From c14545198656ec8f553133e9e559bac971efa02f Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:01:10 +0100 Subject: [PATCH 01/17] Add an NGINX in front of NodeBB --- roles/docker/defaults/main.yml | 1 + .../tasks/pre_deploy/fedi_dk_nodebb.yml | 14 ++++++ .../compose-files/fedi_dk_nodebb.yml.j2 | 33 +++++++++----- .../fedi_dk_nodebb/nginx/http.conf.j2 | 44 +++++++++++++++++++ 4 files changed, 80 insertions(+), 12 deletions(-) create mode 100644 roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 922f670..22db394 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -224,6 +224,7 @@ services: volume_folder: "{{ volume_root_folder }}/fedidk-nodebb" pre_deploy_tasks: true version: "4.0.4" + nginx_version: 1.27.4-alpine mongodb_version: 7-jammy allowed_sender_domain: true diff --git a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml index 1aad8a0..49b215d 100644 --- a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml +++ b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml @@ -1,5 +1,19 @@ # vim: ft=yaml.ansible --- +- name: Create subdirectory for NGINX config files + ansible.builtin.file: + path: "{{ services.fedi_dk_nodebb.volume_folder }}/nginx" + owner: root + mode: u=rwx,g=rx,o=rx + state: directory + +- name: Upload NGINX configs + ansible.builtin.template: + src: fedi_dk_nodebb/nginx/http.conf.j2 + dest: "{{ services.fedi_dk_nodebb.volume_folder }}/nginx/http.conf" + owner: root + mode: u=rw,g=r,o=r + - name: Create subfolder for uploads file: name: "{{ services.fedi_dk_nodebb.volume_folder }}/uploads" diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index f74825f..da460ca 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -1,10 +1,25 @@ services: + nginx: + image: nginx:{{ services.fedi_dk_nodebb.nginx_version }} + restart: always + networks: + - default + - external_services + volumes: + - "./nginx:/etc/nginx/conf.d:ro" + - "./build:/usr/src/app/build:rw" + environment: + VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }} + VIRTUAL_PORT: 80 + LETSENCRYPT_HOST: {{ services.fedi_dk_nodebb.domain }} + LETSENCRYPT_EMAIL: {{ letsencrypt_email }} + mongodb: image: mongo:{{ services.fedi_dk_nodebb.mongodb_version }} restart: always volumes: - - ./mongodb:/data/db:rw - - ./mongodb-user-init.js:/docker-entrypoint-initdb.d/user-init.js:ro + - "./mongodb:/data/db:rw" + - "./mongodb-user-init.js:/docker-entrypoint-initdb.d/user-init.js:ro" environment: MONGO_INITDB_ROOT_USERNAME: nodebb MONGO_INITDB_ROOT_PASSWORD: {{ fedi_dk_nodebb_secrets.mongodb_password }} @@ -15,17 +30,11 @@ services: networks: - default - postfix - - external_services volumes: - - ./build:/usr/src/app/build:rw - - ./uploads:/usr/src/app/public/uploads:rw - - ./config:/opt/config:rw - - ./setup.json:/usr/src/app/setup.json:ro - environment: - VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }} - VIRTUAL_PORT: 4567 - LETSENCRYPT_HOST: {{ services.fedi_dk_nodebb.domain }} - LETSENCRYPT_EMAIL: {{ letsencrypt_email }} + - "./build:/usr/src/app/build:rw" + - "./uploads:/usr/src/app/public/uploads:rw" + - "./config:/opt/config:rw" + - "./setup.json:/usr/src/app/setup.json:ro" depends_on: - mongodb diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 new file mode 100644 index 0000000..66a6756 --- /dev/null +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -0,0 +1,44 @@ +resolver 127.0.0.11 valid=30s ipv6=off; + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream workers { + server app:4567; +} + +server { + listen 80; + server_name {{ services.fedi_dk_nodebb.domain }}; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + + # Socket.io Support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + gzip on; + gzip_min_length 1000; + gzip_proxied off; + gzip_types text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json; + + location @nodebb { + proxy_pass http://workers; + } + + location ~ ^/assets/(.*) { + root /usr/src/app; + try_files /build/public/$1 @nodebb; + } + + location / { + proxy_pass http://workers; + } +} \ No newline at end of file From 4e61b2ce50c1b44c048134f2e43e05bc4d6f31b0 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:17:05 +0100 Subject: [PATCH 02/17] Conflicts --- roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 | 6 ++++-- roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index da460ca..d81c331 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -28,8 +28,10 @@ services: image: ghcr.io/nodebb/nodebb:{{ services.fedi_dk_nodebb.version }} restart: always networks: - - default - - postfix + default: + aliases: + - nodebb_app + postfix: volumes: - "./build:/usr/src/app/build:rw" - "./uploads:/usr/src/app/public/uploads:rw" diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index 66a6756..8e69b9f 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { } upstream workers { - server app:4567; + server nodebb_app:4567; } server { From 442c552e02d1c29f306b05c64088e60b2c288b51 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:28:36 +0100 Subject: [PATCH 03/17] Add Redis --- roles/docker/defaults/main.yml | 1 + .../compose-files/fedi_dk_nodebb.yml.j2 | 26 +++++++++++++++++-- .../templates/fedi_dk_nodebb/config.json.j2 | 5 ++++ .../fedi_dk_nodebb/nginx/http.conf.j2 | 2 +- 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 22db394..ed73752 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -225,6 +225,7 @@ services: pre_deploy_tasks: true version: "4.0.4" nginx_version: 1.27.4-alpine + redis_version: 7.4.2-alpine mongodb_version: 7-jammy allowed_sender_domain: true diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index d81c331..893229e 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -13,6 +13,19 @@ services: VIRTUAL_PORT: 80 LETSENCRYPT_HOST: {{ services.fedi_dk_nodebb.domain }} LETSENCRYPT_EMAIL: {{ letsencrypt_email }} + depends_on: + - app + + redis: + image: redis:{{ services.fedi_dk_nodebb.redis_version }} + restart: unless-stopped + tmpfs: + - /var/lib/redis + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 3s + retries: 5 mongodb: image: mongo:{{ services.fedi_dk_nodebb.mongodb_version }} @@ -23,6 +36,12 @@ services: environment: MONGO_INITDB_ROOT_USERNAME: nodebb MONGO_INITDB_ROOT_PASSWORD: {{ fedi_dk_nodebb_secrets.mongodb_password }} + healthcheck: + test: ["CMD", "mongosh", "--quiet", "127.0.0.1/test", "--eval", "'quit(db.runCommand({ ping: 1 }).ok ? 0 : 2)'"] + interval: 10s + timeout: 10s + retries: 5 + start_period: 40s app: image: ghcr.io/nodebb/nodebb:{{ services.fedi_dk_nodebb.version }} @@ -30,7 +49,7 @@ services: networks: default: aliases: - - nodebb_app + - app.nodebb postfix: volumes: - "./build:/usr/src/app/build:rw" @@ -38,7 +57,10 @@ services: - "./config:/opt/config:rw" - "./setup.json:/usr/src/app/setup.json:ro" depends_on: - - mongodb + redis: + condition: service_healthy + mongodb: + condition: service_healthy networks: postfix: diff --git a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 index 978029b..27e45c0 100644 --- a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 @@ -10,5 +10,10 @@ "password": "{{ fedi_dk_nodebb_secrets.mongodb_password }}", "database": "admin", "uri": "" + }, + "redis": { + "host": "redis", + "port": "6379", + "database": 0 } } \ No newline at end of file diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index 8e69b9f..4ccdc4c 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { } upstream workers { - server nodebb_app:4567; + server app.nodebb:4567; } server { From be64b3100472cee09f847a768235fae4159718ae Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:31:24 +0100 Subject: [PATCH 04/17] Mount public folder --- roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml | 7 +++++++ roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 | 1 + roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml index 49b215d..a0a2554 100644 --- a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml +++ b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml @@ -28,6 +28,13 @@ owner: '1001' mode: u=rwx,go= +- name: Create subfolder for static assets + file: + name: "{{ services.fedi_dk_nodebb.volume_folder }}/public" + state: directory + owner: '1001' + mode: u=rwx,go= + - name: Create subfolder for config file: name: "{{ services.fedi_dk_nodebb.volume_folder }}/config" diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index 893229e..34afba5 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -53,6 +53,7 @@ services: postfix: volumes: - "./build:/usr/src/app/build:rw" + - "./public:/usr/src/app/public:rw" - "./uploads:/usr/src/app/public/uploads:rw" - "./config:/opt/config:rw" - "./setup.json:/usr/src/app/setup.json:ro" diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index 4ccdc4c..f741fb1 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -35,7 +35,7 @@ server { location ~ ^/assets/(.*) { root /usr/src/app; - try_files /build/public/$1 @nodebb; + try_files /build/public/$1 /public/$1 @nodebb; } location / { From a111a99b74e1a6c883897e6d156319a833f03e2d Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:32:17 +0100 Subject: [PATCH 05/17] Mount public folder --- roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index 34afba5..7d98116 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -7,7 +7,8 @@ services: - external_services volumes: - "./nginx:/etc/nginx/conf.d:ro" - - "./build:/usr/src/app/build:rw" + - "./build:/usr/src/app/build:ro" + - "./public:/usr/src/app/public:ro" environment: VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }} VIRTUAL_PORT: 80 From 0a98d5ed48e82212ee9a8538aa231b3d08b4c2a7 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:33:52 +0100 Subject: [PATCH 06/17] Fix typo --- roles/docker/templates/fedi_dk_nodebb/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 index 27e45c0..6b39a13 100644 --- a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 @@ -1,5 +1,5 @@ { - "url": "https://forum.data.coop", + "url": "https://{{ services.fedi_dk_nodebb.domain }}", "secret": "{{ fedi_dk_nodebb_secrets.secret_value }}", "database": "mongo", "port": "4567", From ba4c0076fdb8a2b5aab7b67ad3143c95e552a006 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:40:53 +0100 Subject: [PATCH 07/17] Fix NGINX for NodeBB --- .../templates/compose-files/fedi_dk_nodebb.yml.j2 | 2 -- .../docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 10 ++++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 index 7d98116..c501d90 100644 --- a/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 +++ b/roles/docker/templates/compose-files/fedi_dk_nodebb.yml.j2 @@ -8,7 +8,6 @@ services: volumes: - "./nginx:/etc/nginx/conf.d:ro" - "./build:/usr/src/app/build:ro" - - "./public:/usr/src/app/public:ro" environment: VIRTUAL_HOST: {{ services.fedi_dk_nodebb.domain }} VIRTUAL_PORT: 80 @@ -54,7 +53,6 @@ services: postfix: volumes: - "./build:/usr/src/app/build:rw" - - "./public:/usr/src/app/public:rw" - "./uploads:/usr/src/app/public/uploads:rw" - "./config:/opt/config:rw" - "./setup.json:/usr/src/app/setup.json:ro" diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index f741fb1..e2647e9 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -10,8 +10,10 @@ upstream workers { } server { - listen 80; server_name {{ services.fedi_dk_nodebb.domain }}; + listen 80; + + set $upstream http://workers; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -30,15 +32,15 @@ server { gzip_types text/plain application/xml text/javascript application/javascript application/x-javascript text/css application/json; location @nodebb { - proxy_pass http://workers; + proxy_pass $upstream; } location ~ ^/assets/(.*) { root /usr/src/app; - try_files /build/public/$1 /public/$1 @nodebb; + try_files /build/public/$1 @nodebb; } location / { - proxy_pass http://workers; + proxy_pass $upstream; } } \ No newline at end of file From 38b99337f4e778954ed8044d872e6fe7bed45889 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:43:48 +0100 Subject: [PATCH 08/17] Add a vhost for NodeBB --- roles/docker/files/vhost/fedi_dk_nodebb | 1 + roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 roles/docker/files/vhost/fedi_dk_nodebb diff --git a/roles/docker/files/vhost/fedi_dk_nodebb b/roles/docker/files/vhost/fedi_dk_nodebb new file mode 100644 index 0000000..cdb0141 --- /dev/null +++ b/roles/docker/files/vhost/fedi_dk_nodebb @@ -0,0 +1 @@ +client_max_body_size 50M; # default is 1M \ No newline at end of file diff --git a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml index a0a2554..e4bbe76 100644 --- a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml +++ b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml @@ -69,3 +69,8 @@ dest: "{{ services.fedi_dk_nodebb.volume_folder }}/mongodb-user-init.js" owner: '999' mode: u=rw,go= + +- name: Upload vhost config for NodeBB domain + copy: + src: vhost/fedi_dk_nodebb + dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.fedi_dk_nodebb.domain }}" From 8c30f93c0403215fd926d4af9b009357c055ab79 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 00:50:13 +0100 Subject: [PATCH 09/17] Fix perms --- roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml index e4bbe76..9170a1e 100644 --- a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml +++ b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml @@ -26,7 +26,7 @@ name: "{{ services.fedi_dk_nodebb.volume_folder }}/build" state: directory owner: '1001' - mode: u=rwx,go= + mode: u=rwx,g=rx,o=rx - name: Create subfolder for static assets file: From b8a9584b78a10803ba6a73682b5b5afe22bf9293 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 01:03:43 +0100 Subject: [PATCH 10/17] Scale NodeBB to 4 processes --- roles/docker/templates/fedi_dk_nodebb/config.json.j2 | 2 +- roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 index 6b39a13..3560a0d 100644 --- a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 @@ -2,7 +2,7 @@ "url": "https://{{ services.fedi_dk_nodebb.domain }}", "secret": "{{ fedi_dk_nodebb_secrets.secret_value }}", "database": "mongo", - "port": "4567", + "port": ["4567", "4568", "4569", "4570"], "mongo": { "host": "mongodb", "port": "27017", diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index e2647e9..ba3a81f 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -7,6 +7,9 @@ map $http_upgrade $connection_upgrade { upstream workers { server app.nodebb:4567; + server app.nodebb:4568; + server app.nodebb:4569; + server app.nodebb:4570; } server { From 82cfade03c9d339d65e14ac00c6ba1d8d1bf1de2 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 01:10:59 +0100 Subject: [PATCH 11/17] Remove public folder --- roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml index 9170a1e..10a6ba1 100644 --- a/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml +++ b/roles/docker/tasks/pre_deploy/fedi_dk_nodebb.yml @@ -28,13 +28,6 @@ owner: '1001' mode: u=rwx,g=rx,o=rx -- name: Create subfolder for static assets - file: - name: "{{ services.fedi_dk_nodebb.volume_folder }}/public" - state: directory - owner: '1001' - mode: u=rwx,go= - - name: Create subfolder for config file: name: "{{ services.fedi_dk_nodebb.volume_folder }}/config" From d0cddcfdcd787aaa517133746686dee3a60ea44e Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 01:36:43 +0100 Subject: [PATCH 12/17] Use ip_hash --- roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index ba3a81f..ce4338b 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -6,6 +6,7 @@ map $http_upgrade $connection_upgrade { } upstream workers { + ip_hash; server app.nodebb:4567; server app.nodebb:4568; server app.nodebb:4569; From 790ffedaa16989b1179e4467e1a5e6a7c203c566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Wed, 19 Feb 2025 15:22:09 +0100 Subject: [PATCH 13/17] Refactor nodebb processes, hash on X-Real-IP --- roles/docker/defaults/main.yml | 2 ++ roles/docker/templates/fedi_dk_nodebb/config.json.j2 | 7 +++++-- .../templates/fedi_dk_nodebb/nginx/http.conf.j2 | 12 ++++++------ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index ed73752..9d0a7c2 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -228,6 +228,8 @@ services: redis_version: 7.4.2-alpine mongodb_version: 7-jammy allowed_sender_domain: true + nodebb_port_begin: 4567 + nodebb_processes: 8 ### Uptime monitoring ### uptime_kuma: diff --git a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 index 3560a0d..e7e833f 100644 --- a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 @@ -2,7 +2,10 @@ "url": "https://{{ services.fedi_dk_nodebb.domain }}", "secret": "{{ fedi_dk_nodebb_secrets.secret_value }}", "database": "mongo", - "port": ["4567", "4568", "4569", "4570"], + "port": [{% for port in range(services.fedi_dk_nodebb.nodebb_port_begin, + services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) + %}{{ port }}{% if not loop.last %}, {% endif %}{% endfor %}] + ["4567", "4568", "4569", "4570"], "mongo": { "host": "mongodb", "port": "27017", @@ -16,4 +19,4 @@ "port": "6379", "database": 0 } -} \ No newline at end of file +} diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index ce4338b..c927e6f 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -6,11 +6,11 @@ map $http_upgrade $connection_upgrade { } upstream workers { - ip_hash; - server app.nodebb:4567; - server app.nodebb:4568; - server app.nodebb:4569; - server app.nodebb:4570; + hash $http_x_real_ip; + {% for port in range(services.fedi_dk_nodebb.nodebb_port_begin, + services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) %} + server app.nodebb:{{ port }}; + {% endfor %} } server { @@ -47,4 +47,4 @@ server { location / { proxy_pass $upstream; } -} \ No newline at end of file +} From 4ca8bcc165296f805f6dc8ed5d445c7828199951 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 22:51:54 +0100 Subject: [PATCH 14/17] Fix real IP in proxy config --- roles/docker/defaults/main.yml | 3 +++ roles/docker/tasks/services.yml | 4 ++++ .../docker/templates/fedi_dk_nodebb/config.json.j2 | 3 +-- .../templates/fedi_dk_nodebb/nginx/http.conf.j2 | 13 +++++++++---- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 9d0a7c2..7795f37 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -3,6 +3,9 @@ volume_root_folder: "/docker-volumes" volume_website_folder: "{{ volume_root_folder }}/websites" +external_services_network_ipv4_subnet: '172.28.0.0/16' +external_services_network_ipv6_subnet: 'fd02::/64' + services: ### Internal services ### postfix: diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 2c7276f..515471f 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -3,6 +3,10 @@ - name: Set up external services network docker_network: name: external_services + enable_ipv6: true + ipam_config: + - subnet: "{{ external_services_network_ipv4_subnet }}" + - subnet: "{{ external_services_network_ipv6_subnet }}" - name: Deploy all services include_tasks: diff --git a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 index e7e833f..f49119f 100644 --- a/roles/docker/templates/fedi_dk_nodebb/config.json.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/config.json.j2 @@ -4,8 +4,7 @@ "database": "mongo", "port": [{% for port in range(services.fedi_dk_nodebb.nodebb_port_begin, services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) - %}{{ port }}{% if not loop.last %}, {% endif %}{% endfor %}] - ["4567", "4568", "4569", "4570"], + %}"{{ port }}"{% if not loop.last %}, {% endif %}{% endfor %}], "mongo": { "host": "mongodb", "port": "27017", diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index c927e6f..c7d1cdd 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -1,16 +1,21 @@ resolver 127.0.0.11 valid=30s ipv6=off; +set_real_ip_from {{ external_services_network_ipv4_subnet }}; +set_real_ip_from {{ external_services_network_ipv6_subnet }}; +real_ip_header X-Forwarded-For; +real_ip_recursive on; + map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream workers { - hash $http_x_real_ip; - {% for port in range(services.fedi_dk_nodebb.nodebb_port_begin, - services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) %} + ip_hash; +{% for port in range(services.fedi_dk_nodebb.nodebb_port_begin, + services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) %} server app.nodebb:{{ port }}; - {% endfor %} +{% endfor %} } server { From 231692411e22dea8bcc3726147725814417e9c24 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 23:55:37 +0100 Subject: [PATCH 15/17] Disable IPv6 --- roles/docker/tasks/services.yml | 1 - roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 1 - 2 files changed, 2 deletions(-) diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 515471f..aa70d51 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -3,7 +3,6 @@ - name: Set up external services network docker_network: name: external_services - enable_ipv6: true ipam_config: - subnet: "{{ external_services_network_ipv4_subnet }}" - subnet: "{{ external_services_network_ipv6_subnet }}" diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index c7d1cdd..5009a3c 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -1,7 +1,6 @@ resolver 127.0.0.11 valid=30s ipv6=off; set_real_ip_from {{ external_services_network_ipv4_subnet }}; -set_real_ip_from {{ external_services_network_ipv6_subnet }}; real_ip_header X-Forwarded-For; real_ip_recursive on; From af22dd4679c77e191004fbac16bb3c6c145de02b Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Wed, 19 Feb 2025 23:56:15 +0100 Subject: [PATCH 16/17] Disable IPv6 --- roles/docker/defaults/main.yml | 3 +-- roles/docker/tasks/services.yml | 3 +-- roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 7795f37..1e6df97 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -3,8 +3,7 @@ volume_root_folder: "/docker-volumes" volume_website_folder: "{{ volume_root_folder }}/websites" -external_services_network_ipv4_subnet: '172.28.0.0/16' -external_services_network_ipv6_subnet: 'fd02::/64' +external_services_network_subnet: '172.28.0.0/16' services: ### Internal services ### diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index aa70d51..4296d65 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,8 +4,7 @@ docker_network: name: external_services ipam_config: - - subnet: "{{ external_services_network_ipv4_subnet }}" - - subnet: "{{ external_services_network_ipv6_subnet }}" + - subnet: "{{ external_services_network_subnet }}" - name: Deploy all services include_tasks: diff --git a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 index 5009a3c..6940550 100644 --- a/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 +++ b/roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2 @@ -1,6 +1,6 @@ resolver 127.0.0.11 valid=30s ipv6=off; -set_real_ip_from {{ external_services_network_ipv4_subnet }}; +set_real_ip_from {{ external_services_network_subnet }}; real_ip_header X-Forwarded-For; real_ip_recursive on; From 5693d2fdc68d28a1ed43ea32990ef33faa2152ed Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 20 Feb 2025 01:58:23 +0100 Subject: [PATCH 17/17] IPv6 doesn't work with UniPi containers... @reynir --- roles/docker/tasks/services.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 4296d65..fe00a4e 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -3,6 +3,7 @@ - name: Set up external services network docker_network: name: external_services + enable_ipv6: false ipam_config: - subnet: "{{ external_services_network_subnet }}"