From 0c163174149d5ed23dae170697c30ed3c937b397 Mon Sep 17 00:00:00 2001 From: gyurix Date: Fri, 24 Feb 2023 13:58:20 +0000 Subject: [PATCH] updated --- firewall-letsencrypt.json | 8 ++- ...son => firewall-smarthost-backend-dns.json | 23 ++++--- firewall-smarthost-loadbalancer-dns.json | 63 ++++++++++++++++++ firewall-smarthost-to-backend.json | 64 ++++++++++++++++++ ...rthostloadbalancer-from-publicbackend.json | 13 ++-- haproxy.cfg | 57 ++++++++++++++++ letsencrypt.json | 2 +- proxy-dns.json | 66 ------------------- smarthost-proxy-scheduler.json | 8 +-- smarthost-proxy.json | 42 +++++++----- 10 files changed, 242 insertions(+), 104 deletions(-) rename firewall-dns.json => firewall-smarthost-backend-dns.json (73%) create mode 100644 firewall-smarthost-loadbalancer-dns.json create mode 100644 firewall-smarthost-to-backend.json rename firewall-backend.json => firewall-smarthostloadbalancer-from-publicbackend.json (74%) create mode 100644 haproxy.cfg delete mode 100644 proxy-dns.json diff --git a/firewall-letsencrypt.json b/firewall-letsencrypt.json index cfcc24b..c5d074b 100644 --- a/firewall-letsencrypt.json +++ b/firewall-letsencrypt.json @@ -8,7 +8,6 @@ "IMAGE": "registry.format.hu/firewall", "NAME": "firewall", "MEMORY": "64M", - "IP": "null", "NETWORK": "host", "SCALE": "0", "VOLUMES": [ @@ -22,6 +21,11 @@ "DEST": "/services", "TYPE": "ro" }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, { "SOURCE": "/var/run/docker.sock", "DEST": "/var/run/docker.sock", @@ -41,7 +45,7 @@ ], "ENVS": [ { "CHAIN": "DOCKER-USER" }, - { "SOURCE": "smarthost_loadbalancer" }, + { "SOURCE": "smarthostloadbalancer" }, { "TARGET": "letsencrypt" }, { "TYPE": "tcp" }, { "TARGET_PORT": "80" }, diff --git a/firewall-dns.json b/firewall-smarthost-backend-dns.json similarity index 73% rename from firewall-dns.json rename to firewall-smarthost-backend-dns.json index 1515d3e..f27d786 100644 --- a/firewall-dns.json +++ b/firewall-smarthost-backend-dns.json @@ -6,9 +6,9 @@ "containers": [ { "IMAGE": "registry.format.hu/firewall", + "UDAPE": "true", "NAME": "firewall", "MEMORY": "64M", - "IP": "null", "NETWORK": "host", "SCALE": "0", "VOLUMES": [ @@ -22,6 +22,11 @@ "DEST": "/services", "TYPE": "ro" }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, { "SOURCE": "/var/run/docker.sock", "DEST": "/var/run/docker.sock", @@ -41,20 +46,18 @@ ], "ENVS": [ { "CHAIN": "DOCKER-USER" }, - { "SOURCE": "smarthost_loadbalancer" }, - { "TARGET": "proxy_dns" }, + { "SOURCE": "smarthostbackend" }, + { "TARGET": "coredns" }, { "TYPE": "udp" }, - { "TARGET_PORT_1": "53" }, - { "TARGET_PORT_2": "67" }, - { "TARGET_PORT_3": "68" }, - { "COMMENT": "smarthost_proxy_dns" } + { "TARGET_PORT": "53" }, + { "COMMENT": "smarthost backend1 access for local dns" } ], "EXTRA": "--privileged --rm", "DEPEND": "null", "START_ON_BOOT": "false", - "CMD": "null", - "PRE_START": "null", - "POST_START": "null" + "CMD": "", + "PRE_START": [], + "POST_START": [] } ] } diff --git a/firewall-smarthost-loadbalancer-dns.json b/firewall-smarthost-loadbalancer-dns.json new file mode 100644 index 0000000..4f1e9b7 --- /dev/null +++ b/firewall-smarthost-loadbalancer-dns.json @@ -0,0 +1,63 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UDAPE": "true", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/usr/bin/docker", + "DEST": "/usr/bin/docker", + "TYPE": "ro" + } + ], + "PORTS": [ ], + "READYNESS": [ + {"tcp": ""}, + {"HTTP": ""}, + {"EXEC": "/ready.sh"} + ], + "ENVS": [ + { "CHAIN": "DOCKER-USER" }, + { "SOURCE": "smarthostloadbalancer" }, + { "TARGET": "coredns" }, + { "TYPE": "udp" }, + { "TARGET_PORT": "53" }, + { "COMMENT": "smarthost loadbalancer dns" } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "", + "PRE_START": [], + "POST_START": [] + } + ] +} diff --git a/firewall-smarthost-to-backend.json b/firewall-smarthost-to-backend.json new file mode 100644 index 0000000..8aaf6fd --- /dev/null +++ b/firewall-smarthost-to-backend.json @@ -0,0 +1,64 @@ +{ + "main": { + "SERVICE_NAME": "firewalls", + "DOMAIN": "null" + }, + "containers": [ + { + "IMAGE": "registry.format.hu/firewall", + "UPDATE": "true", + "NAME": "firewall", + "MEMORY": "64M", + "NETWORK": "host", + "SCALE": "0", + "VOLUMES": [ + { + "SOURCE": "/run/", + "DEST": "/run/", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/services", + "DEST": "/services", + "TYPE": "ro" + }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, + { + "SOURCE": "/var/run/docker.sock", + "DEST": "/var/run/docker.sock", + "TYPE": "rw" + }, + { + "SOURCE": "/usr/bin/docker", + "DEST": "/usr/bin/docker", + "TYPE": "ro" + } + ], + "PORTS": [ ], + "READYNESS": [ + {"tcp": ""}, + {"HTTP": ""}, + {"EXEC": "/ready.sh"} + ], + "ENVS": [ + { "CHAIN": "DOCKER-USER" }, + { "SOURCE": "smarthostloadbalancer" }, + { "TARGET": "smarthostbackend" }, + { "TYPE": "tcp" }, + { "TARGET_PORT_1": "80" }, + { "TARGET_PORT_2": "443" }, + { "COMMENT": "smarthost loadbalancer access smarthost backends" } + ], + "EXTRA": "--privileged --rm", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": "null" + } + ] +} diff --git a/firewall-backend.json b/firewall-smarthostloadbalancer-from-publicbackend.json similarity index 74% rename from firewall-backend.json rename to firewall-smarthostloadbalancer-from-publicbackend.json index e07ccce..d0b7b7f 100644 --- a/firewall-backend.json +++ b/firewall-smarthostloadbalancer-from-publicbackend.json @@ -6,9 +6,9 @@ "containers": [ { "IMAGE": "registry.format.hu/firewall", + "UPDATE": "true", "NAME": "firewall", "MEMORY": "64M", - "IP": "null", "NETWORK": "host", "SCALE": "0", "VOLUMES": [ @@ -22,6 +22,11 @@ "DEST": "/services", "TYPE": "ro" }, + { + "SOURCE": "/etc/system/data/dns/hosts.local", + "DEST": "/etc/dns/hosts.local", + "TYPE": "ro" + }, { "SOURCE": "/var/run/docker.sock", "DEST": "/var/run/docker.sock", @@ -41,12 +46,12 @@ ], "ENVS": [ { "CHAIN": "DOCKER-USER" }, - { "SOURCE": "smarthost_loadbalancer" }, - { "TARGET": "smarthost_backend" }, + { "SOURCE": "publicbackend" }, + { "TARGET": "smarthostloadbalancer" }, { "TYPE": "tcp" }, { "TARGET_PORT_1": "80" }, { "TARGET_PORT_2": "443" }, - { "COMMENT": "smarthost-backend" } + { "COMMENT": "public backend access smarthost loadbalancer" } ], "EXTRA": "--privileged --rm", "DEPEND": "null", diff --git a/haproxy.cfg b/haproxy.cfg new file mode 100644 index 0000000..1bc4423 --- /dev/null +++ b/haproxy.cfg @@ -0,0 +1,57 @@ +global + log stdout format raw local0 debug +defaults + mode http + option redispatch + option http-server-close + log global + timeout connect 5s + timeout client 24h + timeout server 24h + option srvtcpka + option clitcpka + +frontend default + +bind :80 accept-proxy + mode http + option httpclose + option httplog + http-request add-header X-Forwarded-For %[src] + +acl letsencrypt path_beg /.well-known/acme-challenge/ +use_backend letsencrypt if letsencrypt + +default_backend backend-default + +backend letsencrypt + server letsencrypt letsencrypt:80 send-proxy + +backend backend-default + mode http + option httplog + #option log-health-checks + option redispatch + log global + balance roundrobin + server backend-1 smarthostbackend-1:80 check send-proxy + server backend-2 smarthostbackend-2:80 check send-proxy + +frontend default_https + +bind :443 accept-proxy + mode tcp + option forwardfor + option tcplog + option dontlognull + +default_backend backend_default_https +backend backend_default_https + mode tcp + option tcplog + # option log-health-checks + # option redispatch + log global + balance roundrobin + server backend-1 smarthostbackend-1:443 check send-proxy + server backend-2 smarthostbackend-2:443 check send-proxy diff --git a/letsencrypt.json b/letsencrypt.json index e5c619b..8aa3be1 100644 --- a/letsencrypt.json +++ b/letsencrypt.json @@ -18,7 +18,7 @@ "NAME": "letsencrypt", "UPDATE": "true", "MEMORY": "64M", - "IP": "172.18.254.254", + "SELECTOR": "letsencrypt", "NETWORK": "letsencrypt", "VOLUMES": [ { diff --git a/proxy-dns.json b/proxy-dns.json deleted file mode 100644 index fbde262..0000000 --- a/proxy-dns.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "main": { - "SERVICE_NAME": "proxy-dns", - "DOMAIN": "null" - }, - "networks": [ - { - "NAME": "proxy_dns-public", - "DRIVER": "bridge", - "SUBNET": "172.18.255.0/24", - "RANGE": "172.18.255.0/24", - "GATEWAY": "172.18.255.1" - } - ], - "containers": [ - { - "IMAGE": "registry.format.hu/dnsmasq:latest", - "NAME": "proxy_dns-efhuh3g1", - "MEMORY": "64M", - "IP": "172.18.255.2", - "NETWORK": "proxy_dns-public", - "VOLUMES": [ - { - "SOURCE": "/etc/system/data/proxy-dns/", - "DEST": "/etc/dnsmasq.d/", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/system/log/proxy-dns/", - "DEST": "/var/log/dnsmasq/", - "TYPE": "rw" - } - ], - "PORTS": [ - { - "SOURCE": "null", - "DEST": "53", - "TYPE": "udp" - }, - { - "SOURCE": "null", - "DEST": "67", - "TYPE": "udp" - }, - { - "SOURCE": "null", - "DEST": "68", - "TYPE": "udp" - } - ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "ENVS": [ - ], - "EXTRA": "--restart unless-stopped", - "DEPEND": "null", - "START_ON_BOOT": "true", - "CMD": "null", - "PRE_START": "null", - "POST_START": "null" - } - ] -} diff --git a/smarthost-proxy-scheduler.json b/smarthost-proxy-scheduler.json index ef2ab0b..b1fc339 100644 --- a/smarthost-proxy-scheduler.json +++ b/smarthost-proxy-scheduler.json @@ -6,15 +6,15 @@ "containers": [ { "IMAGE": "registry.format.hu/proxy-scheduler:latest", - "NAME": "proxy_scheduler_local-ifhiwhth", - "MEMORY": "64M", - "IP": "null", + "NAME": "proxy_scheduler_local", + "UPDATE": "true", + "MEMORY": "64M", "NETWORK": "host", "VOLUMES": [ { "SOURCE": "/etc/user/config/smarthost-domains", "DEST": "/domains", - "TYPE": "ro" + "TYPE": "rw" }, { "SOURCE": "/etc/ssl/keys", diff --git a/smarthost-proxy.json b/smarthost-proxy.json index fef8a7b..10fe715 100644 --- a/smarthost-proxy.json +++ b/smarthost-proxy.json @@ -29,13 +29,14 @@ "containers": [ { "IMAGE": "registry.format.hu/haproxy:2.5.4", - "NAME": "smarthost_loadbalancer-27dhuwth", + "NAME": "smarthost_loadbalancer", + "SCALE": "", + "SELECTOR": "smarthostloadbalancer", "UPDATE": "true", "ROLES": "smarthost-frontend-proxy", - "MEMORY": "128M", - "IP": "172.18.103.2", + "MEMORY": "256M", "NETWORK": "smarthost-loadbalancer", - "DNS": [ "proxy_dns" ], + "DNS": [ "coredns" ], "READYNESS": [ {"tcp": "80"}, {"HTTP": "8080"}, @@ -54,6 +55,11 @@ } ], "VOLUMES": [ + { + "SOURCE": "/etc/system/config/smarthost-proxy/loadbalancer/haproxy.cfg", + "DEST": "/etc/haproxy/haproxy.cfg", + "TYPE": "rw" + }, { "SOURCE": "/etc/system/log/smarthost-proxy/loadbalancer", "DEST": "/var/log/haproxy", @@ -66,21 +72,22 @@ {"EXEC": "/ready.sh"} ], "ENV_FILES": [ "/etc/system/config/proxy.json" ], - "EXTRA": "--label ROLES=loadbalancer" , - "DEPEND": [ "proxy-dns" ], + "EXTRA": "--restart unless-stopped --log-opt max-size=500m --label ROLES=loadbalancer" , + "DEPEND": [ ], "START_ON_BOOT": "true", "CMD": "null", "PRE_START": [ ], - "POST_START": [ "firewall-dns", "firewall-letsencrypt", "firewall-smarhost-loadbalancer" ] + "POST_START": [ "firewall-smarthost-loadbalancer-dns", "firewall-letsencrypt", "firewall-smarthostloadbalancer-from-publicbackend" ] }, { - "IMAGE": "registry.format.hu/alpine/nginx:1.23", + "IMAGE": "registry.format.hu/nginx:1.23.3", "NAME": "smarthost_backend-1", "UPDATE": "true", "ROLES": "smarthost-backend-proxy", "MEMORY": "64M", - "IP": "172.18.104.2", "NETWORK": "smarthost_backend-1", + "DNS": [ "coredns" ], + "SELECTOR": "smarthostbackend-1", "PORTS": [ { "SOURCE": "null", @@ -115,21 +122,22 @@ {"HTTP": "8080"}, {"EXEC": "/ready.sh"} ], - "EXTRA": "null", + "EXTRA": "--restart unless-stopped", "DEPEND": "null", "START_ON_BOOT": "true", "CMD": "null", - "PRE_START": "null", - "POST_START": [ "firewall-backend" ] + "PRE_START": ["firewall-smarthost-backend-dns"], + "POST_START": [ "firewall-smarthost-to-backend" ] }, { - "IMAGE": "registry.format.hu/alpine/nginx:1.23", + "IMAGE": "registry.format.hu/nginx:1.23.3", "NAME": "smarthost_backend-2", "UPDATE": "true", "ROLES": "smarthost-backend-proxy", + "DNS": [ "coredns" ], "MEMORY": "64M", - "IP": "172.18.105.2", "NETWORK": "smarthost_backend-2", + "SELECTOR": "smarthostbackend-2", "PORTS": [ { "SOURCE": "null", @@ -164,12 +172,12 @@ {"HTTP": "8080"}, {"EXEC": "/ready.sh"} ], - "EXTRA": "null", + "EXTRA": "--restart unless-stopped", "DEPEND": "null", "START_ON_BOOT": "true", "CMD": "null", - "PRE_START": "null", - "POST_START": [ "firewall-backend" ] + "PRE_START": ["firewall-smarthost-backend-dns"], + "POST_START": [ "firewall-smarthost-to-backend" ] } ] }