refactor: docker networking yay

darklab8 · Jan 11, 2025 · a22f063 · a22f063
1 parent d7879d6
commit a22f063
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 38 deletions.
diff --git a/tf/modules/darkstat/cron.tf b/tf/modules/darkstat/cron.tf
@@ -23,4 +23,5 @@ resource "docker_container" "cron_restart" {
       network_mode,
     ]
   }
+
 }
diff --git a/tf/modules/darkstat/main.tf b/tf/modules/darkstat/main.tf
@@ -1,3 +1,9 @@
+resource "docker_network" "network" {
+  name       = "darkstat-${var.environment}"
+  attachable = true
+  driver     = "overlay"
+}
+
 resource "docker_image" "darkstat" {
   name         = "darkwind8/darkstat:${var.environment}"
   keep_locally = true
@@ -7,6 +13,9 @@ resource "docker_service" "darkstat" {
   name = "darkstat-${var.environment}"
 
   task_spec {
+    networks_advanced {
+      name = docker_network.network.id
+    }
     container_spec {
       image = docker_image.darkstat.name
       env   = local.envs
@@ -33,17 +42,23 @@ resource "docker_service" "darkstat" {
       }
     }
   }
-  endpoint_spec {
-    mode = "vip"
+  lifecycle {
+    ignore_changes = [
+      task_spec[0].restart_policy[0].window,
+    ]
+  }
+  # with usage of docker networking, this is no longer necessary
+  # endpoint_spec {
+  #   mode = "vip"
 
-    ports {
-      target_port    = "8000"
-      published_port = tostring(var.darkstat_port)
-    }
+  #   ports {
+  #     target_port    = "8000"
+  #     published_port = tostring(var.darkstat_port)
+  #   }
 
-    ports {
-      target_port    = "8080"
-      published_port = tostring(var.relay_port)
-    }
-  }
+  #   ports {
+  #     target_port    = "8080"
+  #     published_port = tostring(var.relay_port)
+  #   }
+  # }
 }
diff --git a/tf/modules/docker_nginx/default.conf b/tf/modules/docker_nginx/default.conf
@@ -40,12 +40,14 @@ server {
     ssl_certificate_key /var/lib/letsencrypt/live/darkstat.dd84ai.com/privkey.pem;
 
     location / {
-        proxy_bind $server_addr;
-    	proxy_pass http://127.0.0.1:8000;
-        proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_redirect off;
+        proxy_pass http://darkstat-production:8000;
     }
 }
 
@@ -59,12 +61,14 @@ server {
     ssl_certificate_key /var/lib/letsencrypt/live/darkrelay.dd84ai.com/privkey.pem;
 
     location / {
-        proxy_bind $server_addr;
-    	proxy_pass http://127.0.0.1:8080;
-        proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_redirect off;
+        proxy_pass http://darkstat-production:8080;
     }
 }
 
@@ -110,12 +114,14 @@ server {
     ssl_certificate_key /var/lib/letsencrypt/live/darkstat-staging.dd84ai.com/privkey.pem;
 
     location / {
-        proxy_bind $server_addr;
-    	proxy_pass http://127.0.0.1:8001;
-        proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_redirect off;
+        proxy_pass http://darkstat-staging:8000;
     }
 }
 
@@ -129,11 +135,13 @@ server {
     ssl_certificate_key /var/lib/letsencrypt/live/darkrelay-staging.dd84ai.com/privkey.pem;
 
     location / {
-        proxy_bind $server_addr;
-    	proxy_pass http://127.0.0.1:8081;
-        proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_redirect off;
+        proxy_pass http://darkstat-staging:8080;
     }
 }
diff --git a/tf/modules/docker_nginx/main.tf b/tf/modules/docker_nginx/main.tf
@@ -12,22 +12,26 @@ resource "docker_image" "nginx" {
 # command to create cert from https://phoenixnap.com/kb/letsencrypt-docker
 # docker run -v /var/lib/cerbot/:/var/www/certbot/ -v /var/lib/letsencrypt/:/etc/letsencrypt/ -it certbot/certbot:latest certonly --webroot --webroot-path /var/www/certbot/ --dry-run -d darkstat.dd84ai.com
 
-
 resource "docker_container" "nginx" {
-  name         = "nginx"
-  image        = docker_image.nginx.image_id
-  network_mode = "host" # lazy solution i know. Fix to proper networknig later.
-  restart      = "always"
-
-  # ports aren't needed in network mode
-  #   ports {
-  #     internal = "80"
-  #     external = "80"
-  #   }
-  #   ports {
-  #     internal = "443"
-  #     external = "443"
-  #   }
+  name    = "nginx"
+  image   = docker_image.nginx.image_id
+  restart = "always"
+
+  networks_advanced {
+    name = "darkstat-staging"
+  }
+  networks_advanced {
+    name = "darkstat-production"
+  }
+
+  ports {
+    internal = "80"
+    external = "80"
+  }
+  ports {
+    internal = "443"
+    external = "443"
+  }
 
   volumes {
     host_path      = "/var/lib/cerbot/"
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,4 +23,5 @@ resource "docker_container" "cron_restart" { @@
           network_mode,
         ]
       }
     }