Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
bigchaindb/k8s/nginx/container
History
Krish cc66d5aaa5 Single node setup (#1418) 
* Add more tools to the toolbox container

* Add mongodb monitoring agent
* Add a bigchaindb/mongodb-monitoring-agent container that includes the
monitoring agent.
* It makes use of an api key provided by MongoDB Cloud Manager. This is
included in the configuration/config-map.yaml file.

* Changes to mongodb StatefulSet configuration
Changes to bump up mongodb version to v3.4.3.
Add configuration settings for mongodb instance name in ConfigMap.
Split the mongodb service to a new configuration file.

* Modify bigchaindb deployment config
* Bugfix to remove keyring field for the first node.
* Split the mongodb service to a new configuration file.

* Add mongodb backup agent
* Add a bigchaindb/mongodb-backup-agent container that includes the
backup agent.
* It makes use of an api key provided by MongoDB Cloud Manager. This is
included in the configuration/config-map.yaml file.

* Changes to nginx deployment config
* Allow 'all' by default for now. This is included in the
configuration/config-map.yaml file.
* Dynamically resolve DNS addresses of our backend services; cache DNS
resolution for 20s.
* Configure DNS based on user provided resolver. This helps in user
deciding to provide 8.8.8.8 or a custom DNS for name resolution. For k8s
deployments, we use the hardcoded k8s DNS IP of 10.0.0.10.

* Changes to nginx-3scale deployment config
* Use the common ConfigMap in configuration/config-map.yaml file.

* Removing prefix `v` from the docker tag for mongodb-monitoring-agent and mongodb containers

* Bumping up version for nginx-3scale container

* Add small helper scripts for docker build and push of mongodb monitoring
and backup agents

* Documentation for setting up the first node with monitoring and backup
agents
2017-04-21 14:41:12 +02:00
..
Dockerfile
NGINX frontend for MongoDB and BigchainDB (#1304)
2017-03-22 14:25:25 +01:00
nginx_entrypoint.bash
Single node setup (#1418)
2017-04-21 14:41:12 +02:00
nginx.conf.template
Single node setup (#1418)
2017-04-21 14:41:12 +02:00
README.md
Single node setup (#1418)
2017-04-21 14:41:12 +02:00

README.md

Custom Nginx container for a Node

Need

  • Since, BigchainDB and MongoDB both need to expose ports to the outside world (inter and intra cluster), we need to have a basic DDoS mitigation strategy to ensure that we can provide proper uptime and security these core services.

  • We can have a proxy like nginx/haproxy in every node that listens to global connections and applies cluster level entry policy.

Implementation

  • For MongoDB cluster communication, we will use nginx with an environment variable specifying a ":" separated list of IPs in the whitelist. This list contains the IPs of exising instances in the MongoDB replica set so as to allow connections from the whitelist and avoid a DDoS.

  • For BigchainDB connections, nginx needs to have rules to throttle connections that are using resources over a threshold.

Step 1: Build the Latest Container

Run docker build -t bigchaindb/nginx:<tag> . from this folder.

Optional: Upload container to Docker Hub: docker push bigchaindb/nginx:<tag>

Step 2: Run the Container

Note that the whilelist IPs must be specified with the subnet in the CIDR format, eg: 1.2.3.4/16

docker run \
--env "MONGODB_FRONTEND_PORT=<port where nginx listens for MongoDB connections>" \
--env "MONGODB_BACKEND_HOST=<ip/hostname of instance where MongoDB is running>" \
--env "MONGODB_BACKEND_PORT=<port where MongoDB is listening for connections>" \
--env "BIGCHAINDB_FRONTEND_PORT=<port where nginx listens for BigchainDB connections>" \
--env "BIGCHAINDB_BACKEND_HOST=<ip/hostname of instance where BigchainDB is running>" \
--env "BIGCHAINDB_BACKEND_PORT=<port where BigchainDB is listening for connections>" \
--env "MONGODB_WHITELIST=<a ':' separated list of IPs that can connect to MongoDB>" \
--env "DNS_SERVER=<ip of the dns server>" \
--name=ngx \
--publish=<port where nginx listens for MongoDB connections as specified above>:<correcponding host port> \
--publish=<port where nginx listens for BigchainDB connections as specified
above>:<corresponding host port> \
--rm=true \
bigchaindb/nginx

For example:

docker run \
--env "MONGODB_FRONTEND_PORT=17017" \
--env "MONGODB_BACKEND_HOST=localhost" \
--env "MONGODB_BACKEND_PORT=27017" \
--env "BIGCHAINDB_FRONTEND_PORT=80" \
--env "BIGCHAINDB_BACKEND_HOST=localhost" \
--env "BIGCHAINDB_BACKEND_PORT=9984" \
--env "MONGODB_WHITELIST=192.168.0.0/16:10.0.2.0/24" \
--name=ngx \
--publish=80:80 \
--publish=17017:17017 \
--rm=true \
bigchaindb/nginx