From 5eaef8a60e43d0fea10a0fce33e929fa40340351 Mon Sep 17 00:00:00 2001 From: Heiko Burkhardt Date: Thu, 30 Nov 2023 14:55:05 +0100 Subject: [PATCH] build: prod --- .github/workflows/deploy-billboard.yml | 36 ++--- .github/workflows/pord-deplo.yml | 85 +++++++++++ .../{deploy.yml => staging-deploy.yml} | 39 ++--- docker/billboard/docker-compose.yml | 28 ++-- docker/prod/docker-compose.yml | 134 ++++++++++++++++++ docker/prod/nginx.conf | 123 ++++++++++++++++ 6 files changed, 394 insertions(+), 51 deletions(-) create mode 100644 .github/workflows/pord-deplo.yml rename .github/workflows/{deploy.yml => staging-deploy.yml} (77%) create mode 100644 docker/prod/docker-compose.yml create mode 100644 docker/prod/nginx.conf diff --git a/.github/workflows/deploy-billboard.yml b/.github/workflows/deploy-billboard.yml index 74e1b571b..1f24b1798 100644 --- a/.github/workflows/deploy-billboard.yml +++ b/.github/workflows/deploy-billboard.yml @@ -5,7 +5,7 @@ jobs: messenger-demo-deploy: environment: devconnect2023 runs-on: ubuntu-latest - # if: ${{ contains( github.ref, vars.STAGING_BRANCH) }} + if: ${{ contains( github.ref, vars.TRIGGER_BRANCH) }} steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v3 @@ -22,21 +22,21 @@ jobs: - name: Prepare SSH run: | mkdir ~/.ssh - echo "${{ secrets.STAGING_HOST_SSH }}" > ~/.ssh/known_hosts + echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key chmod 600 ./ssh-key - name: Create .env file env: - TARGET_HOST: ${{ secrets.STAGING_HOST }} + TARGET_HOST: ${{ secrets.HOST_DOMAIN}} TARGET_IP: ${{ secrets.IP_ADDRESS }} run: | echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.devconnect.dm3.eth" >> ./.env.react - echo "REACT_APP_BACKEND=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react + echo "REACT_APP_BACKEND=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=bb-ds.devconnect.dm3.eth" >> ./.env.react - echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react + echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react - echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react - echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react + echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.devconnect.dm3.eth" >> ./.env.react echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react @@ -51,13 +51,13 @@ jobs: echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env - echo "RPC=${{ secrets.STAGING_RPC }}" >> ./.env + echo "RPC=${{ secrets.RPC }}" >> ./.env echo "BILLBOARD_PRIVATE_KEY=${{ secrets.BILLBOARD_PRIVATE_KEY }}" >> ./.env echo "interceptor=${{ secrets.INTERCEPTOR }}" >> ./.env echo "DISABLE_SESSION_CHECK='true'" >> ./.env echo "BILLBOARD_NAMES=${{ secrets.BILLBOARD_NAMES }}" >> ./.env echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env - echo "URL=${{ secrets.STAGING_HOST }}" >> ./.env + echo "URL=${{ secrets.HOST_DOMAIN}}" >> ./.env envsubst '${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf cat ./.env - name: Build docker image @@ -67,26 +67,26 @@ jobs: docker save -o ./dm3-backend.tar dm3-backend:latest - name: Sync files run: | - rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./docker/billboard/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./docker/billboard/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 - name: Prepare docker run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker compose down && docker system prune -af" - ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ systemctl restart docker.service" - name: Load docker image run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker load -i dm3-backend.tar; \ rm dm3-backend.tar || true" - name: Firewall config run: | - ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80" - name: Start run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker compose --env-file .env up -d" diff --git a/.github/workflows/pord-deplo.yml b/.github/workflows/pord-deplo.yml new file mode 100644 index 000000000..7f66645e8 --- /dev/null +++ b/.github/workflows/pord-deplo.yml @@ -0,0 +1,85 @@ +name: Prod deploy +on: push + +jobs: + messenger-demo-deploy: + environment: prod + runs-on: ubuntu-latest + if: ${{ contains( github.ref, vars.TRIGGER_BRANCH) }} + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v3 + with: + registry-url: 'https://npm.pkg.github.com' + node-version: 18.0.0 + cache: 'yarn' + - name: Declare some variables + shell: bash + run: | + echo ${{ contains( github.ref, vars.TRIGGER_BRANCH) }} + echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" + echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV" + echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV + - name: Prepare SSH + run: | + mkdir ~/.ssh + echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts + echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key + chmod 600 ./ssh-key + - name: Create .env file + env: + TARGET_HOST: ${{ secrets.HOST_DOMAIN}} + run: | + echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.beta-addr.dm3.eth" >> ./.env.react + echo "REACT_APP_BACKEND=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react + echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.RPC }}" >> ./.env.react + echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react + echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react + echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react + echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react + echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react + echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react + cat ./.env.react >> ./.env + echo "RESOLVER_ADDR=0xae6646c22D8eE6479eE0a39Bf63B9bD9e57bAD9d" >> ./.env + echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env + echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env + echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env + echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env + echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env + echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env + echo "RPC=${{ secrets.RPC }}" >> ./.env + envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/prod/nginx.conf > ./nginx.conf + cat ./.env + - name: Build docker image + run: | + cp ./.env.react packages/messenger-demo/.env + docker build --progress=plain -t dm3-backend:latest -f ./docker/Dockerfile . + docker save -o ./dm3-backend.tar dm3-backend:latest + - name: Prepare docker + run: | + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ + cd dm3 && docker compose down && docker system prune -af" + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ + systemctl restart docker.service \ + rm /home/app/dm3-backend.tar || true" + - name: Sync files + run: | + rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./docker/prod/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + - name: Load docker image + run: | + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ + cd dm3 && docker load -i dm3-backend.tar" + - name: Firewall config + run: | + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ + ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.HOST_DOMAIN}} port 80" + - name: Start + run: | + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ + cd dm3 && docker compose --env-file .env up -d" diff --git a/.github/workflows/deploy.yml b/.github/workflows/staging-deploy.yml similarity index 77% rename from .github/workflows/deploy.yml rename to .github/workflows/staging-deploy.yml index 8b76c6ee1..50e17b164 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/staging-deploy.yml @@ -3,8 +3,9 @@ on: push jobs: messenger-demo-deploy: + environment: staging runs-on: ubuntu-latest - if: ${{ contains( github.ref, vars.STAGING_BRANCH) }} + if: ${{ contains( github.ref, vars.TRIGGER_BRANCH) }} steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v3 @@ -21,20 +22,20 @@ jobs: - name: Prepare SSH run: | mkdir ~/.ssh - echo "${{ secrets.STAGING_HOST_SSH }}" > ~/.ssh/known_hosts + echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key chmod 600 ./ssh-key - name: Create .env file env: - TARGET_HOST: ${{ secrets.STAGING_HOST }} + TARGET_HOST: ${{ secrets.HOST_DOMAIN}} run: | echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.beta-addr.dm3.eth" >> ./.env.react - echo "REACT_APP_BACKEND=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react + echo "REACT_APP_BACKEND=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react - echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react - echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react - echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react - echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react + echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.RPC }}" >> ./.env.react + echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react + echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react @@ -48,7 +49,7 @@ jobs: echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env - echo "RPC=${{ secrets.STAGING_RPC }}" >> ./.env + echo "RPC=${{ secrets.RPC }}" >> ./.env envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/nginx.conf > ./nginx.conf cat ./.env - name: Build docker image @@ -58,26 +59,26 @@ jobs: docker save -o ./dm3-backend.tar dm3-backend:latest - name: Prepare docker run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker compose down && docker system prune -af" - ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ systemctl restart docker.service \ rm /home/app/dm3-backend.tar || true" - name: Sync files run: | - rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3 - rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 + rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 - name: Load docker image run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker load -i dm3-backend.tar" - name: Firewall config run: | - ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\ - ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.STAGING_HOST }} port 80" + ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\ + ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.HOST_DOMAIN}} port 80" - name: Start run: | - ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\ + ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\ cd dm3 && docker compose --env-file .env up -d" diff --git a/docker/billboard/docker-compose.yml b/docker/billboard/docker-compose.yml index adf1f4eee..acc10aa51 100644 --- a/docker/billboard/docker-compose.yml +++ b/docker/billboard/docker-compose.yml @@ -80,20 +80,20 @@ services: timeout: 10s retries: 5 - # web: - # image: dm3-backend - # command: yarn workspace messenger-demo start - # environment: - # REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} - # REACT_APP_BACKEND: ${REACT_APP_BACKEND} - # REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE} - # REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE} - # REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER} - # REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL} - # REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND} - # REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN} - # REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID} - # RESOLVER_ADDR: ${RESOLVER_ADDR} + web: + image: dm3-backend + command: yarn workspace messenger-demo start + environment: + REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} + REACT_APP_BACKEND: ${REACT_APP_BACKEND} + REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE} + REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE} + REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER} + REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL} + REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND} + REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN} + REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID} + RESOLVER_ADDR: ${RESOLVER_ADDR} certbot: image: certbot/certbot diff --git a/docker/prod/docker-compose.yml b/docker/prod/docker-compose.yml new file mode 100644 index 000000000..adf1f4eee --- /dev/null +++ b/docker/prod/docker-compose.yml @@ -0,0 +1,134 @@ +version: "3.1" +services: + + nginx: + container_name: nginx + image: nginx:latest + restart: always + depends_on: + - billboard-client + - backend + - ccip-resolver + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - web-root:/var/www/html + - certbot-etc:/etc/letsencrypt + - certbot-var:/var/lib/letsencrypt + ports: + - "80:80" + - "443:443" + + backend: + image: dm3-backend + command: yarn workspace dm3-backend start + depends_on: + - db + environment: + REDIS_URL: redis://db:6379 + SIGNING_PUBLIC_KEY: ${SIGNING_PUBLIC_KEY} + SIGNING_PRIVATE_KEY: ${SIGNING_PRIVATE_KEY} + ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY} + ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY} + DISABLE_SESSION_CHECK: ${DISABLE_SESSION_CHECK} + RPC: ${RPC} + PORT: 8081 + LOG_LEVEL: 'debug' + + billboard-client: + image: dm3-backend + command: yarn workspace dm3-billboard-client start + depends_on: + db: + condition: service_started + ccip-resolver: + condition: service_started + offchain-resolver: + condition: service_healthy + environment: + PORT: 8083 + time: 0 + privateKey: ${BILLBOARD_PRIVATE_KEY} + ensNames: ${BILLBOARD_NAMES} + mediators: '[]' + REDIS_URL: redis://db:6379 + RPC: ${RPC} + LOG_LEVEL: 'debug' + + db: + image: redis + restart: always + + offchain-resolver-db: + image: postgres + restart: always + container_name: offchain_resolver_db + environment: + POSTGRES_PASSWORD: example + + offchain-resolver: + image: dm3-backend + command: yarn workspace dm3-offchain-resolver start + depends_on: + - offchain-resolver-db + environment: + DATABASE_URL: postgresql://postgres:example@offchain-resolver-db:5432 + PORT: 8082 + LOG_LEVEL: 'debug' + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8082/0x26139b2349282de5ee2bd9c7a53171a28d6a6c84/0xf8c30f63000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000001c0a62696c6c626f617264310762622d7573657203646d3303657468000000000000000000000000000000000000000000000000000000000000000000000000243b3b57de8d7fcfd6548aae2cdb5851741139459856caadb3b9ad3d27872ae921b2348a7d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bcd6de065fd7e889e3ec86aa2d2780d7553ab3cc000000000000000000000000"] + interval: 30s + timeout: 10s + retries: 5 + + # web: + # image: dm3-backend + # command: yarn workspace messenger-demo start + # environment: + # REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN} + # REACT_APP_BACKEND: ${REACT_APP_BACKEND} + # REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE} + # REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE} + # REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER} + # REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL} + # REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND} + # REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN} + # REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID} + # RESOLVER_ADDR: ${RESOLVER_ADDR} + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - certbot-etc:/etc/letsencrypt + - certbot-var:/var/lib/letsencrypt + - web-root:/var/www/html + depends_on: + - nginx + command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL} + + ccip-resolver: + image: dm3org/ccip-resolver:v0.2.7 + restart: always + depends_on: + offchain-resolver: + condition: service_healthy + environment: + SIGNER_PRIVATE_KEY: ${BILLBOARD_SIGNER_PRIVATE_KEY} + LOG_LEVEL: debug + CONFIG: | + { + "0xc9bf092673b3a066df088a2a911e23e9b69b82f2": { + "type": "signing", + "handlerUrl": "http://offchain-resolver:8082" + } + } + PORT: 8181 +volumes: + certbot-etc: + certbot-var: + web-root: + driver: local + driver_opts: + type: none + device: /home/app/dm3/webroot/ + o: bind diff --git a/docker/prod/nginx.conf b/docker/prod/nginx.conf new file mode 100644 index 000000000..be2f9766f --- /dev/null +++ b/docker/prod/nginx.conf @@ -0,0 +1,123 @@ +events { + worker_connections 1024; +} + +http { + keepalive_timeout 65; + limit_req_zone $binary_remote_addr zone=standardlimit:10m rate=3r/s; + limit_req_zone $binary_remote_addr zone=legacylimit:10m rate=2r/s; + + server { + listen 80; + server_name ${TARGET_HOST}; + + return 301 https://$server_name$request_uri; + } + + server { + listen 80; + server_name ${TARGET_IP}; + + return 301 https://${TARGET_HOST}$request_uri; + } + + server { + listen 443 ssl; + server_name ${TARGET_HOST}; + + ssl_certificate /etc/letsencrypt/live/${TARGET_HOST}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${TARGET_HOST}/privkey.pem; + + location / { + limit_req zone=standardlimit burst=50; + proxy_pass http://web:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_ssl_verify off; + proxy_redirect off; + } + + location /resolver { + rewrite ^/resolver(.*)$ $1 break; + limit_req zone=standardlimit burst=50; + proxy_pass http://ccip-resolver:8181; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_ssl_verify off; + proxy_redirect off; + } + + location /resolver-handler { + rewrite ^/resolver-handler(.*)$ $1 break; + limit_req zone=standardlimit burst=50; + proxy_pass http://offchain-resolver:8082; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_ssl_verify off; + proxy_redirect off; + } + + location /api { + rewrite ^/api(.*)$ $1 break; + limit_req zone=standardlimit burst=50; + proxy_pass http://backend:8081; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_ssl_verify off; + proxy_redirect off; + } + + location /bb-client { + rewrite ^/bb-client(.*)$ $1 break; + limit_req zone=standardlimit burst=50; + proxy_pass http://billboard-client:8083; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_ssl_verify off; + proxy_redirect off; + } + + location /socket.io { + proxy_pass http://backend:8081/socket.io; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + proxy_ssl_verify off; + proxy_set_header Host $host; + } + + location /bb-client/socket.io { + rewrite ^/bb-client(.*)$ $1 break; + proxy_pass http://billboard-client:8083/socket.io; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + proxy_set_header Host $host; + } + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/html; + } + + + } +} \ No newline at end of file