Merge pull request #110 from jembi/nginx_service_check_removal

tumbledwyer · web-flow · commit 8b8a047aeaf8 · 2022-07-21T13:34:18.000+02:00
Nginx service check removal
diff --git a/client-registry-santempi/config/http-client-registry-santempi-insecure.conf b/client-registry-santempi/config/http-client-registry-santempi-insecure.conf
@@ -2,13 +2,17 @@ server {
     listen          9200;
 
     location / {
-        proxy_pass  http://santedb-www:9200;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_santedb_www santedb-www;
+        proxy_pass  http://$upstream_santedb_www:9200;
     }
 }
 server {
     listen          8084;
 
     location / {
-        proxy_pass  http://santedb-mpi:8080;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_santedb_mpi santedb-mpi;
+        proxy_pass  http://$upstream_santedb_mpi:8080;
     }
 }
diff --git a/client-registry-santempi/config/http-client-registry-santempi-secure.conf b/client-registry-santempi/config/http-client-registry-santempi-secure.conf
@@ -24,7 +24,9 @@ server {
     }
 
     location / {
-        proxy_pass  http://santedb-mpi:8080;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_santedb_mpi santedb-mpi;
+        proxy_pass  http://$upstream_santedb_mpi:8080;
     }
 }
 
@@ -54,6 +56,8 @@ server {
     }
 
     location / {
-        proxy_pass  http://santedb-www:9200;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_santedb_www santedb-www;
+        proxy_pass  http://$upstream_santedb_www:9200;
     }
 }
diff --git a/dashboard-visualiser-jsreport/config/http-jsreport-insecure.conf b/dashboard-visualiser-jsreport/config/http-jsreport-insecure.conf
@@ -1,7 +1,9 @@
 server {
-    listen 5488;
+    listen          5488;
 
     location / {
-        proxy_pass http://dashboard-visualiser-jsreport:5488;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_jsreport dashboard-visualiser-jsreport;
+        proxy_pass  http://$upstream_jsreport:5488;
     }
 }
diff --git a/dashboard-visualiser-jsreport/config/http-jsreport-secure.conf b/dashboard-visualiser-jsreport/config/http-jsreport-secure.conf
@@ -1,29 +1,31 @@
 server {
-    listen 80;
-    server_name reports.*;
+    listen          80;
+    server_name     reports.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_certbot certbot;
+        proxy_pass  http://$upstream_certbot$request_uri;
     }
 
     location / {
-        return 301 https://$host$request_uri;
+        return      301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name reports.*;
+    listen          443 ssl;
+    listen          [::]:443 ssl;
+    server_name     reports.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_certbot certbot;
+        proxy_pass  http://$upstream_certbot$request_uri;
     }
 
     location / {
-        proxy_pass http://dashboard-visualiser-jsreport:5488;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_jsreport dashboard-visualiser-jsreport;
+        proxy_pass  http://$upstream_jsreport:5488;
     }
 }
diff --git a/dashboard-visualiser-kibana/config/http-kibana-insecure.conf b/dashboard-visualiser-kibana/config/http-kibana-insecure.conf
@@ -1,7 +1,9 @@
 server {
-    listen 5601;
+    listen          5601;
 
     location / {
-        proxy_pass http://dashboard-visualiser-kibana:5601;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_kibana dashboard-visualiser-kibana;
+        proxy_pass  http://$upstream_kibana:5601;
     }
 }
diff --git a/dashboard-visualiser-kibana/config/http-kibana-secure.conf b/dashboard-visualiser-kibana/config/http-kibana-secure.conf
@@ -1,29 +1,31 @@
 server {
-    listen 80;
-    server_name kibana.*;
+    listen          80;
+    server_name     kibana.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_certbot certbot;
+        proxy_pass  http://$upstream_certbot$request_uri;
     }
 
     location / {
-        return 301 https://$host$request_uri;
+        return      301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name kibana.*;
+    listen          443 ssl;
+    listen          [::]:443 ssl;
+    server_name     kibana.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_certbot certbot;
+        proxy_pass  http://$upstream_certbot$request_uri;
     }
 
     location / {
-        proxy_pass http://dashboard-visualiser-kibana:5601;
+        resolver    127.0.0.11 valid=30s;
+        set         $upstream_kibana dashboard-visualiser-kibana;
+        proxy_pass  http://$upstream_kibana:5601;
     }
 }
diff --git a/interoperability-layer-openhim/config/http-openhim-insecure.conf b/interoperability-layer-openhim/config/http-openhim-insecure.conf
@@ -1,18 +1,22 @@
 # OpenHIM Core HTTP server config
 server {
-    listen 5001;
-    client_max_body_size 10M;
+    listen                5001;
+    client_max_body_size  10M;
 
     location / {
-        proxy_pass http://openhim-core:5001;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_openhim_core openhim-core;
+        proxy_pass        http://$upstream_openhim_core:5001;
     }
 }
 
 # OpenHIM Console
 server {
-    listen 80;
+    listen                80;
 
     location / {
-        proxy_pass http://openhim-console:80;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_openhim_console openhim-console;
+        proxy_pass        http://$upstream_openhim_console:80;
     }
 }
diff --git a/interoperability-layer-openhim/config/http-openhim-secure.conf b/interoperability-layer-openhim/config/http-openhim-secure.conf
@@ -1,93 +1,99 @@
 # OpenHIM Core API server config
 server {
-    listen 80;
-    server_name openhimcomms.*;
+    listen                80;
+    server_name           openhimcomms.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        return 301 https://$host$request_uri;
+        return            301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name openhimcomms.*;
+    listen                443 ssl;
+    listen                [::]:443 ssl;
+    server_name           openhimcomms.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        proxy_pass https://openhim-core:8080;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_openhim_core openhim-core;
+        proxy_pass        https://$upstream_openhim_core:8080;
     }
 }
 
 # OpenHIM Core HTTP server config
 server {
-    listen 80;
-    server_name openhimcore.*;
+    listen                80;
+    server_name           openhimcore.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        return 301 https://$host$request_uri;
+        return            301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name openhimcore.*;
-    client_max_body_size 10M;
+    listen                443 ssl;
+    listen                [::]:443 ssl;
+    server_name           openhimcore.*;
+    client_max_body_size  10M;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        proxy_pass https://openhim-core:5000;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_openhim_core openhim-core;
+        proxy_pass        https://$upstream_openhim_core:5000;
     }
 }
 
 # OpenHIM Console
 server {
-    listen 80;
-    server_name openhimconsole.*;
+    listen                80;
+    server_name           openhimconsole.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        return 301 https://$host$request_uri;
+        return            301 https://$host$request_uri;
     }
 }
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-    server_name openhimconsole.*;
+    listen                443 ssl;
+    listen                [::]:443 ssl;
+    server_name           openhimconsole.*;
 
     location /.well-known/acme-challenge/ {
-        resolver 127.0.0.11 valid=30s;
-        set $upstream_certbot certbot;
-        proxy_pass http://$upstream_certbot$request_uri;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_certbot certbot;
+        proxy_pass        http://$upstream_certbot$request_uri;
     }
 
     location / {
-        proxy_pass http://openhim-console:80;
+        resolver          127.0.0.11 valid=30s;
+        set               $upstream_openhim_console openhim-console;
+        proxy_pass        http://$upstream_openhim_console:80;
     }
 }
diff --git a/interoperability-layer-openhim/config/stream-openhim-insecure.conf b/interoperability-layer-openhim/config/stream-openhim-insecure.conf
@@ -1,5 +1,7 @@
 # use a stream so don't terminate ssl here
 server {
-    listen 8080;
-    proxy_pass openhim-core:8080;
+    listen      8080;
+    resolver    127.0.0.11 valid=30s;
+    set         $upstream_openhim_core openhim-core;
+    proxy_pass  $upstream_openhim_core:8080;
 }
diff --git a/reverse-proxy-nginx/swarm.sh b/reverse-proxy-nginx/swarm.sh
@@ -119,8 +119,9 @@ main() {
 
       log info "Done updating nginx service"
 
+      local staging_args=""
       if [ "${STAGING}" == "true" ]; then
-        local staging_args="--staging"
+        staging_args="--staging"
       fi
 
       #Generate real certificate
@@ -140,7 +141,7 @@ main() {
       try "docker run --rm --network host --name certbot-helper -w /temp \
         -v data-certbot-conf:/temp-certificates \
         -v instant:/temp busybox sh \
-        -c rm -rf certificates; mkdir certificates; cp -r /temp-certificates/* /temp/certificates" "Failed to transfer certificate"
+        -c \"rm -rf certificates; mkdir -p certificates; cp -r /temp-certificates/* /temp/certificates\"" "Failed to transfer certificate"
       try "docker volume rm data-certbot-conf" "Failed to remove data-certbot-conf volume"
 
       local new_timestamp

Original file line number	Diff line number	Diff line change
`@@ -2,13 +2,17 @@ server {`
`2`	`2`	`listen 9200;`
`3`	`3`
`4`	`4`	`location / {`
`5`		`- proxy_pass http://santedb-www:9200;`
	`5`	`+ resolver 127.0.0.11 valid=30s;`
	`6`	`+ set $upstream_santedb_www santedb-www;`
	`7`	`+ proxy_pass http://$upstream_santedb_www:9200;`
`6`	`8`	`}`
`7`	`9`	`}`
`8`	`10`	`server {`
`9`	`11`	`listen 8084;`
`10`	`12`
`11`	`13`	`location / {`
`12`		`- proxy_pass http://santedb-mpi:8080;`
	`14`	`+ resolver 127.0.0.11 valid=30s;`
	`15`	`+ set $upstream_santedb_mpi santedb-mpi;`
	`16`	`+ proxy_pass http://$upstream_santedb_mpi:8080;`
`13`	`17`	`}`
`14`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,9 @@ server {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`location / {`
`27`		`- proxy_pass http://santedb-mpi:8080;`
	`27`	`+ resolver 127.0.0.11 valid=30s;`
	`28`	`+ set $upstream_santedb_mpi santedb-mpi;`
	`29`	`+ proxy_pass http://$upstream_santedb_mpi:8080;`
`28`	`30`	`}`
`29`	`31`	`}`
`30`	`32`
`@@ -54,6 +56,8 @@ server {`
`54`	`56`	`}`
`55`	`57`
`56`	`58`	`location / {`
`57`		`- proxy_pass http://santedb-www:9200;`
	`59`	`+ resolver 127.0.0.11 valid=30s;`
	`60`	`+ set $upstream_santedb_www santedb-www;`
	`61`	`+ proxy_pass http://$upstream_santedb_www:9200;`
`58`	`62`	`}`
`59`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,9 @@`
`1`	`1`	`server {`
`2`		`- listen 5488;`
	`2`	`+ listen 5488;`
`3`	`3`
`4`	`4`	`location / {`
`5`		`- proxy_pass http://dashboard-visualiser-jsreport:5488;`
	`5`	`+ resolver 127.0.0.11 valid=30s;`
	`6`	`+ set $upstream_jsreport dashboard-visualiser-jsreport;`
	`7`	`+ proxy_pass http://$upstream_jsreport:5488;`
`6`	`8`	`}`
`7`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,9 @@`
`1`	`1`	`server {`
`2`		`- listen 5601;`
	`2`	`+ listen 5601;`
`3`	`3`
`4`	`4`	`location / {`
`5`		`- proxy_pass http://dashboard-visualiser-kibana:5601;`
	`5`	`+ resolver 127.0.0.11 valid=30s;`
	`6`	`+ set $upstream_kibana dashboard-visualiser-kibana;`
	`7`	`+ proxy_pass http://$upstream_kibana:5601;`
`6`	`8`	`}`
`7`	`9`	`}`