Commit 95826f2e authored by Nicolas Gelot's avatar Nicolas Gelot

Add morty service to proxy image content

Close: #44
parent 93b07ede
SPOT_HOSTNAME=localhost
SPOT_MORTY_HOSTNAME=proxy.localhost
SPOT_MORTY_URL=http://morty.docker
SPOT_DOCKER_IMG=registry.gitlab.e.foundation:5000/e/cloud/my-spot
SPOT_DOCKER_TAG=latest
SPOT_NGINX_DOCKER_IMG=registry.gitlab.e.foundation:5000/e/cloud/my-spot/nginx
SPOT_NGINX_DOCKER_TAG=latest
SPOT_FILTRON_DOCKER_IMG=registry.gitlab.e.foundation:5000/e/cloud/my-spot/filtron
SPOT_FILTRON_DOCKER_TAG=latest
SPOT_MORTY_DOCKER_IMG=registry.gitlab.e.foundation:5000/e/cloud/my-spot/morty
SPOT_MORTY_DOCKER_TAG=latest
......@@ -37,6 +37,9 @@ build:web:
- docker push $CI_REGISTRY_IMAGE/nginx
- docker build -t $CI_REGISTRY_IMAGE/filtron -f filtron.Dockerfile .
- docker push $CI_REGISTRY_IMAGE/filtron
- docker build -t $CI_REGISTRY_IMAGE/morty -f morty.Dockerfile .
- docker push $CI_REGISTRY_IMAGE/morty
build:docker:master:
extends: .build:docker
......@@ -52,6 +55,8 @@ build:docker:tags:
- docker push $CI_REGISTRY_IMAGE/nginx:$CI_COMMIT_REF_SLUG
- docker build -t $CI_REGISTRY_IMAGE/filtron:$CI_COMMIT_REF_SLUG -f filtron.Dockerfile .
- docker push $CI_REGISTRY_IMAGE/filtron:$CI_COMMIT_REF_SLUG
- docker build -t $CI_REGISTRY_IMAGE/morty:$CI_COMMIT_REF_SLUG -f morty.Dockerfile .
- docker push $CI_REGISTRY_IMAGE/morty:$CI_COMMIT_REF_SLUG
only:
- tags
......@@ -86,6 +91,8 @@ deploy:spot.test.cloud.global:
variables:
DOCKER_HOST: ssh://root@spot.test.ecloud.global
SPOT_HOSTNAME: spot.test.ecloud.global
SPOT_MORTY_HOSTNAME: proxy.spot.test.ecloud.global
SPOT_MORTY_URL: https://proxy.spot.test.ecloud.global
COMPOSE_PROJECT_NAME: my-spot
COMPOSE_FILE: docker-compose.yml:docker-compose-build.yml
SSH_PRIVATE_KEY: ${SSH_PRIVATE_KEY_TEST}
......@@ -102,6 +109,8 @@ deploy:spot.cloud.global:
variables:
DOCKER_HOST: ssh://root@spot.ecloud.global
SPOT_HOSTNAME: spot.ecloud.global
SPOT_MORTY_HOSTNAME: proxy.spot.ecloud.global
SPOT_MORTY_URL: https://proxy.spot.ecloud.global
COMPOSE_PROJECT_NAME: my-spot
SPOT_DOCKER_TAG: ${CI_COMMIT_REF_SLUG}
SPOT_NGINX_DOCKER_TAG: ${CI_COMMIT_REF_SLUG}
......
......@@ -12,6 +12,18 @@ Spot was forked from searx: read [documentation](https://asciimoo.github.io/sear
* docker packaging thinking to be production ready
* better locale support
## Architecture
```mermaid
graph TD
A(traefik) --> |https://spot.ecloud.global| B(filtron)
A(traefik) --> |https://proxy.spot.ecloud.global| C(morty)
C --> |image link| C
B --> D(nginx)
D --> |static file| D
D --> |API| E(spot)
```
## Getting Started
You can run spot with docker-compose. First of all you have to install
......
......@@ -13,3 +13,8 @@ services:
build:
context: .
dockerfile: filtron.Dockerfile
morty:
build:
context: .
dockerfile: morty.Dockerfile
......@@ -14,6 +14,8 @@ services:
restart: unless-stopped
environment:
SEARX_SECRET: ":@)%NN0+OqNdy:{prWQlZ{p9|oO9p-UyJq@%V!~G:arrSx6fXz.{jd%=XF44ncj"
SEARX_MORTY_URL: "${SPOT_MORTY_URL}"
SEARX_MORTY_KEY: "${SEARX_MORTY_KEY:-KHN0ZGluKT0gNWNmNzQ0Y2JlNjI4MDRjODAwZGUyMGY5ZjZlZTFmZWI1NTg2YTg5OAo=}"
GUNICORN_LOGGER: 1
GUNICORN_LEVEL: INFO
......@@ -21,6 +23,8 @@ services:
image: ${SPOT_NGINX_DOCKER_IMG}:${SPOT_NGINX_DOCKER_TAG}
logging: *default-logging
restart: unless-stopped
environment:
SPOT_MORTY_URL: "${SPOT_MORTY_URL}"
filtron:
image: ${SPOT_FILTRON_DOCKER_IMG}:${SPOT_FILTRON_DOCKER_TAG}
......@@ -35,8 +39,18 @@ services:
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.spot-ratelimit.ratelimit.average=50"
- "traefik.http.middlewares.spot-ratelimit.ratelimit.burst=20"
morty:
image: ${SPOT_MORTY_DOCKER_IMG}:${SPOT_MORTY_DOCKER_TAG}
logging: *default-logging
restart: unless-stopped
environment:
SEARX_MORTY_KEY: "${SEARX_MORTY_KEY:-KHN0ZGluKT0gNWNmNzQ0Y2JlNjI4MDRjODAwZGUyMGY5ZjZlZTFmZWI1NTg2YTg5OAo=}"
labels:
- "traefik.enable=true"
- "traefik.http.routers.spot_proxy.rule=Host(`${SPOT_MORTY_HOSTNAME}`)"
- "traefik.http.routers.spot_proxy.entrypoints=websecure"
- "traefik.http.routers.spot_proxy.tls.certresolver=spotchallenge"
traefik:
image: "traefik:v2.1.2"
......
......@@ -6,7 +6,7 @@ server {
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' __SPOT_MORTY_URL__ data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
......
FROM golang:1.13-alpine as builder
RUN apk add git && go get github.com/asciimoo/morty
FROM alpine:3.11
COPY --from=builder /go/bin/morty /usr/bin/morty
EXPOSE 80
CMD ["morty", "-listen", ":80", "-timeout", "5", "-ipv6"]
#!/bin/sh
set -e
if [ -n "$SPOT_MORTY_URL" ]; then
sed -i 's!__SPOT_MORTY_URL__!'$SPOT_MORTY_URL'!g' /etc/nginx/conf.d/default.conf
fi
exec "$@"
......@@ -4,3 +4,7 @@ COPY etc/nginx/conf.d/spot.conf /etc/nginx/conf.d/default.conf
COPY etc/nginx/proxy_spot_params /etc/nginx/proxy_spot_params
RUN sed -i 's!remote_addr!http_x_forwarded_for!g' /etc/nginx/nginx.conf
COPY --chown=nginx:nginx searx/static /var/www/spot/static
COPY nginx-docker-entrypoint.sh /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
......@@ -100,3 +100,7 @@ if 'SEARX_SECRET' in environ:
settings['server']['secret_key'] = environ['SEARX_SECRET']
if 'SEARX_BIND_ADDRESS' in environ:
settings['server']['bind_address'] = environ['SEARX_BIND_ADDRESS']
if 'SEARX_MORTY_URL' in environ:
settings.setdefault('result_proxy', {})['url'] = environ['SEARX_MORTY_URL']
if 'SEARX_MORTY_KEY' in environ:
settings.setdefault('result_proxy', {})['key'] = bytes(environ['SEARX_MORTY_KEY'], 'utf-8')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment