self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

master #76

Merged
emmatveev merged 2 commits from master into dev 2025-06-08 11:13:26 +03:00
Conversation 0 Commits 2 Files Changed 4 +23 -7
4 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.deploy-nginx/deploy-dev.yaml
View File

@ -6,6 +6,9 @@ services:
image: mathwave/sprint-repo:sprint-infra-nginx-dev image: mathwave/sprint-repo:sprint-infra-nginx-dev
networks: networks:
- common-infra-nginx-development - common-infra-nginx-development
- configurator
environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV
ports: ports:
- published: 80 - published: 80
target: 80 target: 80
@ -27,3 +30,5 @@ services:
networks: networks:
common-infra-nginx-development: common-infra-nginx-development:
external: true external: true
configurator:
external: true

7
.deploy-nginx/deploy-prod.yaml
View File

@ -6,6 +6,9 @@ services:
image: mathwave/sprint-repo:sprint-infra-nginx-prod image: mathwave/sprint-repo:sprint-infra-nginx-prod
networks: networks:
- common-infra-nginx - common-infra-nginx
- configurator
environment:
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
ports: ports:
- published: 80 - published: 80
target: 80 target: 80
@ -26,4 +29,6 @@ services:
networks: networks:
common-infra-nginx: common-infra-nginx:
external: true external: true
configurator:
external: true

5
nginx/nginx-dev/prepare.py
View File

@ -39,7 +39,10 @@ for host, params in hosts.items():
'''.format(host=host, target_host=params['host'], port=params['port']) '''.format(host=host, target_host=params['host'], port=params['port'])
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
os.mkdir(f'/etc/nginx/{host}') try:
os.mkdir(f'/etc/nginx/{host}')
except FileExistsError:
...
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
fp.write(fullchain.data) fp.write(fullchain.data)
with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp:

13
nginx/nginx-prod/prepare.py
View File

@ -12,10 +12,10 @@ minio_client = Minio(
hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=production').json()['configs']['hosts'] hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=production').json()['configs']['hosts']
hosts = list(set(hosts + ['platform.sprinthub.ru'])) hosts = {**hosts, 'platform.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}}
config = '' config = ''
for host in hosts: for host, params in hosts.items():
config += ''' config += '''
server {{ server {{
listen 443 ssl http2; listen 443 ssl http2;
@ -33,13 +33,16 @@ for host in hosts:
location / {{ location / {{
resolver 127.0.0.11; resolver 127.0.0.11;
proxy_pass http://{pre_domain}-nginx:1238$request_uri; proxy_pass http://{target_host}:{port}$request_uri;
}} }}
}}\n\n }}\n\n
'''.format(host=host, pre_domain=host.split('.')[0]) '''.format(host=host, target_host=params['host'], port=params['port'])
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
os.mkdir(f'/etc/nginx/{host}') try:
os.mkdir(f'/etc/nginx/{host}')
except FileExistsError:
...
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
fp.write(fullchain.data) fp.write(fullchain.data)
with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: