Skip to content

Commit

Permalink
Merge pull request #51 from jembi/plat-224-reverse-proxy-improvements
Browse files Browse the repository at this point in the history 
PLAT-224 - reverse proxy improvements
  • Loading branch information
@tumbledwyer
tumbledwyer committed May 13, 2022
2 parents ce89493 + b62e011 commit a543d43
Show file tree
Hide file tree
Showing 14 changed files with 623 additions and 117 deletions.
10 changes: 5 additions & 5 deletions .env.dev
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# General

STATEFUL_NODES=cluster
STATEFUL_NODES=single

# Interoperability Layer - OpenHIM

OPENHIM_CORE_INSTANCES=1
OPENHIM_CONSOLE_INSTANCES=1
OPENHIM_CORE_MEDIATOR_HOSTNAME=localhost
OPENHIM_CORE_MEDIATOR_HOSTNAME=127.0.0.1
OPENHIM_MEDIATOR_API_PORT=8080
MONGO_SET_COUNT=3

Expand Down Expand Up @@ -44,9 +44,9 @@ HF_POSTGRES_MEMORY_RESERVE=500M

# Reverse Proxy - Nginx

REVERSE_PROXY_INSTANCES=3
INSECURE=false
INSECURE_PORTS=-5001:5001-80:80-8080:8080
REVERSE_PROXY_INSTANCES=1
INSECURE=true
INSECURE_PORTS=5001:5001-80:80-8080:8080
DOMAIN_NAME=domain
SUBDOMAINS=openhimcomms.domain,openhimcore.domain,openhimconsole.domain
RENEWAL_EMAIL=[email protected]
Expand Down
18 changes: 18 additions & 0 deletions interoperability-layer-openhim/config/http-openhim-insecure.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# OpenHIM Core HTTP server config
server {
listen 5001;
client_max_body_size 10M;

location / {
proxy_pass http://openhim-core:5001;
}
}

# OpenHIM Console
server {
listen 80;

location / {
proxy_pass http://openhim-console:80;
}
}
93 changes: 93 additions & 0 deletions interoperability-layer-openhim/config/http-openhim-secure.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# OpenHIM Core API server config
server {
listen 80;
server_name openhimcomms.*;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openhimcomms.*;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
proxy_pass https://openhim-core:8080;
}
}

# OpenHIM Core HTTP server config
server {
listen 80;
server_name openhimcore.*;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openhimcore.*;
client_max_body_size 10M;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
proxy_pass https://openhim-core:5000;
}
}

# OpenHIM Console
server {
listen 80;
server_name openhimconsole.*;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openhimconsole.*;

location /.well-known/acme-challenge/ {
resolver 127.0.0.11 valid=30s;
set $upstream_certbot certbot;
proxy_pass http://$upstream_certbot$request_uri;
}

location / {
proxy_pass http://openhim-console:80;
}
}
5 changes: 5 additions & 0 deletions interoperability-layer-openhim/config/stream-openhim-insecure.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# use a stream so don't terminate ssl here
server {
listen 8080;
proxy_pass openhim-core:8080;
}
4 changes: 2 additions & 2 deletions interoperability-layer-openhim/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ services:
depends_on:
- openhim-core
configs:
- source: console.config
- source: console-default.json
target: /usr/share/nginx/html/config/default.json
deploy:
placement:
Expand All @@ -38,7 +38,7 @@ services:
memory: ${OPENHIM_CONSOLE_MEMORY_RESERVE:-500M}

configs:
console.config:
console-default.json:
file: ./importer/volume/default.json
name: console.config-${console_config_DIGEST:?err}
labels:
Expand Down
3 changes: 3 additions & 0 deletions interoperability-layer-openhim/initiateReplicaSet.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ done
# This sleep ensures that the replica sets are reachable
sleep 10

# TODO (PLAT-256): only works if deploying to node-1 labeled node
# With docker swarm any manager can be the target but this bit of code only work if we target node-1 specifically.
# Which is generally what we do, but if node-1 is down or we choose to target another node this won't work.
ContainerName=""
if [[ "$(docker ps -f name=instant_mongo-1 --format "{{.ID}}")" ]]; then
ContainerName="$(docker ps -f name=instant_mongo-1 --format "{{.ID}}")"
Expand Down
1 change: 1 addition & 0 deletions interoperability-layer-openhim/package-metadata.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"name": "Interoperability Layer Package - Openhim",
"description": "This is the interoperability layer that enables simpler data exchange between the different systems. It is also the security layer for the other systems",
"version": "1.0.0",
"dependencies": ["reverse-proxy-nginx"],
"environmentVariables": {
"mongo_url": "mongodb://mongo-1:27017,mongo-2:27017,mongo-3:27017/openhim?replicaSet=mongo-set",
"mongo_atnaUrl": "mongodb://mongo-1:27017,mongo-2:27017,mongo-3:27017/openhim?replicaSet=mongo-set",
Expand Down
Loading

0 comments on commit a543d43

Please sign in to comment.