From e8262946d70cf72237643424b9856da6f46941ea Mon Sep 17 00:00:00 2001 From: Nick Craig Date: Thu, 10 Mar 2022 16:18:22 -0500 Subject: [PATCH] commiting OC AWS tools --- Jenkinsfile | 12 +- aws/cloud-formation/template.yml | 137 ++++++++++++++++++ backend/templates/proxy_host.conf | 3 +- deploy_build.sh | 39 +++++ deploy_fargate.sh | 1 + docker/Dockerfile | 12 +- docker/dev/Dockerfile | 14 +- .../etc/nginx/conf.d/include/proxy.conf | 2 +- local_build.sh | 34 +++++ 9 files changed, 231 insertions(+), 23 deletions(-) create mode 100644 aws/cloud-formation/template.yml create mode 100644 deploy_build.sh create mode 100644 deploy_fargate.sh create mode 100644 local_build.sh diff --git a/Jenkinsfile b/Jenkinsfile index 51320be5..1b744692 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -8,7 +8,7 @@ pipeline { ansiColor('xterm') } environment { - IMAGE = "owenscorning/aws-nginx-full" + IMAGE = "nginx-proxy-manager" BUILD_VERSION = getVersion() MAJOR_VERSION = "2" BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}" @@ -26,7 +26,7 @@ pipeline { } steps { script { - env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:${BUILD_VERSION} -t docker.io/${IMAGE}:${MAJOR_VERSION} -t docker.io/${IMAGE}:latest" + env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest" } } } @@ -39,7 +39,7 @@ pipeline { steps { script { // Defaults to the Branch name, which is applies to all branches AND pr's - env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:github-${BRANCH_LOWER}" + env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}" } } } @@ -62,13 +62,13 @@ pipeline { stage('Backend') { steps { echo 'Checking Syntax ...' - sh 'docker pull ${IMAGE}:certbot-node' + sh 'docker pull nginxproxymanager/nginx-full:certbot-node' // See: https://github.com/yarnpkg/yarn/issues/3254 sh '''docker run --rm \\ -v "$(pwd)/backend:/app" \\ -v "$(pwd)/global:/app/global" \\ -w /app \\ - ${IMAGE}:certbot-node \\ + nginxproxymanager/nginx-full:certbot-node \\ sh -c "yarn install && yarn eslint . && rm -rf node_modules" ''' @@ -214,7 +214,7 @@ pipeline { } steps { script { - def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.") + def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.") } } } diff --git a/aws/cloud-formation/template.yml b/aws/cloud-formation/template.yml new file mode 100644 index 00000000..bda9844c --- /dev/null +++ b/aws/cloud-formation/template.yml @@ -0,0 +1,137 @@ +AWSTemplateFormatVersion: 2010-09-09 +Parameters: + ImageUri: + Type: String + Default: 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate +Resources: + ECSCluster: + Type: AWS::ECS::Cluster + Task: + Type: 'AWS::ECS::TaskDefinition' + Properties: + NetworkMode: awsvpc + RequiresCompatibilities: + - FARGATE + TaskRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole + ExecutionRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole + Family: Prod-Redirect + #https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu + Cpu: 2048 + Memory: 4096 + ContainerDefinitions: + - Name: Prod-Redirect + PortMappings: + - HostPort: 80 + ContainerPort: 80 + - HostPort: 81 + ContainerPort: 81 + - HostPort: 443 + ContainerPort: 443 + Image: !Ref ImageUri + #Image: docker.io/jc21/nginx-proxy-manager:latest + #Image: docker.io/jc21/nginx-proxy-manager:github-pr-1839 + HealthCheck: + Command: ["CMD", "/bin/check-health"] + Interval: 10 + Essential: true + MountPoints: + - SourceVolume: DataVol + ContainerPath: '/data' + - SourceVolume: CertVol + ContainerPath: '/etc/letsencrypt' + Environment: + - Name: DISABLE_IPV6 + Value: 'true' + - Name: AWS_EMF_AGENT_ENDPOINT + Value: tcp://Prod-Redirect_sidecar-cloudwatch:25888 + Secrets: + - Name: DB_MYSQL_HOST + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:host::' + - Name: DB_MYSQL_PORT + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:port::' + - Name: DB_MYSQL_USER + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:username::' + - Name: DB_MYSQL_PASSWORD + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:password::' + - Name: DB_MYSQL_NAME + ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:dbInstanceIdentifier::' + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: ecs + - Name: Prod-Redirect_sidecar-xray + Image: public.ecr.aws/xray/aws-xray-daemon:latest + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: xray + - Name: Prod-Redirect_sidecar-cloudwatch + Image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest + MountPoints: + - SourceVolume: DataVol + ContainerPath: '/data' + ReadOnly: true + Secrets: + - Name: CW_CONFIG_CONTENT + ValueFrom: 'AmazonCloudWatch-FargateProdRedirect' + PortMappings: + - Protocol: tcp + ContainerPort: 25888 + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: us-east-1 + awslogs-group: !Ref LogGroupService + awslogs-create-group: true + awslogs-stream-prefix: cw + Volumes: + - Name: DataVol + EFSVolumeConfiguration: + FilesystemId: fs-0312e867f3f1f9dce + RootDirectory: '/data' + - Name: CertVol + EFSVolumeConfiguration: + FilesystemId: fs-0312e867f3f1f9dce + RootDirectory: '/etc/letsencrypt' + + Service: + Type: 'AWS::ECS::Service' + Properties: + ServiceName: Prod-Redirect + TaskDefinition: !Ref Task + LoadBalancers: + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port80/448b4c46ed8f46fd + ContainerPort: '80' + ContainerName: Prod-Redirect + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port81/ba8e3225a30afa4f + ContainerPort: '81' + ContainerName: Prod-Redirect + - TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port443/fe95fd6d89d25ee6 + ContainerPort: '443' + ContainerName: Prod-Redirect + Cluster: !Ref ECSCluster + DesiredCount: 1 + DeploymentConfiguration: + MaximumPercent: 200 + MinimumHealthyPercent: 50 + LaunchType: FARGATE + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED + SecurityGroups: + - sg-0f4d792c1dfcda349 + Subnets: + - subnet-0871ddae4ae155f62 + - subnet-0f6de43a60061e760 + + LogGroupService: + Type: 'AWS::Logs::LogGroup' + Properties: + LogGroupName: /ecs/services + RetentionInDays: 30 diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index b538a0a0..ffed08b7 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -64,8 +64,7 @@ proxy_http_version 1.1; {% endif %} {% endif %} - #do the proxy! - proxy_pass $forward_scheme://$server:$port$request_uri; + } {% endif %} diff --git a/deploy_build.sh b/deploy_build.sh new file mode 100644 index 00000000..0caa0ae9 --- /dev/null +++ b/deploy_build.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +echo "building frontend" +./scripts/frontend-build +echo "----------------" +echo "building backend" +echo 'Checking Syntax ...' +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com + +IMAGE="owenscorning/aws-nginx-full" +DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node" +FINISH_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:fargate" +BUILD_VERSION=`cat .version` +MAJOR_VERSION="2" +BRANCH_LOWER="master" + +docker pull ${DOCKER_IMAGE} +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + ${IMAGE}:certbot-node \ + sh -c "yarn install && yarn eslint . && rm -rf node_modules" +echo "-----------------" +echo 'Docker Build ...' +docker build --pull --no-cache --squash --compress \ + -t "${IMAGE}:fargate" \ + -f docker/Dockerfile \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . + +echo "-----------------" +echo "pushing to AWS" + +docker tag ${IMAGE}:fargate ${FINISH_IMAGE} +docker push ${FINISH_IMAGE} diff --git a/deploy_fargate.sh b/deploy_fargate.sh new file mode 100644 index 00000000..0e095e58 --- /dev/null +++ b/deploy_fargate.sh @@ -0,0 +1 @@ +aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate diff --git a/docker/Dockerfile b/docker/Dockerfile index 400e94fb..378fffbf 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ # This file assumes that the frontend has been built using ./scripts/frontend-build -FROM 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node +FROM nginxproxymanager/nginx-full:certbot-node ARG TARGETPLATFORM ARG BUILD_VERSION @@ -20,7 +20,6 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ && apt-get update \ - && apt-get upgrade -y \ && apt-get install -y --no-install-recommends jq logrotate \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -57,9 +56,8 @@ ENTRYPOINT [ "/init" ] LABEL org.label-schema.schema-version="1.0" \ org.label-schema.license="MIT" \ - org.label-schema.name="aws-nginx-full" \ + org.label-schema.name="nginx-proxy-manager" \ org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ - org.label-schema.url="https://github.com/owenscorning/docker-aws-nginx-full" \ - org.label-schema.vcs-url="https://github.com/owenscorning/docker-aws-nginx-full.git" \ - org.label-schema.cmd="docker run --rm -ti owenscorning/aws-nginx-full:latest" - + org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \ + org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \ + org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest" diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index 509a2c07..d2e2266a 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -1,15 +1,15 @@ -FROM owenscorning/aws-nginx-full:certbot-node +FROM nginxproxymanager/nginx-full:certbot-node +LABEL maintainer="Jamie Curnow " ENV S6_LOGGING=0 \ SUPPRESS_NO_CONFIG_WARNING=1 \ S6_FIX_ATTRS_HIDDEN=1 -RUN yum makecache \ - && yum install -y \ - certbot jq python3-pip logrotate \ - \ - && yum clean all \ - && rm -rf /var/cache/* /var/log/* /tmp/* +RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ + && apt-get update \ + && apt-get install -y certbot jq python3-pip logrotate \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* # Task RUN cd /usr \ diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf index 9618208a..e6f9ee16 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf @@ -3,5 +3,5 @@ proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; - +proxy_pass $forward_scheme://$server:$port$request_uri; diff --git a/local_build.sh b/local_build.sh new file mode 100644 index 00000000..a8e49c94 --- /dev/null +++ b/local_build.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +echo "building frontend" +./scripts/frontend-build +read -n 1 -p "Press any key" +echo "building backend" +echo 'Checking Syntax ...' +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com + +IMAGE="owenscorning/aws-nginx-full" +DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node" +BUILD_VERSION=`cat .version` +MAJOR_VERSION="2" +BRANCH_LOWER="master" + +docker pull ${DOCKER_IMAGE} +docker run --rm \ + -v "$(pwd)/backend:/app" \ + -v "$(pwd)/global:/app/global" \ + -w /app \ + ${IMAGE}:certbot-node \ + sh -c "yarn install && yarn eslint . && rm -rf node_modules" + +echo 'Docker Build ...' +docker build --pull --no-cache --squash --compress \ + -t "${IMAGE}:production" \ + -f docker/Dockerfile \ + --build-arg TARGETPLATFORM=linux/amd64 \ + --build-arg BUILDPLATFORM=linux/amd64 \ + --build-arg BUILD_VERSION="${BUILD_VERSION}" \ + --build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \ + . + +docker run -it -p 80:80 -p 81:81 -v /mnt/c/Projects/nginx-proxy-manager/rootfolder:/data --name data "${IMAGE}:production" \ No newline at end of file