Merge pull request #2 from zhongl/docker-swarm

Support docker and swarm

.jvmopts

@@ -0,0 +1,4 @@
+-Xms2048m
+-Xmx2048m
+-XX:ReservedCodeCacheSize=256m
+-XX:MaxMetaspaceSize=512m

README.md

@@ -6,9 +6,19 @@
 
 Passport 是一个超轻量级统一认证网关, 面向使用 [钉钉](https://www.dingtalk.com) 或是 [企业微信](https://work.weixin.qq.com/) 的创业团队提供手机扫码登录访问内部服务.
 
-# 部署
+## 跑起来
 
-## 配置 app.conf
+```sh
+curl -LkO https://github.com/zhongl/passport/raw/master/docker-compose.yml 
+curl -LkO https://github.com/zhongl/passport/raw/master/app.conf
+DOMAIN=foo.bar docker-compose up -d
+curl -k -v https://localhost -H 'Host: www.foo.bar' -H 'Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwYXNzcG9ydCIsIm5hbWUiOiJ6aG9uZ2wiLCJleHAiOjE4NjYxNzI3MjV9.FomLr4SgRvHuI6iUnVZc2-Q9YQbNrh4eDWGbM09xoC8'
+```
+
+- 细节请详见 [docker-compose.yml](https://github.com/zhongl/passport/blob/master/docker-compose.yml) . 
+
+
+## 配置 
 
 ### 钉钉
 
@@ -61,12 +71,6 @@ wechat {
 
 > 参见[企业内部开发](https://work.weixin.qq.com/api/doc#90000/90003/90487), 创建**应用**.
 
-## 运行
-
-```sh
-docker run -d -v $(pwd)/app.conf:/app.conf -e JAVA_OPTS=-Dconfig.file=/app.conf zhongl/passport
-```
-
 ## Echo调试
 
 若需要在真正部署之前进行调试验证, 可在运行时指定`-e`:

build.sbt

@@ -1,3 +1,4 @@
+
 lazy val akkaHttpVersion = "10.1.6"
 lazy val akkaVersion     = "2.5.19"
 lazy val oauth2Version   = "0.1.8"
@@ -13,19 +14,25 @@ lazy val root = (project in file("."))
     version := "0.0.1",
     scalacOptions += "-deprecation",
     resolvers += "jitpack" at "https://jitpack.io",
-    mainClass in Compile := Some("fun.zhongl.passport.Main"),
+    mainClass in Compile := Some("zhongl.passport.Main"),
+    maintainer in Docker := "zhong.lunfu@gmail.com",
     dockerBaseImage := "openjdk:8-alpine",
+    dockerEnvVars := Map("DOCKER_HOST" -> "unix:///var/run/docker.sock"),
+    dockerExposedPorts := Seq(8080),
+    daemonUserUid in Docker := None,
+    daemonUser in Docker := "root",
     dockerRepository := sys.props.get("docker.repository"),
     version in Docker := sys.props.get("docker.tag").getOrElse(version.value),
     libraryDependencies ++= Seq(
-      "com.github.scopt"                     %% "scopt"               % "4.0.0-RC2",
-      "com.github.zhongl.akka-stream-oauth2" %% "dingtalk"            % oauth2Version,
-      "com.github.zhongl.akka-stream-oauth2" %% "wechat"              % oauth2Version,
-      "com.typesafe.akka"                    %% "akka-http-testkit"   % akkaHttpVersion % Test,
-      "com.typesafe.akka"                    %% "akka-testkit"        % akkaVersion % Test,
-      "com.typesafe.akka"                    %% "akka-stream-testkit" % akkaVersion % Test,
-      "org.scalatest"                        %% "scalatest"           % "3.0.4" % Test,
-      "org.mockito"                          % "mockito-core"         % "2.19.0" % Test
+      "com.lightbend.akka"                   %% "akka-stream-alpakka-unix-domain-socket" % "1.0-M2",
+      "com.github.scopt"                     %% "scopt"                                  % "4.0.0-RC2",
+      "com.github.zhongl.akka-stream-oauth2" %% "dingtalk"                               % oauth2Version,
+      "com.github.zhongl.akka-stream-oauth2" %% "wechat"                                 % oauth2Version,
+      "com.typesafe.akka"                    %% "akka-http-testkit"                      % akkaHttpVersion % Test,
+      "com.typesafe.akka"                    %% "akka-testkit"                           % akkaVersion % Test,
+      "com.typesafe.akka"                    %% "akka-stream-testkit"                    % akkaVersion % Test,
+      "org.scalatest"                        %% "scalatest"                              % "3.0.4" % Test,
+      "org.scalamock"                        %% "scalamock"                              % "4.1.0" % Test
     )
   )
   .enablePlugins(JavaAppPackaging, AshScriptPlugin, DockerSpotifyClientPlugin)

docker-compose.yml

@@ -0,0 +1,45 @@
+version: '3.3'
+services:
+
+  gateway:
+    image: traefik:latest
+    command:
+      - "--api"
+      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
+      - "--entrypoints=Name:https Address::443 TLS"
+      - "--defaultentrypoints=http,https"
+      - "--docker"
+      - "--docker.watch"
+      - "--docker.domain=${DOMAIN}"
+      - "--accesslog"
+      - "--traefikLog"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 80:80
+      - 443:443
+
+  passport:
+    image: zhongl/passport:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    labels:
+      traefik.port: 8080
+      traefik.frontend.rule: "HostRegexp: {subdomain:[a-z]+}.${DOMAIN}"
+    environment:
+      JAVA_TOOL_OPTIONS: -Dconfig.file=/run/secrets/conf
+      DOMAIN: $DOMAIN
+    secrets:
+      - conf
+
+  echo:
+    image: zhongl/passport:latest
+    command:
+      - "-e"
+    labels:
+      passport.rule: "www.${DOMAIN}"
+      passport.port: 8080
+
+secrets:
+  conf:
+    file: ./app.conf

project/plugins.sbt

@@ -2,10 +2,10 @@ addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.2")
 
 addSbtPlugin("io.spray" % "sbt-revolver" % "0.9.1")
 
-addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.4")
+addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % "1.3.18")
 
 addSbtPlugin("org.scoverage" % "sbt-scoverage" % "1.5.1")
 
 addSbtPlugin("org.scoverage" % "sbt-coveralls" % "1.2.5")
 
-libraryDependencies += "com.spotify" % "docker-client" % "3.5.13"
+libraryDependencies += "com.spotify" % "docker-client" % "8.9.0"

src/main/resources/common.conf

@@ -1,7 +1,16 @@
-akka.http {
-  server.remote-address-header = on
+akka {
+  //  loglevel = "DEBUG"
+
+  stream.materializer {
+    subscription-timeout.mode = warn
+  }
+
+  http {
+    server.remote-address-header = on
+  }
 }
 
+
 cookie {
   name = "jwt"
   expires_in = 15d