			"UPDATE": "true",
 			"MEMORY": "64M",
-			"IP": "172.18.254.254",
+			"SELECTOR": "letsencrypt",
 			"NETWORK": "letsencrypt",
 			"VOLUMES": [
 				{
--- a/proxy-dns.json
+++ b/proxy-dns.json
@@ -1,66 +0,0 @@
-{
-	"main": {
-		"SERVICE_NAME": "proxy-dns",
-		"DOMAIN": "null" 
-	},
-	"networks": [
-		{
-			"NAME": "proxy_dns-public",
-			"DRIVER": "bridge",
-			"SUBNET": "172.18.255.0/24",	
-			"RANGE": "172.18.255.0/24",
-			"GATEWAY": "172.18.255.1"
-		}
-	],
-	"containers": [
-		{ 
-			"IMAGE": "registry.format.hu/dnsmasq:latest",
-			"NAME": "proxy_dns-efhuh3g1",
-			"MEMORY": "64M",
-			"IP": "172.18.255.2",
-			"NETWORK": "proxy_dns-public",
-			"VOLUMES": [
-				{	
-				"SOURCE": "/etc/system/data/proxy-dns/",
-				"DEST": "/etc/dnsmasq.d/",
-				"TYPE": "rw"
-				},
-				{	
-				"SOURCE": "/etc/system/log/proxy-dns/",
-				"DEST": "/var/log/dnsmasq/",
-				"TYPE": "rw"
-				}
-				],
-			"PORTS": [ 
-    				{
-				 "SOURCE": "null",
-				 "DEST": "53",
-				 "TYPE": "udp"
-				},
-    				{
-				 "SOURCE": "null",
-				 "DEST": "67",
-				 "TYPE": "udp"
-				},
-    				{
-				 "SOURCE": "null",
-				 "DEST": "68",
-				 "TYPE": "udp"
-				}
-				  ],
-			"READYNESS": [
-			        {"tcp": ""},
-			        {"HTTP": ""},
-				{"EXEC": "/ready.sh"}
-				],
-			"ENVS": [
-				],
-			"EXTRA": "--restart unless-stopped",
-			"DEPEND": "null",
-			"START_ON_BOOT": "true",
-			"CMD": "null",
-			"PRE_START": "null",
-			"POST_START": "null"
-		}
-	]
-}
--- a/smarthost-proxy-scheduler.json
+++ b/smarthost-proxy-scheduler.json
@@ -6,15 +6,15 @@
        "containers": [
                {
                        "IMAGE": "registry.format.hu/proxy-scheduler:latest",
-                        "NAME": "proxy_scheduler_local-ifhiwhth",
-                        "MEMORY": "64M",
-                        "IP": "null",
+                        "NAME": "proxy_scheduler_local",
+                        "UPDATE": "true",
+			"MEMORY": "64M",
                        "NETWORK": "host",
                        "VOLUMES": [
                                {
                                "SOURCE": "/etc/user/config/smarthost-domains",
                                "DEST": "/domains",
-                                "TYPE": "ro"
+                                "TYPE": "rw"
                                },
                                {
                                "SOURCE": "/etc/ssl/keys",
--- a/smarthost-proxy.json
+++ b/smarthost-proxy.json
@@ -29,13 +29,14 @@
 	"containers": [
 		{ 
 			"IMAGE": "registry.format.hu/haproxy:2.5.4",
-			"NAME": "smarthost_loadbalancer-27dhuwth",
+			"NAME": "smarthost_loadbalancer",
+			"SCALE": "",
+			"SELECTOR": "smarthostloadbalancer",
 			"UPDATE": "true",
 			"ROLES": "smarthost-frontend-proxy",
-			"MEMORY": "128M",
-			"IP": "172.18.103.2",
+			"MEMORY": "256M",
 			"NETWORK": "smarthost-loadbalancer",
-			"DNS": [ "proxy_dns" ],
+			"DNS": [ "coredns" ], 
                        "READYNESS": [
                                {"tcp": "80"},
                                {"HTTP": "8080"},
@@ -54,6 +55,11 @@
 				}
 				 ],	
 			"VOLUMES": [
+				{	
+				"SOURCE": "/etc/system/config/smarthost-proxy/loadbalancer/haproxy.cfg",
+				"DEST": "/etc/haproxy/haproxy.cfg",
+				"TYPE": "rw"
+				},
 				{	
 				"SOURCE": "/etc/system/log/smarthost-proxy/loadbalancer",
 				"DEST": "/var/log/haproxy",
@@ -66,21 +72,22 @@
 				{"EXEC": "/ready.sh"}
 				],
 				"ENV_FILES": [ "/etc/system/config/proxy.json" ],
-			"EXTRA": "--label ROLES=loadbalancer" ,
-			"DEPEND": [ "proxy-dns" ],
+			"EXTRA": "--restart unless-stopped --log-opt max-size=500m --label ROLES=loadbalancer" ,
+			"DEPEND": [ ],
 			"START_ON_BOOT": "true",
 			"CMD": "null",
 			"PRE_START": [  ],
-			"POST_START": [ "firewall-dns", "firewall-letsencrypt", "firewall-smarhost-loadbalancer" ]
+			"POST_START": [ "firewall-smarthost-loadbalancer-dns", "firewall-letsencrypt", "firewall-smarthostloadbalancer-from-publicbackend" ]
 		},
 		{ 
-			"IMAGE": "registry.format.hu/alpine/nginx:1.23",
+			"IMAGE": "registry.format.hu/nginx:1.23.3",
 			"NAME": "smarthost_backend-1",
 			"UPDATE": "true",
 			"ROLES": "smarthost-backend-proxy",
 			"MEMORY": "64M",
-			"IP": "172.18.104.2",
 			"NETWORK": "smarthost_backend-1",
+			"DNS": [ "coredns" ], 
+			"SELECTOR": "smarthostbackend-1",
 			"PORTS": [
    				{
 				 "SOURCE": "null",
@@ -115,21 +122,22 @@
 			        {"HTTP": "8080"},
 				{"EXEC": "/ready.sh"}
 				],
-			"EXTRA": "null",
+			"EXTRA": "--restart unless-stopped",
 			"DEPEND": "null",
 			"START_ON_BOOT": "true",
 			"CMD": "null",
-			"PRE_START": "null",
-			"POST_START": [ "firewall-backend" ]
+			"PRE_START": ["firewall-smarthost-backend-dns"],
+			"POST_START": [ "firewall-smarthost-to-backend" ]
 		},
 		{ 
-			"IMAGE": "registry.format.hu/alpine/nginx:1.23",
+			"IMAGE": "registry.format.hu/nginx:1.23.3",
 			"NAME": "smarthost_backend-2",
 			"UPDATE": "true",
 			"ROLES": "smarthost-backend-proxy",
+			"DNS": [ "coredns" ], 
 			"MEMORY": "64M",
-			"IP": "172.18.105.2",
 			"NETWORK": "smarthost_backend-2",
+			"SELECTOR": "smarthostbackend-2",
 			"PORTS": [
    				{
 				 "SOURCE": "null",
@@ -164,12 +172,12 @@
 			        {"HTTP": "8080"},
 				{"EXEC": "/ready.sh"}
 				],
-			"EXTRA": "null",
+			"EXTRA": "--restart unless-stopped",
 			"DEPEND": "null",
 			"START_ON_BOOT": "true",
 			"CMD": "null",
-			"PRE_START": "null",
-			"POST_START": [ "firewall-backend" ]
+			"PRE_START": ["firewall-smarthost-backend-dns"],
+			"POST_START": [ "firewall-smarthost-to-backend" ]
 		}
 	]
 }