Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Secure WebSocket Support (#1619)

Browse Source 
* Remove support for whitelist

* Rename nginx to nginx-api

* Remove websocket support from nginx-api

* Change nginx to nginx-api service
The nginx-api service will proxy requests to the BigchainDB HTTP API.

* Rename ngx-instance-0 to ngx-api-instance-0 in nginx_3scale

* Update nginx-api service base docker image and README

* Add nginx-ws service to support Websocket

* Add config files for simple dev setup

* WS support with split NGINX

* NGINX module as single entrypoint into the cluster.

* Tested HTTP and WS with latest configs

* Openresty as separate service

* Remove upstream api port as configuration parameter

* Changes while testing

* Adding READMEs for nginx-http and nginx-https modules

* Documentation update

* Change 'Openresty' to 'OpenResty'.
This commit is contained in:
Krish
2017-07-17 13:46:05 +02:00
committed by GitHub
parent f576894b4c
commit b7e13fd087
35 changed files with 1634 additions and 630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
k8s/nginx-https/nginx-https-dep.yaml Normal file
View File

@@ -0,0 +1,118 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ngx-https-instance-0-dep
spec:
replicas: 1
template:
metadata:
labels:
app: ngx-https-instance-0-dep
spec:
terminationGracePeriodSeconds: 10
containers:
- name: nginx-https
image: bigchaindb/nginx_https:1.0
imagePullPolicy: Always
env:
- name: CLUSTER_FRONTEND_PORT
valueFrom:
configMapKeyRef:
name: vars
key: cluster-frontend-port
- name: HEALTH_CHECK_PORT
valueFrom:
configMapKeyRef:
name: vars
key: cluster-health-check-port
- name: CLUSTER_FQDN
valueFrom:
configMapKeyRef:
name: vars
key: cluster-fqdn
- name: DNS_SERVER
valueFrom:
configMapKeyRef:
name: vars
key: cluster-dns-server-ip
- name: MONGODB_FRONTEND_PORT
valueFrom:
configMapKeyRef:
name: vars
key: mongodb-frontend-port
- name: MONGODB_BACKEND_HOST
valueFrom:
configMapKeyRef:
name: vars
key: ngx-mdb-instance-name
- name: MONGODB_BACKEND_PORT
valueFrom:
configMapKeyRef:
name: vars
key: mongodb-backend-port
- name: OPENRESTY_BACKEND_PORT
valueFrom:
configMapKeyRef:
name: vars
key: openresty-backend-port
- name: OPENRESTY_BACKEND_HOST
valueFrom:
configMapKeyRef:
name: vars
key: openresty-backend-host
- name: THREESCALE_API_PORT
valueFrom:
configMapKeyRef:
name: vars
key: threescale-api-port
- name: BIGCHAINDB_BACKEND_HOST
valueFrom:
configMapKeyRef:
name: vars
key: ngx-bdb-instance-name
- name: BIGCHAINDB_API_PORT
valueFrom:
configMapKeyRef:
name: vars
key: bigchaindb-api-port
- name: BIGCHAINDB_WS_PORT
valueFrom:
configMapKeyRef:
name: vars
key: bigchaindb-ws-port
ports:
# return a pretty error message on port 80, since we are expecting
# HTTPS traffic.
- containerPort: 80
protocol: TCP
- containerPort: "<mongodb-frontend-port from ConfigMap>"
protocol: TCP
- containerPort: "<cluster-frontend-port from ConfigMap>"
protocol: TCP
- containerPort: "<threescale-api-port from ConfigMap>"
protocol: TCP
- containerPort: "<cluster-health-check-port from ConfigMap>"
protocol: TCP
name: ngx-port
livenessProbe:
httpGet:
path: /health
port: ngx-port
initialDelaySeconds: 15
periodSeconds: 15
failureThreshold: 3
timeoutSeconds: 10
resources:
limits:
cpu: 200m
memory: 768Mi
volumeMounts:
- name: https-certs
mountPath: /etc/nginx/ssl/
readOnly: true
restartPolicy: Always
volumes:
- name: https-certs
secret:
secretName: https-certs
defaultMode: 0400