commiting OC AWS tools

This commit is contained in:
Nick Craig
2022-03-10 16:18:22 -05:00
parent 6368c39ef7
commit e8262946d7
9 changed files with 231 additions and 23 deletions

12
Jenkinsfile vendored
View File

@@ -8,7 +8,7 @@ pipeline {
ansiColor('xterm') ansiColor('xterm')
} }
environment { environment {
IMAGE = "owenscorning/aws-nginx-full" IMAGE = "nginx-proxy-manager"
BUILD_VERSION = getVersion() BUILD_VERSION = getVersion()
MAJOR_VERSION = "2" MAJOR_VERSION = "2"
BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}" BRANCH_LOWER = "${BRANCH_NAME.toLowerCase().replaceAll('/', '-')}"
@@ -26,7 +26,7 @@ pipeline {
} }
steps { steps {
script { script {
env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:${BUILD_VERSION} -t docker.io/${IMAGE}:${MAJOR_VERSION} -t docker.io/${IMAGE}:latest" env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest"
} }
} }
} }
@@ -39,7 +39,7 @@ pipeline {
steps { steps {
script { script {
// Defaults to the Branch name, which is applies to all branches AND pr's // Defaults to the Branch name, which is applies to all branches AND pr's
env.BUILDX_PUSH_TAGS = "-t docker.io/${IMAGE}:github-${BRANCH_LOWER}" env.BUILDX_PUSH_TAGS = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
} }
} }
} }
@@ -62,13 +62,13 @@ pipeline {
stage('Backend') { stage('Backend') {
steps { steps {
echo 'Checking Syntax ...' echo 'Checking Syntax ...'
sh 'docker pull ${IMAGE}:certbot-node' sh 'docker pull nginxproxymanager/nginx-full:certbot-node'
// See: https://github.com/yarnpkg/yarn/issues/3254 // See: https://github.com/yarnpkg/yarn/issues/3254
sh '''docker run --rm \\ sh '''docker run --rm \\
-v "$(pwd)/backend:/app" \\ -v "$(pwd)/backend:/app" \\
-v "$(pwd)/global:/app/global" \\ -v "$(pwd)/global:/app/global" \\
-w /app \\ -w /app \\
${IMAGE}:certbot-node \\ nginxproxymanager/nginx-full:certbot-node \\
sh -c "yarn install && yarn eslint . && rm -rf node_modules" sh -c "yarn install && yarn eslint . && rm -rf node_modules"
''' '''
@@ -214,7 +214,7 @@ pipeline {
} }
steps { steps {
script { script {
def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.") def comment = pullRequest.comment("This is an automated message from CI:\n\nDocker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.")
} }
} }
} }

View File

@@ -0,0 +1,137 @@
AWSTemplateFormatVersion: 2010-09-09
Parameters:
ImageUri:
Type: String
Default: 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate
Resources:
ECSCluster:
Type: AWS::ECS::Cluster
Task:
Type: 'AWS::ECS::TaskDefinition'
Properties:
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
TaskRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
ExecutionRoleArn: arn:aws:iam::413067109875:role/ecsTaskExecutionRole
Family: Prod-Redirect
#https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu
Cpu: 2048
Memory: 4096
ContainerDefinitions:
- Name: Prod-Redirect
PortMappings:
- HostPort: 80
ContainerPort: 80
- HostPort: 81
ContainerPort: 81
- HostPort: 443
ContainerPort: 443
Image: !Ref ImageUri
#Image: docker.io/jc21/nginx-proxy-manager:latest
#Image: docker.io/jc21/nginx-proxy-manager:github-pr-1839
HealthCheck:
Command: ["CMD", "/bin/check-health"]
Interval: 10
Essential: true
MountPoints:
- SourceVolume: DataVol
ContainerPath: '/data'
- SourceVolume: CertVol
ContainerPath: '/etc/letsencrypt'
Environment:
- Name: DISABLE_IPV6
Value: 'true'
- Name: AWS_EMF_AGENT_ENDPOINT
Value: tcp://Prod-Redirect_sidecar-cloudwatch:25888
Secrets:
- Name: DB_MYSQL_HOST
ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:host::'
- Name: DB_MYSQL_PORT
ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:port::'
- Name: DB_MYSQL_USER
ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:username::'
- Name: DB_MYSQL_PASSWORD
ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:password::'
- Name: DB_MYSQL_NAME
ValueFrom: 'arn:aws:secretsmanager:us-east-1:413067109875:secret:prod/RedirectManager/Database-JczghG:dbInstanceIdentifier::'
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: us-east-1
awslogs-group: !Ref LogGroupService
awslogs-create-group: true
awslogs-stream-prefix: ecs
- Name: Prod-Redirect_sidecar-xray
Image: public.ecr.aws/xray/aws-xray-daemon:latest
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: us-east-1
awslogs-group: !Ref LogGroupService
awslogs-create-group: true
awslogs-stream-prefix: xray
- Name: Prod-Redirect_sidecar-cloudwatch
Image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:latest
MountPoints:
- SourceVolume: DataVol
ContainerPath: '/data'
ReadOnly: true
Secrets:
- Name: CW_CONFIG_CONTENT
ValueFrom: 'AmazonCloudWatch-FargateProdRedirect'
PortMappings:
- Protocol: tcp
ContainerPort: 25888
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-region: us-east-1
awslogs-group: !Ref LogGroupService
awslogs-create-group: true
awslogs-stream-prefix: cw
Volumes:
- Name: DataVol
EFSVolumeConfiguration:
FilesystemId: fs-0312e867f3f1f9dce
RootDirectory: '/data'
- Name: CertVol
EFSVolumeConfiguration:
FilesystemId: fs-0312e867f3f1f9dce
RootDirectory: '/etc/letsencrypt'
Service:
Type: 'AWS::ECS::Service'
Properties:
ServiceName: Prod-Redirect
TaskDefinition: !Ref Task
LoadBalancers:
- TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port80/448b4c46ed8f46fd
ContainerPort: '80'
ContainerName: Prod-Redirect
- TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port81/ba8e3225a30afa4f
ContainerPort: '81'
ContainerName: Prod-Redirect
- TargetGroupArn: arn:aws:elasticloadbalancing:us-east-1:413067109875:targetgroup/Prod-RedirectManager-port443/fe95fd6d89d25ee6
ContainerPort: '443'
ContainerName: Prod-Redirect
Cluster: !Ref ECSCluster
DesiredCount: 1
DeploymentConfiguration:
MaximumPercent: 200
MinimumHealthyPercent: 50
LaunchType: FARGATE
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: ENABLED
SecurityGroups:
- sg-0f4d792c1dfcda349
Subnets:
- subnet-0871ddae4ae155f62
- subnet-0f6de43a60061e760
LogGroupService:
Type: 'AWS::Logs::LogGroup'
Properties:
LogGroupName: /ecs/services
RetentionInDays: 30

View File

@@ -64,8 +64,7 @@ proxy_http_version 1.1;
{% endif %} {% endif %}
{% endif %} {% endif %}
#do the proxy!
proxy_pass $forward_scheme://$server:$port$request_uri;
} }
{% endif %} {% endif %}

39
deploy_build.sh Normal file
View File

@@ -0,0 +1,39 @@
#!/bin/bash
echo "building frontend"
./scripts/frontend-build
echo "----------------"
echo "building backend"
echo 'Checking Syntax ...'
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
IMAGE="owenscorning/aws-nginx-full"
DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
FINISH_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:fargate"
BUILD_VERSION=`cat .version`
MAJOR_VERSION="2"
BRANCH_LOWER="master"
docker pull ${DOCKER_IMAGE}
docker run --rm \
-v "$(pwd)/backend:/app" \
-v "$(pwd)/global:/app/global" \
-w /app \
${IMAGE}:certbot-node \
sh -c "yarn install && yarn eslint . && rm -rf node_modules"
echo "-----------------"
echo 'Docker Build ...'
docker build --pull --no-cache --squash --compress \
-t "${IMAGE}:fargate" \
-f docker/Dockerfile \
--build-arg TARGETPLATFORM=linux/amd64 \
--build-arg BUILDPLATFORM=linux/amd64 \
--build-arg BUILD_VERSION="${BUILD_VERSION}" \
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
.
echo "-----------------"
echo "pushing to AWS"
docker tag ${IMAGE}:fargate ${FINISH_IMAGE}
docker push ${FINISH_IMAGE}

1
deploy_fargate.sh Normal file
View File

@@ -0,0 +1 @@
aws cloudformation deploy --stack-name Prod-Redirect --template-file ./aws/cloud-formation/template.yml --profile 413067109875 --capabilities CAPABILITY_NAMED_IAM --parameter-overrides ImageUri=413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:fargate

View File

@@ -3,7 +3,7 @@
# This file assumes that the frontend has been built using ./scripts/frontend-build # This file assumes that the frontend has been built using ./scripts/frontend-build
FROM 413067109875.dkr.ecr.us-east-1.amazonaws.com/owenscorning/aws-nginx-full:certbot-node FROM nginxproxymanager/nginx-full:certbot-node
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILD_VERSION ARG BUILD_VERSION
@@ -20,7 +20,6 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \ && apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends jq logrotate \ && apt-get install -y --no-install-recommends jq logrotate \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
@@ -57,9 +56,8 @@ ENTRYPOINT [ "/init" ]
LABEL org.label-schema.schema-version="1.0" \ LABEL org.label-schema.schema-version="1.0" \
org.label-schema.license="MIT" \ org.label-schema.license="MIT" \
org.label-schema.name="aws-nginx-full" \ org.label-schema.name="nginx-proxy-manager" \
org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \ org.label-schema.description="Docker container for managing Nginx proxy hosts with a simple, powerful interface " \
org.label-schema.url="https://github.com/owenscorning/docker-aws-nginx-full" \ org.label-schema.url="https://github.com/jc21/nginx-proxy-manager" \
org.label-schema.vcs-url="https://github.com/owenscorning/docker-aws-nginx-full.git" \ org.label-schema.vcs-url="https://github.com/jc21/nginx-proxy-manager.git" \
org.label-schema.cmd="docker run --rm -ti owenscorning/aws-nginx-full:latest" org.label-schema.cmd="docker run --rm -ti jc21/nginx-proxy-manager:latest"

View File

@@ -1,15 +1,15 @@
FROM owenscorning/aws-nginx-full:certbot-node FROM nginxproxymanager/nginx-full:certbot-node
LABEL maintainer="Jamie Curnow <jc@jc21.com>"
ENV S6_LOGGING=0 \ ENV S6_LOGGING=0 \
SUPPRESS_NO_CONFIG_WARNING=1 \ SUPPRESS_NO_CONFIG_WARNING=1 \
S6_FIX_ATTRS_HIDDEN=1 S6_FIX_ATTRS_HIDDEN=1
RUN yum makecache \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& yum install -y \ && apt-get update \
certbot jq python3-pip logrotate \ && apt-get install -y certbot jq python3-pip logrotate \
\ && apt-get clean \
&& yum clean all \ && rm -rf /var/lib/apt/lists/*
&& rm -rf /var/cache/* /var/log/* /tmp/*
# Task # Task
RUN cd /usr \ RUN cd /usr \

View File

@@ -3,5 +3,5 @@ proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;

34
local_build.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash
echo "building frontend"
./scripts/frontend-build
read -n 1 -p "Press any key"
echo "building backend"
echo 'Checking Syntax ...'
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 413067109875.dkr.ecr.us-east-1.amazonaws.com
IMAGE="owenscorning/aws-nginx-full"
DOCKER_IMAGE="413067109875.dkr.ecr.us-east-1.amazonaws.com/${IMAGE}:certbot-node"
BUILD_VERSION=`cat .version`
MAJOR_VERSION="2"
BRANCH_LOWER="master"
docker pull ${DOCKER_IMAGE}
docker run --rm \
-v "$(pwd)/backend:/app" \
-v "$(pwd)/global:/app/global" \
-w /app \
${IMAGE}:certbot-node \
sh -c "yarn install && yarn eslint . && rm -rf node_modules"
echo 'Docker Build ...'
docker build --pull --no-cache --squash --compress \
-t "${IMAGE}:production" \
-f docker/Dockerfile \
--build-arg TARGETPLATFORM=linux/amd64 \
--build-arg BUILDPLATFORM=linux/amd64 \
--build-arg BUILD_VERSION="${BUILD_VERSION}" \
--build-arg BUILD_DATE="$(date '+%Y-%m-%d %T %Z')" \
.
docker run -it -p 80:80 -p 81:81 -v /mnt/c/Projects/nginx-proxy-manager/rootfolder:/data --name data "${IMAGE}:production"