Fix social login using vk when run in production

* by specifying good dns for backend service;
* specify/upgrade versions of base docker images (java 12 -> 14, postgres 12, node 12 -> 14);
* specify "expose" to see which port(s) are relevant for specific image;
* track efforts put into configuring and using Tor proxy (for possible future reference);
* update cpu limits.

better-dating-backend/Dockerfile

@@ -1,11 +1,12 @@
 # https://unix.stackexchange.com/questions/127076/into-which-directory-should-i-install-programs-in-linux
-FROM openjdk:12-alpine
+FROM openjdk:14-jdk-alpine
 # https://hub.docker.com/_/alpine/
 # https://wiki.alpinelinux.org/wiki/How_to_get_regular_stuff_working
 RUN apk add --no-cache curl
 
 # https://docs.docker.com/engine/reference/builder/#healthcheck
 COPY ./build/libs/backend-0.0.1-SNAPSHOT.jar /opt/backend.jar
+
 CMD ["sh", "-c", "java -XX:+UnlockExperimentalVMOptions \
       -XX:+UseContainerSupport -XX:InitialRAMPercentage=50.0 \
       -XX:MinRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0 -Dreactor.netty.http.server.accessLogEnabled \
@@ -19,5 +20,6 @@ CMD ["sh", "-c", "java -XX:+UnlockExperimentalVMOptions \
       --datasource.url=\"r2dbc:postgresql://$DB_HOST/$DB_NAME\" \
       --datasource.username=$DB_USER --passwordfiles.db=$DB_PASSWORD_FILE"]
 
+EXPOSE 8080
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=15s \
   CMD curl -f http://localhost:8080/actuator/health || exit 1

better-dating-backend/build.gradle.kts

@@ -19,7 +19,7 @@ plugins {
 
 group = "ua.betterdating"
 version = "0.0.1-SNAPSHOT"
-java.sourceCompatibility = JavaVersion.VERSION_12
+java.sourceCompatibility = JavaVersion.VERSION_14
 
 repositories {
 	mavenLocal()
@@ -88,7 +88,7 @@ dependencies {
 
 tasks.withType<KotlinCompile> {
 	kotlinOptions {
-		jvmTarget = "12"
+		jvmTarget = "14"
 		freeCompilerArgs = listOf("-Xjsr305=strict", "-Xjvm-default=enable")
 	}
 }

better-dating-backend/src/main/kotlin/ua/betterdating/backend/BackendApplication.kt

@@ -2,7 +2,6 @@ package ua.betterdating.backend
 
 import org.springframework.data.r2dbc.core.R2dbcEntityTemplate
 import org.springframework.fu.kofu.reactiveWebApplication
-import org.springframework.r2dbc.core.DatabaseClient
 import ua.betterdating.backend.configuration.dataConfig
 import ua.betterdating.backend.configuration.mailConfig
 import ua.betterdating.backend.configuration.webConfig

better-dating-backend/src/main/kotlin/ua/betterdating/backend/configuration/security.kt

@@ -235,8 +235,8 @@ class OAuth2SimpleAuthenticationManager(
                             emailRepository.updateMono(profile)
                         } else {
                             Mono.empty()
-                        }.then(roleRepository.findAllMono(profile.id).map {
-                            roles -> createAuth(profile.id.toString(), roles)
+                        }.then(roleRepository.findAllMono(profile.id).map { roles ->
+                            createAuth(profile.id.toString(), roles)
                         })
                     }.switchIfEmpty(Mono.error(EmailNotRegisteredException(email)))
         }

better-dating-caching/Dockerfile

@@ -1,4 +1,4 @@
-FROM redis:alpine
+FROM redis:6.0.8-alpine
 COPY redis.conf /usr/local/etc/redis/redis.conf
 CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
 HEALTHCHECK --interval=30s --timeout=15s --retries=3 \

better-dating-database/Dockerfile

@@ -1,4 +1,4 @@
-FROM postgres:alpine
+FROM postgres:12.4-alpine
 COPY healthcheck.sh /scripts/healthcheck.sh
 HEALTHCHECK --interval=30s --timeout=15s --retries=3 \
   CMD bash /scripts/healthcheck.sh || exit 1

better-dating-frontend/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:12-slim AS builder
+FROM node:14.11.0-slim AS builder
 # https://stackoverflow.com/questions/50126741/how-to-remove-intermediate-images-from-a-build-after-the-build
 LABEL stage=builder
 
@@ -12,11 +12,12 @@ COPY ./src /app/src
 
 RUN cd /app && npm i && NEXT_APP_UPDATED="$(date -u --iso-8601=seconds)" npm run build
 
-FROM node:12-alpine
+FROM node:14.11.0-alpine
 RUN apk add --no-cache curl
 COPY --from=builder /app /app
 WORKDIR /app
 CMD ["sh", "-c", "BACKEND_HOST=http://bd-backend:8080 PORT=8080 npm run prod"]
 
+EXPOSE 8080
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=10s \
   CMD curl -f http://localhost:8080/healthcheck || exit 1

better-dating-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # https://hub.docker.com/_/nginx
-FROM nginx:alpine
+FROM nginx:1.19.2-alpine
 RUN apk add --no-cache curl
 
 COPY nginx.conf /etc/nginx/nginx.conf

better-dating-tor/Dockerfile

@@ -0,0 +1,27 @@
+# [Running Tor Proxy with Docker](https://dev.to/nabarun/running-tor-proxy-with-docker-56n9)
+
+# set alpine as the base image of the Dockerfile
+FROM alpine:3.12.0
+
+# install Tor and curl
+RUN apk add --no-cache tor curl
+
+# Copy over the torrc created above and set the owner to `tor`
+COPY torrc /etc/tor/torrc
+RUN chown -R tor /etc/tor
+
+# Set `tor` as the default user during the container runtime
+USER tor
+
+# Set `tor` as the entrypoint for the image
+ENTRYPOINT ["tor"]
+
+EXPOSE 9050
+
+# Set the default container command
+# This can be overridden later when running a container
+CMD ["-f", "/etc/tor/torrc"]
+
+COPY healthcheck.sh /scripts/healthcheck.sh
+HEALTHCHECK --interval=30s --timeout=15s --retries=3 --start-period=20s \
+  CMD sh /scripts/healthcheck.sh || exit 1

better-dating-tor/healthcheck.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+# [How to check if Tor is working and debug the problem on CLI?](https://tor.stackexchange.com/questions/12678/how-to-check-if-tor-is-working-and-debug-the-problem-on-cli)
+status=$(curl --socks5 localhost:9050 --socks5-hostname localhost:9050 -s https://check.torproject.org/ | cat | grep -m 1 Congratulations | wc -l)
+
+if [ $status -eq 1 ]; then
+    exit 0
+fi;
+
+exit 1

better-dating-tor/tor-notes.md

@@ -0,0 +1,39 @@
+# Tor (for development/test environment)
+1. [Setting up Tor Proxy and Hidden Services in Linux](https://www.devdungeon.com/content/setting-tor-proxy-and-hidden-services-linux)
+2. [Using CURL with TOR as a Proxy on CentOs](https://stackoverflow.com/questions/39257293/using-curl-with-tor-as-a-proxy-on-centos)
+
+
+## docker-compose.yml
+```
+ bd-tor:
+   build: ./better-dating-tor
+   image: skivol/better-dating-tor:latest
+   container_name: "bd-prod-tor"
+   deploy:
+     resources:
+       limits:
+         cpus: '0.25'
+         memory: 50M
+       reservations:
+         cpus: '0.05'
+         memory: 20M
+     restart_policy:
+       condition: any
+       delay: 10s
+       max_attempts: 2
+       window: 120s
+```
+
+## reactor-netty
+```
+private fun proxyConnector(proxySettings: ProxySettings): ReactorClientHttpConnector {
+    // inspired by https://github.com/reactor/reactor-netty/issues/887
+    val httpClient = HttpClient.create()
+            .proxy {
+                it.type(ProxyProvider.Proxy.SOCKS5)
+                        .host(proxySettings.host)
+                        .port(proxySettings.port)
+            }
+    return ReactorClientHttpConnector(httpClient)
+}
+```

better-dating-tor/torrc

@@ -0,0 +1 @@
+SocksPort 0.0.0.0:9050

docker-compose.yml

@@ -6,15 +6,15 @@ version: '3.6'
 services:
 
   bd-redis:
-    build: ./better-dating-cache
+    build: ./better-dating-caching
     image: skivol/better-dating-cache:latest
     container_name: "bd-prod-redis"
     volumes:
       - better-dating-cache-volume:/data
     deploy:
       resources:
         limits:
-          cpus: '0.25'
+          cpus: '0.75'
           memory: 200M
         reservations:
           cpus: '0.10'
@@ -40,11 +40,11 @@ services:
     deploy:
       resources:
         limits:
-          cpus: '0.50'
+          cpus: '0.75'
           memory: 256M
         reservations:
           cpus: '0.25'
-          memory: 120M
+          memory: 128M
       restart_policy:
         condition: any
         delay: 5s
@@ -68,6 +68,7 @@ services:
       FACEBOOK_CLIENT_SECRET: "${FACEBOOK_CLIENT_SECRET}"
       VK_CLIENT_ID: "${VK_CLIENT_ID}"
       VK_CLIENT_SECRET: "${VK_CLIENT_SECRET}"
+    dns: 8.8.8.8
     depends_on:
       - bd-postgres
     volumes:
@@ -98,7 +99,7 @@ services:
     deploy:
       resources:
         limits:
-          cpus: '0.50'
+          cpus: '0.75'
           memory: 250M
         reservations:
           cpus: '0.25'
@@ -124,10 +125,10 @@ services:
     deploy:
       resources:
         limits:
-          cpus: '0.50'
+          cpus: '0.75'
           memory: 50M
         reservations:
-          cpus: '0.15'
+          cpus: '0.10'
           memory: 20M
       restart_policy:
         condition: any

docs/prod-setup.md

@@ -73,3 +73,4 @@
 	* Maybe someday:
 		* [Postfix HOWTO](https://wiki.centos.org/HowTos/postfix);
 		* [How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability](https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability);
+

docs/tasks.md

@@ -1,7 +1,6 @@
-* Обновить сайт
-* Обновить настройки приложения в Facebook & Vk
-* Зарегистрироваться, добавить себе роль админа
-* сообщить об этом в соц. сетях (создать страницы для приложения ?)
+* создать "релиз" в гите
+* (создать страницы для приложения ?)
+* сообщить об этом в соц. сетях
 
 * Второй этап
     Цель встреч (поиск второй половинки)
@@ -30,7 +29,7 @@
     * по приему никотина/алкоголя, внесемейным интимным отношениям / просмотру порно - у обоих должны соответствовать намерения (например, обое не намерены этими вещами заниматься в будущем, либо собираются продолжать это делать в той или иной мере). В случае с "неопределившимися" - они могут сочетаться со всеми вариантами.
     * единый тип внешности
     * либо один и тот же город, либо один из участников готов поехать в другой город для встречи
-    * язык
+    * единый родной язык(и), или готовность изучить родные языки друг друга
     ...
 * Просмотреть профиль другого учасника
 
@@ -101,7 +100,7 @@
 * consider using `redux-starter-kit` (https://redux-starter-kit.js.org)
 * consider reCAPCHA ?
 * Push notifications instead (or as an alternative?) of mail messages ? / Viber ?
-* consider using Docker Registry
+* consider using Docker Registry (https://hub.docker.com/)
 * consider registering Belarusian domain (.бел)
 * mail delivery service ? (e.g. https://pepipost.com/)
 

scripts/dev-aliases.sh

@@ -110,13 +110,13 @@ prod-ssh-zsh() {
 }
 # https://stackoverflow.com/a/26226261
 transfer-image() {
-	docker save skivol/better-dating-$1:latest | bzip2 | pv | prod-ssh 'bunzip2 | docker load'
+	docker save "skivol/better-dating-${1}:latest" | bzip2 | pv | prod-ssh 'bunzip2 | docker load'
 }
 alias bd-backend-transfer-image-to-prod="transfer-image backend"
 alias bd-ui-transfer-image-to-prod="transfer-image ui"
 alias bd-proxy-transfer-image-to-prod="transfer-image proxy"
 alias bd-database-transfer-image-to-prod="transfer-image database"
-alias bd-transfer-images-to-prod='bd-backend-transfer-image-to-prod && bd-ui-transfer-image-to-prod && bd-proxy-transfer-image-to-prod'
+alias bd-cache-transfer-image-to-prod="transfer-image cache"
 
 rsync-to-bd() {
 	rsync $PROJECTS/better-dating/$1 $PROD_USER@$PROD:/home/$PROD_USER/bd/

scripts/status-check.sh

@@ -5,7 +5,7 @@
 
 healthyServices=$(docker ps --filter "health=healthy" --format "{{.ID}}" | wc -l)
 
-if [ $healthyServices -ne 4 ]; then
+if [ $healthyServices -ne 5 ]; then
     function now {
         echo $(date -u)
     }

scripts/troubleshooting.sh

@@ -13,7 +13,7 @@
 # check number of healthy services
 healthyServices=$(docker ps --filter "health=healthy" --format "{{.ID}}" | wc -l)
 
-if [ $healthyServices -eq 4 ]; then
+if [ $healthyServices -eq 5 ]; then
     echo "Looks good!"
 else
     logFile=~/troubleshooting.log