add docker, deploy

2026-04-22 05:26:34 +00:00 · 2024-11-14 16:12:06 +02:00
parent 4445fcd673
commit 2244edd2ed
15 changed files with 215 additions and 29 deletions
@@ -0,0 +1,25 @@
 **/.dockerignore
 **/.env
 **/.git
 **/.gitignore
 **/.project
 **/.settings
 **/.toolstarget
 **/.vs
 **/.vscode
 **/.idea
 **/*.*proj.user
 **/*.dbmdl
 **/*.jfm
 **/azds.yaml
 **/bin
 **/charts
 **/docker-compose*
 **/Dockerfile*
 **/node_modules
 **/npm-debug.log
 **/obj
 **/secrets.dev.yaml
 **/values.dev.yaml
 LICENSE
 README.md
@@ -7,4 +7,5 @@ obj
 log*
 *.cmd
 *permissions.sql
-Content/
+Content/
 .env
@@ -8,6 +8,13 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Azaion.Services", "Azaion.S
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Azaion.Test", "Azaion.Test\Azaion.Test.csproj", "{2F4F0EA9-0645-4917-8D21-F317E815EB9E}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Docker", "Docker", "{49FBE419-D2FA-4D7C-8419-D3AD5B44DD58}"
 	ProjectSection(SolutionItems) = preProject
 		Dockerfile = Dockerfile
 		.dockerignore = .dockerignore
 		deploy.cmd = deploy.cmd
 	EndProjectSection
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -0,0 +1 @@
 ASPNETCORE_JwtConfig__Secret=sdkfjghbsdfklhjgvbsdkljfhbvasklhfgsdfvh
@@ -4,6 +4,7 @@
        <TargetFramework>net8.0</TargetFramework>
        <Nullable>enable</Nullable>
        <ImplicitUsings>enable</ImplicitUsings>
        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
    </PropertyGroup>
    <ItemGroup>
@@ -1,6 +0,0 @@
@Azaion.Api_HostAddress = http://localhost:5219
 GET {{Azaion.Api_HostAddress}}/weatherforecast/
 Accept: application/json
 ###
@@ -16,7 +16,7 @@ var builder = WebApplication.CreateBuilder(args);
 builder.WebHost.ConfigureKestrel(o => o.Limits.MaxRequestBodySize = 209715200); //increase upload limit up to 200mb
 var jwtConfig = builder.Configuration.GetSection(nameof(JwtConfig)).Get<JwtConfig>();
-if (jwtConfig == null)
+if (jwtConfig == null || string.IsNullOrEmpty(jwtConfig.Secret))
    throw new Exception("Missing configuration section: JwtConfig");
 var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfig.Secret));
@@ -87,7 +87,6 @@ if (app.Environment.IsDevelopment())
    app.UseSwaggerUI();
 }
 app.UseHttpsRedirection();
 app.UseAuthentication();
 app.UseAuthorization();
@@ -4,9 +4,5 @@
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "ConnectionStrings": {
    "AzaionDb": "Host=localhost;Database=azaion;Username=azaion_reader;Password=Az@1on_re@d!only@$Az;",
    "AzaionDbAdmin": "Host=localhost;Database=azaion;Username=azaion_admin;Password=Az@1on_admin$$@r;"
  }
 }
@@ -0,0 +1,22 @@
 FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
 WORKDIR /app
 EXPOSE 8080
 # Build whole app
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 WORKDIR /app
 COPY . .
 RUN dotnet restore
 WORKDIR "/app/Azaion.Api"
 RUN dotnet build "Azaion.Api.csproj" -c Release -o /app/build
 FROM build AS publish
 RUN dotnet publish "Azaion.Api.csproj" -c Release -o /app/publish /p:UseAppHost=false
 # Build runtime
 FROM base AS final
 WORKDIR /app
 COPY --from=publish /app/publish .
 ENTRYPOINT ["dotnet", "Azaion.Api.dll"]
@@ -0,0 +1,8 @@
 #!/bin/sh
 sudo -s
 apt -y update
 apt -y upgrade
 apt install -y dotnet-sdk-8.0 aspnetcore-runtime-8.0
 apt install -y zlib1g nodejs npm
@@ -0,0 +1,41 @@
 #!/bin/sh
 sudo apt-get install curl gnupg apt-transport-https -y
 ## Team RabbitMQ's main signing key
 curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/com.rabbitmq.team.gpg > /dev/null
 ## Community mirror of Cloudsmith: modern Erlang repository
 curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
 ## Community mirror of Cloudsmith: RabbitMQ repository
 curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null
 ## Add apt repositories maintained by Team RabbitMQ
 sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
 ## Provides modern Erlang/OTP releases
 ##
 deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
 deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
 # another mirror for redundancy
 deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
 deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-erlang/deb/ubuntu noble main
 ## Provides RabbitMQ
 ##
 deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
 deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
 # another mirror for redundancy
 deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
 deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.rabbitmq.com/rabbitmq/rabbitmq-server/deb/ubuntu noble main
 EOF
 ## Install Erlang packages
 sudo apt-get install -y erlang-base \
                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                        erlang-runtime-tools erlang-snmp erlang-ssl \
                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
 ## Install rabbitmq-server and its dependencies
 sudo apt-get install rabbitmq-server -y --fix-missing
@@ -0,0 +1,15 @@
 systemctl start rabbitmq-server
 rabbitmq-plugins enable rabbitmq_management
 rabbitmqctl add_user azaion_admin Az@1on
 rabbitmqctl set_user_tags azaion_admin administrator
 rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
 rabbitmqctl add_user azaion_admin Az@1on
 rabbitmqctl set_user_tags azaion_admin administrator
 rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
 rabbitmqctl add_user azaion_admin Az@1on
 rabbitmqctl set_user_tags azaion_admin administrator
 rabbitmqctl set_permissions azaion_admin ".*" ".*" ".*"
 # go to http://188.245.120.247:15672/ enter creds and see admin panel
@@ -0,0 +1,92 @@
 #!/bin/sh
 apt install -y docker.io apache2-utils certbot python3-certbot-nginx nginx
 docker run -d -p 5000:5000 --name registry --restart always registry:latest
 # create user for docker auth
 cd /etc/nginx
 mkdir auth
 cd auth
 htpasswd -c .htpasswd zxsanny
 chmod 640 .htpasswd
 chown root:www-data .htpasswd
 # create certs
 certbot --nginx -d api.mywebsite.com
 certbot --nginx -d docker.mywebsite.com
 cd /etc/nginx/sites-available
 tee -a docker.azaion.com << END
 server {
    listen 443 ssl;
    server_name docker.azaion.com;
    ssl_certificate /etc/letsencrypt/live/docker.azaion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/docker.azaion.com/privkey.pem;
    location / {
        auth_basic "Registry";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;
        proxy_pass http://localhost:5000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
 }
 server {
    listen 80;
    server_name docker.azaion.com;
    location / {
        auth_basic "Registry";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;
        proxy_pass http://localhost:5000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
 }
 END
 ln -s /etc/nginx/sites-available/docker.azaion.com /etc/nginx/sites-enabled/
 tee -a api.azaion.com << END
 server {
    listen 443 ssl;
    server_name api.azaion.com;
    ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;
    location / {
        proxy_pass http://localhost:4000;  # API service running on port 4000
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        proxy_set_header X-Forwarded-Port 443;
    }
 }
 # server {
 #     listen 80;
 #     server_name api.azaion.com;
 #     # Redirect all HTTP requests to HTTPS
 #     return 301 https://\$host\$request_uri;
 # }
 END
 ln -s /etc/nginx/sites-available/api.azaion.com /etc/nginx/sites-enabled/
 rm ../sites-enabled/default
 nginx -t #check syntax
 systemctl restart nginx
 # and then from the other machine
 docker login docker.azaion.com
 # Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny
@@ -1,16 +0,0 @@
 create database azaion;
 -- make sure you connect to azaion db
 --superadmin user (only for db managing)
 create role azaion_superadmin with login password 'superadmin-pass';
 grant all on schema public to azaion_superadmin;
 --writer user
 create role azaion_admin with login password 'admin-pass';
 grant connect on database azaion to azaion_admin;
 grant usage on schema public to azaion_admin;
 --readonly user
 create role azaion_reader with login password 'readonly-pass';
 grant connect on database azaion to azaion_reader;
 grant usage on schema public to azaion_reader;
		`@@ -0,0 +1 @@`
							`ASPNETCORE_JwtConfig__Secret=sdkfjghbsdfklhjgvbsdkljfhbvasklhfgsdfvh`