gorhack · gorhack · Jun 1, 2021 · Jun 4, 2021
diff --git a/pipeline/build.sh b/pipeline/build.sh
@@ -24,5 +24,6 @@ echo "******* Creating jar"
 ./gradlew bootJar
 
 cp ./build/libs/tsr*.jar ./pipeline/eb/tsr.jar
+cp ./build/libs/tsr*.jar ./pipeline/do/tsr.jar
 
 exit 0
diff --git a/pipeline/do/Dockerfile b/pipeline/do/Dockerfile
@@ -0,0 +1,9 @@
+FROM openjdk:15-alpine
+
+ENV SPRING_PROFILES_ACTIVE=default
+
+COPY tsr.jar /tsr.jar
+
+EXPOSE 8080
+
+ENTRYPOINT ["/opt/openjdk-15/bin/java","-Djava.net.preferIPv4Stack=true", "-jar", "tsr.jar"]
diff --git a/pipeline/do/README.md b/pipeline/do/README.md
@@ -0,0 +1,7 @@
+# Digital Ocean Droplets
+
+
+## Setup
+### Setting up Keycloak
+
+### Setting up App/Database Droplet
diff --git a/pipeline/do/build.sh b/pipeline/do/build.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+docker build -t g0rak/tsr-app:latest .
diff --git a/pipeline/do/push.sh b/pipeline/do/push.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# push to docker.io
+echo $DOCKER_ACCESS_TOKEN | docker login -u $DOCKER_USERNAME --password-stdin
+docker push g0rak/tsr-app
+docker logout
diff --git a/pipeline/do/server/:etc:nginx:sites-enabled:default b/pipeline/do/server/:etc:nginx:sites-enabled:default
@@ -0,0 +1,51 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+server {
+    if ($host = tracked.events) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name *.tracked.events; # managed by Certbot
+
+    listen 443 ssl; # managed by Certbot
+
+    ssl_certificate /etc/letsencrypt/live/tracked.events/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/tracked.events/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $host;
+        proxy_pass http://localhost:8080/;
+    }
+
+    location /ws {
+        proxy_pass http://localhost:8080/ws;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $host;
+    }
+}
diff --git a/pipeline/do/server/nginx-conf:nginx.conf b/pipeline/do/server/nginx-conf:nginx.conf
@@ -0,0 +1,13 @@
+server {
+        listen 443;
+
+        server_name *.tracked.events;
+
+        location / {
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header X-Forwarded-Port $server_port;
+		        proxy_set_header Host $host;
+                proxy_pass http://localhost:8080;
+        }
+}
diff --git a/pipeline/do/server/tsr:Dockerfile b/pipeline/do/server/tsr:Dockerfile
@@ -0,0 +1,10 @@
+FROM openjdk:15-alpine
+
+ENV SPRING_PROFILES_ACTIVE=default
+#RUN apk update; apk add curl #for debugging in entrypoint
+COPY ./tsr/tsr.jar /tsr.jar
+COPY ./tsr/docker-entrypoint.sh .
+RUN chmod +x docker-entrypoint.sh
+
+ENTRYPOINT ["/bin/sh", "./docker-entrypoint.sh"]
+
diff --git a/pipeline/do/server/tsr:docker-entrypoint.sh b/pipeline/do/server/tsr:docker-entrypoint.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+RDS_HOSTNAME="db"
+RDS_PORT="5432"
+RDS_DB_NAME="tsr"
+RDS_JDBC_DATABASE_URL="jdbc:postgresql://$RDS_HOSTNAME:$RDS_PORT/$RDS_DB_NAME"
+
+RDS_USERNAME="XXXXX"
+RDS_PASSWORD="XXXXX"
+TSR_KEYCLOAK_SECRET_KEY="XXXXX"
+TSR_KEYCLOAK_HOST="https://kc.tracked.events/auth/realms/tsr"
+TSR_KEYCLOAK_JWK="$TSR_KEYCLOAK_HOST/protocol/openid-connect/certs"
+
+#curl -vvI https://kc.tracked.events #for debugging keycloak
+
+/opt/openjdk-15/bin/java -Djava.net.preferIPv4Stack=true -jar tsr.jar \
+--spring.datasource.url=$RDS_JDBC_DATABASE_URL \
+--spring.datasource.username=$RDS_USERNAME \
+--spring.datasource.password=$RDS_PASSWORD \
+--spring.security.oauth2.client.registration.keycloak.clientSecret=$TSR_KEYCLOAK_SECRET_KEY \
+--spring.security.oauth2.client.provider.keycloak.issuer-uri=$TSR_KEYCLOAK_HOST \
+--spring.security.oauth2.resourceserver.jwt.jwk-set-uri=$TSR_KEYCLOAK_JWK
diff --git a/pipeline/eb/README.md b/pipeline/eb/README.md
@@ -0,0 +1,39 @@
+## AWS
+#### **No longer deployed to AWS\**
+### App
+The Elastic Beanstalk (EB) setup is complete for _TSR_ in the `./pipeline/eb` directory with configuration and docker
+files. If you need to deploy to elastic beanstalk locally, install the
+[eb cli](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3-install.html).
+
+The application deploys to AWS during CI/CD pipeline on the `master` branch. Manual steps to deploy your
+local changes:
+1. build the application `./pipeline/build.sh`
+1. `eb deploy tracked-events --label [name of deploy]`
+
+### Auth
+A dev/testing keycloak environment deployed to EC2 at https://kc.tracked.events. Test user login test:password
+
+### Certificate
+Route 53 for the domain alias mapping. Certificate Manager to create the TLS certificate.
+
+### AWS Initial Setup
+
+#### Configure ./pipeline/eb/.ebextensions
+
+Create Certificate in Certificate Manager. Copy Certificate Arn to `AWSEBV2LoadBalancerListenerHTTPS -> Certificates ->
+CertificateArn`
+
+#### Using EB CLI
+To initialize app through the CLI, run `eb init -p docker tsr`
+
+Additional environment configuration in `.ebextensions` which add the alb's HTTP redirect and configure the health path
+to `/actuator/health`.
+
+To create EB environment with Postgresql RDS, run
+```
+eb create tracked-events \
+--database.engine postgres --database.version 12.3 \
+--envvars TSR_KEYCLOAK_HOST=https://kc.tracked.events,TSR_KEYCLOAK_SECRET_KEY=random-password
+```
+
+Add the new RDS's security group to the elastic beanstalk application's security groups.
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -57,6 +57,7 @@ logging:
         SQL: OFF
         type: OFF
       springframework:
+        security: error
         web: INFO
         ws:
           server:
@@ -73,4 +74,5 @@ server:
       cookie:
         http-only: true
         secure: true
-      tracking-modes: COOKIE
+      tracking-modes: COOKIE
+  forward-headers-strategy: native
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/usr/bin/env bash

		docker build -t g0rak/tsr-app:latest .