proxy

Nginx reverse proxies to expose other services on the internet. These use the https://letsencrypt.org/ service to obtain and expose ssl certificates.

Ngrok service tunneling to https://ngrok.com/ this allows services to be given public URLs even though they have no fixed public IP (ie behind NAT router).

A docker registry for internal use.

secrets

certbot-email

This is the email address to use with letsencrypt.

drone-domain

The domain that drone will be served on. If using ngrok this will need to be configured in ngrok and your dns.

eg “drone.sigyl.com”

Leave blank if you have no drone.

huginn-domain

The domain that huggin will be served on. If using ngrok this will need to be configured in ngrok and your dns.

eg “huginn.sigyl.com”

Leave blank if you have no huginn.

git-domain

The domain which all other services will be exposed on (either at the root or in sub folders.

eg “sigyl.com”

local-docker-registry

This is the dns address of the local registry service.

eg “registry.local-domain:5003/”

note the trailing slash.

registry-password

Password for the local docker registry.

Whatever you want.

ngrok-auth-token

If using ngrok this is the auth-token needed to access it.

initial deployment

clone repo into /stack/proxy

git clone [repo] /stack/proxy

environment variables

nb you only need ngrok if you are behind a nat router (ie on ‘home network’).

you need to manually set up the above secrets as environment variables capitalising them and replacing hyphens with underscores.

(you can leave out huginn domain, in fact you can leave out any of them). (set REGISTRY_PASSWORD and NEW_REGISTRY_PASSWORD the same).

Note the trailing slash on LOCAL_DOCKER_REGISTRY.

If using ngrok the domains should be setup there.

export CERTBOT_EMAIL='your.name@example.com'
export DRONE_DOMAIN='drone.example.com'
export HUGINN_DOMAIN='huginn.example.com'
export GIT_DOMAIN='example.com'
export LOCAL_DOCKER_REGISTRY='pc-name.local-domain:5003/'
export NGROK_AUTH_TOKEN='get this from ngrok'
export REGISTRY_PASSWORD='make something up'
export NEW_REGISTRY_PASSWORD='make something up'

make authfile

The authorisation file configures the name and password needed to access registry

docker run --entrypoint htpasswd registry:2.7.0 -Bbn [user] [password] > .certificates/registry-password.txt

make certificates

It makes a self signed certificate authority which gets copied to /etc/docker/certs.d for the registry domain and a tls certificate for the registry.

$REGISTRY_DOMAIN is the domain of the local registry eg registry.local-domain

sh make-ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry

if you are going to use a self signed certificate to serve over the web:

(where $DOMAIN is the domain to be served - eg sigyl.com)

sh make-cert.sh $DOMAIN web

build docker images

These are the images that are used in the stack.

sh .drone/build.sh

create externalnet

This is the network that links all the stack together

docker network create --driver=overlay --attachable externalnet

initialise the docker swarm

you’ll be the manager

where IP is the IP address you want to use to communicate with other nodes (if there are any)

docker swarm init --advertise-addr $IP

update your label

(get your node id)

docker node ls

docker node update --label-add com.sigyl.git-stack=yes [node id]

deploy stack

sh .drone/deploy.sh

did it work?

curl to the domains you are using.

curl http://$GIT_DOMAIN