diff --git a/k8s/nginx/container/Dockerfile b/k8s/nginx/container/Dockerfile index c6c4dd3f..04c69e84 100644 --- a/k8s/nginx/container/Dockerfile +++ b/k8s/nginx/container/Dockerfile @@ -7,5 +7,5 @@ RUN apt-get update \ && apt-get clean COPY nginx.conf.template /etc/nginx/nginx.conf COPY nginx_entrypoint.bash / -EXPOSE 80 443 27017 +EXPOSE 80 81 443 444 27017 ENTRYPOINT ["/nginx_entrypoint.bash"] diff --git a/k8s/nginx/container/README.md b/k8s/nginx/container/README.md index 30f42bfe..5a1e1273 100644 --- a/k8s/nginx/container/README.md +++ b/k8s/nginx/container/README.md @@ -40,6 +40,8 @@ docker run \ --env "BIGCHAINDB_FRONTEND_PORT=" \ --env "BIGCHAINDB_BACKEND_HOST=" \ --env "BIGCHAINDB_BACKEND_PORT=" \ +--env "BIGCHAINDB_WS_BACKEND_PORT=" \ +--env "BIGCHAINDB_WS_FRONTEND_PORT=" \ --env "MONGODB_WHITELIST=" \ --env "DNS_SERVER=" \ --name=ngx \ @@ -59,6 +61,8 @@ docker run \ --env "BIGCHAINDB_FRONTEND_PORT=80" \ --env "BIGCHAINDB_BACKEND_HOST=localhost" \ --env "BIGCHAINDB_BACKEND_PORT=9984" \ +--env="BIGCHAINDB_WS_FRONTEND_PORT=81" \ +--env="BIGCHAINDB_WS_BACKEND_PORT=9985" \ --env "MONGODB_WHITELIST=192.168.0.0/16:10.0.2.0/24" \ --name=ngx \ --publish=80:80 \ @@ -67,3 +71,8 @@ docker run \ bigchaindb/nginx ``` +### Note: +You can test the WebSocket server by using +[wsc](https://slack-redir.net/link?url=https%3A%2F%2Fwww.npmjs.com%2Fpackage%2Fwsc) tool with a command like: +`wsc -er ws://localhost:9985/api/v1/streams/valid_tx`. + diff --git a/k8s/nginx/container/nginx.conf.template b/k8s/nginx/container/nginx.conf.template index 6167dceb..bae805a5 100644 --- a/k8s/nginx/container/nginx.conf.template +++ b/k8s/nginx/container/nginx.conf.template @@ -63,6 +63,26 @@ http { proxy_pass http://$bdb_backend:BIGCHAINDB_BACKEND_PORT; } } + + server { + listen BIGCHAINDB_WS_FRONTEND_PORT; + underscores_in_headers on; + + # keepalive connection settings + keepalive_timeout 20s; + + # `slowloris` attack mitigation settings + client_body_timeout 10s; + client_header_timeout 10s; + + location /api/v1/streams/ { + proxy_read_timeout 300s; + proxy_pass http://$bdb_backend:BIGCHAINDB_WS_BACKEND_PORT; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } } # NGINX stream block for TCP and UDP proxies diff --git a/k8s/nginx/container/nginx_entrypoint.bash b/k8s/nginx/container/nginx_entrypoint.bash index e40d89f4..49578433 100755 --- a/k8s/nginx/container/nginx_entrypoint.bash +++ b/k8s/nginx/container/nginx_entrypoint.bash @@ -7,6 +7,8 @@ mongo_backend_port=`printenv MONGODB_BACKEND_PORT` bdb_frontend_port=`printenv BIGCHAINDB_FRONTEND_PORT` bdb_backend_host=`printenv BIGCHAINDB_BACKEND_HOST` bdb_backend_port=`printenv BIGCHAINDB_BACKEND_PORT` +bdb_ws_frontend_port=`printenv BIGCHAINDB_WS_FRONTEND_PORT` +bdb_ws_backend_port=`printenv BIGCHAINDB_WS_BACKEND_PORT` mongo_whitelist=`printenv MONGODB_WHITELIST` dns_server=`printenv DNS_SERVER` @@ -17,6 +19,8 @@ if [[ -z "${mongo_frontend_port}" || \ -z "${bdb_frontend_port}" || \ -z "${bdb_backend_host}" || \ -z "${bdb_backend_port}" || \ + -z "${bdb_ws_backend_port}" || \ + -z "${bdb_ws_frontend_port}" || \ -z "${dns_server}" ]] ; then echo "Invalid environment settings detected. Exiting!" exit 1 @@ -31,6 +35,8 @@ sed -i "s|MONGODB_BACKEND_PORT|${mongo_backend_port}|g" $NGINX_CONF_FILE sed -i "s|BIGCHAINDB_FRONTEND_PORT|${bdb_frontend_port}|g" $NGINX_CONF_FILE sed -i "s|BIGCHAINDB_BACKEND_HOST|${bdb_backend_host}|g" $NGINX_CONF_FILE sed -i "s|BIGCHAINDB_BACKEND_PORT|${bdb_backend_port}|g" $NGINX_CONF_FILE +sed -i "s|BIGCHAINDB_WS_FRONTEND_PORT|${bdb_ws_frontend_port}|g" $NGINX_CONF_FILE +sed -i "s|BIGCHAINDB_WS_BACKEND_PORT|${bdb_ws_backend_port}|g" $NGINX_CONF_FILE sed -i "s|DNS_SERVER|${dns_server}|g" $NGINX_CONF_FILE # populate the whitelist in the conf file as per MONGODB_WHITELIST env var