-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'feat/ui-docker-container-builds' of https://github.com/…
…ORCID/ORCID-Source into feat/ui-docker-container-builds
- Loading branch information
Showing
4 changed files
with
252 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # Use this to test and initdb script sql file changes | ||
| # | ||
| docker compose down --volumes postgres | ||
|
|
||
| volume_name=$(basename `pwd` | tr '[:upper:]' '[:lower:]')_postgres_data | ||
|
|
||
| docker volume rm $volume_name -f | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| FROM haproxy:2.4.24-bullseye | ||
|
|
||
| COPY orcid-haprouter/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,169 @@ | ||
| resolvers docker | ||
| nameserver dns 127.0.0.11:53 | ||
| parse-resolv-conf | ||
| accepted_payload_size 8192 | ||
| hold valid 10s | ||
| hold other 30s | ||
| hold refused 30s | ||
| hold nx 30s | ||
| hold timeout 30s | ||
| hold obsolete 30s | ||
|
|
||
| # How many times to retry a query | ||
| resolve_retries 3 | ||
|
|
||
| # How long to wait between retries when no valid response has been received | ||
| timeout retry 1s | ||
|
|
||
| # How long to wait for a successful resolution | ||
| timeout resolve 1s | ||
|
|
||
| global | ||
| stats timeout 30s | ||
| daemon | ||
| maxconn 6000 | ||
| # Default SSL material locations | ||
| ca-base /etc/ssl/certs | ||
| crt-base /etc/ssl/private | ||
| # Default ciphers to use on SSL-enabled listening sockets. | ||
| # For more information, see ciphers(1SSL). This list is from: | ||
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | ||
| ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL | ||
| ssl-default-bind-options no-sslv3 | ||
| # Default ciphers to use on SSL-enabled listening sockets. | ||
| # For more information, see ciphers(1SSL). This list is from: | ||
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | ||
| ssl-default-server-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL | ||
| ssl-default-server-options no-sslv3 | ||
| nbproc 1 | ||
|
|
||
| tune.ssl.default-dh-param 2048 | ||
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | ||
| ssl-default-bind-options no-sslv3 | ||
|
|
||
| defaults | ||
| log global | ||
| mode http | ||
| option httplog | ||
| option dontlognull | ||
| option log-separate-errors | ||
| timeout connect 5s | ||
| timeout client 100s | ||
| timeout server 100s | ||
| stats show-modules | ||
| stats show-legends | ||
|
|
||
| listen stats-1936 | ||
| description haproute Loadbalancer | ||
| bind 0.0.0.0:1936 | ||
| mode http | ||
| stats enable | ||
| stats uri / | ||
| stats hide-version | ||
| stats show-node | ||
|
|
||
| ##################################################################################### | ||
|
|
||
| # | ||
| # Frontends | ||
| # | ||
|
|
||
| # Solr | ||
|
|
||
| frontend solr-read-7983 | ||
| description Frontend for Solr | ||
| bind 0.0.0.0:7983 | ||
| mode http | ||
| timeout client 300s | ||
| monitor-uri /haproxy-status | ||
| acl solrs_dead nbsrv(reg-solr-read) lt 1 | ||
| http-request set-log-level silent | ||
| default_backend reg-solr-read | ||
|
|
||
| frontend solr-write-6983 | ||
| description Frontend for Solr writes | ||
| bind 0.0.0.0:6983 | ||
| mode http | ||
| timeout client 300s | ||
| monitor-uri /haproxy-status | ||
| acl solrs_dead nbsrv(reg-solr-write) lt 1 | ||
| http-request set-log-level silent | ||
| default_backend reg-solr-write | ||
|
|
||
| # Postgres | ||
|
|
||
| frontend reg-postgres-read-7432 | ||
| description Frontend for Postgres read | ||
| bind 0.0.0.0:7432 | ||
| mode tcp | ||
| timeout client 70m | ||
| monitor-uri /haproxy-status | ||
| acl postgres_dead nbsrv(reg-postgres-read) lt 1 | ||
| http-request set-log-level silent | ||
| default_backend reg-postgres-read | ||
|
|
||
| frontend reg-postgres-write-6432 | ||
| description Frontend for Postgres writes | ||
| bind 0.0.0.0:6432 | ||
| mode tcp | ||
| timeout client 70m | ||
| monitor-uri /haproxy-status | ||
| acl postgres_dead nbsrv(reg-postgres-write) lt 1 | ||
| http-request set-log-level silent | ||
| default_backend reg-postgres-write | ||
|
|
||
| # | ||
| # Backends | ||
| # | ||
|
|
||
| # Solr | ||
|
|
||
| backend reg-solr-read | ||
| description backend for solr cluster | ||
| mode http | ||
| balance leastconn | ||
| option httpchk GET /solr/profile/admin/ping | ||
| option redispatch 2 | ||
| http-check expect status 200 | ||
| timeout server 300s | ||
| timeout check 20s | ||
| default-server check maxconn 500 inter 20s init-addr libc,last,none | ||
| server "${SOLR_READ_FQDN_A}-read-a" "${SOLR_READ_FQDN_A}":8983 | ||
| server "${SOLR_READ_FQDN_B}-read-b" "${SOLR_READ_FQDN_B}":8983 | ||
| server "${SOLR_READ_FQDN_C}-read-c" "${SOLR_READ_FQDN_C}":8983 | ||
|
|
||
| backend reg-solr-write | ||
| description Solr master running in tomcat statically set | ||
| mode http | ||
| balance leastconn | ||
| option httpchk GET /solr/profile/admin/ping | ||
| option redispatch 2 | ||
| http-check expect status 200 | ||
| timeout server 300s | ||
| timeout check 20s | ||
| default-server check maxconn 500 inter 20s init-addr libc,last,none | ||
| server "${SOLR_WRITE_FQDN_A}-write-a" "${SOLR_WRITE_FQDN_A}":8983 | ||
| server "${SOLR_WRITE_FQDN_B}-write-b" "${SOLR_WRITE_FQDN_B}":8983 | ||
| server "${SOLR_WRITE_FQDN_C}-write-c" "${SOLR_WRITE_FQDN_C}":8983 | ||
|
|
||
| # Postgres | ||
|
|
||
| backend reg-postgres-read | ||
| mode tcp | ||
| balance leastconn | ||
| option pgsql-check user pgc | ||
| timeout server 70m | ||
| default-server inter 5000 fastinter 2000 downinter 5000 rise 2 fall 3 port 5432 init-addr libc,last,none | ||
| server "${POSTGRES_READ_FQDN_A}-read-a" "${POSTGRES_READ_FQDN_A}":5432 check port 5432 | ||
| server "${POSTGRES_READ_FQDN_B}-read-b" "${POSTGRES_READ_FQDN_B}":5432 check port 5432 | ||
| server "${POSTGRES_READ_FQDN_C}-read-c" "${POSTGRES_READ_FQDN_C}":5432 check port 5432 | ||
|
|
||
| backend reg-postgres-write | ||
| mode tcp | ||
| balance leastconn | ||
| option pgsql-check user pgc | ||
| timeout server 70m | ||
| default-server inter 5000 fastinter 2000 downinter 5000 rise 2 fall 3 port 5432 init-addr libc,last,none | ||
| server "${POSTGRES_WRITE_FQDN_A}-write-a" "${POSTGRES_WRITE_FQDN_A}":5432 check port 5432 | ||
| server "${POSTGRES_WRITE_FQDN_B}-write-b" "${POSTGRES_WRITE_FQDN_B}":5432 check port 5432 | ||
| server "${POSTGRES_WRITE_FQDN_C}-write-c" "${POSTGRES_WRITE_FQDN_C}":5432 check port 5432 |