Skip to content

Commit

Permalink
version 1.6.0 is ready
Browse files Browse the repository at this point in the history
  • Loading branch information
ferrum committed Apr 17, 2023
1 parent fcd3b9d commit 285c82a
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 141 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ FerrumGate Zero trust access installation scripts for

### Usage

> ./install.sh --help
> sh install.sh --help
> ./install.sh --docker
> sh install.sh --docker [--bridge-network 10.11.0.0/24]
> ./install.sh --docker-swarm
> sh install.sh --docker-swarm
### Installation

Expand Down
146 changes: 17 additions & 129 deletions docker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ services:
driver: local

admin:
image: "??PRIVATE_REGISTRY/ferrumgate/job.admin:1.5.0"
image: "??PRIVATE_REGISTRY/ferrumgate/job.admin:1.6.0"
restart: always
privileged: true
#cap_add:
Expand Down Expand Up @@ -164,7 +164,7 @@ services:
driver: local

ui:
image: "??PRIVATE_REGISTRY/ferrumgate/ui.portal:1.5.0"
image: "??PRIVATE_REGISTRY/ferrumgate/ui.portal:1.6.0"
restart: always
deploy:
mode: global
Expand All @@ -176,8 +176,11 @@ services:
driver: local

rest:
image: "??PRIVATE_REGISTRY/ferrumgate/rest.portal:1.5.0"
image: "??PRIVATE_REGISTRY/ferrumgate/rest.portal:1.6.0"
restart: always
ports:
- 80:8181
- 443:8443
environment:
- PORT=8181
- REDIS_HOST=redis:6379
Expand All @@ -191,13 +194,20 @@ services:
- ES_PASS=??ES_PASS
- GATEWAY_ID=??GATEWAY_ID
- LOG_LEVEL=??LOG_LEVEL
- STATIC_FOLDER=/usr/src/app/web
- UI_HOST=ui:80
depends_on:
- redis
- server-ssh
deploy:
mode: global
restart_policy:
delay: 5s
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
constraints:
- "node.role==manager"
volumes:
- ferrum:/etc/ferrumgate
networks:
Expand All @@ -206,7 +216,7 @@ services:
driver: local

log:
image: "??PRIVATE_REGISTRY/ferrumgate/job.log:1.4.0"
image: "??PRIVATE_REGISTRY/ferrumgate/job.log:1.5.0"
restart: always
environment:
- REDIS_HOST=redis:6379
Expand All @@ -233,7 +243,7 @@ services:
driver: local

task:
image: "??PRIVATE_REGISTRY/ferrumgate/job.task:1.0.0"
image: "??PRIVATE_REGISTRY/ferrumgate/job.task:1.1.0"
restart: always
environment:
- REDIS_HOST=redis:6379
Expand All @@ -255,126 +265,4 @@ services:
logging:
driver: local

nginx:
image: nginx:1.23-alpine
restart: always
ports:
- 80:80
- 443:443
command:
- /bin/sh
- -c
- |
SSL_PUB=??SSL_PUB
SSL_KEY=??SSL_KEY
echo $$SSL_PUB|base64 -d > /etc/ssl/secure.ferrumgate.zero.crt
echo $$SSL_KEY|base64 -d > /etc/ssl/secure.ferrumgate.zero.key
CONF_FILE=/etc/nginx/nginx.conf
cat > $$CONF_FILE << EOF
user nginx;
worker_processes auto;
error_log /dev/stdout notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$$remote_addr - \$$remote_user [\$$time_local] "\$$request" '
'\$$status \$$body_bytes_sent "\$$http_referer" '
'"\$$http_user_agent" "\$$http_x_forwarded_for"';
access_log /dev/stdout main;
server_tokens off;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
EOF
CONF_FILE=/etc/nginx/conf.d/default.conf
cat > $$CONF_FILE << EOF
server {
listen 80;
server_name localhost;
proxy_http_version 1.1;
proxy_cache_bypass \$$http_upgrade;
proxy_set_header Upgrade \$$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$$host;
proxy_set_header X-Real-IP \$$remote_addr;
proxy_set_header X-Forwarded-For \$$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$$scheme;
proxy_set_header X-Forwarded-Host \$$host;
proxy_set_header X-Forwarded-Port \$$server_port;
location ^~/api {
proxy_pass http://rest:8181;
}
location / {
proxy_pass http://ui:80;
}
}
server {
listen 443 ssl;
server_name secure.ferrumgate.zero;
ssl_certificate /etc/ssl/secure.ferrumgate.zero.crt;
ssl_certificate_key /etc/ssl/secure.ferrumgate.zero.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
proxy_http_version 1.1;
proxy_cache_bypass \$$http_upgrade;
proxy_set_header Upgrade \$$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$$host;
proxy_set_header X-Real-IP \$$remote_addr;
proxy_set_header X-Forwarded-For \$$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$$scheme;
proxy_set_header X-Forwarded-Host \$$host;
proxy_set_header X-Forwarded-Port \$$server_port;
location ^~/api {
proxy_pass http://rest:8181;
}
location / {
proxy_pass http://ui:80;
}
}
EOF
nginx -g 'daemon off;'
deploy:
mode: replicated
replicas: 1
placement:
max_replicas_per_node: 1
constraints:
- "node.role==manager"
depends_on:
- rest
- ui
networks:
- ferrum
logging:
driver: local

13 changes: 10 additions & 3 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ download() {
# Abort if download command failed
[ $? -eq 0 ] || fatal 'Download failed'
}
VERSION=1.5.0
VERSION=1.6.0
download_and_verify() {
[ "$ENV_FOR" != "PROD" ] && return 0
verify_downloader curl || verify_downloader wget || fatal 'can not find curl or wget for downloading files'
Expand All @@ -110,6 +110,7 @@ print_usage() {
echo "usage"
echo " ./install.sh [ -h | --help ] -> prints help"
echo " ./install.sh [ -d | --docker ] -> install with docker"
echo " ./install.sh [ -b| --bridge-network 10.9.0.0/24 ] -> docker bridge network"
echo " ./install.sh [ -s | --docker-swarm ] -> install with docker-swarm"

}
Expand Down Expand Up @@ -153,7 +154,8 @@ main() {
ensure_root
# install type
local INSTALL="docker"
ARGS=$(getopt -o 'hds' --long 'help,docker,docker-swarm' -- "$@") || exit
local BRIDGE_NETWORK="10.9.0.0/24"
ARGS=$(getopt -o 'hdsb:' --long 'help,docker,docker-swarm,bridge-network:' -- "$@") || exit
eval "set -- $ARGS"
local HELP=1
while true; do
Expand All @@ -173,6 +175,11 @@ main() {
shift
break
;;
-b | --bridge-network)
BRIDGE_NETWORK="$2"
shift 2
break
;;
--)
shift
break
Expand Down Expand Up @@ -203,7 +210,7 @@ main() {
if [ $ENV_FOR = "PROD" ]; then
prerequities
docker_install
docker_network_bridge_configure ferrum
docker_network_bridge_configure ferrum $BRIDGE_NETWORK
fi

# prepare folder permission to only root
Expand Down
17 changes: 11 additions & 6 deletions sh/docker.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,28 +34,33 @@ docker_install() {
#EOF
info "installed docker"
}

docker_bridge_create() {
local name=$1
local cidr=$2
[ -z "$name" ] && fatal "docker_bridge_create needs argument"
info "used host ips are $(host_networks)"
info "used host routings are $(host_routings)"
info "please select a non conflict docker network, from these ranges 10.0.0.0/16 ... 10.255.0.0/16 or 172.17.0.0/16 ... 172.31.0.0/16"
info "you can select 10.10.10.0/24, if it does not conflict with your network or 172.31.30.0/24"
local cidr=$(read_cidr)
if [ -z "$cidr" ]; then
info "used host ips are $(host_networks)"
info "used host routings are $(host_routings)"
info "please select a non conflict docker network, from these ranges 10.0.0.0/16 ... 10.255.0.0/16 or 172.17.0.0/16 ... 172.31.0.0/16"
info "you can select 10.10.10.0/24, if it does not conflict with your network or 172.31.30.0/24"
cidr=$(read_cidr)
fi
local gateway=$(ipcalc -b $cidr | grep HostMin | cut -d ':' -f 2 | tr -d ' ')
docker network create --driver bridge --subnet=$cidr \
--gateway=$gateway --attachable $name
}

docker_network_bridge_configure() {
local name=$1
local cidr=$2
[ -z "$name" ] && fatal "docker_network_bridge_configure needs argument"
info "checking docker network $name"
local network=$(docker network ls | grep $name)

if [ -z "$network" ]; then
info "$name network not exists"
docker_bridge_create $name
docker_bridge_create $name $cidr
else

info "$name network exists"
Expand Down

0 comments on commit 285c82a

Please sign in to comment.