Rewrite spotter-appmgr (rest of the squashmerge)

This commit is contained in:
Disassembler 2018-04-29 20:51:20 +02:00
parent 701c4a0237
commit 075945a858
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
11 changed files with 44 additions and 39 deletions

View File

@ -28,8 +28,8 @@ http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log main;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-HTTPS $https; proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server-Name $host; proxy_set_header X-Forwarded-Server-Name $host;
proxy_set_header X-Forwarded-Server-Port $server_port; proxy_set_header X-Forwarded-Server-Port $server_port;

View File

@ -10,6 +10,6 @@
</head> </head>
<body> <body>
<h1>Chyba spojení</h1> <h1>Chyba spojení</h1>
<p>Aplikace, ke které se pokoušíte připojit, není dostupná. Nejspíše byla vypnuta správcem serveru.</p> <p>Aplikace ke které se pokoušíte připojit není dostupná. Nejspíše byla vypnuta správcem serveru.</p>
</body> </body>
</html> </html>

View File

@ -19,7 +19,7 @@
</header> </header>
<div class="c c2" id="sahana"> <div class="c c2" id="sahana">
<h2><a href="https://sahana.{host}"><img src="img/EDEN.png" alt="Sahana EDEN" title="Sahana EDEN">Sahana EDEN</a></h2> <h2><a href="https://sahana.{host}/eden/"><img src="img/EDEN.png" alt="Sahana EDEN" title="Sahana EDEN">Sahana EDEN</a></h2>
<p><strong>Registr kontaktů</strong> asociací, organizací, jednotek zaměstnanců, dobrovolníků, <strong>Registr prostředků</strong>, materiálních zdrojů určených pro činnost v krizových situacích, <strong>logistika</strong> krizového zboží ve skladištích, úkrytech, <strong>organizace lidských zdrojů</strong>, diobrovolníků, <strong>mapová vizualizace</strong> pro lokalizaci a popis krizové události a <strong>mnoho dalších funkcí</strong>.</p> <p><strong>Registr kontaktů</strong> asociací, organizací, jednotek zaměstnanců, dobrovolníků, <strong>Registr prostředků</strong>, materiálních zdrojů určených pro činnost v krizových situacích, <strong>logistika</strong> krizového zboží ve skladištích, úkrytech, <strong>organizace lidských zdrojů</strong>, diobrovolníků, <strong>mapová vizualizace</strong> pro lokalizaci a popis krizové události a <strong>mnoho dalších funkcí</strong>.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -28,7 +28,7 @@
</div> </div>
<div class="c" id="sahana-demo"> <div class="c" id="sahana-demo">
<h2><a href="https://sahana-demo.{host}"><img src="img/EDEN.png" alt="Sahana EDEN DEMO" title="Sahana EDEN DEMO">Sahana EDEN DEMO</a></h2> <h2><a href="https://sahana-demo.{host}/eden/"><img src="img/EDEN.png" alt="Sahana EDEN DEMO" title="Sahana EDEN DEMO">Sahana EDEN DEMO</a></h2>
<p>Přístup určený k bezpečnému vyzkoušení aplikace. Zde můžete přidávat i mazat testovací data.</p> <p>Přístup určený k bezpečnému vyzkoušení aplikace. Zde můžete přidávat i mazat testovací data.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -37,7 +37,7 @@
</div> </div>
<div class="c" id="sambro"> <div class="c" id="sambro">
<h2><a href="https://sambro.{host}"><img src="img/EDEN.png" alt="Sahana EDEN SAMBRO" title="Sahana EDEN SAMBRO">Sahana EDEN SAMBRO</a></h2> <h2><a href="https://sambro.{host}/eden/"><img src="img/EDEN.png" alt="Sahana EDEN SAMBRO" title="Sahana EDEN SAMBRO">Sahana EDEN SAMBRO</a></h2>
<p>Samostatná instance Sahana EDEN s šablonou SAMBRO.</p> <p>Samostatná instance Sahana EDEN s šablonou SAMBRO.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -94,7 +94,7 @@
</div> </div>
<div class="c" id="opendatakit"> <div class="c" id="opendatakit">
<h2><a href="https://odk.{host}"><img src="img/ODK.png" alt="Open Data Kit" title="Open Data Kit">ODK Aggregate</a></h2> <h2><a href="https://odk.{host}/aggregate/"><img src="img/ODK.png" alt="Open Data Kit" title="Open Data Kit">ODK Aggregate</a></h2>
<p><strong>Sběr dat s pomocí smartphone</strong>.<br> <p><strong>Sběr dat s pomocí smartphone</strong>.<br>
<a href="http://geoodk.com">GeoODK Collect</a> - náhrada papírových dotazníků smartphonem. <a href="http://geoodk.com">GeoODK Collect</a> - náhrada papírových dotazníků smartphonem.
</p> </p>
@ -218,7 +218,7 @@
</div> </div>
<div class="c" id="gnuhealth"> <div class="c" id="gnuhealth">
<h2><a href="https://gh.{host}"><img src="img/GNU_Health.png" alt="GNU Health" title="GNU Health">GNU Health</a></h2> <h2><a href="https://gh.{host}/index.html"><img src="img/GNU_Health.png" alt="GNU Health" title="GNU Health">GNU Health</a></h2>
<p>Zdravotní a nemocniční informační systém.</p> <p>Zdravotní a nemocniční informační systém.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -240,7 +240,7 @@
</div> </div>
<div class="c" id="sigmah"> <div class="c" id="sigmah">
<h2><a href="https://sigmah.{host}"><img src="img/Sigmah.png" alt="Sigmah" title="Sigmah">Sigmah</a></h2> <h2><a href="https://sigmah.{host}/sigmah/"><img src="img/Sigmah.png" alt="Sigmah" title="Sigmah">Sigmah</a></h2>
<p>Rozpočtování získávání finančních prostředků.</p> <p>Rozpočtování získávání finančních prostředků.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -249,7 +249,7 @@
</div> </div>
<div class="c" id="motech"> <div class="c" id="motech">
<h2><a href="https://motech.{host}"><img src="img/Motech.png" alt="Motech" title="Motech">Motech</a></h2> <h2><a href="https://motech.{host}/motech/"><img src="img/Motech.png" alt="Motech" title="Motech">Motech</a></h2>
<p>Integrace zdravotnických a komunikačních služeb.</p> <p>Integrace zdravotnických a komunikačních služeb.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>
@ -258,7 +258,7 @@
</div> </div>
<div class="c" id="mifosx"> <div class="c" id="mifosx">
<h2><a href="https://mifosx.{host}"><img src="img/MifosX.png" alt="Mifos X" title="Mifos X">Mifos X</a></h2> <h2><a href="https://mifosx.{host}/community-app/"><img src="img/MifosX.png" alt="Mifos X" title="Mifos X">Mifos X</a></h2>
<p>Nástroj na rozvojovou, humanitární pomoc a mikrofinancování.</p> <p>Nástroj na rozvojovou, humanitární pomoc a mikrofinancování.</p>
<ul> <ul>
<li><strong>Login:</strong> <span class="login"></span></li> <li><strong>Login:</strong> <span class="login"></span></li>

View File

@ -6,7 +6,7 @@ $(function() {
var div = $('#'+app).show(); var div = $('#'+app).show();
div.find('.login').text(appdata.login); div.find('.login').text(appdata.login);
div.find('.password').text(appdata.password); div.find('.password').text(appdata.password);
$.each(appdata.tiles, function(tile) { $.each(appdata.tiles, function(idx, tile) {
$('#'+tile).show(); $('#'+tile).show();
}); });
}); });

View File

@ -7,6 +7,7 @@ import os
import subprocess import subprocess
CONF_FILE = '/srv/config.json' CONF_FILE = '/srv/config.json'
DISCARD_IP = '[100::1]'
ISSUE_FILE = '/etc/issue' ISSUE_FILE = '/etc/issue'
NGINX_DIR = '/etc/nginx/conf.d' NGINX_DIR = '/etc/nginx/conf.d'
@ -21,7 +22,7 @@ NGINX_TEMPLATE = '''server {{
proxy_pass http://{ip}:8080; proxy_pass http://{ip}:8080;
}} }}
error_page 502 /errror.html; error_page 502 /error.html;
location /error.html {{ location /error.html {{
root /srv/portal; root /srv/portal;
}} }}
@ -50,8 +51,6 @@ server {{
location /config.json {{ location /config.json {{
alias /srv/config.json; alias /srv/config.json;
}} }}
error_page 404 /error.html;
}} }}
''' '''
@ -131,10 +130,10 @@ class SpotterManager:
def stop_app(self, app): def stop_app(self, app):
# Stop the actual app service # Stop the actual app service
subprocess.call(['/sbin/service', app, 'stop']) subprocess.call(['/sbin/service', app, 'stop'])
# Stop the app service's dependencies if they are not used by any other running app # Stop the app service's dependencies if they are not used by another running app
deps = self.build_deps_tree() deps = self.build_deps_tree()
for dep in self.get_app_deps(app): for dep in self.get_app_deps(app):
if False not in [self.is_app_started(d) for d in deps[dep]]: if not any([self.is_app_started(d) for d in deps[dep]]):
subprocess.call(['/sbin/service', dep, 'stop']) subprocess.call(['/sbin/service', dep, 'stop'])
def build_deps_tree(self): def build_deps_tree(self):
@ -170,24 +169,25 @@ class SpotterManager:
subprocess.call(['/sbin/rc-update', 'del', app]) subprocess.call(['/sbin/rc-update', 'del', app])
def register_proxy(self, app): def register_proxy(self, app):
# Rebuild nginx configuration using an actual IP of referenced app container # Rebuild nginx configuration using IP of referenced app container and reload nginx
with open(os.path.join(NGINX_DIR, '{}.conf'.format(app)), 'w') as f: self.update_proxy_conf(app, self.get_container_ip(app))
f.write(NGINX_TEMPLATE.format(app=app, host=self.conf['apps'][app]['host'], ip=self.get_container_ip(app), domain=self.domain, port=self.port))
subprocess.call(['/sbin/service', 'nginx', 'reload']) subprocess.call(['/sbin/service', 'nginx', 'reload'])
def update_proxy_conf(self, app, ip):
with open(os.path.join(NGINX_DIR, '{}.conf'.format(app)), 'w') as f:
f.write(NGINX_TEMPLATE.format(app=app, host=self.conf['apps'][app]['host'], ip=ip, domain=self.domain, port=self.port))
def unregister_proxy(self, app): def unregister_proxy(self, app):
# Remove nginx configuration to prevent proxy mismatch when the container IP is reassigned to another container # Remove nginx configuration to prevent proxy mismatch when the container IP is reassigned to another container
nginx_conf = os.path.join(NGINX_DIR, '{}.conf'.format(app)) self.update_proxy_conf(app, DISCARD_IP)
if os.path.exists(nginx_conf): subprocess.call(['/sbin/service', 'nginx', 'reload'])
os.unlink(nginx_conf)
subprocess.call(['/sbin/service', 'nginx', 'reload'])
def get_container_ip(self, app): def get_container_ip(self, app):
# Return an IP address of a container. If the container is not running, return localhost address instead # Return an IP address of a container. If the container is not running, return address from IPv6 discard prefix instead
try: try:
return subprocess.check_output(['/usr/bin/docker', 'inspect', '-f', '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}', app]).strip() return subprocess.check_output(['/usr/bin/docker', 'inspect', '-f', '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}', app]).strip()
except: except:
return '127.0.0.1' return DISCARD_IP
def update_domain(self, domain, port): def update_domain(self, domain, port):
self.domain = self.conf['host']['domain'] = domain self.domain = self.conf['host']['domain'] = domain
@ -198,12 +198,13 @@ class SpotterManager:
self.restart_apps() self.restart_apps()
def rebuild_nginx(self): def rebuild_nginx(self):
# Remove all nginx config files to prevent errors during reloads invoked by app restarts # Rebuild nginx config for the portal app
for f in os.listdir(NGINX_DIR):
os.unlink(os.path.join(NGINX_DIR, f))
# Rebuild nginx config for the portal app and restart nginx to properly bind the new listen port
with open(os.path.join(NGINX_DIR, 'default.conf'), 'w') as f: with open(os.path.join(NGINX_DIR, 'default.conf'), 'w') as f:
f.write(NGINX_DEFAULT_TEMPLATE.format(port=self.port)) f.write(NGINX_DEFAULT_TEMPLATE.format(port=self.port))
# Unregister nginx proxy for apps (will be repopulated on app restart)
for app in self.conf['apps']:
self.update_proxy_conf(app, DISCARD_IP)
# Restart nginx to properly bind the new listen port
subprocess.call(['/sbin/service', 'nginx', 'restart']) subprocess.call(['/sbin/service', 'nginx', 'restart'])
def rebuild_issue(self): def rebuild_issue(self):
@ -211,7 +212,7 @@ class SpotterManager:
host = self.domain host = self.domain
# If the dummy host is used, take an IP address of a primary interface instead # If the dummy host is used, take an IP address of a primary interface instead
if self.domain == 'spotter.vm': if self.domain == 'spotter.vm':
host = subprocess.check_output(['ip', 'route', 'get', '1']).split()[-1] host = subprocess.check_output(['/sbin/ip', 'route', 'get', '1']).split()[-1]
# Show port number only when using the non-default HTTPS port # Show port number only when using the non-default HTTPS port
if self.port != '443': if self.port != '443':
host = ':{}'.format(self.port) host = ':{}'.format(self.port)

View File

@ -53,7 +53,7 @@ http {
location / { location / {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300; proxy_connect_timeout 300;
proxy_send_timeout 300; proxy_send_timeout 300;

View File

@ -35,8 +35,8 @@ http {
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty; fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty; fastcgi_param HTTPS "on";
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty; fastcgi_param REQUEST_SCHEME "https";
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty; fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty; fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }

View File

@ -37,7 +37,7 @@ http {
location / { location / {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;

View File

@ -30,5 +30,9 @@ http {
root /srv/web2py/applications; root /srv/web2py/applications;
expires max; expires max;
} }
location = / {
return 301 https://$http_x_forwarded_host/eden/;
}
} }
} }

View File

@ -33,8 +33,8 @@ http {
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty; fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty; fastcgi_param HTTPS "on";
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty; fastcgi_param REQUEST_SCHEME "https";
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty; fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty; fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }

View File

@ -36,8 +36,8 @@ http {
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty; fastcgi_param HTTP_HOST $http_x_forwarded_host if_not_empty;
fastcgi_param HTTPS $http_x_forwarded_https if_not_empty; fastcgi_param HTTPS "on";
fastcgi_param REQUEST_SCHEME $http_x_forwarded_proto if_not_empty; fastcgi_param REQUEST_SCHEME "https";
fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty; fastcgi_param SERVER_NAME $http_x_forwarded_server_name if_not_empty;
fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty; fastcgi_param SERVER_PORT $http_x_forwarded_server_port if_not_empty;
} }