From 6ebfa54f6fb63e8691891f25bf0a27db5cd413b1 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Thu, 7 Jan 2021 22:21:48 +0100 Subject: [PATCH] wip : link containers to make it work --- .../configs/nixserver-host/configuration.nix | 5 +- .../configs/nixserver-host/workadventure.nix | 205 ++++++------------ 2 files changed, 71 insertions(+), 139 deletions(-) diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix b/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix index 2c31ab5..285a697 100644 --- a/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix +++ b/terranix/jitsi-cloud/plops/configs/nixserver-host/configuration.nix @@ -3,13 +3,16 @@ # ./hardware-configuration.nix ./ssh.nix - #./jitsi.nix + ./jitsi.nix ./workadventure.nix ]; environment.systemPackages = [ pkgs.git pkgs.docker-compose pkgs.ag pkgs.htop ]; + virtualisation.docker.enable = true; + boot.kernel.sysctl."net.ipv4.ip_forward" = true; + networking.hostName = "host"; security.acme.email = "contact@ingolf-wagner.de"; diff --git a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix b/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix index ff2f742..b64b3ad 100644 --- a/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix +++ b/terranix/jitsi-cloud/plops/configs/nixserver-host/workadventure.nix @@ -1,9 +1,20 @@ { pkgs, lib, ... }: let + extraConfig = '' + if ($request_method = OPTIONS) { + return 204; + } + # this makes workadventure magically send CORS headers + add_header Access-Control-Allow-Headers Range; + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + ''; + workadventure-repository = pkgs.fetchgit { url = "https://github.com/thecodingmachine/workadventure.git"; - rev = "284846e8a59ec0d921189ac3a46e0eb5d1e14818"; - sha256 = "1f1vi226kas7x9y8zw810q5vg1ikn4bb6ha9vnzvqk9y7jlc1n8q"; + rev = "c2d0cda441dde6f4fed79aa742b11122b0bffd68"; + sha256 = "1r1f80l07wk0jdmjyf4a4fq9mynjdmixivc4pf72ry4xx51hsv2y"; }; homeFolder = "/srv/workadventure"; @@ -44,7 +55,8 @@ let mapsPort = 9003; playURL = "play.${domain}"; - playPort = 9004; + #playPort = 9004; + playPort = 8080; pusherURL = "pusher.${domain}"; pusherPort = 9005; @@ -56,8 +68,8 @@ in { # todo delete networking.firewall = { - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; + allowedTCPPorts = [ 80 443 8080 ]; + allowedUDPPorts = [ 80 443 8080 ]; }; services.nginx.enable = true; @@ -125,12 +137,14 @@ in { }; cmd = [ "yarn" "run" "start" ]; volumes = [ "${homeFolder}/front:/usr/src/app" ]; - ports = [ "${toString playPort}:8080" ]; + #ports = [ "${toString playPort}:8080" ]; + ports = [ "0.0.0.0:${toString playPort}:8080" ]; extraOptions = let labelFile = pkgs.writeText "front-labels" '' - traefik.http.routers.front.rule=Host(`play.${domain}`) - traefik.http.routers.front.entryPoints=web,traefik - traefik.http.services.front.loadbalancer.server.port=8080 + #traefik.http.routers.front.rule=Host(`play.${domain}`) + #traefik.http.routers.front.entryPoints=web,traefik + #traefik.http.services.front.loadbalancer.server.port=8080 + #traefik.http.routers.front-ssl.rule=Host(`play.${domain}`) #traefik.http.routers.front-ssl.entryPoints=websecure #traefik.http.routers.front-ssl.tls=false @@ -148,19 +162,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString playPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; services.nginx.virtualHosts."${adminURL}" = { @@ -169,20 +171,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString mainPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; @@ -204,14 +193,14 @@ in { ports = [ "${toString pusherPort}:8080" ]; extraOptions = let labelFile = pkgs.writeText "pusher-labels" '' - traefik.http.routers.pusher.rule=Host(`pusher.${domain}`) - traefik.http.routers.pusher.entryPoints=web - traefik.http.services.pusher.loadbalancer.server.port=8080 - traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`) - traefik.http.routers.pusher-ssl.entryPoints=websecure - traefik.http.routers.pusher-ssl.tls=false - traefik.http.routers.pusher-ssl.service=pusher - traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain} + #traefik.http.routers.pusher.rule=Host(`pusher.${domain}`) + #traefik.http.routers.pusher.entryPoints=web + #traefik.http.services.pusher.loadbalancer.server.port=8080 + #traefik.http.routers.pusher-ssl.rule=Host(`pusher.${domain}`) + #traefik.http.routers.pusher-ssl.entryPoints=websecure + #traefik.http.routers.pusher-ssl.tls=false + #traefik.http.routers.pusher-ssl.service=pusher + #traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain} ''; in [ "--label-file" (toString labelFile) ]; }; @@ -225,19 +214,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString pusherPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; @@ -255,13 +232,13 @@ in { ports = [ "${toString mapsPort}:80" ]; extraOptions = let labelFile = pkgs.writeText "maps-labels" '' - traefik.http.routers.maps.rule=Host(`maps.${domain}`) - traefik.http.routers.maps.entryPoints=web,traefik - traefik.http.services.maps.loadbalancer.server.port=80 - traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`) - traefik.http.routers.maps-ssl.entryPoints=websecure - traefik.http.routers.maps-ssl.tls=false - traefik.http.routers.maps-ssl.service=maps + #traefik.http.routers.maps.rule=Host(`maps.${domain}`) + #traefik.http.routers.maps.entryPoints=web,traefik + #traefik.http.services.maps.loadbalancer.server.port=80 + #traefik.http.routers.maps-ssl.rule=Host(`maps.${domain}`) + #traefik.http.routers.maps-ssl.entryPoints=websecure + #traefik.http.routers.maps-ssl.tls=false + #traefik.http.routers.maps-ssl.service=maps ''; in [ "--label-file" (toString labelFile) ]; }; @@ -275,19 +252,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString mapsPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; @@ -309,14 +274,14 @@ in { ports = [ "${toString apiPort}:8080" ]; extraOptions = let labelFile = pkgs.writeText "back-labels" '' - traefik.http.routers.back.rule=Host(`api.${domain}`) - traefik.http.routers.back.entryPoints=web - traefik.http.services.back.loadbalancer.server.port=8080 - traefik.http.routers.back-ssl.rule=Host(`api.${domain}`) - traefik.http.routers.back-ssl.entryPoints=websecure - traefik.http.routers.back-ssl.tls=false - traefik.http.routers.back-ssl.service=back - traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain} + #traefik.http.routers.back.rule=Host(`api.${domain}`) + #traefik.http.routers.back.entryPoints=web + #traefik.http.services.back.loadbalancer.server.port=8080 + #traefik.http.routers.back-ssl.rule=Host(`api.${domain}`) + #traefik.http.routers.back-ssl.entryPoints=websecure + #traefik.http.routers.back-ssl.tls=false + #traefik.http.routers.back-ssl.service=back + #traefik.http.middlewares.api.headers.customResponseHeaders.Access-Control-Allow-Origin=http://play.${domain} ''; in [ "--label-file" (toString labelFile) ]; }; @@ -330,19 +295,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString apiPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; @@ -357,13 +310,13 @@ in { ports = [ "${toString uploaderPort}:8080" ]; extraOptions = let labelFile = pkgs.writeText "uploader-labels" '' - traefik.http.routers.uploader.rule=Host(`uploader.${domain}`) - traefik.http.routers.uploader.entryPoints=web - traefik.http.services.uploader.loadbalancer.server.port=8080 - traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`) - traefik.http.routers.uploader-ssl.entryPoints=websecure - traefik.http.routers.uploader-ssl.tls=true - traefik.http.routers.uploader-ssl.service=uploader + #traefik.http.routers.uploader.rule=Host(`uploader.${domain}`) + #traefik.http.routers.uploader.entryPoints=web + #traefik.http.services.uploader.loadbalancer.server.port=8080 + #traefik.http.routers.uploader-ssl.rule=Host(`uploader.${domain}`) + #traefik.http.routers.uploader-ssl.entryPoints=websecure + #traefik.http.routers.uploader-ssl.tls=true + #traefik.http.routers.uploader-ssl.service=uploader ''; in [ "--label-file" (toString labelFile) ]; }; @@ -377,19 +330,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString uploaderPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; }; @@ -404,13 +345,13 @@ in { ports = [ "${toString mainPort}:80" ]; extraOptions = let labelFile = pkgs.writeText "website-labels" '' - traefik.http.routers.website.rule=Host(`${domain}`) - traefik.http.routers.website.entryPoints=web - traefik.http.services.website.loadbalancer.server.port=8080 - traefik.http.routers.website-ssl.rule=Host(`${domain}`) - traefik.http.routers.website-ssl.entryPoints=websecure - traefik.http.routers.website-ssl.tls=true - traefik.http.routers.website-ssl.service=website + #traefik.http.routers.website.rule=Host(`${domain}`) + #traefik.http.routers.website.entryPoints=web + #traefik.http.services.website.loadbalancer.server.port=8080 + #traefik.http.routers.website-ssl.rule=Host(`${domain}`) + #traefik.http.routers.website-ssl.entryPoints=websecure + #traefik.http.routers.website-ssl.tls=true + #traefik.http.routers.website-ssl.service=website ''; in [ "--label-file" (toString labelFile) ]; }; @@ -424,19 +365,7 @@ in { locations."/" = { proxyPass = "http://localhost:${toString mainPort}"; proxyWebsockets = true; - extraConfig = '' - if ($request_method = OPTIONS) { - return 204; - } - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Max-Age 3600; - add_header Access-Control-Expose-Headers Content-Length; - add_header Access-Control-Allow-Headers Range; - #proxy_set_header Host $host; - #proxy_set_header X-Forwarded-For $remote_addr; - #sub_filter '${domain}:8080' '${domain}'; - #sub_filter_once on; - ''; + extraConfig = extraConfig; }; };