diff --git a/.deploy-nginx/deploy-dev.yaml b/.deploy-nginx/deploy-dev.yaml index d481934..522a943 100644 --- a/.deploy-nginx/deploy-dev.yaml +++ b/.deploy-nginx/deploy-dev.yaml @@ -6,6 +6,9 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-dev networks: - common-infra-nginx-development + - configurator + environment: + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV ports: - published: 80 target: 80 @@ -27,3 +30,5 @@ services: networks: common-infra-nginx-development: external: true + configurator: + external: true diff --git a/.deploy-nginx/deploy-prod.yaml b/.deploy-nginx/deploy-prod.yaml index 79c382b..d61bb01 100644 --- a/.deploy-nginx/deploy-prod.yaml +++ b/.deploy-nginx/deploy-prod.yaml @@ -6,6 +6,9 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-prod networks: - common-infra-nginx + - configurator + environment: + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD ports: - published: 80 target: 80 @@ -26,4 +29,6 @@ services: networks: common-infra-nginx: - external: true \ No newline at end of file + external: true + configurator: + external: true diff --git a/nginx/nginx-dev/Dockerfile b/nginx/nginx-dev/Dockerfile index d5818df..9982f75 100644 --- a/nginx/nginx-dev/Dockerfile +++ b/nginx/nginx-dev/Dockerfile @@ -2,12 +2,14 @@ FROM nginx RUN apt-get update RUN apt-get install certbot --yes RUN apt-get install python3-certbot-nginx python3-pip --yes -RUN pip3 install --break-system-packages requests minio +RUN pip3 install --break-system-packages minio COPY ./config /etc/nginx COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./privkey.pem /etc/nginx/privkey.pem COPY prepare.py prepare.py COPY run.sh run.sh +COPY refre.sh refre.sh ENV PYTHONUNBUFFERED=1 RUN chmod 777 run.sh +RUN chmod 777 refre.sh ENTRYPOINT ["./run.sh"] \ No newline at end of file diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 5a2b09a..1f4671b 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -1,22 +1,36 @@ -from requests import get import os +import sys from minio import Minio +from urllib.request import urlopen +from json import loads minio_client = Minio( "minio.develop.sprinthub.ru:9000", access_key="serviceminioadmin", secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False + secure=False, ) -hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts'] -hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} +def get(url): + with urlopen(url) as response: + data = response.read().decode("utf-8") + return loads(data) -config = '' + +try: + response = get( + "http://configurator/api/v1/fetch?project=certupdater&stage=development" + ) + hosts = response["configs"]["hosts"] +except Exception as e: + print(f"Error fetching config: {e}", file=sys.stderr) + sys.exit(1) + +config = "" for host, params in hosts.items(): - config += ''' + config += """ server {{ listen 443 ssl http2; listen [::]:443 ssl http2; @@ -36,14 +50,33 @@ for host, params in hosts.items(): proxy_pass http://{target_host}:{port}$request_uri; }} }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) - fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') - privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') - os.mkdir(f'/etc/nginx/{host}') - with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: - fp.write(fullchain.data) - with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: - fp.write(privkey.data) + """.format( + host=host, target_host=params["host"], port=params["port"] + ) + try: + fullchain = minio_client.get_object( + "certupdater", f"certificates/{host}/fullchain.pem" + ) + privkey = minio_client.get_object( + "certupdater", f"certificates/{host}/privkey.pem" + ) + try: + os.makedirs(f"/etc/nginx/{host}", exist_ok=True) + except OSError as e: + print(f"Error creating directory: {e}", file=sys.stderr) + continue -with open('/etc/nginx/hosts.conf', 'w') as fp: - fp.write(config) + with open(f"/etc/nginx/{host}/fullchain.pem", "wb") as fp: + fp.write(fullchain.data) + with open(f"/etc/nginx/{host}/privkey.pem", "wb") as fp: + fp.write(privkey.data) + except Exception as e: + print(f"Error processing host {host}: {e}", file=sys.stderr) + continue + +try: + with open("/etc/nginx/hosts.conf", "w") as fp: + fp.write(config) +except Exception as e: + print(f"Error writing config file: {e}", file=sys.stderr) + sys.exit(1) diff --git a/nginx/nginx-dev/refre.sh b/nginx/nginx-dev/refre.sh new file mode 100644 index 0000000..8a566b8 --- /dev/null +++ b/nginx/nginx-dev/refre.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if ! python3 prepare.py; then + echo "Error running prepare.py" >&2 + exit 1 +fi + +if ! nginx -s reload; then + echo "Error reloading nginx" >&2 + exit 1 +fi \ No newline at end of file diff --git a/nginx/nginx-prod/Dockerfile b/nginx/nginx-prod/Dockerfile index d5818df..4ca87b1 100644 --- a/nginx/nginx-prod/Dockerfile +++ b/nginx/nginx-prod/Dockerfile @@ -8,6 +8,8 @@ COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./privkey.pem /etc/nginx/privkey.pem COPY prepare.py prepare.py COPY run.sh run.sh +COPY refre.sh refre.sh ENV PYTHONUNBUFFERED=1 RUN chmod 777 run.sh +RUN chmod 777 refre.sh ENTRYPOINT ["./run.sh"] \ No newline at end of file diff --git a/nginx/nginx-prod/prepare.py b/nginx/nginx-prod/prepare.py index a545148..a1bfa61 100644 --- a/nginx/nginx-prod/prepare.py +++ b/nginx/nginx-prod/prepare.py @@ -7,16 +7,17 @@ minio_client = Minio( "minio.sprinthub.ru:9000", access_key="serviceminioadmin", secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False + secure=False, ) -hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=production').json()['configs']['hosts'] -hosts = {**hosts, 'platform.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} +hosts = get( + "http://configurator/api/v1/fetch?project=certupdater&stage=production" +).json()["configs"]["hosts"] -config = '' +config = "" for host, params in hosts.items(): - config += ''' + config += """ server {{ listen 443 ssl http2; listen [::]:443 ssl http2; @@ -36,14 +37,21 @@ for host, params in hosts.items(): proxy_pass http://{target_host}:{port}$request_uri; }} }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) - fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') - privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') - os.mkdir(f'/etc/nginx/{host}') - with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: + """.format( + host=host, target_host=params["host"], port=params["port"] + ) + fullchain = minio_client.get_object( + "certupdater", f"certificates/{host}/fullchain.pem" + ) + privkey = minio_client.get_object("certupdater", f"certificates/{host}/privkey.pem") + try: + os.mkdir(f"/etc/nginx/{host}") + except FileExistsError: + ... + with open(f"/etc/nginx/{host}/fullchain.pem", "wb") as fp: fp.write(fullchain.data) - with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: + with open(f"/etc/nginx/{host}/privkey.pem", "wb") as fp: fp.write(privkey.data) -with open('/etc/nginx/hosts.conf', 'w') as fp: +with open("/etc/nginx/hosts.conf", "w") as fp: fp.write(config) diff --git a/nginx/nginx-prod/refre.sh b/nginx/nginx-prod/refre.sh new file mode 100644 index 0000000..584b723 --- /dev/null +++ b/nginx/nginx-prod/refre.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +python3 prepare.py +nginx -s reload \ No newline at end of file