From 0f3ca5adf5b059d965a46f78beaaea56c7d049a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 12:11:35 +0200 Subject: [PATCH 1/6] [#715] rename the routers names to distinguish them from the service names The commit adjusts the names of the routers in the Traefik configuration within the docker-compose.yml file. This modification ensures that the routers are distinctively named and do not share names with the services, enhancing clarity and manageability of the setup. By renaming the router identifiers, it becomes easier to differentiate them from the corresponding services, thus facilitating maintenance and troubleshooting of the configuration. --- .../config/templates/docker-compose.yml.tpl | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/scripts/govtool/config/templates/docker-compose.yml.tpl b/scripts/govtool/config/templates/docker-compose.yml.tpl index 974b8f49c..37f26cc41 100644 --- a/scripts/govtool/config/templates/docker-compose.yml.tpl +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -32,9 +32,9 @@ services: labels: - "traefik.enable=true" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=web" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" + - "traefik.http.routers.to-http-catchall.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.to-http-catchall.entrypoints=web" + - "traefik.http.routers.to-http-catchall.middlewares=redirect-to-https" loki: image: grafana/loki:2.9.4 @@ -79,9 +79,9 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(``) && PathPrefix(`/grafana`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls.certresolver=myresolver" + - "traefik.http.routers.to-grafana.rule=Host(``) && PathPrefix(`/grafana`)" + - "traefik.http.routers.to-grafana.entrypoints=websecure" + - "traefik.http.routers.to-grafana.tls.certresolver=myresolver" - "traefik.http.services.grafana.loadbalancer.server.port=3000" status-service: @@ -94,9 +94,9 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.status-service.rule=Host(``) && PathPrefix(`/status`)" - - "traefik.http.routers.status-service.entrypoints=websecure" - - "traefik.http.routers.status-service.tls.certresolver=myresolver" + - "traefik.http.routers.to-status-service.rule=Host(``) && PathPrefix(`/status`)" + - "traefik.http.routers.to-status-service.entrypoints=websecure" + - "traefik.http.routers.to-status-service.tls.certresolver=myresolver" - "traefik.http.services.status-service.loadbalancer.server.port=8000" postgres: @@ -196,16 +196,16 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.backend.rule=Host(``) && PathPrefix(`/api`)" - "traefik.http.middlewares.backend-stripprefix.stripprefix.prefixes=/api" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=GET,HEAD,OPTIONS" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - "traefik.http.middlewares.backend-cors.headers.addvaryheader=true" - - "traefik.http.routers.backend.middlewares=backend-stripprefix@docker,backend-cors@docker" - - "traefik.http.routers.backend.entrypoints=websecure" - - "traefik.http.routers.backend.tls.certresolver=myresolver" + - "traefik.http.routers.to-backend.rule=Host(``) && PathPrefix(`/api`)" + - "traefik.http.routers.to-backend.middlewares=backend-stripprefix@docker,backend-cors@docker" + - "traefik.http.routers.to-backend.entrypoints=websecure" + - "traefik.http.routers.to-backend.tls.certresolver=myresolver" - "traefik.http.services.backend.loadbalancer.server.port=9876" metadata-validation: @@ -222,15 +222,15 @@ services: retries: 5 labels: - "traefik.enable=true" - - "traefik.http.routers.metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" - "traefik.http.middlewares.metadata-validation-stripprefix.stripprefix.prefixes=/metadata-validation" - - "traefik.http.routers.metadata-validation.middlewares=metadata-validation-stripprefix@docker" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=*" - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.routers.metadata-validation.entrypoints=websecure" - - "traefik.http.routers.metadata-validation.tls.certresolver=myresolver" + - "traefik.http.routers.to-metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" + - "traefik.http.routers.to-metadata-validation.middlewares=metadata-validation-stripprefix@docker" + - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" + - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" frontend: @@ -247,11 +247,11 @@ services: logging: *logging labels: - "traefik.enable=true" - - "traefik.http.routers.frontend.rule=Host(``)" - - "traefik.http.routers.frontend.entrypoints=websecure" - - "traefik.http.routers.frontend.tls.certresolver=myresolver" - "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com https://www.googletagmanager.com 'self' data:; script-src *.usersnap.com 'self' 'unsafe-inline' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com; font-src *.usersnap.com *.gstatic.com 'self' 'unsafe-inline' https://fonts.gstatic.com; worker-src blob:" - - "traefik.http.routers.frontend.middlewares=frontend-csp@docker" + - "traefik.http.routers.to-frontend.rule=Host(``)" + - "traefik.http.routers.to-frontend.entrypoints=websecure" + - "traefik.http.routers.to-frontend.tls.certresolver=myresolver" + - "traefik.http.routers.to-frontend.middlewares=frontend-csp@docker" - "traefik.http.services.frontend.loadbalancer.server.port=80" secrets: From f7f61c2c460d066fa05fe8a2b255cbb6c038355e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 12:20:01 +0200 Subject: [PATCH 2/6] [#715] Fix indentation in Traefik configuration in docker-compose file The adjustments in this commit focus on correcting the indentation in the Traefik configuration section within the docker-compose.yml.tpl file. The changes entail ensuring consistent and proper alignment of the services' definitions, specifically the metadata-validation service, to enhance readability and maintainability. By reformatting the indentation, the Traefik configuration becomes more organized, facilitating easier navigation and understanding of the setup. --- .../config/templates/docker-compose.yml.tpl | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/scripts/govtool/config/templates/docker-compose.yml.tpl b/scripts/govtool/config/templates/docker-compose.yml.tpl index 37f26cc41..f28352adc 100644 --- a/scripts/govtool/config/templates/docker-compose.yml.tpl +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -209,29 +209,29 @@ services: - "traefik.http.services.backend.loadbalancer.server.port=9876" metadata-validation: - build: - context: ../../govtool/metadata-validation - environment: - - PORT=3000 - logging: *logging - restart: always - healthcheck: - test: ["CMD-SHELL", "curl -f 127.0.0.1:3000/health || exit 1"] - interval: 5s - timeout: 5s - retries: 5 - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.metadata-validation-stripprefix.stripprefix.prefixes=/metadata-validation" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.routers.to-metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" - - "traefik.http.routers.to-metadata-validation.middlewares=metadata-validation-stripprefix@docker" - - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" - - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" - - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" + build: + context: ../../govtool/metadata-validation + environment: + - PORT=3000 + logging: *logging + restart: always + healthcheck: + test: ["CMD-SHELL", "curl -f 127.0.0.1:3000/health || exit 1"] + interval: 5s + timeout: 5s + retries: 5 + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.metadata-validation-stripprefix.stripprefix.prefixes=/metadata-validation" + - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=*" + - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" + - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" + - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" + - "traefik.http.routers.to-metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" + - "traefik.http.routers.to-metadata-validation.middlewares=metadata-validation-stripprefix@docker" + - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" + - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" + - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" frontend: image: /frontend:${FRONTEND_TAG} From 0856db4ef0f925006b1b4770f88309f7ab309d91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 15:06:17 +0200 Subject: [PATCH 3/6] [#715] Update Traefik image version to v3.0 The commit modifies the Traefik image version specified in the docker-compose.yml.tpl file from v2.10 to v3.0. By updating the Traefik image, we ensure compatibility with the necessary features and improvements introduced in version 3.0. This adjustment aligns with the user story's goal to enhance load balancing and routing setup in the dev environment by making sure that the configuration utilizes the latest Traefik version for more efficient backend service management and testing capabilities. --- scripts/govtool/config/templates/docker-compose.yml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/govtool/config/templates/docker-compose.yml.tpl b/scripts/govtool/config/templates/docker-compose.yml.tpl index f28352adc..dea09391f 100644 --- a/scripts/govtool/config/templates/docker-compose.yml.tpl +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -2,7 +2,7 @@ version: "3.9" services: traefik: - image: traefik:v2.10 + image: traefik:v3.0 command: - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" From c47e0e97b1a8a305bcbe361654ae4dd5fbb20d0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 15:09:17 +0200 Subject: [PATCH 4/6] [#715] Apply better priorities to the routing The commit enhances the routing setup in the Traefik configuration within the docker-compose.yml.tpl file by implementing better priorities. By adjusting the priority of the router for the frontend service to 1, the routing for this service looses precedence, ensuring that frontend traffic is correctly directed. This change aims to optimize the routing logic, ensuring that the frontend service receives appropriate traffic allocation and improving the overall efficiency of the load balancing and routing setup in the dev environment. This is an actual fix of the problem stated in the related issue. --- .../config/templates/docker-compose.yml.tpl | 81 ++++++++++--------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/scripts/govtool/config/templates/docker-compose.yml.tpl b/scripts/govtool/config/templates/docker-compose.yml.tpl index dea09391f..c678ba62c 100644 --- a/scripts/govtool/config/templates/docker-compose.yml.tpl +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -84,21 +84,6 @@ services: - "traefik.http.routers.to-grafana.tls.certresolver=myresolver" - "traefik.http.services.grafana.loadbalancer.server.port=3000" - status-service: - build: - context: ../../govtool/status-service - environment: - - GRAFANA_USERNAME=admin - - GRAFANA_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - restart: always - logging: *logging - labels: - - "traefik.enable=true" - - "traefik.http.routers.to-status-service.rule=Host(``) && PathPrefix(`/status`)" - - "traefik.http.routers.to-status-service.entrypoints=websecure" - - "traefik.http.routers.to-status-service.tls.certresolver=myresolver" - - "traefik.http.services.status-service.loadbalancer.server.port=8000" - postgres: image: postgres:15-alpine environment: @@ -182,6 +167,46 @@ services: restart: always logging: *logging + status-service: + build: + context: ../../govtool/status-service + environment: + - GRAFANA_USERNAME=admin + - GRAFANA_PASSWORD=${GRAFANA_ADMIN_PASSWORD} + restart: always + logging: *logging + labels: + - "traefik.enable=true" + - "traefik.http.routers.to-status-service.rule=Host(``) && PathPrefix(`/status`)" + - "traefik.http.routers.to-status-service.entrypoints=websecure" + - "traefik.http.routers.to-status-service.tls.certresolver=myresolver" + - "traefik.http.services.status-service.loadbalancer.server.port=8000" + + metadata-validation: + build: + context: ../../govtool/metadata-validation + environment: + - PORT=3000 + logging: *logging + restart: always + healthcheck: + test: ["CMD-SHELL", "curl -f 127.0.0.1:3000/health || exit 1"] + interval: 5s + timeout: 5s + retries: 5 + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.metadata-validation-stripprefix.stripprefix.prefixes=/metadata-validation" + - "traefik.http.middlewares.metadata-validation-cors.headers.accesscontrolallowmethods=*" + - "traefik.http.middlewares.metadata-validation-cors.headers.accesscontrolallowheaders=*" + - "traefik.http.middlewares.metadata-validation-cors.headers.accesscontrolalloworiginlist=https://" + - "traefik.http.middlewares.metadata-validation-cors.headers.accesscontrolmaxage=100" + - "traefik.http.routers.to-metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" + - "traefik.http.routers.to-metadata-validation.middlewares=metadata-validation-stripprefix@docker,metadata-validation-cors@docker" + - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" + - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" + - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" + backend: image: /backend:${BACKEND_TAG} command: /usr/local/bin/vva-be -c /run/secrets/backend-config.json start-app @@ -208,31 +233,6 @@ services: - "traefik.http.routers.to-backend.tls.certresolver=myresolver" - "traefik.http.services.backend.loadbalancer.server.port=9876" - metadata-validation: - build: - context: ../../govtool/metadata-validation - environment: - - PORT=3000 - logging: *logging - restart: always - healthcheck: - test: ["CMD-SHELL", "curl -f 127.0.0.1:3000/health || exit 1"] - interval: 5s - timeout: 5s - retries: 5 - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.metadata-validation-stripprefix.stripprefix.prefixes=/metadata-validation" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowmethods=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolallowheaders=*" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolalloworiginlist=https://" - - "traefik.http.middlewares.backend-cors.headers.accesscontrolmaxage=100" - - "traefik.http.routers.to-metadata-validation.rule=Host(``) && PathPrefix(`/metadata-validation`)" - - "traefik.http.routers.to-metadata-validation.middlewares=metadata-validation-stripprefix@docker" - - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" - - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" - - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" - frontend: image: /frontend:${FRONTEND_TAG} volumes: @@ -252,6 +252,7 @@ services: - "traefik.http.routers.to-frontend.entrypoints=websecure" - "traefik.http.routers.to-frontend.tls.certresolver=myresolver" - "traefik.http.routers.to-frontend.middlewares=frontend-csp@docker" + - "traefik.http.routers.to-frontend.priority=1" - "traefik.http.services.frontend.loadbalancer.server.port=80" secrets: From 6a1968a9301a39858c772e91db03f4e9d108525a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 15:11:56 +0200 Subject: [PATCH 5/6] [#715] Add healthchecks to two main backend services from Traefik load balancer The commit enhances the Traefik configuration within the docker-compose.yml.tpl file by adding healthcheck configurations to the two primary backend services, `metadata-validation` and `backend`. These healthchecks include defining paths, ports, intervals, and timeouts for monitoring the health and status of the backend services. By implementing healthchecks, Traefik can periodically verify the availability and responsiveness of the backend services through specified endpoints, contributing to improved load balancing and routing efficiency. This change directly addresses the user story requirement to ensure the backend service is correctly defined, reachable, and functioning optimally in the dev environment for effective testing and debugging purposes. --- scripts/govtool/config/templates/docker-compose.yml.tpl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/govtool/config/templates/docker-compose.yml.tpl b/scripts/govtool/config/templates/docker-compose.yml.tpl index c678ba62c..789c66101 100644 --- a/scripts/govtool/config/templates/docker-compose.yml.tpl +++ b/scripts/govtool/config/templates/docker-compose.yml.tpl @@ -206,6 +206,10 @@ services: - "traefik.http.routers.to-metadata-validation.entrypoints=websecure" - "traefik.http.routers.to-metadata-validation.tls.certresolver=myresolver" - "traefik.http.services.metadata-validation.loadbalancer.server.port=3000" + - "traefik.http.services.metadata-validation.loadbalancer.healthcheck.path=/health" + - "traefik.http.services.metadata-validation.loadbalancer.healthcheck.port=3000" + - "traefik.http.services.metadata-validation.loadbalancer.healthcheck.interval=10s" + - "traefik.http.services.metadata-validation.loadbalancer.healthcheck.timeout=5s" backend: image: /backend:${BACKEND_TAG} @@ -232,6 +236,10 @@ services: - "traefik.http.routers.to-backend.entrypoints=websecure" - "traefik.http.routers.to-backend.tls.certresolver=myresolver" - "traefik.http.services.backend.loadbalancer.server.port=9876" + - "traefik.http.services.backend.loadbalancer.healthcheck.path=/epoch/params" + - "traefik.http.services.backend.loadbalancer.healthcheck.port=9876" + - "traefik.http.services.backend.loadbalancer.healthcheck.interval=10s" + - "traefik.http.services.backend.loadbalancer.healthcheck.timeout=5s" frontend: image: /frontend:${FRONTEND_TAG} From aaecda0f9af0e94a6f6f8d589714931873fe42a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Placzy=C5=84ski?= Date: Mon, 15 Apr 2024 15:58:34 +0200 Subject: [PATCH 6/6] [#715] Add additional CORS exception for dev environment The changes made in this commit focus on enhancing the CORS configuration for the dev environment by adding an additional exception to allow specific origins. The modification includes appending "http://localhost:5173" to the list of allowed hosts when the environment is set to "dev." This adjustment aims to address Cross-Origin Resource Sharing (CORS) issues related to accessing services from different origins, ensuring that the specified host is permitted to interact with the backend service seamlessly. --- scripts/govtool/Makefile | 2 +- scripts/govtool/config.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/govtool/Makefile b/scripts/govtool/Makefile index a906c42aa..01c8c4e6d 100644 --- a/scripts/govtool/Makefile +++ b/scripts/govtool/Makefile @@ -7,7 +7,7 @@ include config.mk .DEFAULT_GOAL := info # image tags -cardano_node_image_tag := 8.9.0 +cardano_node_image_tag := 8.10.0-pre cardano_db_sync_image_tag := sancho-4.1.0 .PHONY: all diff --git a/scripts/govtool/config.mk b/scripts/govtool/config.mk index 4a680e5ba..87c424d03 100644 --- a/scripts/govtool/config.mk +++ b/scripts/govtool/config.mk @@ -51,7 +51,7 @@ $(output_dirs): mkdir -p $@ $(docker_compose_file): $(template_config_dir)/docker-compose.yml.tpl $(target_config_dir)/ - if [[ "$(env)" == "dev" ]]; then CSP_ALLOWED_HOSTS=",http://localhost"; else CSP_ALLOWED_HOSTS=; fi; \ + if [[ "$(env)" == "dev" ]]; then CSP_ALLOWED_HOSTS=",http://localhost,http://localhost:5173"; else CSP_ALLOWED_HOSTS=; fi; \ sed -e "s||$(domain)|g" \ -e "s||$(docker_user)|g" \ -e "s||$(repo_url)|g" \