Reverse Proxy

GigaDB Portainer service What is portainer? Portainer is an open-source management UI for Docker, including Docker Swarm environment. Portainer makes it easier for you to manage your Docker containers, it allows you to manage containers, images, networks, and volumes from the web-based Portainer dashboard. Pre-requisites The staging server and live server are up and running. Here and here are the details of how to provision and configure an EC2 server using Ansible and Terraform. The Let’s Encrypt certificate fallout has been fixed by getting the latest code from this PR #198. Have Docker Hub account, and store DOCKER_HUB_USERNAME and DOCKER_HUB_PASSWORD which is the access token in gitlab CI/CD variables. Steps to configure the portainer, details can be found at this PR #201 Changes to the DNS record Create an A record for access portainer on staging and on live as following: Record name Type IP portainer.$staging_url A staging server IP portainer.$live_url A live server IP Changes to the gitlab variables Create a new variable as following: Key Value Environment PORTAINER_PASSWORD “Password” All(default) DOCKER_HUB_USERNAME “User name” All(default) DOCKER_HUB_PASSWORD “Access token” All(default) Variable PORTAINER_BCRYPT (if any) could be deleted. ...

Task Make portainer on staging and live deployment accessible with HTTPS on default port #790 Add portainer container service on staging and live deployment #791 PR #201 Steps A. Add portainer service available locally Update docker-compose.yml portainer: image: portainer/portainer-ce:latest volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data ports: - 9009:9000 - 8008:8000 command: -H unix:///var/run/docker.sock --admin-password $PORTAINER_BCRYPT volumes: le_config: le_webrootpath: portainer_data: Create PORTAINER_PASSWORD in gitlab variables Create start_portainer.sh, if-else block to avoid keep generating PORTAINER_BCRYPT in .env #!/usr/bin/env bash # bail out as soon as there is an error set -eux # Load environment variables source "./.env" source "./.secrets" # docker-compose executable if [[ $GIGADB_ENV != "dev" && $GIGADB_ENV != "CI" ]];then DOCKER_COMPOSE="docker-compose --tlsverify -H=$REMOTE_DOCKER_HOST -f ops/deployment/docker-compose.production-envs.yml" else DOCKER_COMPOSE="docker-compose" fi if ! [ -z "${PORTAINER_BCRYPT+x}" ];then echo "PORTAINER_BCRYPT value has been set in .env already" # start portainer in detached mode and make sure volume are recreated (rather than use potential previous state that my be erroneous) $DOCKER_COMPOSE up --detach --renew-anon-volumes portainer else echo "PORTAINER_BCRYPT value is empty" echo "Generate bcrypt from password" P_BCRYPT=$(docker run --rm httpd:2.4-alpine htpasswd -nbB admin $PORTAINER_PASSWORD | cut -d ":" -f 2 | sed -e 's/\$/\\\$/g') echo "PORTAINER_BCRYPT=$P_BCRYPT" >> .env # start portainer in detached mode and make sure volume are recreated (rather than use potential previous state that my be erroneous) $DOCKER_COMPOSE up --detach --renew-anon-volumes portainer fi Update up.sh to only start portainer in MacOS # start the container admin UI (not in CI) if [ "$(uname)" == "Darwin" ];then ./ops/scripts/start_portainer.sh fi; Spin up all containers kencho/gigadb-website % ./up.sh Test the http response using curl % curl -I localhost:9009 HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=31536000 Content-Length: 6176 Content-Type: text/html; charset=utf-8 Last-Modified: Sun, 10 Oct 2021 23:45:45 GMT X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Date: Thu, 21 Oct 2021 08:14:01 GMT Go to http://localhost:9009/ and have fun! Reference Heavily adapted form here ...