Added traefik feature to handle connections and tls of dockerised apps

dist/setup.sh

@@ -110,7 +110,7 @@ sudo_if_required() {
 }
 
 modify_permissions() {
-  local directories=("installer" "gatekeeper" "lightning" "bitcoin" "docker-compose.yaml" "$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH")
+  local directories=("installer" "gatekeeper" "lightning" "bitcoin" "docker-compose.yaml" "traefik" "$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH" "$TRAEFIK_DATAPATH")
   for d in "${directories[@]}"
   do
     if [[ -e $d ]]; then
@@ -122,7 +122,7 @@ modify_permissions() {
 }
 
 modify_owner() {
-  local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH")
+  local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH" "$TRAEFIK_DATAPATH")
   local user=$(id -u $RUN_AS_USER):$(id -g $RUN_AS_USER)
   for d in "${directories[@]}"
   do
@@ -390,6 +390,18 @@ install_docker() {
     copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED
   fi
 
+  if [[ $FEATURE_TRAEFIK == true ]]; then
+    if [ ! -d $TRAEFIK_DATAPATH ]; then
+      step "   create $TRAEFIK_DATAPATH"
+      sudo_if_required mkdir -p $TRAEFIK_DATAPATH
+      next
+    fi
+
+    copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED
+    copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED
+
+  fi
+
   if [ ! -d $PROXY_DATAPATH ]; then
     step "   create $PROXY_DATAPATH"
     sudo_if_required mkdir -p $PROXY_DATAPATH
@@ -502,25 +514,25 @@ install_docker() {
 
   local appsnet_entry=$(docker network ls | grep cyphernodeappsnet);
 
-  if [[ appsnet_entry =~ 'cyphernodeappsnet' ]]; then
-    if [[ appsnet_entry =~ 'local' && $DOCKER_MODE == 'swarm' ]]; then
-      step " recreate cyphernode network"
-      try docker network rm cyphernodenet > /dev/null 2>&1
+  if [[ $appsnet_entry =~ 'cyphernodeappsnet' ]]; then
+    if [[ $appsnet_entry =~ 'local' && $DOCKER_MODE == 'swarm' ]]; then
+      step " recreate cyphernode apps network"
+      try docker network rm cyphernodeappsnet > /dev/null 2>&1
       try docker network create -d overlay --attachable --opt encrypted cyphernodeappsnet > /dev/null 2>&1
       next
-    elif [[ appsnet_entry =~ 'swarm' && $DOCKER_MODE == 'compose' ]]; then
-      step " recreate cyphernode network"
+    elif [[ $appsnet_entry =~ 'swarm' && $DOCKER_MODE == 'compose' ]]; then
+      step " recreate cyphernode apps network"
       try docker network rm cyphernodeappsnet > /dev/null 2>&1
       try docker network create cyphernodeappsnet > /dev/null 2>&1
       next
     fi
   else
     if [[ $DOCKER_MODE == 'swarm' ]]; then
-      step "   create cyphernode network"
+      step "   create cyphernode apps network"
       try docker network create -d overlay --attachable --opt encrypted cyphernodeappsnet > /dev/null 2>&1
       next
     elif [[ $DOCKER_MODE == 'compose' ]]; then
-      step "   create cyphernode network"
+      step "   create cyphernode apps network"
       try docker network create cyphernodeappsnet > /dev/null 2>&1
       next
     fi
@@ -552,7 +564,7 @@ install_docker() {
 
 check_directory_owner() {
   # if one directory does not have access rights for $RUN_AS_USER, we echo 1, else we echo 0
-  local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH")
+  local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$TRAEFIK_DATAPATH")
   local status=0
   for d in "${directories[@]}"
   do
@@ -656,7 +668,7 @@ sanity_checks_pre_install() {
       if [[ $sudo_reason == 'directories' ]]; then
         echo "          or check your data volumes if they have the right owner."
         echo "          The owner of the following folders should be '$RUN_AS_USER':"
-        local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH")
+        local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$TRAEFIK_DATAPATH")
           local status=0
           for d in "${directories[@]}"
           do

install/generator-cyphernode/generators/app/features.json

@@ -1,4 +1,8 @@
 [
+  {
+    "name": "Traefik proxy for cyphernode apps",
+    "value": "traefik"
+  },
   {
     "name": "Lightning node",
     "value": "lightning"

install/generator-cyphernode/generators/app/index.js

@@ -362,6 +362,7 @@ module.exports = class extends Generator {
 
     const pathProps = [
       'gatekeeper_datapath',
+      'traefik_datapath',
       'proxy_datapath',
       'bitcoin_datapath',
       'lightning_datapath',
@@ -449,6 +450,7 @@ module.exports = class extends Generator {
       gatekeeper_sslcert: '',
       gatekeeper_sslkey: '',
       gatekeeper_cns: process.env['DEFAULT_CERT_HOSTNAME'] || '',
+      gatekeeper_datapath: '',
       proxy_datapath: '',
       lightning_implementation: 'c-lightning',
       lightning_external_ip: '',
@@ -456,6 +458,7 @@ module.exports = class extends Generator {
       lightning_nodename: name.generate(),
       lightning_nodecolor: '',
       otsclient_datapath: '',
+      traefik_datapath: '',
       installer_cleanup: false,
       default_username: process.env.DEFAULT_USER || '',
       gatekeeper_version: process.env.GATEKEEPER_VERSION || 'latest',

install/generator-cyphernode/generators/app/prompters/030_traefik.js

@@ -0,0 +1,15 @@
+const chalk = require('chalk');
+
+const name = 'traefik';
+
+module.exports = {
+  name: function() {
+    return name;
+  },
+  prompts: function( utils ) {
+    return [];
+  },
+  templates: function( props ) {
+    return [ 'acme.json', 'traefik.toml' ];
+  }
+};

install/generator-cyphernode/generators/app/prompters/999_installer.js

@@ -59,6 +59,35 @@ module.exports = {
         ],
       message: prefix()+'Where do you want to store your gatekeeper data?'+utils._getHelp('gatekeeper_datapath'),
     },
+    {
+      when: installerDocker,
+      type: 'list',
+      name: 'traefik_datapath',
+      default: utils._getDefault( 'traefik_datapath' ),
+      choices: [
+        {
+          name: utils.setupDir+"/cyphernode/traefik",
+          value: utils.setupDir+"/cyphernode/traefik"
+        },
+        {
+          name: utils.defaultDataDirBase+"/cyphernode/traefik",
+          value: utils.defaultDataDirBase+"/cyphernode/traefik"
+        },
+        {
+          name: utils.defaultDataDirBase+"/.cyphernode/traefik",
+          value: utils.defaultDataDirBase+"/.cyphernode/traefik"
+        },
+        {
+          name: utils.defaultDataDirBase+"/traefik",
+          value: utils.defaultDataDirBase+"/traefik"
+        },
+        {
+          name: "Custom path",
+          value: "_custom"
+        }
+      ],
+      message: prefix()+'Where do you want to store your traefik data?'+utils._getHelp('traefik_datapath'),
+    },
     {
       when: (props)=>{ return installerDocker(props) && (props.gatekeeper_datapath === '_custom') },
       type: 'input',

install/generator-cyphernode/generators/app/templates/installer/config.sh

@@ -1,5 +1,6 @@
 INSTALLER_MODE=<%= installer_mode %>
 BITCOIN_INTERNAL=<%= (bitcoin_mode==="internal"?'true':'false') %>
+FEATURE_TRAEFIK=<%= (features.indexOf('traefik') != -1)?'true':'false' %>
 FEATURE_LIGHTNING=<%= (features.indexOf('lightning') != -1)?'true':'false' %>
 FEATURE_OTSCLIENT=<%= (features.indexOf('otsclient') != -1)?'true':'false' %>
 LIGHTNING_IMPLEMENTATION=<%= lightning_implementation %>
@@ -8,6 +9,9 @@ GATEKEEPER_DATAPATH=<%= gatekeeper_datapath %>
 DOCKER_MODE=<%= docker_mode %>
 RUN_AS_USER=<%= run_as_different_user?username:'' %>
 CLEANUP=<%= installer_cleanup?'true':'false' %>
+<% if ( features.indexOf('traefik') !== -1 ) { %>
+TRAEFIK_DATAPATH=<%= traefik_datapath %>
+<% } %>
 <% if ( features.indexOf('lightning') !== -1 && lightning_implementation === 'c-lightning' ) { %>
 LIGHTNING_DATAPATH=<%= lightning_datapath %>
 <% } %>

install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml

@@ -147,6 +147,21 @@ services:
     restart: always
 <% } %>
 
+<% if ( features.indexOf('traefik') !== -1 ) { %>
+  traefik:
+    image: traefik:v1.7.9-alpine
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "<%= traefik_datapath%>/traefik.toml:/traefik.toml"
+      - "<%= traefik_datapath%>/acme.json:/acme.json"
+    networks:
+      - cyphernodeappsnet
+<% } %>
+
 <% if( bitcoin_mode === 'internal' ) { %>
   bitcoin:
     command: $USER bitcoind

install/generator-cyphernode/generators/app/templates/traefik/acme.json

@@ -0,0 +1 @@
+{}

install/generator-cyphernode/generators/app/templates/traefik/traefik.toml

@@ -0,0 +1,29 @@
+debug = false
+
+logLevel = "ERROR"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+
+[retry]
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "cyphernode.localhost"
+watch = true
+exposedByDefault = false
+
+[acme]
+email = "noreply@cnc.skp.rocks"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+[acme.httpChallenge]
+entryPoint = "http"