From 4eef1fa8c3ae04677da49ddd47fd3e880337103e Mon Sep 17 00:00:00 2001 From: semeniak97mf Date: Thu, 29 Aug 2024 18:21:01 +0300 Subject: [PATCH 1/4] Add nginx reloading if ssl updatet --- docker/docker-compose.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index d01038bc0686..32c42585b0dd 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -11,6 +11,16 @@ services: volumes: - ./nginx/ssl:/etc/nginx/ssl:ro - ./certbot/www:/var/www/certbot:ro + entrypoint: ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && \ + nginx -g 'daemon off;' & \ + while true; do \ + sleep 3600; \ + if [ \"$(md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/* | md5sum)\" != \"$(cat /tmp/md5sum || echo '')\" ]; then \ + nginx -s reload; \ + md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/* | md5sum > /tmp/md5sum; \ + fi; \ + done "] + ports: - "0.0.0.0:80:80" - "0.0.0.0:443:443" From 42dd31182680fcd2ce1235fa63f577a2a9db677e Mon Sep 17 00:00:00 2001 From: semeniak97mf Date: Mon, 2 Sep 2024 11:08:19 +0300 Subject: [PATCH 2/4] Optimize nginx reloading usage --- docker/Dockerfile | 11 ++++- docker/docker-compose.yml | 10 +---- docker/nginx-container/check_ssl.sh | 12 ++++++ docker/nginx-container/docker-entrypoint.sh | 47 +++++++++++++++++++++ docker/{ => nginx-container}/env.sh | 0 5 files changed, 70 insertions(+), 10 deletions(-) create mode 100755 docker/nginx-container/check_ssl.sh create mode 100755 docker/nginx-container/docker-entrypoint.sh rename docker/{ => nginx-container}/env.sh (100%) diff --git a/docker/Dockerfile b/docker/Dockerfile index 0569389fe223..81b28ad4c626 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -24,11 +24,20 @@ ENV WS_URL= WORKDIR /usr/share/nginx/html -COPY docker/env.sh . +COPY docker/nginx-container/env.sh . RUN apk add --no-cache bash; chmod +x env.sh COPY docker/nginx /etc/nginx COPY --from=builder /apps/packages/apps/build /usr/share/nginx/html +COPY docker/nginx-container/docker-entrypoint.sh / +COPY docker/nginx-container/check_ssl.sh / + +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""] diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 32c42585b0dd..e277814bc227 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -11,15 +11,7 @@ services: volumes: - ./nginx/ssl:/etc/nginx/ssl:ro - ./certbot/www:/var/www/certbot:ro - entrypoint: ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && \ - nginx -g 'daemon off;' & \ - while true; do \ - sleep 3600; \ - if [ \"$(md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/* | md5sum)\" != \"$(cat /tmp/md5sum || echo '')\" ]; then \ - nginx -s reload; \ - md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/* | md5sum > /tmp/md5sum; \ - fi; \ - done "] + command: /bin/bash -c "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\" & /check_ssl.sh" ports: - "0.0.0.0:80:80" diff --git a/docker/nginx-container/check_ssl.sh b/docker/nginx-container/check_ssl.sh new file mode 100755 index 000000000000..f6e2b619070a --- /dev/null +++ b/docker/nginx-container/check_ssl.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +while true; do + sleep 3600 + if [ "$(md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/fullchain.pem \ + /etc/nginx/ssl/live/polkadot-explorer.atleta.network/privkey.pem | md5sum)" != \ + "$(cat /tmp/md5sum || echo '')" ]; then + nginx -s reload + md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/fullchain.pem \ + /etc/nginx/ssl/live/polkadot-explorer.atleta.network/privkey.pem | md5sum > /tmp/md5sum + fi +done diff --git a/docker/nginx-container/docker-entrypoint.sh b/docker/nginx-container/docker-entrypoint.sh new file mode 100755 index 000000000000..413bf9a89e1c --- /dev/null +++ b/docker/nginx-container/docker-entrypoint.sh @@ -0,0 +1,47 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +if [ "$1" = "/bin/bash" ] || [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: Sourcing $f"; + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *) entrypoint_log "$0: Ignoring $f";; + esac + done + + entrypoint_log "$0: Configuration complete; ready for start up" + else + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" \ No newline at end of file diff --git a/docker/env.sh b/docker/nginx-container/env.sh similarity index 100% rename from docker/env.sh rename to docker/nginx-container/env.sh From 096d9ac522abb331e9e25d14ed8b56960ea0960e Mon Sep 17 00:00:00 2001 From: semeniak97mf Date: Tue, 3 Sep 2024 14:33:00 +0300 Subject: [PATCH 3/4] Optimize check_ssl.sh --- docker/docker-compose.yml | 2 +- docker/nginx-container/check_ssl.sh | 12 +++++++----- docker/nginx-container/docker-entrypoint.sh | 2 ++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index e277814bc227..10cc48a2df13 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -11,7 +11,7 @@ services: volumes: - ./nginx/ssl:/etc/nginx/ssl:ro - ./certbot/www:/var/www/certbot:ro - command: /bin/bash -c "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\" & /check_ssl.sh" + command: /bin/bash -c "/usr/share/nginx/html/env.sh && nginx -g 'daemon off;' & /check_ssl.sh" ports: - "0.0.0.0:80:80" diff --git a/docker/nginx-container/check_ssl.sh b/docker/nginx-container/check_ssl.sh index f6e2b619070a..bc53c428e793 100755 --- a/docker/nginx-container/check_ssl.sh +++ b/docker/nginx-container/check_ssl.sh @@ -1,12 +1,14 @@ #!/bin/bash +CERT_DIR="/etc/nginx/ssl/live/polkadot-explorer.atleta.network" +FULLCHAIN_PEM="$CERT_DIR/fullchain.pem" +PRIVKEY_PEM="$CERT_DIR/privkey.pem" +MD5SUM_FILE="/tmp/md5sum" + while true; do sleep 3600 - if [ "$(md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/fullchain.pem \ - /etc/nginx/ssl/live/polkadot-explorer.atleta.network/privkey.pem | md5sum)" != \ - "$(cat /tmp/md5sum || echo '')" ]; then + if [ "$(md5sum "$FULLCHAIN_PEM" "$PRIVKEY_PEM" | md5sum)" != "$(cat "$MD5SUM_FILE" || echo '')" ]; then nginx -s reload - md5sum /etc/nginx/ssl/live/polkadot-explorer.atleta.network/fullchain.pem \ - /etc/nginx/ssl/live/polkadot-explorer.atleta.network/privkey.pem | md5sum > /tmp/md5sum + md5sum "$FULLCHAIN_PEM" "$PRIVKEY_PEM" | md5sum > "$MD5SUM_FILE" fi done diff --git a/docker/nginx-container/docker-entrypoint.sh b/docker/nginx-container/docker-entrypoint.sh index 413bf9a89e1c..a336284c8da0 100755 --- a/docker/nginx-container/docker-entrypoint.sh +++ b/docker/nginx-container/docker-entrypoint.sh @@ -1,6 +1,8 @@ #!/bin/sh # vim:sw=4:ts=4:et +# Source: https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine-slim/docker-entrypoint.sh + set -e entrypoint_log() { From f0ee6b0143b1798e1e39ddce55b6b189740c1223 Mon Sep 17 00:00:00 2001 From: semeniak97mf Date: Tue, 3 Sep 2024 23:15:20 +0300 Subject: [PATCH 4/4] Optimize nginx reloading usage v2 --- .github/workflows/deploy-atleta.yml | 11 +++-- docker/Dockerfile | 5 +-- docker/docker-compose.yml | 3 +- docker/nginx-container/docker-entrypoint.sh | 49 --------------------- 4 files changed, 8 insertions(+), 60 deletions(-) delete mode 100755 docker/nginx-container/docker-entrypoint.sh diff --git a/.github/workflows/deploy-atleta.yml b/.github/workflows/deploy-atleta.yml index 3cdf97c688b4..736de75a36c0 100644 --- a/.github/workflows/deploy-atleta.yml +++ b/.github/workflows/deploy-atleta.yml @@ -10,16 +10,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: "recursive" - name: Create Image Tarball for Explorer run: | - docker build -t sportchain-explorer -f docker/Dockerfile . - docker save -o sportchain-explorer.tar sportchain-explorer mkdir -p artifacts/ - mv sportchain-explorer.tar artifacts/ + docker build --tag sportchain-explorer --file docker/Dockerfile . + docker save --output artifacts/sportchain-explorer.tar sportchain-explorer - name: Set up SSH run: | @@ -43,5 +42,5 @@ jobs: key: ${{ secrets.EXPLORER_PRIVATE_KEY }} script: | cd /sportchain - docker load -i sportchain-explorer.tar - docker compose up -d + docker load --input sportchain-explorer.tar + docker compose up --detach diff --git a/docker/Dockerfile b/docker/Dockerfile index 81b28ad4c626..57f555993d59 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -31,13 +31,12 @@ RUN apk add --no-cache bash; chmod +x env.sh COPY docker/nginx /etc/nginx COPY --from=builder /apps/packages/apps/build /usr/share/nginx/html -COPY docker/nginx-container/docker-entrypoint.sh / COPY docker/nginx-container/check_ssl.sh / -ENTRYPOINT ["/docker-entrypoint.sh"] +ENTRYPOINT ["/bin/bash", "-c"] EXPOSE 80 STOPSIGNAL SIGQUIT -CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""] +CMD ["/check_ssl.sh & /usr/share/nginx/html/env.sh && exec /docker-entrypoint.sh nginx -g 'daemon off;'"] diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 10cc48a2df13..618b25b23a54 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -11,7 +11,6 @@ services: volumes: - ./nginx/ssl:/etc/nginx/ssl:ro - ./certbot/www:/var/www/certbot:ro - command: /bin/bash -c "/usr/share/nginx/html/env.sh && nginx -g 'daemon off;' & /check_ssl.sh" ports: - "0.0.0.0:80:80" @@ -22,7 +21,7 @@ services: certbot: image: certbot/certbot:v2.10.0 container_name: sportchain-explorer-certbot - restart: unless-stopped + restart: always volumes: - ./nginx/ssl:/etc/letsencrypt:rw - ./certbot/www:/var/www/certbot:rw diff --git a/docker/nginx-container/docker-entrypoint.sh b/docker/nginx-container/docker-entrypoint.sh deleted file mode 100755 index a336284c8da0..000000000000 --- a/docker/nginx-container/docker-entrypoint.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# vim:sw=4:ts=4:et - -# Source: https://github.com/nginxinc/docker-nginx/blob/master/stable/alpine-slim/docker-entrypoint.sh - -set -e - -entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi -} - -if [ "$1" = "/bin/bash" ] || [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done - - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi -fi - -exec "$@" \ No newline at end of file