amirmoghi3
/
ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync

master
Amir Hossein Moghiseh 2022-02-28 12:50:57 +03:30
parent 519f331d68
commit e71522c2bf
13 changed files with 273 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

3
.gitignore vendored
View File

@ -1 +1,2 @@
.DS_*
.DS_*
password

100
config/sites-available/base.conf
View File

@ -1,3 +1,15 @@
server{
listen 80;
server_name 31.7.74.79;
return 301 https://igarson.app;
}
server {
listen 443;
server_name 31.7.74.79;
return 301 https://igarson.app;
}
server{
server_name igarson.app www.igarson.app;
access_log /var/log/nginx/ig/access.www.log;
@ -18,7 +30,7 @@ server{
location /warehouse/windows {
auth_request /api/v1/update/windows/validate;
root /data;
root /volume/ig/api/storage;
autoindex on;
}
@ -29,6 +41,10 @@ server{
proxy_pass http://127.0.0.1:8011;
}
location /goto {
return 302 $arg_dest;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/igarson.app/fullchain.pem; # managed by Certbot
@ -43,7 +59,7 @@ server{
server_name api.igarson.app;
access_log /var/log/nginx/ig/access.api.log;
error_log /var/log/nginx/ig/error.api.log;
client_max_body_size 20M;
client_max_body_size 128M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -78,7 +94,7 @@ server {
error_log /var/log/nginx/ig/error.storage.log;
location ~ ^/public/.*\.(ico|jpg|jpeg|gif|png|svg|json)$ {
location ~ ^/public/.*\.(JPG|ico|jpg|jpeg|gif|png|svg|json)$ {
root /volume/ig/api/storage;
add_header Cache-Control public;
add_header Cache-Control must-revalidate;
@ -90,7 +106,7 @@ server {
}
location ~ .*\.(ico|jpg|jpeg|gif|png|svg|json)$ {
location ~ .*\.(JPG|ico|jpg|jpeg|gif|png|svg|json)$ {
root /volume/ig/ls/wwwroot;
add_header Cache-Control "public, max-age=86400";
add_header Surrogate-Control "public, max-age=86400";
@ -121,7 +137,7 @@ server{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:4501;
proxy_pass http://127.0.0.1:8010;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
@ -166,7 +182,7 @@ server{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:6732;
proxy_pass http://127.0.0.1:8015;
proxy_read_timeout 90;
proxy_redirect off;
}
@ -283,3 +299,75 @@ server{
}
server{
server_name mail.igarson.app;
access_log /var/log/nginx/ig/access.mail.igarson.app.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9999;
proxy_read_timeout 90;
proxy_redirect off;
proxy_http_version 1.1;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.igarson.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.igarson.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = mail.igarson.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name mail.igarson.app;
listen 80;
return 404; # managed by Certbot
}
server{
server_name igli.ir;
access_log /var/log/nginx/ig/access.igli.ir.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8016;
proxy_read_timeout 90;
proxy_redirect off;
proxy_http_version 1.1;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/igli.ir/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/igli.ir/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
if ($host = igli.ir) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name igli.ir;
listen 80;
return 404; # managed by Certbot
}

43
config/sites-available/games.conf
View File

@ -8,7 +8,7 @@ server {
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:6380;
proxy_pass http://127.0.0.1:6003;
proxy_read_timeout 90;
proxy_redirect off;
@ -32,7 +32,7 @@ server {
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:6300;
proxy_pass http://127.0.0.1:6023;
proxy_read_timeout 90;
proxy_redirect off;
proxy_http_version 1.1;
@ -58,7 +58,7 @@ server {
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:6533;
proxy_pass http://127.0.0.1:6001;
proxy_read_timeout 90;
proxy_redirect off;
@ -82,15 +82,17 @@ server{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:6532;
proxy_pass http://127.0.0.1:6002;
proxy_read_timeout 90;
proxy_redirect off;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/igarson.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/igarson.app/privkey.pem; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sudoku.game.igarson.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sudoku.game.igarson.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
@ -168,14 +170,6 @@ server{
listen 80;
return 404; # managed by Certbot
}
server{
if ($host = sudoku.game.igarson.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name sudoku.game.igarson.app;
listen 80;
return 404; # managed by Certbot
}
server{
if ($host = quiz.game.igarson.app) {
return 301 https://$host$request_uri;
@ -191,4 +185,21 @@ server{
server_name api.quiz.game.igarson.app;
listen 80;
return 404; # managed by Certbot
}
}
server{
if ($host = sudoku.game.igarson.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name sudoku.game.igarson.app;
listen 80;
return 404; # managed by Certbot
}

1
config/sites-available/igarson.conf
View File

@ -1,3 +1,4 @@
server_tokens off;
include /etc/nginx/sites-available/base.conf;
include /etc/nginx/sites-available/apps.conf;
include /etc/nginx/sites-available/games.conf;

22
playbooks/server/addDomainAndEncrypt.yml
View File

@ -8,10 +8,10 @@
src: template/nginx-server-block.j2
dest: /tmp/new-nginx-server-block.{{item.server_name}}.conf
with_items:
- server_name: mail.igarson.app
- server_name: dev.capitan.igarson.app
server_config: ""
service_port: 9999
conf_file: base.conf
service_port: 10003
conf_file: ngrok.conf
- name: append /tmp/new-nginx-server-block.conf to specific conf
@ -19,20 +19,20 @@
cat /tmp/new-nginx-server-block.{{item.server_name}}.conf >> /etc/nginx/sites-available/{{ item.conf_file }}
rm -rf /tmp/new-nginx-server-block.{{item.server_name}}.conf
with_items:
- server_name: mail.igarson.app
- server_name: dev.capitan.igarson.app
server_config: ""
service_port: 9999
conf_file: base.conf
service_port: 10003
conf_file: ngrok.conf
- name: encrypt all domains
shell: |
certbot --nginx -d {{item.server_name}} -n --redirect
with_items:
- server_name: mail.igarson.app
- server_name: dev.capitan.igarson.app
server_config: ""
service_port: 9999
conf_file: base.conf
service_port: 10003
conf_file: ngrok.conf
- name: Reload nginx to activate specified site
service: name=nginx state=restarted
@ -41,7 +41,9 @@
cron:
name: renew_certificates
special_time: weekly
job: certbot renew --post-hook "systemctl reload nginx"
job: certbot renew --post-hook "systemctl reload nginx"

3
playbooks/server/fetchimportant.yml
View File

@ -11,5 +11,4 @@
dest: ../../config/sites-available/{{item}}
flat: yes
with_items:
- "{{ nginx_confs }}"
- name: backup from /volume
- "{{ nginx_confs }}"

3
port-range
View File

@ -15,7 +15,7 @@
8012 demo.igarson.app
8013 capitan.igarson.app
8014 igarson.app
6732 guardians.of.galaxy.igarson.app ==> must change 8015
8015 guardians.of.galaxy.igarson.app ==> must change 8015
8016 yaus.ir
}
@ -25,6 +25,7 @@
9090 promateus
9093 alertmanager
9094 unsee
9095 posthog
}
mailbox 9999

39
stacks/lvl3/stack.yml
View File

@ -13,6 +13,7 @@ services:
image: registry.vnfco.ir/ig/localserver:latest
environment:
- ASPNETCORE_ENVIRONMENT=Production
- TZ=Asia/Tehran
deploy:
update_config:
parallelism: 1
@ -23,8 +24,10 @@ services:
delay: 5s
window: 120s
resources:
reservations:
cpus: "1"
memory: "1G"
limits:
cpus: '1'
memory: 1Gi
replicas: 1
mode: replicated
@ -38,6 +41,14 @@ services:
- type: bind
source: /volume/config/ls/appsettings.Production.json
target: /app/appsettings.Production.json
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
ports:
- 8010:8010
networks:
@ -47,6 +58,7 @@ services:
image: registry.vnfco.ir/ig/api:latest
environment:
- SPRING_PROFILES_ACTIVE=prod
- TZ=Asia/Tehran
deploy:
update_config:
parallelism: 1
@ -72,6 +84,23 @@ services:
- type: bind
source: /volume/config/core/application-prod.properties
target: /target/classes/application-prod.properties
- type: bind
source: /volume/ig/api/logs/http.log
targer: /target/logs/http.log
- type: bind
source: /volume/ig/api/logs/error.log
targer: /target/logs/error.log
- type: bind
source: /volume/ig/api/logs/archive
targer: /target/logs/archive
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
ports:
- 8011:8080
networks:
@ -88,6 +117,7 @@ services:
- SMS_SERVICE_CONTEXT_PATH=/sms/send.json
- USERAPIKEY=7461633837643439575446434F7161634F676C58426E674B396A5356586A3173
- SECRETKEY=!#u*(!@ofOAJDU31y+
- TZ=Asia/Tehran
deploy:
update_config:
parallelism: 1
@ -113,11 +143,12 @@ services:
image: registry.vnfco.ir/ig/yaus:latest
environment:
- MONGO_URL=mongodb://API:dljHVOHjf6123HDHWADOU8123@mongoprimary:27017,mongosecondary:27017/yaus?authSource=yaus
- URL_NOTFOUND=https://igarson.app/notfound
- URL_NOTFOUND=https://igarson.app/404
- TOLL=https://igarson.app/goto?dest=
- COLLECTION_MONGO="urls"
- COLLECTION_MONGO=urls
- DATABASE_MONGO=yaus
- DOMAIN=qr.igarson.app
- DOMAIN=igli.ir
- TZ=Asia/Tehran
deploy:
update_config:
parallelism: 1

32
stacks/lvl4/stack.yml
View File

@ -12,7 +12,8 @@ services:
menu:
image: registry.vnfco.ir/ig/pwa:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -41,6 +42,9 @@ services:
- node.role == worker
ports:
- 8012:80
volumes:
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
networks:
- mother
@ -48,7 +52,8 @@ services:
capitan:
image: registry.vnfco.ir/ig/garson:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -77,6 +82,9 @@ services:
- node.role == worker
ports:
- 8013:80
volumes:
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
networks:
- mother
@ -84,7 +92,14 @@ services:
website:
image: registry.vnfco.ir/ig/website:latest
# environment:
environment:
- TZ=Asia/Tehran
- REDIS_KEY="NEXT_SSR_"
- REDIS_DATABASE=7
- REDIS_HOST=redismaster
- REDIS_PORT=6379
- REDIS_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ==
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -112,13 +127,17 @@ services:
constraints:
- node.role == worker
ports:
- 8014:80
- 8014:3000
volumes:
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
networks:
- mother
admin:
image: registry.vnfco.ir/ig/admin:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -147,6 +166,9 @@ services:
- node.role == worker
ports:
- 8015:80
volumes:
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
networks:
- mother

41
stacks/lvl5/metabase/stack.yml 100644
View File

@ -0,0 +1,41 @@
version: "3.7"
networks:
mother:
external: true
services:
metabase:
image: registry.vnfco.ir/library/metabase:latest
environment:
- MB_DB_TYPE=postgres
- MB_DB_DBNAME=posthogdb
- MB_DB_PORT=5432
- MB_DB_USER=posthoguser
- MB_DB_PASS=XhbAQ15Thp2lNRbE4sUGldPKOzJ1yfDIX8sPm4DQ63c=
- MB_DB_HOST=pg-0
- JAVA_TIMEZONE=Asia/Tehran
deploy:
update_config:
parallelism: 1
delay: 10s
order: stop-first
restart_policy:
condition: any
delay: 5s
window: 120s
resources:
limits:
cpus: '0.5'
memory: 250m
replicas: 1
mode: replicated
placement:
constraints:
- node.role == worker
volumes:
- /etc/localtime:/etc/localtime:ro
ports:
- 9095:3000
network:
- mother

5
stacks/lvl5/poste.io/stack.yml
View File

@ -28,7 +28,7 @@ services:
resources:
limits:
cpus: '0.5'
memory: 200m
memory: 350m
replicas: 1
mode: replicated
placement:
@ -41,10 +41,11 @@ services:
- "25:25"
- "110:110"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
- "995:995"
- "4190:4190"
- "9090:9090"
- "9999:9090"
networks:
- mother

32
stacks/lvl6/stack.yml
View File

@ -12,7 +12,8 @@ services:
twentyfortyeight:
image: registry.vnfco.ir/ig/game/2048:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -41,6 +42,9 @@ services:
- node.role == worker
ports:
- 6001:80
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
networks:
- mother
@ -48,7 +52,8 @@ services:
sudoku:
image: registry.vnfco.ir/ig/game/sudoku:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -77,6 +82,9 @@ services:
- node.role == worker
ports:
- 6002:80
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
networks:
- mother
@ -84,7 +92,8 @@ services:
mafia:
image: registry.vnfco.ir/ig/game/mafia/ui:latest
# environment:
environment:
- TZ=Asia/Tehran
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -113,12 +122,24 @@ services:
- node.role == worker
ports:
- 6003:80
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
networks:
- mother
mafiaserver:
image: registry.vnfco.ir/ig/game/mafia/server:latest
# environment:
environment:
- TZ=Asia/Tehran
- HOST=0.0.0.0
- PORT=3000
- MAFIA_MINIMUM_PLAYER_NUMBER=6
- REDIS_PORT=6379
- REDIS_HOST=redismaster
- REDIS_AUTH=Mf7VXwbaJQuMRd1sETVl79A7URUTyiEFwctGk3RhD+q74DmKDzc2SztYEZ2YynLZI8xuq7b9gNz2e7g2MNfU9sP8q+bEK9CqAu3y2Zu4xkVyzyYKdFMT696IB/SS1M7rvZKw7NBYT99lGCpj1edk+6hRpK/Qy2pfiVo29VKEgSXnkeJaM9nMJQ3wxN/1gLJd/uTGGf85nZWhUTEIdK58lJPSXLU55VqcaksahJHlg2oz5P5FNXWRPCnSC7obJ4OtkuHNw/P8REEL0KDyZ9khilU/XvzSgzp+v5i9hmUdKO3B8r+Y4keUZyaKz2VxCHSGAuqWSCpe+do1qQ==
- REDIS_DB=2
- REACT_APP_MAFIA_GAME_SECRET=6JCvBmi1ADry5Qk0bLaV+5klnAqYaVtjn+HSHG4N4pOAEl480saobylNWcudDxhvgw6q0yzVmbYH+lQIS3RmEHLXRHYAHxsdXl5MBuqU/p1oCC3SWmYke1SWHkoTUOm1f8SBZ1HucOxBHv7psqFUu5lG38P/EPiozv6/0qDU+vVFFp6v9ZTigBihLll0mU6qR14krot8+y9tOnrLDkHxw3wLvWsB4wgd9+RAY97Gzzs7ix3nAXthsT+jPWdyuENiKSuKEyHKbDqciJRBGqktgYU9XkYIfZzEm4cxhscT9jqNsUg2ml+uJdDQOps2mL5LgNetWWmcP43xPIkxAwu5oK873GV3uZOdQqYE2CBYT66+/+Yp5xzoL4+qZUUiDEpfWKm+clRlAm1Keiur
# - NODE_ENV=production
# - REACT_APP_SIGNAL_URL=https://ls.igarson.app
# - REACT_APP_PATH_URL=/api/v1
@ -147,6 +168,9 @@ services:
- node.role == worker
ports:
- 6023:3000
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
networks:
- mother