commiting OC AWS tools

2025-08-15 21:36:51 +00:00 · 2022-03-10 16:18:22 -05:00
parent 6368c39ef7
commit e8262946d7
9 changed files with 231 additions and 23 deletions
--- a/12
+++ b/12
@@ -8,7 +8,7 @@ pipeline {
 		ansiColor('xterm')
 	}
 	environment {
-		IMAGE                      = "owenscorning/aws-nginx-full"
+		IMAGE                      = "nginx-proxy-manager"
 		BUILD_VERSION              = getVersion()
 		MAJOR_VERSION              = "2"
 		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
@@ -26,7 +26,7 @@ pipeline {
 					}
 					steps {
 						script {
-							env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:${BUILD_VERSION} -t docker.io/${IMAGE}:${MAJOR_VERSION} -t docker.io/${IMAGE}:latest"
+							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
 						}
 					}
 				}
@@ -39,7 +39,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:github-${BRANCH_LOWER}"
+							env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
 						}
 					}
 				}
@@ -62,13 +62,13 @@ pipeline {
 		stage('Backend') {
 			steps {
 				echo 'Checking Syntax ...'
-				sh 'docker pull ${IMAGE}:certbot-node'
+				sh 'docker pull nginxproxymanager/nginx-full:certbot-node'
 				// See: https://github.com/yarnpkg/yarn/issues/3254
 				sh '''docker run --rm \\
 					-v "$(pwd)/backend:/app" \\
 					-v "$(pwd)/global:/app/global" \\
 					-w /app \\
-					${IMAGE}:certbot-node \\
+					nginxproxymanager/nginx-full:certbot-node \\
 					sh -c "yarn install && yarn eslint . && rm -rf node_modules"
 				'''

@@ -214,7 +214,7 @@ pipeline {
 			}
 			steps {
 				script {
-					def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
+					def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
 				}
 			}
 		}
--- a/aws/cloud-formation/template.yml
+++ b/aws/cloud-formation/template.yml
@@ -0,0 +1,137 @@
+AWSTemplateFormatVersion: 2010-09-09
+Parameters:
+  ImageUri:
+    Type: String
+    Default: 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate
+Resources:
+  ECSCluster:
+    Type: AWS::ECS::Cluster
+  Task:
+    Type: 'AWS::ECS::TaskDefinition'
+    Properties:
+      NetworkMode: awsvpc
+      RequiresCompatibilities:
+        - FARGATE
+      TaskRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
+      ExecutionRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
+      Family: Prod-Redirect
+      #https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu
+      Cpu: 2048
+      Memory: 4096
+      ContainerDefinitions:
+        - Name: Prod-Redirect
+          PortMappings:
+            - HostPort: 80
+              ContainerPort: 80
+            - HostPort: 81
+              ContainerPort: 81
+            - HostPort: 443
+              ContainerPort: 443
+          Image: !Ref ImageUri
+          #Image: docker.io/jc21/nginx-proxy-manager:latest
+          #Image: docker.io/jc21/nginx-proxy-manager:github-pr-1839
+          HealthCheck: 
+             Command: ["CMD", "/bin/check-health"]
+             Interval: 10
+          Essential: true
+          MountPoints:
+            - SourceVolume: DataVol
+              ContainerPath: '/data'
+            - SourceVolume: CertVol
+              ContainerPath: '/etc/letsencrypt'
+          Environment:
+            - Name: DISABLE_IPV6
+              Value: 'true'
+            - Name: AWS_EMF_AGENT_ENDPOINT
+              Value: tcp://Prod-Redirect_sidecar-cloudwatch:25888
+          Secrets:
+            - Name: DB_MYSQL_HOST
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:host::'
+            - Name: DB_MYSQL_PORT
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:port::'
+            - Name: DB_MYSQL_USER
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:username::'
+            - Name: DB_MYSQL_PASSWORD
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:password::'
+            - Name: DB_MYSQL_NAME
+              ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:dbInstanceIdentifier::'
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: ecs
+        - Name: Prod-Redirect_sidecar-xray
+          Image: public.ecr.aws/xray/aws-xray-daemon:latest
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: xray
+        - Name: Prod-Redirect_sidecar-cloudwatch
+          Image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest
+          MountPoints:
+            - SourceVolume: DataVol
+              ContainerPath: '/data'
+              ReadOnly: true
+          Secrets:
+            - Name: CW_CONFIG_CONTENT
+              ValueFrom: 'AmazonCloudWatch-FargateProdRedirect'
+          PortMappings:
+            - Protocol: tcp
+              ContainerPort: 25888
+          LogConfiguration:
+            LogDriver: awslogs
+            Options:
+              awslogs-region: us-east-1
+              awslogs-group: !Ref LogGroupService
+              awslogs-create-group: true
+              awslogs-stream-prefix: cw
+      Volumes:
+        - Name: DataVol
+          EFSVolumeConfiguration:
+            FilesystemId: fs-0312e867f3f1f9dce
+            RootDirectory: '/data'
+        - Name: CertVol
+          EFSVolumeConfiguration:
+            FilesystemId: fs-0312e867f3f1f9dce
+            RootDirectory: '/etc/letsencrypt'
+
+  Service:
+    Type: 'AWS::ECS::Service'
+    Properties:
+      ServiceName: Prod-Redirect
+      TaskDefinition: !Ref Task
+      LoadBalancers:
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port80/448b4c46ed8f46fd
+          ContainerPort: '80'
+          ContainerName: Prod-Redirect
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port81/ba8e3225a30afa4f
+          ContainerPort: '81'
+          ContainerName: Prod-Redirect
+        - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port443/fe95fd6d89d25ee6
+          ContainerPort: '443'
+          ContainerName: Prod-Redirect
+      Cluster: !Ref ECSCluster
+      DesiredCount: 1
+      DeploymentConfiguration:
+        MaximumPercent: 200
+        MinimumHealthyPercent: 50
+      LaunchType: FARGATE
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          AssignPublicIp: ENABLED
+          SecurityGroups: 
+            - sg-0f4d792c1dfcda349
+          Subnets: 
+            - subnet-0871ddae4ae155f62
+            - subnet-0f6de43a60061e760
+
+  LogGroupService:
+    Type: 'AWS::Logs::LogGroup'
+    Properties:
+      LogGroupName: /ecs/services
+      RetentionInDays: 30
--- a/backend/templates/proxy_host.conf
+++ b/backend/templates/proxy_host.conf
@@ -64,8 +64,7 @@ proxy_http_version 1.1;
    {% endif %}

    {% endif %}
-    #do the proxy!
-    proxy_pass       $forward_scheme://$server:$port$request_uri;
+
  }
 {% endif %}

--- a/deploy_build.sh
+++ b/deploy_build.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+echo "building frontend"
+./scripts/frontend-build
+echo "----------------"
+echo "building backend"
+echo 'Checking Syntax ...'
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
+
+IMAGE="owenscorning/aws-nginx-full"
+DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
+FINISH_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:fargate"
+BUILD_VERSION=`cat .version`
+MAJOR_VERSION="2"
+BRANCH_LOWER="master"
+
+docker pull ${DOCKER_IMAGE}
+docker run --rm \
+	-v "$(pwd)/backend:/app" \
+	-v "$(pwd)/global:/app/global" \
+	-w /app \
+	${IMAGE}:certbot-node \
+	sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+echo "-----------------"
+echo 'Docker Build ...'
+docker build --pull --no-cache --squash --compress \
+	-t "${IMAGE}:fargate" \
+	-f docker/Dockerfile \
+	--build-arg TARGETPLATFORM=linux/amd64 \
+	--build-arg BUILDPLATFORM=linux/amd64 \
+	--build-arg BUILD_VERSION="${BUILD_VERSION}" \
+	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
+	.
+
+echo "-----------------"
+echo "pushing to AWS"
+
+docker tag ${IMAGE}:fargate ${FINISH_IMAGE}
+docker push ${FINISH_IMAGE}
--- a/deploy_fargate.sh
+++ b/deploy_fargate.sh
@@ -0,0 +1 @@
+aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -3,7 +3,7 @@

 # This file assumes that the frontend has been built using ./scripts/frontend-build

-FROM 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node

 ARG TARGETPLATFORM
 ARG BUILD_VERSION
@@ -20,7 +20,6 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \

 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
 	&& apt-get update \
-	&& apt-get upgrade -y \
 	&& apt-get install -y --no-install-recommends jq logrotate \
 	&& apt-get clean \
 	&& rm -rf /var/lib/apt/lists/*
@@ -57,9 +56,8 @@ ENTRYPOINT [ "/init" ]

 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \
-	org.label-schema.name="aws-nginx-full" \
+	org.label-schema.name="nginx-proxy-manager" \
 	org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
-	org.label-schema.url="https://github.com/owenscorning/docker-aws-nginx-full" \
-	org.label-schema.vcs-url="https://github.com/owenscorning/docker-aws-nginx-full.git" \
-	org.label-schema.cmd="docker run --rm -ti owenscorning/aws-nginx-full:latest"
-
+	org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
+	org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
+	org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@@ -1,15 +1,15 @@
-FROM owenscorning/aws-nginx-full:certbot-node
+FROM nginxproxymanager/nginx-full:certbot-node
+LABEL maintainer="Jamie Curnow <jc@jc21.com>"

 ENV S6_LOGGING=0 \
 	SUPPRESS_NO_CONFIG_WARNING=1 \
 	S6_FIX_ATTRS_HIDDEN=1

-RUN yum makecache \
-	&& yum install -y \
-	certbot jq python3-pip logrotate \
-	\
-	&& yum clean all \
-	&& rm -rf /var/cache/* /var/log/* /tmp/*
+RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
+	&& apt-get update \
+	&& apt-get install -y certbot jq python3-pip logrotate \
+	&& apt-get clean \
+	&& rm -rf /var/lib/apt/lists/*

 # Task
 RUN cd /usr \
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -3,5 +3,5 @@ proxy_set_header X-Forwarded-Scheme $scheme;
 proxy_set_header X-Forwarded-Proto  $scheme;
 proxy_set_header X-Forwarded-For    $remote_addr;
 proxy_set_header X-Real-IP          $remote_addr;
-
+proxy_pass       $forward_scheme://$server:$port$request_uri;

--- a/local_build.sh
+++ b/local_build.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo "building frontend"
+./scripts/frontend-build
+read -n 1 -p "Press any key"
+echo "building backend"
+echo 'Checking Syntax ...'
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
+
+IMAGE="owenscorning/aws-nginx-full"
+DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
+BUILD_VERSION=`cat .version`
+MAJOR_VERSION="2"
+BRANCH_LOWER="master"
+
+docker pull ${DOCKER_IMAGE}
+docker run --rm \
+	-v "$(pwd)/backend:/app" \
+	-v "$(pwd)/global:/app/global" \
+	-w /app \
+	${IMAGE}:certbot-node \
+	sh -c "yarn install && yarn eslint . && rm -rf node_modules"
+
+echo 'Docker Build ...'
+docker build --pull --no-cache --squash --compress \
+	-t "${IMAGE}:production" \
+	-f docker/Dockerfile \
+	--build-arg TARGETPLATFORM=linux/amd64 \
+	--build-arg BUILDPLATFORM=linux/amd64 \
+	--build-arg BUILD_VERSION="${BUILD_VERSION}" \
+	--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
+	.
+
+docker run -it  -p 80:80 -p 81:81 -v /mnt/c/Projects/nginx-proxy-manager/rootfolder:/data --name data  "${IMAGE}:production"
				`@@ -0,0 +1 @@`
				`aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate`