Commit 55ff68b2 authored by rg's avatar rg

Version fusionnée loadbalancer et serveur de tuiles.

parent d0679017
version: "2.2"
services:
tuileslb:
tuiles:
restart: always
privileged: true
hostname: tuileslb
hostname: tuiles
build:
context: .
dockerfile: ./dockerfile_loadbalancer
dockerfile: ./dockerfile_tuiles
args:
- DOMAIN=${DOMAIN:-maps.domain.tld}
- DOMAIN=${DOMAIN:-localhost}
- BALANCER_IPLIST=${BALANCER_IPLIST:-127.0.0.1}
- SSL=${SSL:-letsencrypt}
- SSL=${SSL:-false}
- SSL_LETSENCRYPTMAIL=${SSL_LETSENCRYPTMAIL:-root@$DOMAIN}
- MAPS_TOKEN=${MAPS_TOKEN:--}
- USE_CACHE=${USE_CACHE:-false}
- URL_DOWNLOADMAP=${URL_DOWNLOADMAP:--}
ports:
- "${HTTP_PORT:-80}:80"
- "${HTTPS_PORT:-443}:443"
volumes:
- ./loadbalancer/etc/nginx/sites-enabled/.templates:/etc/nginx/sites-enabled/.templates
- ./loadbalancer/etc/nginx/ssl:/etc/nginx/ssl
- ./loadbalancer/etc/letsencrypt:/etc/letsencrypt
- ./loadbalancer/var/cache/munin/www:/var/cache/munin/www
- ./loadbalancer/var/cache/nginx:/var/cache/nginx
- ./loadbalancer/var/log/nginx:/var/log/nginx
- ./loadbalancer/var/lib/munin:/var/lib/munin
- ./tuiles/data:/data
- ./tuiles/etc/nginx/conf.d/.templates:/etc/nginx/conf.d/.templates
- ./tuiles/etc/nginx/ssl:/etc/nginx/ssl
- ./tuiles/etc/letsencrypt:/etc/letsencrypt
- ./tuiles/var/cache/munin/www:/var/cache/munin/www
- ./tuiles/var/cache/nginx:/var/cache/nginx
- ./tuiles/var/log/nginx:/var/log/nginx
- ./tuiles/var/lib/munin:/var/lib/munin
......@@ -5,7 +5,7 @@ RUN apt-get update && \
echo "LANG=\"fr_FR.UTF-8\"\nLANGUAGE=\"fr_FR:fr\"\nLC_NUMERIC=\"fr_FR.UTF-8\"\nLC_TIME=\"fr_FR.UTF-8\"\nLC_MONETARY=\"fr_FR.UTF-8\"\nLC_PAPER=\"fr_FR.UTF-8\"\nLC_IDENTIFICATION=\"fr_FR.UTF-8\"\nLC_NAME=\"fr_FR.UTF-8\"\nLC_ADDRESS=\"fr_FR.UTF-8\"\nLC_TELEPHONE=\"fr_FR.UTF-8\"\nLC_MEASUREMENT=\"fr_FR.UTF-8\"" >>/etc/default/locale
RUN apt-get update && \
apt-get -y install software-properties-common; \
#apt-get -y install software-properties-common; \
#echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >>/etc/apt/sources.list; \
#curl -Ss http://nginx.org/keys/nginx_signing.key | apt-key add -; \
#apt-get update; \
......@@ -14,9 +14,15 @@ RUN apt-get update && \
RUN mkdir -p /home/www/letsencrypt /home/maps;
ARG BALANCER_IPLIST
ARG URL_DOWNLOADMAP={$URL_DOWNLOADMAP:--}
ENV URL_DOWNLOADMAP=$URL_DOWNLOADMAP
ARG BALANCER_IPLIST={$BALANCER_IPLIST:-127.0.0.1}
ENV BALANCER_IPLIST=$BALANCER_IPLIST
ARG USE_CACHE=${USE_CACHE:-false}
ENV USE_CACHE=$USE_CACHE
ARG DOMAIN=${DOMAIN:-localhost}
ENV DOMAIN=$DOMAIN
......@@ -26,24 +32,25 @@ ENV SSL_LETSENCRYPTMAIL=$SSL_LETSENCRYPTMAIL
ARG SSL=${SSL:-false}
ENV SSL=$SSL
ARG MAPS_TOKEN
ENV MAPS_TOKEN=${MAPS_TOKEN:--}
ARG MAPS_TOKEN=${MAPS_TOKEN:--}
ENV MAPS_TOKEN=$MAPS_TOKEN
ARG INIT_NGINX=/tmp/init_nginx.sh
ENV INIT_NGINX=$INIT_NGINX
RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_TOKEN=$1; shift;' >>$INIT_NGINX; \
RUN echo 'DOMAIN=$1; shift; USE_CACHE=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_TOKEN=$1; shift;' >>$INIT_NGINX; \
echo 'FIRST_INIT=false;' >>$INIT_NGINX; \
echo 'i=0;' >>$INIT_NGINX; \
echo 'echo "" >/tmp/conf;' >>$INIT_NGINX; \
echo 'for IP in $@; do' >>$INIT_NGINX; \
echo ' ((i++));' >>$INIT_NGINX; \
echo ' [ "$IP" = "127.0.0.1" ] && IP="$IP:8080";' >>$INIT_NGINX; \
echo ' echo $IP' >>$INIT_NGINX; \
echo ' echo "[mapft$i]\n\taddress $IP\n\tuse_node_name yes" >/etc/munin/munin-conf.d/mapft$i.conf;' >>$INIT_NGINX; \
echo ' echo "\tserver $IP max_fails=5 fail_timeout=10s weight=1;" >>/tmp/conf;' >>$INIT_NGINX; \
echo 'done;' >>$INIT_NGINX; \
echo 'TEMP=`cat /tmp/conf`;' >>$INIT_NGINX; \
echo 'CONF=`cat /etc/nginx/sites-enabled/.templates/loadbalancer.conf`;' >>$INIT_NGINX; \
echo 'CONF=`cat /etc/nginx/conf.d/.templates/tuiles.conf`;' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT_NGINX; \
echo 'if [ "$SSL" != "false" ]; then' >>$INIT_NGINX; \
echo ' FULLCHAIN="/etc/nginx/ssl/fullchain.pem"' >>$INIT_NGINX; \
......@@ -56,18 +63,23 @@ RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_T
echo ' fi' >>$INIT_NGINX; \
echo ' [ ! -f $FULLCHAIN ] && [ ! -f $PRIVKEY ] && openssl req -x509 -nodes -newkey rsa:1024 -days 1 -keyout $PRIVKEY -out $FULLCHAIN -subj "/CN=$DOMAIN"' >>$INIT_NGINX; \
echo ' [ ! -f /etc/nginx/ssl/dhparam.pem ] && openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_ssl.conf`' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/conf.d/.templates/listen_ssl.conf`' >>$INIT_NGINX; \
echo ' LISTEN=${LISTEN//\\{FULLCHAIN\\}/$FULLCHAIN}' >>$INIT_NGINX; \
echo ' LISTEN=${LISTEN//\\{PRIVKEY\\}/$PRIVKEY}' >>$INIT_NGINX; \
echo 'else' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_nossl.conf`' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/conf.d/.templates/listen_nossl.conf`' >>$INIT_NGINX; \
echo 'fi' >>$INIT_NGINX; \
echo '[ "$MAPS_TOKEN" = "-" ] && MAPS_TOKEN=`echo $RANDOM$RANDOM£RANDOM$RANDOM | sha256sum | cut -d " " -f 1`' >>$INIT_NGINX; \
echo '[[ "$USE_CACHE" =~ false|^$ ]] && PROXY_NO_CACHE=1 || PROXY_NO_CACHE=0' >>$INIT_NGINX; \
echo '[[ ! "$USE_CACHE" =~ true|false|^$ ]] && CACHE=$USE_CACHE || CACHE="300m"' >>$INIT_NGINX; \
echo 'echo "Cache: $CACHE => $PROXY_NO_CACHE"' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{LISTEN\\}/$LISTEN}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{DOMAIN\\}/$DOMAIN}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{CACHE\\}/$CACHE}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{PROXY_NO_CACHE\\}/$PROXY_NO_CACHE}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{MAPS_TOKEN\\}/$MAPS_TOKEN}' >>$INIT_NGINX; \
echo 'echo "${CONF}" > /etc/nginx/conf.d/loadbalancer.conf' >>$INIT_NGINX; \
echo 'echo "${CONF}" > /etc/nginx/conf.d/tuiles.conf' >>$INIT_NGINX; \
echo 'service nginx start' >>$INIT_NGINX; \
echo '[ "FIRST_INIT" = "true" ] && certbot certonly --webroot -w /home/www/letsencrypt --agree-tos -d "$DOMAIN" -m $SSL_LETSENCRYPTMAIL && service nginx reload' >>$INIT_NGINX;
......@@ -77,7 +89,7 @@ ENV INIT_DOWNLOAD=$INIT_DOWNLOAD
RUN echo 'for url in $@; do' >>$INIT_DOWNLOAD; \
echo ' echo "*** downloading: $url ***"' >>$INIT_DOWNLOAD; \
echo ' if [[ "$url" =~ ^.*/(.*\.mbtiles)$ ]]; then' >>$INIT_DOWNLOAD; \
echo ' FILE="/data/${BASH_REMATCH[1]}"' >>$INIT_DOWNLOAD; \
echo ' FILE="/data/${BASH_REMATCH[1]}";' >>$INIT_DOWNLOAD; \
echo ' [[ `wget --spider --server-response "$url" 2>&1 | grep "Content-Length"` =~ ^.*:[[:space:]]([[:digit:]]+)$ ]] && REMOTE_MAP_SIZE=${BASH_REMATCH[1]} || REMOTE_MAP_SIZE=0;' >>$INIT_DOWNLOAD; \
echo ' [ ! -f $FILE ] || [ `stat -c%s $FILE` -ne $REMOTE_MAP_SIZE ] && [ $REMOTE_MAP_SIZE -ne 0 ] && wget "$url" -O $FILE' >>$INIT_DOWNLOAD; \
echo ' fi' >>$INIT_DOWNLOAD; \
......@@ -94,12 +106,15 @@ RUN echo 'chown -R root: /var/cache/nginx /etc/nginx/ssl' >>$INIT; \
echo 'service munin-node start' >>$INIT; \
echo 'service cron start' >>$INIT; \
echo 'rm -rf /var/cache/nginx/*' >>$INIT; \
echo 'rm /etc/nginx/conf.d/*' >>$INIT; \
echo 'PORT=$1' >>$INIT; \
echo '[ "BALANCER_IPLIST" = "" ] && BALANCER_IPLIST="127.0.0.1"' >>$INIT; \
echo '[[ " $BALANCER_IPLIST " =~ " 127.0.0.1 " ]] && LOCAL_NODE="true" || LOCAL_NODE="false"' >>$INIT; \
echo '/bin/bash $INIT_DOWNLOAD $URL_MAPS' >>$INIT; \
echo '/bin/bash $INIT_NGINX "$DOMAIN" "$SSL" "$SSL_LETSENCRYPTMAIL" "$MAPS_TOKEN" $BALANCER_IPLIST' >>$INIT; \
echo 'rm -f /etc/nginx/conf.d/*' >>$INIT; \
echo 'PORT=80; LOCAL_NODE="true"' >>$INIT; \