From cce86524b7ba9ab47febe5777b766a6ac16ac005 Mon Sep 17 00:00:00 2001 From: skeris Date: Sun, 21 Jan 2024 21:47:54 +0300 Subject: [PATCH] -- --- .gitlab-ci.yml | 4 + Dockerfile | 2 + admin.conf | 258 +++++++++++++++++++++++- cert.pem | 20 ++ deployments/staging/docker-compose.yaml | 4 + key.pem | 27 +++ 6 files changed, 310 insertions(+), 5 deletions(-) create mode 100644 cert.pem create mode 100644 key.pem diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 985b23c..c4f5987 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,6 +11,8 @@ stages: - deploy clear-old-images: + tags: + - frontbuild extends: .clean_template variables: STAGING_BRANCH: "main" @@ -24,6 +26,8 @@ clear-old-images: script: - docker system prune -af build-app: + tags: + - frontbuild stage: build before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY diff --git a/Dockerfile b/Dockerfile index 71d2366..9ecf280 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,3 +12,5 @@ FROM nginx:latest as result WORKDIR /usr/share/nginx/html COPY --from=build /usr/app/build/ /usr/share/nginx/html COPY admin.conf /etc/nginx/conf.d/default.conf +COPY cert.pem /etc/nginx/cert.pem +COPY key.pem /etc/nginx/key.pem diff --git a/admin.conf b/admin.conf index a3a8e51..22cdb42 100644 --- a/admin.conf +++ b/admin.conf @@ -1,12 +1,260 @@ -server { - listen 80; - server_name _; - +server { + root /usr/share/nginx/html; + + index index.html index.htm index.nginx-debian.html; + server_name _; # managed by Certbot + client_max_body_size 70M; + location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri $uri/ /index.html; } + + + + location /auth { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + return 200; + } + if ($host = sadmin.pena) { + proxy_pass http://10.6.0.11:59301; + } + if ($host != sadmin.pena) { + proxy_pass http://10.6.0.11:59300; + } + proxy_hide_header Access-Control-Allow-Origin; + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + } + location /user/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.11:59300; + } + + location /swagger/ { + proxy_pass http://10.6.0.11:59300/; + } + + location /heruvym/ { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization,sess always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_set_header Referer $host; + proxy_set_header Origin $http_origin; + proxy_set_header Connection ''; + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + proxy_pass https://10.6.0.11:1488/; + } + + location /strator/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.11:59303/; + } + + location /customer/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.11:8065/; + } + + location /codeword/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.11:59664/; + } + + location /answer/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.23:1490/; + } + + location /squiz/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.23:1488/; + } + + location /squizstorer/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_set_header Referer $host; + proxy_set_header Origin $http_origin; + proxy_set_header Connection ''; + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + proxy_pass http://10.6.0.23:1489/; + } + + location /price/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_pass http://10.6.0.11:8001/; + } + location /feedback/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + proxy_set_header Host $host; + proxy_pass http://10.6.0.17:8006/; + } + location /verification1 { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + add_header Access-Control-Allow-Methods GET; + + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + add_header Access-Control-Allow-Methods GET; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + proxy_pass https://storage.yandexcloud.net; + } + location /squizimages { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + add_header Access-Control-Allow-Methods GET; + + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type always; + add_header Access-Control-Allow-Methods GET; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + proxy_pass https://storage.yandexcloud.net; + } + location /verification/ { + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + return 200; + } + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials true always; + add_header Access-Control-Allow-Headers content-type,authorization always; + add_header Access-Control-Allow-Methods OPTIONS,GET,POST,PATCH,PUT,DELETE; + proxy_set_header Referer $host; + proxy_set_header Origin $http_origin; + proxy_set_header Connection ''; + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + proxy_pass http://10.6.0.17:7035/; + } + - root /usr/share/nginx/html; + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/nginx/cert.pem; # managed by Certbot + ssl_certificate_key /etc/nginx/key.pem; # managed by Certbot +} +server { + listen 80 ; + listen [::]:80 ; + server_name _; + return 301 https://$host$request_uri; } diff --git a/cert.pem b/cert.pem new file mode 100644 index 0000000..b585625 --- /dev/null +++ b/cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgIIekwtR/9AxDowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNGZmNGMxMB4XDTI0MDEyMTAwMTA0NVoXDTI2MDIy +MDAwMTA0NVowFjEUMBIGA1UEAxMLc2FkbWluLnBlbmEwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC5BIHp82z+PKTPyCaN2avT4IhlndnOLVlA5d0wxPXB +lznLqB54gigFitaL7iDzAoBmQGjewwzJD4GemR31vTxmkSvpvH8/9ooeiIMJpMcV +h8eGpmyLBvwZ/V0W8ucetQEiZU+w8HFpQhYN7g8nYU9SPuZqVDq9Ywa1QkiwOiuo +gM5AZzCUUQ49BaqLwXw8COfmnkFWBaH1WhEoYAV2GhYuYBIHI+03DTO/94R0Rymr +q34LNC58mL5HXWX420JtJik9FE2waJeHVWOOrRZrdUY5q+L49nxlVKXouPcEV4Vx +gSnR+dzReulaWxpCb1Z+n9R3z2gkXSff+bEbHupCUBCbAgMBAAGjeDB2MA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T +AQH/BAIwADAfBgNVHSMEGDAWgBQd0TImkz6CUxiYP6EAT2Fwmo+yKDAWBgNVHREE +DzANggtzYWRtaW4ucGVuYTANBgkqhkiG9w0BAQsFAAOCAQEAF6DZLmyICFdKsgQh +o6vr9G6FCmY9rVZHPxz1yTvbA+dPkpYCoOjLHDv6lc7wPqXQ5ei6iDGvkLMJvamU +vbv23NgcBaP3m4PEH4EWzIH2yqhAEVyMBOHG4Rtthi4NU22d5AKDv4nYnWKhyf6v +9CqGIV1huB+sEzlMMjgwEB6bZqsVvKEJqt//234GtNHTBCx5lRvVFCBQqbhxAGux +mjb0MpJ3Sspg3k5+wxzkvmqkEfQGXqUxJIQNGWg717MUgjnRjJkJUMztK4lBIIr7 +GskYF+0vficG18X7bbNkyCzgq8InafgQELV2DxIQZvHo1p6fW2tgrrHScZSbQy1i +Y8CnMg== +-----END CERTIFICATE----- diff --git a/deployments/staging/docker-compose.yaml b/deployments/staging/docker-compose.yaml index a8b7795..d7042bb 100644 --- a/deployments/staging/docker-compose.yaml +++ b/deployments/staging/docker-compose.yaml @@ -6,7 +6,11 @@ services: image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID networks: - marketplace_penahub_frontend + - default hostname: admin + ports: + - 10.8.0.7:80:80 + - 10.8.0.7:443:443 tty: true networks: marketplace_penahub_frontend: diff --git a/key.pem b/key.pem new file mode 100644 index 0000000..c4a5fd3 --- /dev/null +++ b/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAuQSB6fNs/jykz8gmjdmr0+CIZZ3Zzi1ZQOXdMMT1wZc5y6ge +eIIoBYrWi+4g8wKAZkBo3sMMyQ+Bnpkd9b08ZpEr6bx/P/aKHoiDCaTHFYfHhqZs +iwb8Gf1dFvLnHrUBImVPsPBxaUIWDe4PJ2FPUj7malQ6vWMGtUJIsDorqIDOQGcw +lFEOPQWqi8F8PAjn5p5BVgWh9VoRKGAFdhoWLmASByPtNw0zv/eEdEcpq6t+CzQu +fJi+R11l+NtCbSYpPRRNsGiXh1Vjjq0Wa3VGOavi+PZ8ZVSl6Lj3BFeFcYEp0fnc +0XrpWlsaQm9Wfp/Ud89oJF0n3/mxGx7qQlAQmwIDAQABAoIBAHYOdD8t/swzMg8L +bd5xmHy39xCwKnyu3xbUFdG6u/3tWwmimt7WXmc68i+ToR6u5/NXAhOybgQViuYC +WeWl/FaOJ3EbwC62R+e3v7V1mTsZyq0WoIgNyutiifXMxMEJSlICR1ll81fwvVXi +I3VDWHPoguoyGNEj0PHz+6HHXHhFsMUcI6Nwf+n8l6m9LCohvOH28kO5Lbz9pw5H +laus8GiQyVlsgwJyf6RauUmoSFanisXSt3cOPa1yCVrD7CBZJt2a3Ro1X0rEdpOE +4WHhTAep4JE3NuMPRCaL7mbolDpz2AHCFV6YMVXYCRpYTtETF/UO3x79KI8QLY8X +8Q7Ge5ECgYEA9Ayd5dIdmQR1nGpzhyA6cWpKw//6y83TAUA/twE2v3UEFcyNuCTV +Bo4er9t1PaxImnu+Td2g76h+pOI0djIvtFeHTsB3J+yYF/eMVWlmZM+MAaY8L+bh +IEKj+nLRe3MQJGjZiG9pUhPPtIaPsBctLUdMLbXwwHAasNgELiIMONcCgYEAwhPf +xD3StqW8NR+rx70EhijAuZg7+R7y13boBfR2P5Y5re4gckVNbkau6SnrtO7FxWuz +QjQMCorXalzV/bqxEKqf0nMw3EoXwScgoEB++Hm5LhVaLJkONjB7e89yA49LVS4A +cMivNu5VbzIgEYCF7ioRQ60SZ5UiyiZyBKC6Gd0CgYEAqUz3XK9eiQBm9pOCgYMC +CBvMshuqSCgI8R05FiNpb3gl1VmKFuy2O03sS+LaemZCF6kwY6QUOS2SbZ/e9P/r +yBfQbflmr/OZr0azu6zas6SnY52Gs1RfaJnSV7O/TvyLfjaecd+YGLBVrs6Kb4Yk +ePy1BCDrWxRp77RrcfV8tRECgYBh4Z4gnkGQpqP2cwOzGCyY8SLKN/I/YZF+g9Tf +c/zTcxOiGhA5MaSssm9y3xamySnruLbO8+sCwiWE2k9+yVKWIke63yfMYn36h55X +1E91SAbSLCivh334bJlKx0QscW/ABRRpzX05ChkCnNg5m4VwqbzNUhOPNFM4ew1U +Mi/J7QKBgBKYR0rMDeSr0w54LKmdAoGuQr5XyUpJ1xAED0CrFff13Vb8usaN7cNo +9QBCuvXE64lLKz0DeHzTaGoGqVjA6r1JX9cMkFkBPV5Y80bNCZgiWe2leJP33qZz +kLukXKxa42tcpIw5KFgVrc4nCqQevlleWHJSER24/F1dkSZIhSCt +-----END RSA PRIVATE KEY-----