Michelle/scalelite-run
1
0
Fork 0
mirror of https://github.com/michelleDeko/scalelite-run.git synced 2025-12-16 14:22:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added new version

Browse Source 
Updated init-letsencrypt

updated init-letsencrypt with docker-compose-init

updated init-letsencrypt with docker-compose-init

restored init-letsencrypt

updates to certbot

updates to certbot

updates to certbot

updates to certbot

updates to certbot

updates to certbot

updates to certbot

added certbot to scalelite-nginx

fixed settings for acme-challenge

added blacklist

updated init-letsencrypt for working with scaleite-nginx

Removed unnecessary files

percisted certbot logs and added env options to init-letsencrypt
This commit is contained in:
jfederico
2020-04-25 09:58:29 -04:00
parent e3683c4abd
commit a6e93f19e3
24 changed files with 123 additions and 820 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@@ -1,7 +1,5 @@
.env
/data*
/nginx/log*
/nginx/sites-available*
/nginx/sites-enabled*
@@ -11,3 +9,10 @@
/scalelite/log*
/scalelite/tmp*
/data/*
!/data/nginx/
/tmp*
/log*

383
README.md
View File

@@ -1,383 +0,0 @@
# scalelite-run
This document provides instructions on how to quickly [Scalelite](https://github.com/blindsidenetworks/scalelite), a stateful BigBlueButton load balancer, using docker-compose.
This can be performed as an [All-In-One-Box Deployment](#all-in-one-box-deployment) or making use of distributed services in the cloud (or virtual private cloud) through a cloud computing provider as a [Distributed Deployment](#distributed-deployment).
<a name="prerequisites"/>
## Prerequisites
Scalelite requires a server with 4 CPU cores and 8 Gig of memory. Since all the component run under docker, the underlying OS need only support docker and docker-compose.
These steps were written for an Ubuntu 18.04 machine. It is assumed that your machine has the same (or a compatible version).
You need to have a fully qualified domain name (FQDN) for the Scalelite server, such as bbb-lb.example.com, that resolves to the public IP address of the server.
To setup the server, first install both [docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04) and [docker-compose](https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-18-04).
Next, clone the `scalelite-run` repository
```
git clone git@github.com:blindsidenetworks/scalelite-run.git
cd scalelite-run
```
<a name="all-in-one-box-deployment"/>
## I. All-In-One-Box Deployment
<a name="initial-settings"/>
### 1. Initial settings
Copy `dotenv` file located in the root of the project as `.env` and edit it.
```
cp dotenv .env
```
You need to replace the variable `HOST_NAME=sl.xlab.blindside-dev.com` with a hostname under your own domain name (e.g. `HOST_NAME=sl.john.blindside-dev.com`) or delegated sub-domain.
```
vi .env
```
Copy `dotenv` file located in the scalelite directory as `.env` and in the same way as before, edit it:
```
cp scalelite/dotenv scalelite/.env
```
You can start it as is, but you may want to replace both variables with your own values.
- `SECRET_KEY_BASE` is the Ruby On Rails secret key and must be replaced with a random one generated with `openssl rand -hex 64`.
- `LOADBALANCER_SECRET` is the shared secret used by external applications for accessing Scalelite LoadBalancer as if it was a BigBlueButton server. This variable must be defined in order for the application to start. A secret can be generated with `openssl rand -hex 24`
```
vi scalelite/.env
```
<a name="ssl-certificate"/>
### 2. SSL Certificate
The docker-compose scripts come configured for using SSL Certificates, but you may want not to use an SSL certificate. If this is the case see the section [Removing SSL Certificate](#removing-ssl-certificate) in [Special Cases](#special-cases).
The procedure for setting up the SSL Certificate will be different depending if [Let's Encrypt SSL CA](#letsencrypt-ssl-ca) CA or [Other SSL CA](#other-ssl-ca) will be used.
<a name="letsencrypt-ssl-ca"/>
#### 2.1. Using Let's Encrypt SSL CA
There are also two paths that can be followed whether the box where Scalelite is going to be installed is [visible from the Internet](#letsencrypt-ssl-public-network) or [NOT visible from the Internet](#letsencrypt-ssl-private-network).
<a name="letsencrypt-ssl-public-network"/>
##### 2.1.1. Server is visible from the Internet
If all the previous steps were properly followed and the machine is accessible in the Internet, only execute:
```
./init-letsencrypt.sh
```
This will generate the SSL certificates and run scalelite for the first time, so all the required files are automatically generated.
<a name="letsencrypt-ssl-private-network"/>
##### 2.1.2. Server is NOT visible from the Internet
If you are trying to install scalelite locally or in a private network, the SSL certificate must be generated manually using certbot and by adding the manual challenge to the DNS.
Install Let's Encrypt
```
sudo apt-get update
sudo apt-get -y install letsencrypt
```
Become root
```
sudo -i
```
Start creating the certificates
```
certbot certonly --manual -d sl.<JOHN>.blindside-dev.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges=dns --email hostmaster@blindsdie-dev.com --server https://acme-v02.api.letsencrypt.org/directory
```
The output should look like this example
```
-server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for gl.<JOHN>.blindside-dev.com
dns-01 challenge for gl.<JOHN>.blindside-dev.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.sl.<JOHN>.blindside-dev.com with the following value:
2dxWYkcETHnimmQmCL0MCbhneRNxMEMo9yjk6P_17kE
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
```
Create a TXT record in the DNS for
`_acme-challenge.sl.<JOHN>.blindside-dev.com` with the challenge string as
its value `2dxWYkcETHnimmQmCL0MCbhneRNxMEMo9yjk6P_17kE`
Copy the certificates to the scalelite-run directory. Although `/etc/letsencrypt/live/`
holds the latest certificate, they are only symbolic links. The real files must be copied and renamed
```
cp -R /etc/letsencrypt <YOUR ROOT>/scalelite-run/data/certbot/conf
```
<a name="other-ssl-ca"/>
#### 2.2. Using Other SSL CA
For adding an SSL certificate from an CA other than Let's Encrypt,
DO NOT execute the `./init-letsencrypt.sh` script
Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as `fullchain.pem` and `privkey.pem`.
E.g.
```
cd ~/
cat your_domain_name.crt Intermediate.crt >> bundle.crt
cp bundle.crt <YOUR ROOT>/scalelite/nginx/ssl/fullchain.pem
cp private.key <YOUR ROOT>/scalelite/nginx/ssl/privkey.pem
```
Edit the template for nginx.
```
cd <YOUR ROOT>/scalelite
vi nginx/sites.template
```
Comment the lines referencing the Let's Encrypt Certificate and uncomment the other two. After that, it should look like this:
```
...
## Configuration for Letsencrypt SSL Certificate
#ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
## Configuration for SSL Certificate from a CA other than Letsencrypt
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
...
```
Comment out in `docker-compose.yml` the certbot container. After that, it should look like this:
```
...
## Configuration for Letsencrypt SSL Certificate
## comment out when using an SSL Certificate from a CA other than Letsencrypt
# certbot:
# image: certbot/certbot
# volumes:
# - ./data/certbot/conf:/etc/letsencrypt
# - ./data/certbot/www:/var/www/certbot
# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
...
```
Start the containers as usual.
<a name="start-up"/>
### 3. Start Up
And finally, start the application with docker-compose
```
cd <YOUR ROOT>/scalelite-run
docker-compose up
```
If everything goes well, the logs will show ip in the console for all the containers starting and scalelite will be available at:
```
https://sl.<JOHN>.blindside-dev.com/bigbluebutton/api
```
Note that the application can be run in the background with `docker-compose up -d`
<a name="final-steps"/>
### 4. Final Steps
<a name="initializing-pool"/>
#### 4.1. Initializing pool of servers
Since there are no servers added by default, atleast 1 server must be added and enabled in order to get started.
Open a new console and get the IDs of the docker containers running:
```
docker ps
```
Get into the container running the api
```
docker exec -it <CONTAINER_ID> sh
```
Once inside, all the rails commands can be executed as needed. In this case, and assuming that the current current BigBlueButton server is going to be enabled.
```
bundle exec rake servers:add[BIGBLUEBUTTON_SERVER_URL,BIGBLUEBUTTON_SERVER_SECRET]
bundle exec rake servers
bundle exec rake servers:enable["SERVER_ID_AS SHOWN"]
```
For more information on what rake commands can be executed, see [scalelite documentation](https://github.com/blindsidenetworks/scalelite#administration).
<a name="rolling-out-updates"/>
#### 4.2. Rolling-out updates
Scalelite is constantly updated. Either because of bug fixes or improvements. It is recommended to keep the deployment updated with the latest image available, which corresponds to the latest stable release.
Those updates can be performed manually (recommended for a production alike environment) or automatically.
<a name="rolling-out-updates-manual"/>
##### 4.2.1. Manual updates
Simply run the `deploy.sh` script included under `scripts`.
```
cd <YOUR ROOT>/scalelite-run
sudo .scripts/deploy.sh
```
<a name="rolling-out-updates-automatic"/>
##### 4.2.2. Automatic updates
Use the scripts provided.
```
sudo ln -s <YOUR ROOT>/scalelite-run/scripts/deploy.sh /usr/local/bin/scalelite-deploy
sudo cp <YOUR ROOT>/scalelite-run/scripts/scalelite-auto-deployer.service /etc/systemd/system/scalelite-auto-deployer.service
sudo cp <YOUR ROOT>/scalelite-run/scripts/scalelite-auto-deployer.timer /etc/systemd/system/scalelite-auto-deployer.timer
sudo systemctl daemon-reload
sudo systemctl enable scalelite-auto-deployer.service
sudo systemctl enable scalelite-auto-deployer.timer
sudo systemctl start scalelite-auto-deployer.timer
```
<a name="starting-automatic"/>
##### 4.2.3. Automatic start
Use the scripts provided.
```
```
<a name="distributed-deployment"/>
## II. Distributed Deployment
On a real production environment Scalelite should be deployed using distributed services in the cloud (or virtual private cloud) through a cloud computing provider like [AWS](https://aws.amazon.com/), [Google Cloud](https://cloud.google.com/), [Azure](https://azure.microsoft.com/en-ca/), [Digital Ocean](https://www.digitalocean.com/), [Alibaba Cloud](https://www.alibabacloud.com/), etc.
Contact us at [Blindside Networks Contact](https://blindsidenetworks.com/contact/) getting recommendations on best practices with any of those cloud providers.
<a name="special-cases"/>
## III. Special cases
<a name="building-docker-image"/>
### Building Docker image
If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
```
cd <YOUR ROOT>/scalelite
docker build -t blindsidenetwks/scalelite:latest .
```
or
```
cd <YOUR ROOT>/scalelite
../scalelite-run/scripts/build.sh blindsidenetwks/scalelite latest
```
Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml.
<a name="removing-ssl-certificate"/>
### Removing SSL Certificate
DO NOT execute the `./init-letsencrypt.sh` script
Edit the template for nginx.
```
cd <YOUR ROOT>/scalelite
vi nginx/sites.template
```
Comment out all the lines from 13 to 34. The sites.template file should look like this:
```
...
listen [::]:80;
# location /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
#
# location / {
# return 301 https://$host$request_uri;
# }
#}
#
#server {
# server_name $NGINX_HOSTNAME;
#
# listen 443 ssl;
# listen [::]:443;
#
# ## Configuration for Letsencrypt SSL Certificate
# ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
#
# ## Configuration for SSL Certificate from a CA other than Letsencrypt
# #ssl_certificate /etc/ssl/fullchain.pem;
# #ssl_certificate_key /etc/ssl/privkey.pem;
location / {
...
```
Comment out in `docker-compose.yml` the certbot container. After that, it should look like this:
```
...
## Configuration for Letsencrypt SSL Certificate
## comment out when using an SSL Certificate from a CA other than Letsencrypt
# certbot:
# image: certbot/certbot
# volumes:
# - ./data/certbot/conf:/etc/letsencrypt
# - ./data/certbot/www:/var/www/certbot
# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
...
```
Start the containers as usual.

3
data/nginx/scalelite/acme-challenge.location Normal file
View File

@@ -0,0 +1,3 @@
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}

9
data/nginx/scalelite/blacklist Normal file
View File

@@ -0,0 +1,9 @@
## Deny access to IPs or subnets.
# deny IP;
# deny subnet;
# e.g.
# deny 192.168.0.1;
# deny 192.168.0.0/24;
## Allow access to everything else.
allow all;

143
docker-compose.yml
View File

@@ -1,99 +1,100 @@
version: '3'
volumes:
database_data:
driver: local
postgres-data:
redis-data:
services:
nginx:
image: nginx:latest
restart: "no"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/sites-enabled:/etc/nginx/sites-enabled
- ./nginx/sites.template:/etc/nginx/sites-available/sites.template
- ./nginx/default/html:/var/www/html
- ./nginx/log/nginx:/var/log/nginx
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- ./nginx/ssl/:/etc/ssl
postgres:
image: postgres:11.5-alpine
container_name: postgres
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "127.0.0:5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
- NGINX_HOSTNAME=${HOST_NAME:-sl.xlab.blindside-dev.com}
depends_on:
- scalelite.api
command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
- POSTGRES_USER=${POSTGRES_USER:-postgres}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password}
redis:
image: redis:5.0-alpine
container_name: redis
restart: on-failure
ports:
- 127.0.0.1:6379:6379
volumes:
- redis-data:/data
## Configuration for Letsencrypt SSL Certificate
## comment out when using an SSL Certificate from a CA other than Letsencrypt
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- ./log/certbot:/var/log/letsencrypt
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
redis:
image: redis:5.0-alpine
restart: "no"
scalelite-nginx:
image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-nginx
container_name: scalelite-nginx
restart: unless-stopped
ports:
- 127.0.0.1:6379:6379
- "80:80"
- "443:443"
volumes:
- ./data/redis/:/data
postgres:
image: postgres:11.7-alpine
restart: "no"
ports:
- 127.0.0.1:5432:5432
volumes:
- ./data/postgres/:/var/lib/postgresql/data
- ./log/nginx/:/var/log/nginx
- ./data/certbot/conf:/etc/nginx/ssl
- ./data/certbot/www:/var/www/certbot
- ./data/nginx/scalelite:/etc/nginx/conf.d/scalelite
- ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published
environment:
- POSTGRES_DB=postgres
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=password
- NGINX_SSL=${NGINX_SSL-true}
- URL_HOST=${URL_HOST}
depends_on:
- scalelite-api
scalelite.api:
entrypoint: [bin/start]
image: blindsidenetwks/scalelite:latest
restart: "no"
scalelite-api:
image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-api
container_name: scalelite-api
restart: unless-stopped
ports:
- 127.0.0.1:3000:3000
links:
- redis
- postgres
- "3000:3000"
volumes:
- ./scalelite/log/api:/srv/scalelite/log
- ./scalelite/bin/start:/srv/scalelite/bin/start
- ./scalelite/config/database.yml:/srv/scalelite/config/database.yml
- ./scalelite/tmp/pids/:/usr/src/app/tmp/pids
- ./scalelite/tmp/sockets/:/usr/src/app/tmp/sockets
- ./scalelite/tmp/cache/assets:/usr/src/app/tmp/cache/assets
env_file: ./scalelite/.env
- ./log/scalelite/:/app/log
- ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton
environment:
- SECRET_KEY_BASE=${SECRET_KEY_BASE}
- LOADBALANCER_SECRET=${LOADBALANCER_SECRET}
- REDIS_URL=${REDIS_URL:-redis://redis:6379}
- DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5}
- URL_HOST=${URL_HOST}
depends_on:
- postgres
- redis
scalelite-poller:
image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-poller
container_name: scalelite-poller
restart: unless-stopped
environment:
- REDIS_URL=${REDIS_URL:-redis://redis:6379}
- DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5}
- URL_HOST=${HOST_NAME:-sl.xlab.blindside-dev.com}
scalelite.poller:
entrypoint: [bin/start-poller]
image: blindsidenetwks/scalelite:latest
restart: "no"
ports:
- 127.0.0.1:3001:3000
links:
depends_on:
- postgres
- redis
volumes:
- ./scalelite/log/poller:/srv/scalelite/log
- ./scalelite/bin/start-poller:/srv/scalelite/bin/start-poller
env_file: ./scalelite/.env
- scalelite-api
scalelite-recording-importer:
image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-recording-importer
container_name: scalelite-recording-importer
restart: unless-stopped
environment:
- REDIS_URL=${REDIS_URL:-redis://redis:6379}
- URL_HOST=${HOST_NAME:-sl.xlab.blindside-dev.com}
- DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5}
volumes:
- ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton
depends_on:
- postgres
- redis
- scalelite-api

26
dotenv
View File

@@ -1,3 +1,23 @@
HOST_NAME=sl.xlab.blindside-dev.com
REDIS_URL=redis://redis:6379
DATABASE_URL=postgres://postgres:password@postgres:5432/scalelite?pool=5
### Required by scalelite-api
# SECRET_KEY_BASE=
# LOADBALANCER_SECRET=
#
### Required by scalelite-api and scalelite-poller
# REDIS_URL=
#
### Required by scalelite-api and scalelite-recording-importer
# DATABASE_URL=
# SCALELITE_RECORDING_DIR=/mnt/scalelite-recordings/var/bigbluebutton
#
### Required by scalelite-nginx (only When using SSL)
# NGINX_SSL=true
# SCALELITE_NGINX_EXTRA_OPTS=--mount type=bind,source=/etc/letsencrypt,target=/etc/nginx/ssl,readonly
# URL_HOST=
#
### Required when when specific repo or version (other than defaults) are needed
# SCALELITE_REPO=blindsidenetwks
# SCALELITE_TAG=v1
#
### Optional for postgres when using docker-compose
# POSTGRES_USER=
# POSTGRES_PASSWORD=

17
init-letsencrypt.sh
View File

@@ -5,13 +5,14 @@ if ! [ -x "$(command -v docker-compose)" ]; then
exit 1
fi
HOST_NAME=$(grep HOST_NAME .env | cut -d '=' -f2)
URL_HOST=$(grep URL_HOST .env | cut -d '=' -f2)
echo $URL_HOST
domains=($HOST_NAME)
domains=($URL_HOST)
rsa_key_size=4096
data_path="./data/certbot"
email="" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
email="$LETSENCRYPT_EMAIL" # Adding a valid address is strongly recommended
staging=${LETSENCRYPT_STAGING:-0} # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
@@ -40,8 +41,8 @@ docker-compose run --rm --entrypoint "\
echo
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo "### Starting scalelite-nginx ..."
docker-compose up --force-recreate -d scalelite-nginx
echo
echo "### Deleting dummy certificate for $domains ..."
@@ -78,5 +79,5 @@ docker-compose run --rm --entrypoint "\
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload
echo "### Reloading scalelite-nginx ..."
docker-compose exec scalelite-nginx nginx -s reload

25
nginx/default/html/index.html
View File

@@ -1,25 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

37
nginx/nginx.conf
View File

@@ -1,37 +0,0 @@
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
##
# Virtual Host Configs
##
include /etc/nginx/sites-enabled/*;
}

55
nginx/sites.template
View File

@@ -1,55 +0,0 @@
#### For <$NGINX_HOSTNAME>
upstream docker-scalelite {
server scalelite.api:3000;
}
server {
server_name $NGINX_HOSTNAME;
listen 80;
listen [::]:80;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name $NGINX_HOSTNAME;
listen 443 ssl;
listen [::]:443;
## Configuration for Letsencrypt SSL Certificate
ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
## Configuration for SSL Certificate from a CA other than Letsencrypt
#ssl_certificate /etc/ssl/fullchain.pem;
#ssl_certificate_key /etc/ssl/privkey.pem;
location / {
proxy_pass http://docker-scalelite;
proxy_read_timeout 60s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie "$http_cookie; ip=$remote_addr";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ~/(.*)$ /$1 break;
}
}

0
nginx/ssl/.placeholder_for_ssl_certificates
View File

0
redis/.keep
View File

34
scalelite/bin/start
View File

@@ -1,34 +0,0 @@
#!/bin/sh
if [ "$LOADBALNCER_SECRET" == "loadbalancer_secret" ] || [ "$SECRET_KEY_BASE" == "secret_key_base" ]; then
echo "ERROR: Detected default SECRET_KEY_BASE or LOADBALANCER_SECRET. Please generate a random value."
echo "Exiting..."
exit 1
fi
servers="$(RAILS_ENV=$RAILS_ENV bundle exec rake servers 2>&1)"
echo $servers
if [ "$RAILS_ENV" = "production" ] && [ "$DB_ADAPTER" = "postgresql" ]; then
while ! curl http://$DB_HOST:${DB_PORT:-5432}/ 2>&1 | grep '52'
do
echo "Waiting for postgres to start up ..."
sleep 1
done
fi
db_create="$(RAILS_ENV=$RAILS_ENV bundle exec rake db:create 2>&1)"
echo $db_create
if [[ $db_create == *"already exists"* ]]; then
echo ">>> Database migration"
bundle exec rake db:migrate
else
echo ">>> Database initialization"
bundle exec rake db:schema:load
fi
exec tini -- bundle exec puma -C config/puma.rb "$@"
#tail -f /dev/null
#bundle exec puma -C config/puma.rb
#bundle exec rails s -b 0.0.0.0 -p 3000

5
scalelite/bin/start-poller
View File

@@ -1,5 +0,0 @@
#!/bin/sh
echo "Poller is starting..."
exec tini -- bundle exec rake poll["$INTERVAL"]
#tail -f /dev/null

23
scalelite/config/database.yml
View File

@@ -1,23 +0,0 @@
default: &default
pool: <%= ENV.fetch('RAILS_MAX_THREADS') { 5 } %>
timeout: 5000
adapter: postgresql
host: <%= ENV['DB_HOST'] %>
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
encoding: unicode
development:
<<: *default
database: scalelite_development
# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
<<: *default
database: scalelite_test
production:
<<: *default
database: <%= ENV['DB_NAME'] || 'scalelite' %>

2
scalelite/dotenv
View File

@@ -1,2 +0,0 @@
SECRET_KEY_BASE=secret_key_base
LOADBALANCER_SECRET=loadbalancer_secret

13
scripts/README.md
View File

@@ -1,13 +0,0 @@
# Helpers
## Running automatic updates
```
sudo ln -s /home/ubuntu/scalelite-run/scripts/deploy.sh /usr/local/bin/scalelite-deploy
sudo cp /home/ubuntu/scalelite-run/scripts/scalelite-auto-deployer.service /etc/systemd/system/scalelite-auto-deployer.service
sudo cp /home/ubuntu/scalelite-run/scripts/scalelite-auto-deployer.timer /etc/systemd/system/scalelite-auto-deployer.timer
sudo systemctl daemon-reload
sudo systemctl enable scalelite-auto-deployer.service
sudo systemctl enable scalelite-auto-deployer.timer
sudo systemctl start scalelite-auto-deployer.timer
```

90
scripts/build.sh
View File

@@ -1,90 +0,0 @@
#!/bin/bash
################################################################################
# For this script to work properly it is required to define some environment variables
# in the CI/CD Env variable declaration, while others should be passed as parameters.
#
#------------------------------------------------------------------------------
# Defined as part of the CD/CI Env Variables:
#
# CD_DOCKER_USERNAME
# A DockerHub username to be used for uploading the build.
#
# CD_DOCKER_PASSWORD
# A DockerHub password to be used for uploading the build.
#
# CD_DOCKER_REPO
# A DockerHub repository. By default the CD_REF_SLUG is also used as the docker repo.
#
# CD_BUILD_ALL
# As the build is supposed to be done only for master (for a nightly deployments) and for releases
# (like 'release-2.0.5' for production deployments), it is additionally required to include this
# variable in order to build any other brnach, as it may be required for testing or reviewing work
# as part of the development process.
#
display_usage() {
echo "This script should be used as part of a CI strategy."
echo -e "Usage:\n build_image.sh [ARGUMENTS]"
echo -e "\nMandatory arguments \n"
echo -e " repo_slug The git repository (e.g. blindsidenetworks/scalelite)"
echo -e "\nOptional arguments \n"
echo -e " branch | tag The branch (e.g. master | release-2.0.5)"
}
# if less than two arguments supplied, display usage
if [ $# -le 0 ]; then
display_usage
exit 1
fi
# check whether user had supplied -h or --help . If yes display usage
if [[ ($# == "--help") || $# == "-h" ]]; then
display_usage
exit 0
fi
export CD_REF_SLUG=$1
export CD_REF_NAME=$2
if [ -z $CD_REF_NAME ]; then
export CD_REF_NAME=$(git branch | grep \* | cut -d ' ' -f2)
fi
if [ "$CD_REF_NAME" != "master" ] && [[ "$CD_REF_NAME" != *"release"* ]] && ( [ -z "$CD_BUILD_ALL" ] || [ "$CD_BUILD_ALL" != "true" ] ); then
echo "#### Docker image for $CD_REF_SLUG:$CD_REF_NAME won't be built"
exit 0
fi
# Set the version tag when it is a release or the commit sha was included.
if [[ "$CD_REF_NAME" == *"v"* ]]; then
export CD_BUILD_NUMBER=${CD_REF_NAME:1}
else
export CD_BUILD_NUMBER="$CD_REF_NAME ($(eval git rev-parse --short=7 HEAD))"
fi
# Build the image
if [ -z $CD_DOCKER_REPO ]; then
export CD_DOCKER_REPO=$CD_REF_SLUG
fi
echo "#### Docker image $CD_DOCKER_REPO:$CD_REF_NAME is being built"
docker build --build-arg BUILD_NUMBER="${CD_BUILD_NUMBER}" -t $CD_DOCKER_REPO:$CD_REF_NAME .
if [ -z "$CD_DOCKER_USERNAME" ] || [ -z "$CD_DOCKER_PASSWORD" ]; then
echo "#### Docker image for $CD_DOCKER_REPO can't be published because CD_DOCKER_USERNAME or CD_DOCKER_PASSWORD are missing (Ignore this warning if running outside a CD/CI environment)"
exit 0
fi
# Publish the image
docker login -u="$CD_DOCKER_USERNAME" -p="$CD_DOCKER_PASSWORD"
echo "#### Docker image $CD_DOCKER_REPO:$CD_REF_NAME is being published"
docker push $CD_DOCKER_REPO
# Publish image as latest and v2 if it is a release (excluding alpha and beta)
if [[ "$CD_REF_NAME" == *"v"* ]] && [[ "$CD_REF_NAME" != *"alpha"* ]] && [[ "$CD_REF_NAME" != *"beta"* ]]; then
docker_image_id=$(docker images | grep -E "^$CD_DOCKER_REPO.*$CD_REF_NAME" | awk -e '{print $3}')
docker tag $docker_image_id $CD_DOCKER_REPO:latest
docker push $CD_DOCKER_REPO:latest
docker tag $docker_image_id $CD_DOCKER_REPO:v2
docker push $CD_DOCKER_REPO:v2
fi
exit 0

18
scripts/deploy.sh
View File

@@ -1,18 +0,0 @@
#!/bin/bash
DIR="$(cd "$(dirname "$0")" && pwd)"
STATUS="Status: Downloaded newer image for blindsidenetwks/scalelite:latest"
new_status=$(sudo docker pull blindsidenetwks/scalelite:latest | grep Status:)
echo $new_status
if [ "$STATUS" == "$new_status" ]
then
cd $DIR/..
docker-compose down
docker rmi $(docker images -f dangling=true -q)
docker-compose up -d
fi
exit 0

9
scripts/scalelite-auto-deployer.service
View File

@@ -1,9 +0,0 @@
[Unit]
Description=ScaleLite Auto Deployer
[Service]
ExecStart=/bin/bash /opt/scalelite-run/scripts/deploy.sh
[Install]
WantedBy=multi-user.target
Alias=scalelite-auto-deployer

12
scripts/scalelite-auto-deployer.timer
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Runs scalelite-deploy every minute
[Timer]
# Time to wait after booting before we run first time
OnBootSec=1min
# Time between running each consecutive time
OnUnitActiveSec=1m
Unit=scalelite-auto-deployer.service
[Install]
WantedBy=multi-user.target

18
scripts/scalelite-run.service
View File

@@ -1,18 +0,0 @@
[Unit]
Description=ScaleLite Run
After=network.target
After=systemd-user-sessions.service
After=network-online.target
[Service]
ExecStart=/bin/bash /opt/scalelite-run/scripts/start.sh
ExecStop=/bin/bash /opt/scalelite-run/scripts/stop.sh
TimeoutSec=30
Restart=on-failure
RestartSec=30
StartLimitInterval=350
StartLimitBurst=10
[Install]
WantedBy=multi-user.target
Alias=scalelite-run

6
scripts/start.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
DIR="$(cd "$(dirname "$0")" && pwd)"
cd $DIR/..
docker-compose up -d

6
scripts/stop.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
DIR="$(cd "$(dirname "$0")" && pwd)"
cd $DIR/..
docker-compose down