From 675da7a7c7de39c6f55b22eba6a08b77e34a2ab7 Mon Sep 17 00:00:00 2001 From: akifisitan <102677971+akifisitan@users.noreply.github.com> Date: Sun, 12 May 2024 15:21:03 +0300 Subject: [PATCH] feat: nginx adventures #4 - fixed ssl error --- .../{ => api-gateway-docker}/Dockerfile | 7 +- .../location_proxy_shared.conf} | 2 +- .../{ => api-gateway-docker}/nginx.conf | 40 +++++++++- .../service_config/auth_service_routes.conf | 4 +- .../recommendation_service_routes.conf | 8 +- .../service_config/user_service_routes.conf | 6 +- .../microservices/api-gateway/vm/Makefile | 26 +++++++ .../api-gateway/vm/location_proxy_shared.conf | 5 ++ .../microservices/api-gateway/vm/nginx.conf | 75 +++++++++++++++++++ .../service_config/auth_service_routes.conf | 12 +++ .../recommendation_service_routes.conf | 24 ++++++ .../service_config/user_service_routes.conf | 18 +++++ 12 files changed, 210 insertions(+), 17 deletions(-) rename ovatify-backend/microservices/api-gateway/{ => api-gateway-docker}/Dockerfile (79%) rename ovatify-backend/microservices/api-gateway/{proxy_settings.conf => api-gateway-docker/location_proxy_shared.conf} (85%) rename ovatify-backend/microservices/api-gateway/{ => api-gateway-docker}/nginx.conf (55%) rename ovatify-backend/microservices/api-gateway/{ => api-gateway-docker}/service_config/auth_service_routes.conf (68%) rename ovatify-backend/microservices/api-gateway/{ => api-gateway-docker}/service_config/recommendation_service_routes.conf (73%) rename ovatify-backend/microservices/api-gateway/{ => api-gateway-docker}/service_config/user_service_routes.conf (69%) create mode 100644 ovatify-backend/microservices/api-gateway/vm/Makefile create mode 100644 ovatify-backend/microservices/api-gateway/vm/location_proxy_shared.conf create mode 100644 ovatify-backend/microservices/api-gateway/vm/nginx.conf create mode 100644 ovatify-backend/microservices/api-gateway/vm/service_config/auth_service_routes.conf create mode 100644 ovatify-backend/microservices/api-gateway/vm/service_config/recommendation_service_routes.conf create mode 100644 ovatify-backend/microservices/api-gateway/vm/service_config/user_service_routes.conf diff --git a/ovatify-backend/microservices/api-gateway/Dockerfile b/ovatify-backend/microservices/api-gateway/api-gateway-docker/Dockerfile similarity index 79% rename from ovatify-backend/microservices/api-gateway/Dockerfile rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/Dockerfile index 618c728..fc053e5 100644 --- a/ovatify-backend/microservices/api-gateway/Dockerfile +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/Dockerfile @@ -4,11 +4,11 @@ FROM nginx:latest # Remove the default Nginx configuration RUN rm /etc/nginx/conf.d/default.conf -# Copy the custom Nginx configuration files +# Copy config file COPY nginx.conf /etc/nginx/nginx.conf -# Copy proxy settings -COPY proxy_settings.conf /etc/nginx/conf.d/proxy_settings.conf +# Copy shared proxy settings +COPY location_proxy_shared.conf /etc/nginx/conf.d/location_proxy_shared.conf # Copy microservice related COPY service_config/auth_service_routes.conf /etc/nginx/conf.d/auth_service.conf @@ -17,4 +17,3 @@ COPY service_config/user_service_routes.conf /etc/nginx/conf.d/user_service.conf # Expose port 80 EXPOSE 80 - diff --git a/ovatify-backend/microservices/api-gateway/proxy_settings.conf b/ovatify-backend/microservices/api-gateway/api-gateway-docker/location_proxy_shared.conf similarity index 85% rename from ovatify-backend/microservices/api-gateway/proxy_settings.conf rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/location_proxy_shared.conf index e85d4f2..a57e4f1 100644 --- a/ovatify-backend/microservices/api-gateway/proxy_settings.conf +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/location_proxy_shared.conf @@ -1,4 +1,4 @@ -# proxy_settings.conf +# location_proxy_shared.conf proxy_pass_request_headers on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/ovatify-backend/microservices/api-gateway/nginx.conf b/ovatify-backend/microservices/api-gateway/api-gateway-docker/nginx.conf similarity index 55% rename from ovatify-backend/microservices/api-gateway/nginx.conf rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/nginx.conf index 555e059..761dd9f 100644 --- a/ovatify-backend/microservices/api-gateway/nginx.conf +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/nginx.conf @@ -1,3 +1,8 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + # nginx.conf events { worker_connections 1024; @@ -5,10 +10,40 @@ events { http { - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; - default_type application/json; + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; upstream auth_service { server ovtf-auth-srv-clpiqqqcgq-ew.a.run.app:443; @@ -32,6 +67,5 @@ http { include /etc/nginx/conf.d/auth_service.conf; include /etc/nginx/conf.d/recommendation_service.conf; include /etc/nginx/conf.d/user_service.conf; - } } diff --git a/ovatify-backend/microservices/api-gateway/service_config/auth_service_routes.conf b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/auth_service_routes.conf similarity index 68% rename from ovatify-backend/microservices/api-gateway/service_config/auth_service_routes.conf rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/auth_service_routes.conf index 3467a32..ced4705 100644 --- a/ovatify-backend/microservices/api-gateway/service_config/auth_service_routes.conf +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/auth_service_routes.conf @@ -2,11 +2,11 @@ location /users/create-user/ { proxy_pass https://auth_service; proxy_set_header Host $auth_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/login/ { proxy_pass https://auth_service; proxy_set_header Host $auth_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } \ No newline at end of file diff --git a/ovatify-backend/microservices/api-gateway/service_config/recommendation_service_routes.conf b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/recommendation_service_routes.conf similarity index 73% rename from ovatify-backend/microservices/api-gateway/service_config/recommendation_service_routes.conf rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/recommendation_service_routes.conf index a33c7a9..c6fd3c1 100644 --- a/ovatify-backend/microservices/api-gateway/service_config/recommendation_service_routes.conf +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/recommendation_service_routes.conf @@ -2,23 +2,23 @@ location /users/recommend-you-might-like/ { proxy_pass https://recommendation_service; proxy_set_header Host $recommendation_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/recommend-since-you-like/ { proxy_pass https://recommendation_service; proxy_set_header Host $recommendation_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/recommend-friend-mix/ { proxy_pass https://recommendation_service; proxy_set_header Host $recommendation_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/recommend-friend-listen/ { proxy_pass https://recommendation_service; proxy_set_header Host $recommendation_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } diff --git a/ovatify-backend/microservices/api-gateway/service_config/user_service_routes.conf b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/user_service_routes.conf similarity index 69% rename from ovatify-backend/microservices/api-gateway/service_config/user_service_routes.conf rename to ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/user_service_routes.conf index 3db4f82..6e27dee 100644 --- a/ovatify-backend/microservices/api-gateway/service_config/user_service_routes.conf +++ b/ovatify-backend/microservices/api-gateway/api-gateway-docker/service_config/user_service_routes.conf @@ -2,17 +2,17 @@ location /users/get-user-profile/ { proxy_pass https://user_service; proxy_set_header Host $user_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/edit-user-preferences/ { proxy_pass https://user_service; proxy_set_header Host $user_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } location /users/delete-user/ { proxy_pass https://user_service; proxy_set_header Host $user_service_host; - include /etc/nginx/conf.d/proxy_settings.conf; + include /etc/nginx/conf.d/location_proxy_shared.conf; } \ No newline at end of file diff --git a/ovatify-backend/microservices/api-gateway/vm/Makefile b/ovatify-backend/microservices/api-gateway/vm/Makefile new file mode 100644 index 0000000..30ba7e0 --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/Makefile @@ -0,0 +1,26 @@ +copy: + sudo cp nginx.conf /etc/nginx/nginx.conf + sudo cp location_proxy_shared.conf /etc/nginx/conf.d/location_proxy_shared.conf + sudo cp service_config/auth_service_routes.conf /etc/nginx/conf.d/auth_service.conf + sudo cp service_config/recommendation_service_routes.conf /etc/nginx/conf.d/recommendation_service.conf + sudo cp service_config/user_service_routes.conf /etc/nginx/conf.d/user_service.conf + sudo nginx -t + sudo systemctl reload nginx + +update: + sudo cp proxy.conf /etc/nginx/sites-available/proxy.conf + sudo cp nginx.conf /etc/nginx/nginx.conf + sudo nginx -t + sudo systemctl reload nginx + +reload: + sudo systemctl reload nginx + +check: + sudo nginx -t + +view-error-logs: + sudo tail -f /var/log/nginx/error.log + +view-access-logs: + sudo tail -f /var/log/nginx/access.log \ No newline at end of file diff --git a/ovatify-backend/microservices/api-gateway/vm/location_proxy_shared.conf b/ovatify-backend/microservices/api-gateway/vm/location_proxy_shared.conf new file mode 100644 index 0000000..a57e4f1 --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/location_proxy_shared.conf @@ -0,0 +1,5 @@ +# location_proxy_shared.conf +proxy_pass_request_headers on; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; \ No newline at end of file diff --git a/ovatify-backend/microservices/api-gateway/vm/nginx.conf b/ovatify-backend/microservices/api-gateway/vm/nginx.conf new file mode 100644 index 0000000..788f6ed --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/nginx.conf @@ -0,0 +1,75 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +# nginx.conf +events { + worker_connections 1024; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # Upstream + + upstream auth_service { + server ovtf-auth-srv-clpiqqqcgq-ew.a.run.app:443; + } + + upstream recommendation_service { + server recommendation-service-clpiqqqcgq-ew.a.run.app:443; + } + + upstream user_service { + server user-service-clpiqqqcgq-ew.a.run.app:443; + } + + # Reverse proxy server + + server { + listen 80; + + set $auth_service_host ovtf-auth-srv-clpiqqqcgq-ew.a.run.app; + set $recommendation_service_host recommendation-service-clpiqqqcgq-ew.a.run.app; + set $user_service_host user-service-clpiqqqcgq-ew.a.run.app; + + include /etc/nginx/conf.d/auth_service.conf; + include /etc/nginx/conf.d/recommendation_service.conf; + include /etc/nginx/conf.d/user_service.conf; + } +} diff --git a/ovatify-backend/microservices/api-gateway/vm/service_config/auth_service_routes.conf b/ovatify-backend/microservices/api-gateway/vm/service_config/auth_service_routes.conf new file mode 100644 index 0000000..ced4705 --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/service_config/auth_service_routes.conf @@ -0,0 +1,12 @@ +# auth_service_routes.conf +location /users/create-user/ { + proxy_pass https://auth_service; + proxy_set_header Host $auth_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/login/ { + proxy_pass https://auth_service; + proxy_set_header Host $auth_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} \ No newline at end of file diff --git a/ovatify-backend/microservices/api-gateway/vm/service_config/recommendation_service_routes.conf b/ovatify-backend/microservices/api-gateway/vm/service_config/recommendation_service_routes.conf new file mode 100644 index 0000000..c6fd3c1 --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/service_config/recommendation_service_routes.conf @@ -0,0 +1,24 @@ +# recommendation_service_routes.conf +location /users/recommend-you-might-like/ { + proxy_pass https://recommendation_service; + proxy_set_header Host $recommendation_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/recommend-since-you-like/ { + proxy_pass https://recommendation_service; + proxy_set_header Host $recommendation_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/recommend-friend-mix/ { + proxy_pass https://recommendation_service; + proxy_set_header Host $recommendation_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/recommend-friend-listen/ { + proxy_pass https://recommendation_service; + proxy_set_header Host $recommendation_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} diff --git a/ovatify-backend/microservices/api-gateway/vm/service_config/user_service_routes.conf b/ovatify-backend/microservices/api-gateway/vm/service_config/user_service_routes.conf new file mode 100644 index 0000000..6e27dee --- /dev/null +++ b/ovatify-backend/microservices/api-gateway/vm/service_config/user_service_routes.conf @@ -0,0 +1,18 @@ +# user_service_routes.conf +location /users/get-user-profile/ { + proxy_pass https://user_service; + proxy_set_header Host $user_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/edit-user-preferences/ { + proxy_pass https://user_service; + proxy_set_header Host $user_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} + +location /users/delete-user/ { + proxy_pass https://user_service; + proxy_set_header Host $user_service_host; + include /etc/nginx/conf.d/location_proxy_shared.conf; +} \ No newline at end of file