Skip to content

M
maf-gateway-revamp
Commit 006ff071 by krds-arun
Options

updated git and docker fil

parent 22699497
Showing with 170 additions and 13 deletions
.gitlab-ci.yml
...@@ -4,29 +4,32 @@ stages: ...@@ -4,29 +4,32 @@ stages:
variables: variables:
app_name: maf-gateway-frontend app_name: maf-gateway-frontend
app_image_tag: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA app_image_tag: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
image_tag: $CI_BUILD_REF_NAME
image: $CI_REGISTRY_IMAGE
registry_pass: $CI_BUILD_TOKEN
registry_user: gitlab-ci-token registry_user: gitlab-ci-token
registry_pass: $CI_JOB_TOKEN
registry: $CI_REGISTRY registry: $CI_REGISTRY
PNPM_HOME: /root/.local/share/pnpm slack_channel: maf-gateway
PATH: /root/.local/share/pnpm:$PATH ecs_definition: config/ecs-task-definition.json
FF_USE_FASTZIP: "true" ecs_entrypoint: app:3000
docker_build_staging: docker_build_staging:
tags: tags:
- docker - docker
- eu - eu
stage: build stage: build
image: docker:27-dind
services:
- docker:27-dind
variables: variables:
app_env: staging app_env: staging
app_api_url: https://magicplanet-new-api-staging.eu-staging.kacdn.net app_api_url: https://magicplanet-new-api-staging.eu-staging.kacdn.net
before_script: app_cms_url: https://maf-mp-strapi-staging.eu-staging.kacdn.net/api
- docker login -u $registry_user -p $registry_pass $registry app_assets_url: https://maf-mp.s3.ap-southeast-1.amazonaws.com/maf-mp-strapi/staging
script: script:
- docker build -t $app_image_tag . - env
- docker login -u $registry_user -p $registry_pass $registry
- docker build -t $app_image_tag
--build-arg APP_ENV=$app_env
- docker push $app_image_tag - docker push $app_image_tag
only: only:
- master - master
...@@ -39,9 +42,8 @@ deploy_staging: ...@@ -39,9 +42,8 @@ deploy_staging:
stage: deploy stage: deploy
variables: variables:
app_env: staging app_env: staging
script: script:
- deploy-ecs eu-staging - deploy-ecs eu-staging
dependencies:
- docker_build_staging
only: only:
- master - master
config/ecs-task-definition.json 0 → 100644
{
"family": "maf-gateway-frontend",
"taskRoleArn": "arn:aws:iam::060686542424:role/EcsTaskS3ReadOnlyAccess",
"networkMode": "bridge",
"containerDefinitions": [
{
"name": "app",
"image": "{{app_image_tag}}",
"cpu": 1,
"memoryReservation": 32,
"essential": true,
"readonlyRootFilesystem": false,
"environment": [
{ "name": "APP_ENV", "value": "{{app_env}}" },
{ "name": "NODE_ENV", "value": "production" }
]
}
]
}
config/nginx.conf 0 → 100644
server {
listen 80;
server_name maf-gateway-frontend-staging.eu-staging.kacdn.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/eu-staging.kacdn.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eu-staging.kacdn.net/privkey.pem;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1.2 TLSv1.1;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000";
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
client_max_body_size 2M;
server_name maf-gateway-frontend-staging.eu-staging.kacdn.net;
root /home/server/htdocs/projects/maf-gateway-frontend-staging/;
location / {
proxy_pass http://localhost:38777;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
# Proxy for not found routes
proxy_intercept_errors on;
error_page 404 = @old_site;
}
location /api {
proxy_pass http://localhost:38777$request_uri; # Pass the $request_uri
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location @old_site {
proxy_pass http://localhost:42136$request_uri;
proxy_intercept_errors on;
error_page 404 = @proxy_404;
}
location @proxy_404 {
proxy_pass http://localhost:38777$request_uri;
}
}
config/vhost.conf 0 → 100644
{% if ssl_certificate -%}
server {
listen {{http_port}};
server_name {{server_name}};
return 301 https://$host$request_uri;
}
{% endif %}
server {
{% if ssl_certificate -%}
listen {{https_port}} ssl;
ssl_certificate {{ssl_certificate}};
ssl_certificate_key {{ssl_certificate_key}};
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1.2 TLSv1.1;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Content-Type-Options nosniff;
{%- else -%}
listen {{http_port}};
{%- endif %}
client_max_body_size {{app_client_max_body_size | default('2M')}};
server_name {{server_name}};
root {{server_root}};
{% if auto_ssl -%}
location ^~ /.well-known/acme-challenge {
proxy_pass http://certbot;
}
{%- endif %}
# Next.js static assets - no auth required
location /_next/static/ {
proxy_pass http://localhost:{{app_port}};
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Next.js image optimization - no auth required
location /_next/image {
proxy_pass http://localhost:{{app_port}};
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Favicon and public assets - no auth required
location /favicon.ico {
proxy_pass http://localhost:{{app_port}};
}
location / {
{% if app_http_auth_path is defined %}
auth_basic "Restricted Access";
auth_basic_user_file {{app_http_auth_path}};
{%- endif %}
proxy_pass http://localhost:{{app_port}};
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment