arvbox add InternalURLs for services, nginx proxy for keepproxy.

no issue #

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>

diff --git a/tools/arvbox/lib/arvbox/docker/cluster-config.sh b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
index 4456a69cf5741feb341c1d1f8f24321e4c7725cb..b1782d50e11c6856d6b1b3ff7989d436ddfb8c84 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/cluster-config.sh
+++ b/tools/arvbox/lib/arvbox/docker/cluster-config.sh
@@ -81,6 +81,8 @@ Clusters:
         ExternalURL: "https://$localip:${services[sso]}"
       Websocket:
         ExternalURL: "wss://$localip:${services[websockets-ssl]}/websocket"
+        InternalURLs:
+          "http://localhost:${services[websockets]}": {}
       GitSSH:
         ExternalURL: "ssh://git@$localip:"
       GitHTTP:
@@ -93,12 +95,21 @@ Clusters:
         InternalURLs:
           "http://localhost:${services[keep-web]}/": {}
         ExternalURL: "https://$localip:${services[keep-web-ssl]}/"
+        InternalURLs:
+          "http://localhost:${services[keep-web]}/": {}
       Composer:
         ExternalURL: "http://$localip:${services[composer]}"
       Controller:
         ExternalURL: "https://$localip:${services[controller-ssl]}"
         InternalURLs:
           "http://localhost:${services[controller]}": {}
+      RailsAPI:
+        InternalURLs:
+          "http://localhost:${services[api]}/": {}
+      Keepproxy:
+        ExternalURL: "http://$localip:${services[keepproxy]}"
+        InternalURLs:
+          "http://localhost:${services[keepproxy]}": {}
     PostgreSQL:
       ConnectionPool: 32 # max concurrent connections per arvados server daemon
       Connection:

diff --git a/tools/arvbox/lib/arvbox/docker/common.sh b/tools/arvbox/lib/arvbox/docker/common.sh
index 8e4e74ca0f6ca2dec0c4782d56f6d49b56a1d18a..21872749575cbcb2a4fb03ee7c97e0114046f56d 100644 (file)
--- a/tools/arvbox/lib/arvbox/docker/common.sh
+++ b/tools/arvbox/lib/arvbox/docker/common.sh
@@ -37,6 +37,7 @@ services=(
   [keep-web]=9003
   [keep-web-ssl]=9002
   [keepproxy]=25100
+  [keepproxy-ssl]=25101
   [keepstore0]=25107
   [keepstore1]=25108
   [ssh]=22

diff --git a/tools/arvbox/lib/arvbox/docker/service/keepproxy/run-service b/tools/arvbox/lib/arvbox/docker/service/keepproxy/run-service
index bf802d45f3d8bdb9f13868bb39f66136ab34f42c..78b5bcf8e8d430d302b4922c10b241c9469512f9 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/service/keepproxy/run-service
+++ b/tools/arvbox/lib/arvbox/docker/service/keepproxy/run-service
@@ -25,8 +25,8 @@ set +e
 read -rd $'\000' keepservice <<EOF
 {
  "service_host":"$localip",
- "service_port":${services[keepproxy]},
- "service_ssl_flag":false,
+ "service_port":${services[keepproxy-ssl]},
+ "service_ssl_flag":true,
  "service_type":"proxy"
 }
 EOF

diff --git a/tools/arvbox/lib/arvbox/docker/service/nginx/run b/tools/arvbox/lib/arvbox/docker/service/nginx/run
index 18c56ce9dd3708e4e7230757f8a8a571ce64bcc1..04a1b539526f31547011d02d4db18ae508434883 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/service/nginx/run
+++ b/tools/arvbox/lib/arvbox/docker/service/nginx/run
@@ -114,6 +114,7 @@ server {
     server_name keep-web;
     ssl_certificate "${server_cert}";
     ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 0;
     location  / {
       proxy_pass http://keep-web;
       proxy_set_header Host \$http_host;
@@ -123,6 +124,25 @@ server {
     }
   }
 
+
+  upstream keepproxy {
+    server localhost:${services[keepproxy]};
+  }
+  server {
+    listen *:${services[keepproxy-ssl]} ssl default_server;
+    server_name keepproxy;
+    ssl_certificate "${server_cert}";
+    ssl_certificate_key "${server_cert_key}";
+    client_max_body_size 128M;
+    location  / {
+      proxy_pass http://keepproxy;
+      proxy_set_header Host \$http_host;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_redirect off;
+    }
+  }
+
 }
 
 EOF