OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-04-26 13:48:53 +08:00
Code Issues Projects Releases Wiki Activity

Added Nginx as revrse proxy, Traefik removed. CORS enabled

Browse Source 
Signed-off-by: nmarcetic <n.marcetic86@gmail.com>
This commit is contained in:
nmarcetic 2017-09-21 18:50:00 +02:00
parent cc3283c32b
commit 79a6fc158b
6 changed files with 80 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/docker-compose-mainflux.yml
View File

@ -39,7 +39,7 @@ services:
- MESSAGE_WRITER_DB_CLUSTER=cassandra
- MESSAGE_WRITER_DB_KEYSPACE=message_writer
- MESSAGE_WRITER_NATS_URL=nats://nats:4222
###
# MQTT Broker
###
@ -48,7 +48,6 @@ services:
container_name: mainflux-mqtt
ports:
- "1883:1883"
- "8883:8883"
network_mode: bridge
external_links:
- mainflux-nats:nats
@ -68,4 +67,3 @@ services:
- mainflux-nats:nats
environment:
- HTTP_ADAPTER_NATS_URL=nats://nats:4222

5
docker/docker-compose-nginx.yml
View File

@ -23,11 +23,10 @@ services:
- $PWD/ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem
network_mode: bridge
ports:
- "3000:80"
- "4443:443"
- "80:80"
- "443:443"
- "8883:8883"
external_links:
- mainflux-manager
- mainflux-http
- mainflux-mqtt

29
docker/docker-compose-traefik.yml
View File

@ -1,29 +0,0 @@
###
# Copyright (c) 2015-2017 Mainflux
#
# Mainflux server is licensed under an Apache license, version 2.0 license.
# All rights not explicitly granted in the Apache license, version 2.0 are reserved.
# See the included LICENSE file for more details.
###
version: "3"
services:
###
# Traefik
###
traefik:
image: traefik:latest
container_name: mainflux-traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $PWD/traefik.toml:/etc/traefik/traefik.toml
network_mode: bridge
ports:
- "3000:3000"
- "8080:8080"
external_links:
- mainflux-manager
- mainflux-http

24
docker/mainflux-docker.sh
View File

@ -66,8 +66,8 @@ HEREDOC
_start() {
# Start NATS, Cassandra and Traefik
printf "Starting NATS, Cassandra and Traefik...\n\n"
# Start NATS, Cassandra and Nginx
printf "Starting NATS, Cassandra and Nginx...\n\n"
NB_DOCKERS=$(docker ps -a -f name=mainflux-nats -f name=mainflux-cassandra | wc -l)
if [[ $NB_DOCKERS -lt 3 ]]
@ -79,7 +79,7 @@ _start() {
# Check if C* is alive
printf "\nWaiting for Cassandra to start. This takes time, please be patient...\n"
# Wait until Cassandra is ready to accept cqlsh commands
# or timeout after 15 sec
c_on=0
@ -124,16 +124,16 @@ _start() {
fi
docker-compose -f docker-compose-mainflux.yml start
# Start Traefik
printf "\nStarting Traefik...\n\n"
# Start Nginx
printf "\nStarting Nginx...\n\n"
NB_DOCKERS=$(docker ps -a -f name=traefik | wc -l)
NB_DOCKERS=$(docker ps -a -f name=nginx | wc -l)
if [[ $NB_DOCKERS -lt 2 ]]
then
docker-compose -f docker-compose-traefik.yml pull
docker-compose -f docker-compose-traefik.yml create
docker-compose -f docker-compose-nginx.yml pull
docker-compose -f docker-compose-nginx.yml create
fi
docker-compose -f docker-compose-traefik.yml start
docker-compose -f docker-compose-nginx.yml start
if [[ $? -ne 0 ]]
then
@ -147,8 +147,8 @@ _start() {
}
_stop() {
printf "\nStopping Traefik...\n\n"
docker-compose -f docker-compose-traefik.yml stop
printf "\nStopping Nginx...\n\n"
docker-compose -f docker-compose-nginx.yml stop
printf "Stopping Mainflux composition...\n\n"
docker-compose -f docker-compose-mainflux.yml stop
@ -188,7 +188,7 @@ _main() {
if [[ $# -eq 0 ]] ; then
_print_help
fi
# Avoid complex option parsing when only one program option is expected.
if [[ "${1:-}" =~ ^-h|--help$ ]]
then

84
docker/nginx.conf
View File

@ -54,17 +54,24 @@ http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
upstream docker-manager {
server mainflux-manager:8180;
}
upstream docker-http {
server mainflux-http:7070;
}
##
# Virtual Host Configs
##
# HTTP
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
#return 302 https://$server_name$request_uri;
server_name localhost;
return 302 https://$server_name$request_uri;
}
# HTTPS
@ -85,10 +92,11 @@ http {
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
# Certificates
ssl_certificate /etc/ssl/certs/mainflux-server.crt;
ssl_certificate_key /etc/ssl/private/mainflux-server.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# from https://cipherli.st/
@ -98,9 +106,8 @@ http {
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling off;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
@ -111,12 +118,43 @@ http {
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Methods '*';
add_header Access-Control-Allow-Headers "*";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
include snippets/mainflux-ssl-params.conf;
server_name _;
server_name localhost;
# Proxy pass to manager service
location /api/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://docker-manager/;
# Allow OPTIONS method CORS
if ($request_method = OPTIONS ) {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
# Proxy pass to mainflux-http-adapter
location /pub/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://docker-http/;
# Allow OPTIONS method CORS
if ($request_method = OPTIONS ) {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
}
}
@ -124,15 +162,23 @@ http {
# MQTT
###
stream {
upstream mqtt_broker {
server localhost:1883;
}
server {
listen 8883 ssl;
proxy_pass mqtt_broker;
include snippets/mainflux-ssl-certs.conf;
upstream docker-mqtt {
server mainflux-mqtt:1883;
}
server {
listen 8883 ssl;
proxy_pass docker-mqtt;
# Certificates
ssl_certificate /etc/ssl/certs/mainflux-server.crt;
ssl_certificate_key /etc/ssl/private/mainflux-server.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
}
}

43
docker/traefik.toml
View File

@ -1,43 +0,0 @@
################################################################
# Global configuration
################################################################
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
defaultEntryPoints = ["http"]
# Entrypoints definition
[entryPoints]
[entryPoints.http]
address = ":3000"
[frontends]
[frontends.frontend_manager]
backend = "backend_manager"
[frontends.frontend_manager.routes.routes_manager]
rule = "Path: /info, /users, /users/{id:[0-9]+}, /tokens, /clients, /clients/{id:[0-9]+}, /channels, /channels/{id:[0,9]+}"
[backends]
[backends.backend_manager]
[backends.backend_manager.servers.server1]
url = "http://mainflux-manager:8180"
[frontends.frontend_manager.headers.customresponseheaders]
Access-Control-Allow-Origin = "*"
################################################################
# Web configuration backend
################################################################
# Enable web configuration backend
[web]
# Web administration port
address = ":8080"
################################################################
# File configuration backend
################################################################
# Enable File configuration backend
[file]