From 62a0df968f58af62a782366f250b0bccdea31dc6 Mon Sep 17 00:00:00 2001 From: SKP Date: Fri, 29 Mar 2019 15:31:47 +0100 Subject: [PATCH] Added traefik feature to handle connections and tls of dockerised apps --- dist/setup.sh | 36 ++++++++++++------- .../generators/app/features.json | 4 +++ .../generators/app/index.js | 3 ++ .../generators/app/prompters/030_traefik.js | 15 ++++++++ .../generators/app/prompters/999_installer.js | 29 +++++++++++++++ .../app/templates/installer/config.sh | 4 +++ .../installer/docker/docker-compose.yaml | 15 ++++++++ .../app/templates/traefik/acme.json | 1 + .../app/templates/traefik/traefik.toml | 29 +++++++++++++++ 9 files changed, 124 insertions(+), 12 deletions(-) create mode 100644 install/generator-cyphernode/generators/app/prompters/030_traefik.js create mode 100644 install/generator-cyphernode/generators/app/templates/traefik/acme.json create mode 100644 install/generator-cyphernode/generators/app/templates/traefik/traefik.toml diff --git a/dist/setup.sh b/dist/setup.sh index a5aa4fb..e6e33e9 100755 --- a/dist/setup.sh +++ b/dist/setup.sh @@ -110,7 +110,7 @@ sudo_if_required() { } modify_permissions() { - local directories=("installer" "gatekeeper" "lightning" "bitcoin" "docker-compose.yaml" "$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH") + local directories=("installer" "gatekeeper" "lightning" "bitcoin" "docker-compose.yaml" "traefik" "$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH" "$TRAEFIK_DATAPATH") for d in "${directories[@]}" do if [[ -e $d ]]; then @@ -122,7 +122,7 @@ modify_permissions() { } modify_owner() { - local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH") + local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$OTSCLIENT_DATAPATH" "$TRAEFIK_DATAPATH") local user=$(id -u $RUN_AS_USER):$(id -g $RUN_AS_USER) for d in "${directories[@]}" do @@ -390,6 +390,18 @@ install_docker() { copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED fi + if [[ $FEATURE_TRAEFIK == true ]]; then + if [ ! -d $TRAEFIK_DATAPATH ]; then + step " create $TRAEFIK_DATAPATH" + sudo_if_required mkdir -p $TRAEFIK_DATAPATH + next + fi + + copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED + copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED + + fi + if [ ! -d $PROXY_DATAPATH ]; then step " create $PROXY_DATAPATH" sudo_if_required mkdir -p $PROXY_DATAPATH @@ -502,25 +514,25 @@ install_docker() { local appsnet_entry=$(docker network ls | grep cyphernodeappsnet); - if [[ appsnet_entry =~ 'cyphernodeappsnet' ]]; then - if [[ appsnet_entry =~ 'local' && $DOCKER_MODE == 'swarm' ]]; then - step " recreate cyphernode network" - try docker network rm cyphernodenet > /dev/null 2>&1 + if [[ $appsnet_entry =~ 'cyphernodeappsnet' ]]; then + if [[ $appsnet_entry =~ 'local' && $DOCKER_MODE == 'swarm' ]]; then + step " recreate cyphernode apps network" + try docker network rm cyphernodeappsnet > /dev/null 2>&1 try docker network create -d overlay --attachable --opt encrypted cyphernodeappsnet > /dev/null 2>&1 next - elif [[ appsnet_entry =~ 'swarm' && $DOCKER_MODE == 'compose' ]]; then - step " recreate cyphernode network" + elif [[ $appsnet_entry =~ 'swarm' && $DOCKER_MODE == 'compose' ]]; then + step " recreate cyphernode apps network" try docker network rm cyphernodeappsnet > /dev/null 2>&1 try docker network create cyphernodeappsnet > /dev/null 2>&1 next fi else if [[ $DOCKER_MODE == 'swarm' ]]; then - step " create cyphernode network" + step " create cyphernode apps network" try docker network create -d overlay --attachable --opt encrypted cyphernodeappsnet > /dev/null 2>&1 next elif [[ $DOCKER_MODE == 'compose' ]]; then - step " create cyphernode network" + step " create cyphernode apps network" try docker network create cyphernodeappsnet > /dev/null 2>&1 next fi @@ -552,7 +564,7 @@ install_docker() { check_directory_owner() { # if one directory does not have access rights for $RUN_AS_USER, we echo 1, else we echo 0 - local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH") + local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$TRAEFIK_DATAPATH") local status=0 for d in "${directories[@]}" do @@ -656,7 +668,7 @@ sanity_checks_pre_install() { if [[ $sudo_reason == 'directories' ]]; then echo " or check your data volumes if they have the right owner." echo " The owner of the following folders should be '$RUN_AS_USER':" - local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH") + local directories=("$BITCOIN_DATAPATH" "$LIGHTNING_DATAPATH" "$PROXY_DATAPATH" "$GATEKEEPER_DATAPATH" "$TRAEFIK_DATAPATH") local status=0 for d in "${directories[@]}" do diff --git a/install/generator-cyphernode/generators/app/features.json b/install/generator-cyphernode/generators/app/features.json index 84a1e9a..c58ee3a 100644 --- a/install/generator-cyphernode/generators/app/features.json +++ b/install/generator-cyphernode/generators/app/features.json @@ -1,4 +1,8 @@ [ + { + "name": "Traefik proxy for cyphernode apps", + "value": "traefik" + }, { "name": "Lightning node", "value": "lightning" diff --git a/install/generator-cyphernode/generators/app/index.js b/install/generator-cyphernode/generators/app/index.js index da77200..96a07a2 100644 --- a/install/generator-cyphernode/generators/app/index.js +++ b/install/generator-cyphernode/generators/app/index.js @@ -362,6 +362,7 @@ module.exports = class extends Generator { const pathProps = [ 'gatekeeper_datapath', + 'traefik_datapath', 'proxy_datapath', 'bitcoin_datapath', 'lightning_datapath', @@ -449,6 +450,7 @@ module.exports = class extends Generator { gatekeeper_sslcert: '', gatekeeper_sslkey: '', gatekeeper_cns: process.env['DEFAULT_CERT_HOSTNAME'] || '', + gatekeeper_datapath: '', proxy_datapath: '', lightning_implementation: 'c-lightning', lightning_external_ip: '', @@ -456,6 +458,7 @@ module.exports = class extends Generator { lightning_nodename: name.generate(), lightning_nodecolor: '', otsclient_datapath: '', + traefik_datapath: '', installer_cleanup: false, default_username: process.env.DEFAULT_USER || '', gatekeeper_version: process.env.GATEKEEPER_VERSION || 'latest', diff --git a/install/generator-cyphernode/generators/app/prompters/030_traefik.js b/install/generator-cyphernode/generators/app/prompters/030_traefik.js new file mode 100644 index 0000000..353b449 --- /dev/null +++ b/install/generator-cyphernode/generators/app/prompters/030_traefik.js @@ -0,0 +1,15 @@ +const chalk = require('chalk'); + +const name = 'traefik'; + +module.exports = { + name: function() { + return name; + }, + prompts: function( utils ) { + return []; + }, + templates: function( props ) { + return [ 'acme.json', 'traefik.toml' ]; + } +}; diff --git a/install/generator-cyphernode/generators/app/prompters/999_installer.js b/install/generator-cyphernode/generators/app/prompters/999_installer.js index 24e04eb..7461666 100644 --- a/install/generator-cyphernode/generators/app/prompters/999_installer.js +++ b/install/generator-cyphernode/generators/app/prompters/999_installer.js @@ -59,6 +59,35 @@ module.exports = { ], message: prefix()+'Where do you want to store your gatekeeper data?'+utils._getHelp('gatekeeper_datapath'), }, + { + when: installerDocker, + type: 'list', + name: 'traefik_datapath', + default: utils._getDefault( 'traefik_datapath' ), + choices: [ + { + name: utils.setupDir+"/cyphernode/traefik", + value: utils.setupDir+"/cyphernode/traefik" + }, + { + name: utils.defaultDataDirBase+"/cyphernode/traefik", + value: utils.defaultDataDirBase+"/cyphernode/traefik" + }, + { + name: utils.defaultDataDirBase+"/.cyphernode/traefik", + value: utils.defaultDataDirBase+"/.cyphernode/traefik" + }, + { + name: utils.defaultDataDirBase+"/traefik", + value: utils.defaultDataDirBase+"/traefik" + }, + { + name: "Custom path", + value: "_custom" + } + ], + message: prefix()+'Where do you want to store your traefik data?'+utils._getHelp('traefik_datapath'), + }, { when: (props)=>{ return installerDocker(props) && (props.gatekeeper_datapath === '_custom') }, type: 'input', diff --git a/install/generator-cyphernode/generators/app/templates/installer/config.sh b/install/generator-cyphernode/generators/app/templates/installer/config.sh index ddd9ca3..4d1a844 100644 --- a/install/generator-cyphernode/generators/app/templates/installer/config.sh +++ b/install/generator-cyphernode/generators/app/templates/installer/config.sh @@ -1,5 +1,6 @@ INSTALLER_MODE=<%= installer_mode %> BITCOIN_INTERNAL=<%= (bitcoin_mode==="internal"?'true':'false') %> +FEATURE_TRAEFIK=<%= (features.indexOf('traefik') != -1)?'true':'false' %> FEATURE_LIGHTNING=<%= (features.indexOf('lightning') != -1)?'true':'false' %> FEATURE_OTSCLIENT=<%= (features.indexOf('otsclient') != -1)?'true':'false' %> LIGHTNING_IMPLEMENTATION=<%= lightning_implementation %> @@ -8,6 +9,9 @@ GATEKEEPER_DATAPATH=<%= gatekeeper_datapath %> DOCKER_MODE=<%= docker_mode %> RUN_AS_USER=<%= run_as_different_user?username:'' %> CLEANUP=<%= installer_cleanup?'true':'false' %> +<% if ( features.indexOf('traefik') !== -1 ) { %> +TRAEFIK_DATAPATH=<%= traefik_datapath %> +<% } %> <% if ( features.indexOf('lightning') !== -1 && lightning_implementation === 'c-lightning' ) { %> LIGHTNING_DATAPATH=<%= lightning_datapath %> <% } %> diff --git a/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml b/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml index 113eec5..9f632bd 100644 --- a/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml +++ b/install/generator-cyphernode/generators/app/templates/installer/docker/docker-compose.yaml @@ -147,6 +147,21 @@ services: restart: always <% } %> +<% if ( features.indexOf('traefik') !== -1 ) { %> + traefik: + image: traefik:v1.7.9-alpine + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "<%= traefik_datapath%>/traefik.toml:/traefik.toml" + - "<%= traefik_datapath%>/acme.json:/acme.json" + networks: + - cyphernodeappsnet +<% } %> + <% if( bitcoin_mode === 'internal' ) { %> bitcoin: command: $USER bitcoind diff --git a/install/generator-cyphernode/generators/app/templates/traefik/acme.json b/install/generator-cyphernode/generators/app/templates/traefik/acme.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/install/generator-cyphernode/generators/app/templates/traefik/acme.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/install/generator-cyphernode/generators/app/templates/traefik/traefik.toml b/install/generator-cyphernode/generators/app/templates/traefik/traefik.toml new file mode 100644 index 0000000..06d9194 --- /dev/null +++ b/install/generator-cyphernode/generators/app/templates/traefik/traefik.toml @@ -0,0 +1,29 @@ +debug = false + +logLevel = "ERROR" +defaultEntryPoints = ["https","http"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + +[retry] + +[docker] +endpoint = "unix:///var/run/docker.sock" +domain = "cyphernode.localhost" +watch = true +exposedByDefault = false + +[acme] +email = "noreply@cnc.skp.rocks" +storage = "acme.json" +entryPoint = "https" +onHostRule = true +[acme.httpChallenge] +entryPoint = "http"