DM-11547: dockerize apache https proxy. #453
Conversation
- use letsencrypt for public site, and self-signed for development - add support for authentication via mod_auth_openidc - expand build script to exposes configurable global variables to javascript
There was a problem hiding this comment.
Apart from the failure to start up apache with the default (empty) value of oidc_redirect_uri property, the proxy container works as described with self-signed certificate.
Error on apache2ctl start: configuration value '@oidc_redirect_uri@' could not be parsed as a URL (no scheme set) The workaround is to set a dummy but valid URL as a value of this property in ~/.gradle/build.config Thank you to Loi for walking me through the debugging process.
I guess that getting the valid certificate with letsencrypt will be tested on lsst-dev.
|
Loi and I discussed better ways to do global inserted variables. It would work by building a global objects that includes such things as MODULE_NAME, SCRIPT_NAME, help.base.url and build one object and insert only that as global with webpack. We think this would work. I created a separate ticket DM-11856. |
| #RUN apt-get update && \ | ||
| # apt-get -f stretch install libapache2-mod-auth-openidc && \ | ||
| # rm -rf /var/lib/apt/lists/* | ||
|
|
There was a problem hiding this comment.
you should install the tools you need as part of the build. I don't think it will make much difference in the build time or the overall size
|
|
||
| EXPOSE 80 443 | ||
|
|
||
| ENTRYPOINT ["httpd-foreground"] |
There was a problem hiding this comment.
proxy should take parameters to to set which the backend it running so that it is not required to be on 8080. They way we can start two proxy instances in front of two firelfy servers.
| docker pull ipac/proxy | ||
| docker run -d \ | ||
| -p 80:80 \ | ||
| -p 443:443 \ |
There was a problem hiding this comment.
it you has more parameters to the docker containers the this file will have to deal with them
docker/proxy-dev/proxyctl.sh
Outdated
| ;; | ||
| update) | ||
| cd /hydra/cm/firefly | ||
| gradle proxyDev:dockerImage |
There was a problem hiding this comment.
i don't have /hydra/cm/firefly. I think you should use the following>
DIR=$(dirname "${0}")
cd $DIR/../../../firefly
- update proxyctl script to take additional parameters - added wget and telnet into image for debugging use - fixed properties without defualts which prevented apache from starting up - fixed static link to cm/firefly path
|
I've just pushed a commit that address all of the issues identified in your review. Please take a quick look and see if it addresses your concerns. |
self-signed https proxy locally.
cd ./firefly; docker/proxy-dev/proxyctl.sh update
this will create and run the apache proxy in docker. access it on port 80 or 443. i.e. http://localhost/
javascript global variables
to make any configuration property a javascript global variable, append '__$' to it. i.e. __$help.base.url