Theaninova/openstapps
1
0
Fork 0
mirror of https://gitlab.com/openstapps/openstapps.git synced 2025-12-11 08:46:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: build system

Browse Source
This commit is contained in:
Thea Schöbl
2023-03-22 11:45:30 +01:00
parent 4df19e8c20
commit 8cb9285462
427 changed files with 3978 additions and 9810 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
backend/proxy/README.md
View File

@@ -3,23 +3,23 @@
This proxy is based on NGINX. The NGINX configuration is generated by a simple Node.js script which parses
the docker socket. NGINX acts as a reverse proxy server. The Node.js script reads the docker socket file to generate
a configuration for each running docker container. The base template for configuration is `nginx.conf.template`
All `*.template` files are written with [mustache-js](https://github.com/janl/mustache.js "GitHub") syntax.
All `*.template` files are written with [mustache-js](https://github.com/janl/mustache.js 'GitHub') syntax.
The templates are assembled by the Node.js program.
**Important:**
The proxy expects your backend containers to provide following structure:
* Service name for the backend container has to be `backend` in docker-compose.yml. If you don't use docker-compose
set `com.docker.compose.service`-label to `backend`.
* Set the `stapps.version`-label of the container/service to coresponing the backend version
* The proxy container has to be executed with `--net=host`
* Port 80 or 443 being free for exclusive use by the proxy container
* Always publish the backend container ports to the host machines internal loopback interface or an interace you control. This is the only way communication with the internet is restricted to going through the proxy. E.g this can be achieved by the `ports` syntax `127.0.0.1:3000-4000:3000` in the docker-compose file (here with a random port to avoid collisions).
- Service name for the backend container has to be `backend` in docker-compose.yml. If you don't use docker-compose
set `com.docker.compose.service`-label to `backend`.
- Set the `stapps.version`-label of the container/service to coresponing the backend version
- The proxy container has to be executed with `--net=host`
- Port 80 or 443 being free for exclusive use by the proxy container
- Always publish the backend container ports to the host machines internal loopback interface or an interace you control. This is the only way communication with the internet is restricted to going through the proxy. E.g this can be achieved by the `ports` syntax `127.0.0.1:3000-4000:3000` in the docker-compose file (here with a random port to avoid collisions).
## SSL/TLS
For a working https configuration you need to have a valid certificate ***including the intemediate certificas without the root*** (*.crt file ) and its private key (*.key file) in two ***seperate*** files. In addition to your certificate you need to provide the certificate chain ***including*** the root certificate. [Read up on](https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce) how to [create this chain](https://blog.pki.dfn.de/2015/06/ocsp-stapling-in-nginx/) (*.crt file) or ask your admins to provide you one. The final and easiest requirement of the ssl setup is to create custom Diffie-Hellman parameters in a file:
For a working https configuration you need to have a valid certificate **_including the intemediate certificas without the root_** (_.crt file ) and its private key (_.key file) in two **_seperate_** files. In addition to your certificate you need to provide the certificate chain **_including_** the root certificate. [Read up on](https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce) how to [create this chain](https://blog.pki.dfn.de/2015/06/ocsp-stapling-in-nginx/) (\*.crt file) or ask your admins to provide you one. The final and easiest requirement of the ssl setup is to create custom Diffie-Hellman parameters in a file:
```sh
openssl dhparam -out dhparams.pem 4096
@@ -31,10 +31,10 @@ To Provide your own configuration file you can create a `default.json` file in t
## Status Codes
* OutdatedVersions return a `HTTP 404`
* ActiveVersions return a `HTTP 503` if currently unavailable or the given code by running backend-node
* Unsupported versions (not configured as outdated or active) return a `HTTP 404`
* No version header given returns a `HTTP 300`
- OutdatedVersions return a `HTTP 404`
- ActiveVersions return a `HTTP 503` if currently unavailable or the given code by running backend-node
- Unsupported versions (not configured as outdated or active) return a `HTTP 404`
- No version header given returns a `HTTP 300`
**NOTE:** The default configuration expects the client to set a version header: `X-StApps-Version=<version of app>`
@@ -46,7 +46,7 @@ and SMTP-Configuration via environment-variables for monitoring in production us
## Usage
The Node.js script reads out the `/var/run/docker.sock` to get the containers of the host system via
[dockerode](https://github.com/apocas/dockerode "GitHub").
[dockerode](https://github.com/apocas/dockerode 'GitHub').
Without ssl: