Merge pull request #5872 from gsiv/dev/caddy

Docker: Rename proxy-related variables

docker/.env

@@ -17,8 +17,8 @@ DEFAULT_DOCKER_REGISTRY=
 
 # Docker Images
 # -------------
-DOCKER_OPENSLIDES_HAPROXY_NAME=
-DOCKER_OPENSLIDES_HAPROXY_TAG=
+DOCKER_OPENSLIDES_PROXY_NAME=
+DOCKER_OPENSLIDES_PROXY_TAG=
 DOCKER_OPENSLIDES_BACKEND_NAME=
 DOCKER_OPENSLIDES_BACKEND_TAG=
 DOCKER_OPENSLIDES_FRONTEND_NAME=

docker/build.sh

@@ -6,7 +6,7 @@ declare -A TARGETS
 TARGETS=(
   [client]="$(dirname "${BASH_SOURCE[0]}")/../client/docker/"
   [server]="$(dirname "${BASH_SOURCE[0]}")/../server/docker/"
-  [caddy]="$(dirname "${BASH_SOURCE[0]}")/../caddy/"
+  [proxy]="$(dirname "${BASH_SOURCE[0]}")/../caddy/"
   [autoupdate]="$(dirname "${BASH_SOURCE[0]}")/../autoupdate/"
   [media]="https://github.com/OpenSlides/openslides-media-service.git"
   [pgbouncer]="https://github.com/OpenSlides/openslides-docker-compose.git#:pgbouncer"

docker/docker-compose.dev.yml

@@ -45,7 +45,7 @@ services:
   redis:
     image: redis:latest
 
-  caddy:
+  proxy:
     image: caddy:2.3.0-alpine
     volumes:
       - ../caddy/Caddyfile.dev:/etc/caddy/Caddyfile

docker/docker-compose.yml.m4

@@ -13,10 +13,10 @@ define(`read_env', `esyscmd(`printf "\`%s'" "$$1"')')
 dnl return env variable if set; otherwise, return given alternative value
 define(`ifenvelse', `ifelse(read_env(`$1'),, `$2', read_env(`$1'))')
 
-define(`HAPROXY_IMAGE',
+define(`PROXY_IMAGE',
 ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
-ifenvelse(`DOCKER_OPENSLIDES_HAPROXY_NAME', openslides-caddy):dnl
-ifenvelse(`DOCKER_OPENSLIDES_HAPROXY_TAG', latest))
+ifenvelse(`DOCKER_OPENSLIDES_PROXY_NAME', openslides-proxy):dnl
+ifenvelse(`DOCKER_OPENSLIDES_PROXY_TAG', latest))
 define(`BACKEND_IMAGE',
 ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
 ifenvelse(`DOCKER_OPENSLIDES_BACKEND_NAME', openslides-server):dnl
@@ -95,8 +95,8 @@ x-pgnode-env: &default-pgnode-env
   REPMGR_WAL_ARCHIVE: "ifenvelse(`PGNODE_WAL_ARCHIVING', on)"
 
 services:
-  haproxy:
-    image: HAPROXY_IMAGE
+  proxy:
+    image: PROXY_IMAGE
     depends_on:
       - server
       - client

docker/docker-stack.yml.m4

@@ -13,10 +13,10 @@ define(`read_env', `esyscmd(`printf "\`%s'" "$$1"')')
 dnl return env variable if set; otherwise, return given alternative value
 define(`ifenvelse', `ifelse(read_env(`$1'),, `$2', read_env(`$1'))')
 
-define(`HAPROXY_IMAGE',
+define(`PROXY_IMAGE',
 ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
-ifenvelse(`DOCKER_OPENSLIDES_HAPROXY_NAME', openslides-caddy):dnl
-ifenvelse(`DOCKER_OPENSLIDES_HAPROXY_TAG', latest))
+ifenvelse(`DOCKER_OPENSLIDES_PROXY_NAME', openslides-proxy):dnl
+ifenvelse(`DOCKER_OPENSLIDES_PROXY_TAG', latest))
 define(`BACKEND_IMAGE',
 ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
 ifenvelse(`DOCKER_OPENSLIDES_BACKEND_NAME', openslides-server):dnl
@@ -95,8 +95,8 @@ x-pgnode-env: &default-pgnode-env
   REPMGR_WAL_ARCHIVE: "ifenvelse(`PGNODE_WAL_ARCHIVING', on)"
 
 services:
-  haproxy:
-    image: HAPROXY_IMAGE
+  proxy:
+    image: PROXY_IMAGE
     networks:
       - front
       - back

haproxy/Dockerfile

@@ -1,5 +0,0 @@
-FROM haproxy:2.0-alpine
-COPY src/haproxy.common.cfg /usr/local/etc/haproxy/haproxy.common.cfg
-COPY src/haproxy.prod.cfg /usr/local/etc/haproxy/haproxy.prod.cfg
-COPY src/combined.pem /usr/local/etc/haproxy/combined.pem
-CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.common.cfg", "-f", "/usr/local/etc/haproxy/haproxy.prod.cfg"]

haproxy/Dockerfile.dev

@@ -1,5 +0,0 @@
-FROM haproxy:2.0-alpine
-COPY src/haproxy.common.cfg /usr/local/etc/haproxy/haproxy.common.cfg
-COPY src/haproxy.dev.cfg /usr/local/etc/haproxy/haproxy.dev.cfg
-COPY src/combined.pem /usr/local/etc/haproxy/combined.pem
-CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.common.cfg", "-f", "/usr/local/etc/haproxy/haproxy.dev.cfg"]

haproxy/Makefile

@@ -1,3 +0,0 @@
-build-dev:
-	./prepare-cert.sh
-	docker build -t os3-haproxy-dev -f Dockerfile.dev .

haproxy/build.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-cd "$(dirname "${BASH_SOURCE[0]}")"
-./prepare-cert.sh
-docker build --tag "${img:-openslides/openslides-${service_name}:latest}" \
-  --pull "${OPTIONS[@]}" .

haproxy/prepare-cert.sh

@@ -1,27 +0,0 @@
-#!/bin/bash
-
-set -e
-cd "$(dirname "$0")"
-
-# check, if we already generated a cert
-combined="src/combined.pem"
-
-if [[ ! -f $combined ]]; then
-    echo "Creating certificates..."
-    cd src
-    if type 2>&1 >/dev/null openssl ; then
-      echo "Using openssl to generate a certificate."
-      echo "You will need to accept an security exception for the"
-      echo "generated certificate in your browser manually."
-      openssl req -x509 -newkey rsa:4096 -nodes -days 3650 \
-              -subj "/C=DE/O=Selfsigned Test/CN=localhost" \
-              -keyout localhost-key.pem -out localhost.pem
-    else
-      echo >&2 "FATAL: No valid certificate generation tool found!"
-      exit -1
-    fi
-    cat localhost.pem localhost-key.pem > combined.pem
-    echo "done"
-else
-    echo "Certificate exists."
-fi

haproxy/src/haproxy.common.cfg

@@ -1,31 +0,0 @@
-global
-    log stdout  format raw  local0  debug
-
-defaults
-    option http-use-htx
-    option dontlognull
-    timeout connect 3s
-    timeout client 10s
-    timeout client-fin 10s
-    timeout server 10s
-    timeout server-fin 10s
-    timeout check 2s
-    timeout tunnel 10s
-    timeout queue 2s
-    log global
-    option httplog
-
-resolvers docker_resolver
-    nameserver dns 127.0.0.11:53
-
-backend backend_server
-    mode http
-    # Do not pass the auth-header from /stats to OS. It confuses the server...
-    http-request del-header authorization
-    timeout server 4m
-    server server server:8000 resolvers docker_resolver check alpn http/1.1
-
-backend backend_autoupdate
-    mode http
-    timeout server 1h
-    server autoupdate autoupdate:8002 resolvers docker_resolver check ssl verify none alpn h2

haproxy/src/haproxy.dev.cfg

@@ -1,20 +0,0 @@
-frontend https
-    mode http
-    bind *:8000 ssl crt /usr/local/etc/haproxy/combined.pem alpn h2,http/1.1
-    default_backend backend_client
-
-    acl autoupdate path_beg -i /system
-    use_backend backend_autoupdate if autoupdate
-
-    acl server path_beg -i /apps /media/ /rest /server-version.txt
-    use_backend backend_server if server
-
-    stats enable
-    stats uri /stats
-    stats refresh 10s
-    stats auth admin:admin
-
-backend backend_client
-    mode http
-    timeout tunnel 1h
-    server client client:4200 resolvers docker_resolver no-check

haproxy/src/haproxy.prod.cfg

@@ -1,26 +0,0 @@
-frontend https
-    mode http
-    bind *:8000 ssl crt /usr/local/etc/haproxy/combined.pem alpn h2,http/1.1
-    default_backend backend_client
-
-    acl autoupdate path_beg -i /system
-    use_backend backend_autoupdate if autoupdate
-
-    acl server path_beg -i /apps /rest /server-version.txt
-    use_backend backend_server if server
-
-    acl media path_beg -i /media/
-    use_backend backend_media if media
-
-    stats enable
-    stats uri /stats
-    stats refresh 10s
-    stats auth admin:admin
-
-backend backend_client
-    mode http
-    server client client:80 resolvers docker_resolver check
-
-backend backend_media
-    mode http
-    server media media:8000 resolvers docker_resolver check