From d6784a36fd0fbd311c6727e7ec645682ba570df2 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Sun, 19 Apr 2020 09:42:59 +0100 Subject: [PATCH] . --- .drone.do.yml | 71 +++++++++++++++++++++++++++++++++- .drone.home.yml | 34 +++++++++++++++- docker-compose-do.yml | 46 ++++++++++++++++++++++ letsencrypt-nginx/conf/do.conf | 45 +++++++++++++++++---- 4 files changed, 186 insertions(+), 10 deletions(-) diff --git a/.drone.do.yml b/.drone.do.yml index 74a10cf..c8c5c4e 100644 --- a/.drone.do.yml +++ b/.drone.do.yml @@ -8,7 +8,47 @@ clone: # skip_verify: true steps: -steps: +- name: printenv + when: + branch: + - do + image: appleboy/drone-ssh + environment: + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + SSH_HOST: + from_secret: ssh-host + SSH_USER: + from_secret: ssh-user + SSH_PORT: + from_secret: ssh-port + CERTBOT_EMAIL: + from_secret: certbot-email + GIT_DOMAIN: + from_secret: git-domain + settings: + envs: + - local_docker_registry + - ssh_host + - ssh_user + - ssh_port + - certbot_email + - git_domain + host: + from_secret: ssh-host + port: + from_secret: ssh-port + username: + from_secret: ssh-user + password: + from_secret: ssh-password + script: + - echo SSH_HOST=$SSH_HOST > env + - echo SSH_USER=$SSH_USER >> env + - echo SSH_PORT=$SSH_PORT >> env + - echo LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY >> env + - echo CERTBOT_EMAIL=$CERTBOT_EMAIL >> env + - echo GIT_DOMAIN=$GIT_DOMAIN >> env - name: wait when: branch: @@ -49,6 +89,22 @@ steps: commands: - cd letsencrypt-nginx - sh build.sh do $${LOCAL_DOCKER_REGISTRY} +- name: build-postgres + when: + branch: + - do + image: docker:dind + volumes: + - name: dockersock + path: /var/run + environment: + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + commands: + - cd guacamole-postgresql + - docker build . -t $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql + - docker push $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql + - name: clear when: branch: @@ -107,6 +163,12 @@ steps: from_secret: certbot-email GIT_DOMAIN: from_secret: git-domain + GUACAMOLE_POSTGRES_USER: + from_secret: guacamole-postgres-user + GUACAMOLE_POSTGRES_DB: + from_secret: guacamole-postgres-db + GUACAMOLE_POSTGRES_PASSWORD: + from_secret: guacamole-postgres-password settings: envs: - drone_rpc_secret @@ -116,6 +178,9 @@ steps: - local_docker_registry - certbot_email - git_domain + - guacamole_postgres_user + - guacamole_postgres_db + - guacamole_postgres_password host: from_secret: ssh-host username: @@ -135,9 +200,13 @@ steps: - export SSH_USER=$SSH_USER - export CERTBOT_EMAIL=$CERTBOT_EMAIL - export GIT_DOMAIN=$GIT_DOMAIN + - export GUACAMOLE_POSTGRES_USER=$GUACAMOLE_POSTGRES_USER + - export GUACAMOLE_POSTGRES_DB=$GUACAMOLE_POSTGRES_DB + - export GUACAMOLE_POSTGRES_PASSWORD=$GUACAMOLE_POSTGRES_PASSWORD - docker network prune -f - cd ~/stack-deploy - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-do + - docker pull $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - docker stack rm gitea - sleep 60 - docker stack deploy -c docker-compose-do.yml gitea diff --git a/.drone.home.yml b/.drone.home.yml index ad25350..b51873f 100644 --- a/.drone.home.yml +++ b/.drone.home.yml @@ -8,7 +8,39 @@ clone: # skip_verify: true steps: -steps: +- name: printenv + when: + branch: + - test-deploy-windows + image: appleboy/drone-ssh + environment: + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + SSH_HOST: + from_secret: ssh-host + SSH_USER: + from_secret: ssh-user + SSH_PORT: + from_secret: ssh-port + settings: + envs: + - local_docker_registry + - ssh_host + - ssh_user + - ssh_port + host: + from_secret: ssh-host + port: + from_secret: ssh-port + username: + from_secret: ssh-user + password: + from_secret: ssh-password + script: + - echo SSH_HOST=$SSH_HOST > env + - echo SSH_USER=$SSH_USER >> env + - echo SSH_PORT=$SSH_PORT >> env + - echo LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY >> env - name: wait when: branch: diff --git a/docker-compose-do.yml b/docker-compose-do.yml index 91d025e..9655f5e 100644 --- a/docker-compose-do.yml +++ b/docker-compose-do.yml @@ -14,11 +14,13 @@ services: - PROXY_PASS=http://gitea:3000/ - BLOG_PROXY_PASS=http://ghost:2368 - CHAT_PROXY_PASS=http://chat:3000 + - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/ - DRONE_PROXY_PASS=http://drone-server:8080 - REGISTRY_PROXY_PASS=http://registry:5000 - LOCATION=/git/ - BLOG_LOCATION=/blog/ - CHAT_LOCATION=/chat/ + - REMOTE_LOCATION=/remote/ volumes: - letsencrypt-git:/etc/letsencrypt networks: @@ -161,6 +163,49 @@ services: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 networks: - appnet + guacamole-postgresql: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest + environment: + POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD} + POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB} + volumes: + - guacamole-postgresql-data:/var/lib/postgresql/data + networks: + - appnet + guacd: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: guacamole/guacd:latest + networks: + - appnet + guacamole: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: guacamole/guacamole:latest + environment: + - POSTGRES_HOSTNAME=guacamole-postgresql + - POSTGRES_PORT=5432 + - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER} + - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD} + - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB} + - GUACD_HOSTNAME=guacd + networks: + - appnet + volumes: gitea-db: gitea-app: @@ -171,6 +216,7 @@ volumes: drone: drone-data: registry-data: + guacamole-postgresql-data: networks: appnet: driver: overlay diff --git a/letsencrypt-nginx/conf/do.conf b/letsencrypt-nginx/conf/do.conf index 95829ec..67f2341 100644 --- a/letsencrypt-nginx/conf/do.conf +++ b/letsencrypt-nginx/conf/do.conf @@ -163,15 +163,44 @@ location ${CHAT_LOCATION} { proxy_pass ${CHAT_PROXY_PASS}; proxy_http_version 1.1; - proxy_set_header Upgrade ${DOLLAR}http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host ${DOLLAR}http_host; - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header X-Forward-Proto http; - proxy_set_header X-Nginx-Proxy true; - proxy_redirect off; + proxy_set_header Upgrade ${DOLLAR}http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host ${DOLLAR}http_host; + proxy_set_header X-Real-IP ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; + proxy_set_header X-Forward-Proto http; + proxy_set_header X-Nginx-Proxy true; + proxy_redirect off; + } + location ${REMOTE_LOCATION}websocket-tunnel { + proxy_pass ${REMOTE_PROXY_PASS}websocket-tunnel; + proxy_http_version 1.1; + proxy_set_header Upgrade ${DOLLAR}http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host ${DOLLAR}host; + proxy_set_header X-Real-IP ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; + proxy_set_header X-Forward-Proto http; + proxy_set_header X-Nginx-Proxy true; + proxy_redirect off; + } + location ${REMOTE_LOCATION}websocket-tunnel/ { + proxy_pass ${REMOTE_PROXY_PASS}websocket-tunnel/; + proxy_http_version 1.1; + proxy_set_header Upgrade ${DOLLAR}http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host ${DOLLAR}host; + proxy_set_header X-Real-IP ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; + proxy_set_header X-Forward-Proto http; + proxy_set_header X-Nginx-Proxy true; + proxy_redirect off; + + } + + location ${REMOTE_LOCATION} { + proxy_pass ${REMOTE_PROXY_PASS}; } }