diff --git a/configs/adks.toml b/configs/adks.toml index 8bdd295..eab42e1 100644 --- a/configs/adks.toml +++ b/configs/adks.toml @@ -1,5 +1,5 @@ port = 80 -horizon = "http://traefik" +horizon = "http://horizon" log_level = "warn" [database] diff --git a/configs/api.yml b/configs/api.yml index 6901695..b0f185f 100644 --- a/configs/api.yml +++ b/configs/api.yml @@ -9,7 +9,7 @@ db: max_connections: 12 horizon: - url: http://traefik + url: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 notificator: @@ -60,6 +60,7 @@ tx_watcher: disabled: false cop: + disabled: true endpoint: http://cop upstream: http://api service_name: "api-service" diff --git a/configs/charts.yaml b/configs/charts.yaml index 9a21c4a..41b7126 100644 --- a/configs/charts.yaml +++ b/configs/charts.yaml @@ -15,10 +15,11 @@ sentry: dsn: https://989409410d0740a89b1f8571c4195dca@sentry.tokend.services/3 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 cop: + disabled: true endpoint: http://cop upstream: http://charts service_name: "charts-service" diff --git a/configs/client.js b/configs/client.js index aa71687..64c73ad 100644 --- a/configs/client.js +++ b/configs/client.js @@ -1,8 +1,8 @@ document.ENV = { - HORIZON_SERVER: 'http://localhost:8000/_/api/', - FILE_STORAGE: 'http://localhost:8000/_/storage/api', + HORIZON_SERVER: 'http://localhost:8000', + FILE_STORAGE: 'http://localhost:9000', NETWORK_PASSPHRASE: 'TokenD Developer Network', - KEY_SERVER_ADMIN: 'http://localhost:8000/_/adks', + KEY_SERVER_ADMIN: 'http://localhost:8006', VALIDATE_EMAILS: false, WEB_CLIENT_URL: 'http://localhost:8060' } diff --git a/configs/coinpayments-atomic-swap-checker.yaml b/configs/coinpayments-atomic-swap-checker.yaml index 7644517..2529fd3 100644 --- a/configs/coinpayments-atomic-swap-checker.yaml +++ b/configs/coinpayments-atomic-swap-checker.yaml @@ -8,7 +8,7 @@ sentry: dsn: https://1bbe444efb3b4b15a58d9c0aba739f1c@sentry.tokend.services/6 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 coinpayments: diff --git a/configs/coinpayments-atomic-swap-matcher.yaml b/configs/coinpayments-atomic-swap-matcher.yaml index 438eb1b..02fad52 100644 --- a/configs/coinpayments-atomic-swap-matcher.yaml +++ b/configs/coinpayments-atomic-swap-matcher.yaml @@ -8,7 +8,7 @@ sentry: dsn: https://1bbe444efb3b4b15a58d9c0aba739f1c@sentry.tokend.services/6 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 coinpayments: diff --git a/configs/coinpayments-deposit-verify.yaml b/configs/coinpayments-deposit-verify.yaml index cf54ab3..c38139f 100644 --- a/configs/coinpayments-deposit-verify.yaml +++ b/configs/coinpayments-deposit-verify.yaml @@ -8,7 +8,7 @@ sentry: dsn: https://591b6a3c375f4aa890a37532ce4969ec@sentry.tokend.services/4 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 coinpayments: diff --git a/configs/coinpayments-deposit.yaml b/configs/coinpayments-deposit.yaml index 10570f3..2c36bb0 100644 --- a/configs/coinpayments-deposit.yaml +++ b/configs/coinpayments-deposit.yaml @@ -8,7 +8,7 @@ sentry: dsn: https://d6b1d77a917c4a73a5729a3ce836c9a0@sentry.tokend.services/5 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 coinpayments: @@ -27,6 +27,7 @@ listener: addr: :80 cop: + disabled: true endpoint: http://cop upstream: http://coinpayments-deposit service_name: "coinpayments-deposit-service" diff --git a/configs/coinpayments-withdraw.yaml b/configs/coinpayments-withdraw.yaml index 98d1199..4e72a66 100644 --- a/configs/coinpayments-withdraw.yaml +++ b/configs/coinpayments-withdraw.yaml @@ -8,7 +8,7 @@ sentry: dsn: https://1bbe444efb3b4b15a58d9c0aba739f1c@sentry.tokend.services/6 horizon: - endpoint: http://traefik + endpoint: http://horizon signer: SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4 coinpayments: diff --git a/configs/cop.yaml b/configs/cop.yaml deleted file mode 100644 index 230248a..0000000 --- a/configs/cop.yaml +++ /dev/null @@ -1,8 +0,0 @@ -log: - disable_sentry: true - -traefik: - endpoint: http://traefik:8080 - -listener: - addr: :80 \ No newline at end of file diff --git a/configs/errors.yaml b/configs/errors.yaml index 1f32007..dc9dcb8 100644 --- a/configs/errors.yaml +++ b/configs/errors.yaml @@ -5,6 +5,7 @@ listener: addr: :80 cop: + disabled: true endpoint: "http://cop" upstream: "http://errors" service_name: error-handler-svc diff --git a/configs/horizon.yaml b/configs/horizon.yaml index ae987c5..5ca4164 100644 --- a/configs/horizon.yaml +++ b/configs/horizon.yaml @@ -25,6 +25,7 @@ config: telegram_airdrop: http://black.hole cop: + disabled: true endpoint: http://cop upstream: http://horizon service_name: "horizon-service" diff --git a/configs/nginx.conf b/configs/nginx.conf index 5cdd2ef..66c9e8b 100644 --- a/configs/nginx.conf +++ b/configs/nginx.conf @@ -1,7 +1,7 @@ user nginx; worker_processes 1; -error_log /dev/null crit; +error_log /dev/stdout info; pid /var/run/nginx.pid; events { @@ -10,96 +10,181 @@ events { http { include /etc/nginx/mime.types; - access_log /dev/null; - keepalive_timeout 65; - gzip on; + default_type application/octet-stream; + + + log_format main '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + log_format download '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$http_range" "$sent_http_content_range"'; + + client_header_timeout 3m; + client_body_timeout 3m; + send_timeout 3m; + + client_header_buffer_size 1k; + large_client_header_buffers 4 4k; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + send_lowat 12000; + + keepalive_timeout 75 20; + + #lingering_time 30; + #lingering_timeout 10; + #reset_timedout_connection on; + access_log /dev/stdout; server { listen 80; server_name localhost; + set $cors_credentials 'true'; + set $cors_content_type ''; + set $cors_content_length ''; + + if ($http_origin ~ '.+') { + set $cors_credentials 'true'; + } + + if ($request_method = OPTIONS) { + set $cors_content_type 'text/plain'; + set $cors_content_length '0'; + } + + # empty header will not be added + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials $cors_credentials always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS, DELETE" always; + add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id" always; + if ($request_method = OPTIONS) { + return 204; + } + resolver 127.0.0.11 valid=30s; - location ~* /_/api/? { - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Max-Age' 1728000 always; - add_header 'Content-Type' 'text/plain; charset=utf-8' always; - add_header 'Content-Length' 0 always; - return 204; - } - - if ($request_method = 'DELETE') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - } - - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - } - - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - } - - if ($request_method = 'PATCH') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - } - - if ($request_method = 'PUT') { - add_header 'Access-Control-Allow-Origin' '$http_origin' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, OPTIONS, DELETE' always; - add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Signature,Account-Id' always; - add_header 'Access-Control-Allow-Credentials' true always; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always; - } - - set $upstream traefik; - rewrite /_/api(.+) $1 break; - rewrite /_/api / break; - proxy_pass http://$upstream; - } - - location ~* /_/adks/ { - set $upstream adks; - rewrite /_/adks(.+) $1 break; - rewrite /_/adks / break; - proxy_pass http://$upstream; - } - - location ~* /_/storage/ { - client_max_body_size 32m; - set $upstream storage; - rewrite /_/storage(.+) $1 break; - rewrite /_/storage / break; - proxy_set_header Host storage:9000; - proxy_pass http://$upstream:9000; - } - - location ~* /_/ws/ { + location / { + set $upstream horizon; + proxy_pass http://$upstream; + } + + location ~* /v3/ { + set $upstream horizon; + proxy_pass http://$upstream; + } + + location ~* /data/enums { + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /kdf { + + proxy_pass http://api; + } + location ~* /wallets { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /verification { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /accounts { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /blobs { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /documents { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /identities { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /schemas { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /invites { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /invites_multi { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /sessions { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /integrations/multisig { + + set $upstream api; + proxy_pass http://$upstream; + } + location ~* /telegram_updates { + + set $upstream api; + proxy_pass http://$upstream; + } + + + location ~* /integrations/coinpayments/deposit { + + set $upstream coinpayments-deposit; + proxy_pass http://$upstream; + } + + location ~* /charts { + set $upstream charts; - proxy_pass http://$upstream:8080; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_pass http://$upstream; } + + # location ~* /_/storage/ { + # client_max_body_size 32m; + # set $upstream storage; + # rewrite /_/storage(.+) $1 break; + # rewrite /_/storage / break; + # proxy_set_header Host storage:9000; + # proxy_pass http://$upstream:9000; + # } + + # location ~* /_/ws/ { + # set $upstream charts; + # proxy_pass http://$upstream:8080; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # } } } diff --git a/configs/poll-closer.yaml b/configs/poll-closer.yaml index d922a74..9af760e 100644 --- a/configs/poll-closer.yaml +++ b/configs/poll-closer.yaml @@ -13,7 +13,7 @@ closer: concurrency: 100 horizon: - endpoint: http://traefik/ + endpoint: http://horizon/ signer: "SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4" listener: diff --git a/configs/salecloser.yaml b/configs/salecloser.yaml index db9938b..91c9bf3 100644 --- a/configs/salecloser.yaml +++ b/configs/salecloser.yaml @@ -9,7 +9,7 @@ listener: addr: :2323 horizon: - endpoint: http://traefik/ + endpoint: http://horizon/ signer: "SAMJKTZVW5UOHCDK5INYJNORF2HRKYI72M5XSZCBYAHQHR34FFR4Z6G4" log: diff --git a/configs/traefik.yaml b/configs/traefik.yaml deleted file mode 100644 index 23b03ad..0000000 --- a/configs/traefik.yaml +++ /dev/null @@ -1,16 +0,0 @@ -providers: - rest: - insecure: true - -entryPoints: - web: - address: ":80" -api: - insecure: true - -log: - level: WARN - -accessLog: - filePath: /access.log - bufferingSize: 1000 diff --git a/docker-compose.yml b/docker-compose.yml index 6450259..20619ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '3.3' services: - upstream: + ingress: image: nginx restart: unless-stopped volumes: @@ -20,25 +20,6 @@ services: WAIT_HOSTS: storage:9000, horizon:80 entrypoint: "" command: sh -c "/opt/config/wait && /opt/config/apply.sh" - traefik: - image: traefik:v2.0 - depends_on: - - upstream - ports: - - "80:80" - - "8081:8080" - volumes: - - ./configs/traefik.yaml:/traefik.yaml - cop: - image: tokend/traefik-cop:1.0.0 - depends_on: - - traefik - restart: unless-stopped - environment: - - KV_VIPER_FILE=/config.yaml - volumes: - - ./configs/cop.yaml:/config.yaml - entrypoint: sh -c "traefik-cop run" adks: image: tokend/adks:1.0.2 restart: unless-stopped @@ -53,7 +34,7 @@ services: core: image: tokend/core:3.7.1 depends_on: - - traefik + - ingress restart: unless-stopped environment: - POSTGRES_USER=core @@ -71,7 +52,7 @@ services: image: tokend/horizon:3.10.4 depends_on: - core - - traefik + - ingress restart: unless-stopped environment: - POSTGRES_USER=horizon @@ -110,8 +91,10 @@ services: storage: image: minio/minio:RELEASE.2019-01-31T00-31-19Z depends_on: - - upstream + - ingress restart: unless-stopped + ports: + - 9000:9000 entrypoint: "sh" command: -c "mkdir -p /data/tfstate && minio server /data" environment: @@ -316,7 +299,7 @@ services: adks_db: image: tokend/postgres-ubuntu:9.6 depends_on: - - upstream + - ingress restart: unless-stopped environment: - POSTGRES_USER=adks @@ -328,7 +311,7 @@ services: api_db: image: tokend/postgres-ubuntu:9.6 depends_on: - - upstream + - ingress restart: unless-stopped environment: - POSTGRES_USER=api @@ -340,7 +323,7 @@ services: redis: image: redis:5.0-alpine depends_on: - - upstream + - ingress restart: unless-stopped volumes: - redis-data:/data