Merge branch 'master' into add-nginx-stats-endpoint
This commit is contained in:
commit
05fe41f75c
4
dc
4
dc
|
@ -41,9 +41,9 @@ for i in $(seq 1 ${#PORTAL_MODULES}); do
|
||||||
COMPOSE_FILES+=" -f docker-compose.mongodb.yml"
|
COMPOSE_FILES+=" -f docker-compose.mongodb.yml"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# abuse module - alias "u"
|
# abuse-scanner module - alias "u"
|
||||||
if [[ ${PORTAL_MODULES:i-1:1} == "u" ]]; then
|
if [[ ${PORTAL_MODULES:i-1:1} == "u" ]]; then
|
||||||
COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml -f docker-compose.abuse.yml"
|
COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.blocker.yml -f docker-compose.abuse-scanner.yml"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -7,11 +7,9 @@ x-logging: &default-logging
|
||||||
max-file: "3"
|
max-file: "3"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
abuse:
|
abuse-scanner:
|
||||||
build:
|
image: skynetlabs/abuse-scanner
|
||||||
context: ./docker/abuse
|
container_name: abuse-scanner
|
||||||
dockerfile: Dockerfile
|
|
||||||
container_name: abuse
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
logging: *default-logging
|
logging: *default-logging
|
||||||
env_file:
|
env_file:
|
|
@ -20,11 +20,7 @@ services:
|
||||||
- ACCOUNTS_LIMIT_ACCESS=${ACCOUNTS_LIMIT_ACCESS:-authenticated} # default to authenticated access only
|
- ACCOUNTS_LIMIT_ACCESS=${ACCOUNTS_LIMIT_ACCESS:-authenticated} # default to authenticated access only
|
||||||
|
|
||||||
accounts:
|
accounts:
|
||||||
build:
|
image: skynetlabs/skynet-accounts
|
||||||
context: ./docker/accounts
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
args:
|
|
||||||
branch: main
|
|
||||||
container_name: accounts
|
container_name: accounts
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
logging: *default-logging
|
logging: *default-logging
|
||||||
|
|
|
@ -13,9 +13,7 @@ services:
|
||||||
- BLOCKER_PORT=4000
|
- BLOCKER_PORT=4000
|
||||||
|
|
||||||
blocker:
|
blocker:
|
||||||
build:
|
image: skynetlabs/blocker
|
||||||
context: ./docker/blocker
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
container_name: blocker
|
container_name: blocker
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
logging: *default-logging
|
logging: *default-logging
|
||||||
|
|
|
@ -26,19 +26,15 @@ services:
|
||||||
ipv4_address: 10.10.10.100
|
ipv4_address: 10.10.10.100
|
||||||
|
|
||||||
malware-scanner:
|
malware-scanner:
|
||||||
build:
|
image: skynetlabs/malware-scanner
|
||||||
context: ./docker/malware-scanner
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
args:
|
|
||||||
branch: main
|
|
||||||
container_name: malware-scanner
|
container_name: malware-scanner
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
logging: *default-logging
|
logging: *default-logging
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
environment:
|
environment:
|
||||||
- CLAMAV_IP=${CLAMAV_IP:-10.10.10.100}
|
- CLAMAV_IP=10.10.10.100
|
||||||
- CLAMAV_PORT=${CLAMAV_PORT:-3310}
|
- CLAMAV_PORT=3310
|
||||||
- BLOCKER_IP=10.10.10.110
|
- BLOCKER_IP=10.10.10.110
|
||||||
- BLOCKER_PORT=4000
|
- BLOCKER_PORT=4000
|
||||||
expose:
|
expose:
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
|
||||||
nginx:
|
|
||||||
build:
|
|
||||||
context: ./docker/nginx
|
|
||||||
dockerfile: Dockerfile.bionic
|
|
||||||
args:
|
|
||||||
RESTY_ADD_PACKAGE_BUILDDEPS: git
|
|
||||||
RESTY_EVAL_PRE_CONFIGURE: git clone https://github.com/fdintino/nginx-upload-module /tmp/nginx-upload-module
|
|
||||||
RESTY_CONFIG_OPTIONS_MORE: --add-module=/tmp/nginx-upload-module
|
|
||||||
RESTY_EVAL_POST_MAKE: /usr/local/openresty/luajit/bin/luarocks install luasocket
|
|
|
@ -1,16 +0,0 @@
|
||||||
FROM golang:1.16.7
|
|
||||||
LABEL maintainer="SkynetLabs <devs@siasky.net>"
|
|
||||||
|
|
||||||
ENV GOOS linux
|
|
||||||
ENV GOARCH amd64
|
|
||||||
|
|
||||||
ARG branch=main
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
|
|
||||||
RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/abuse-scanner.git && \
|
|
||||||
cd abuse-scanner && \
|
|
||||||
go mod download && \
|
|
||||||
make release
|
|
||||||
|
|
||||||
ENTRYPOINT ["abuse-scanner"]
|
|
|
@ -1,22 +0,0 @@
|
||||||
FROM golang:1.16.7
|
|
||||||
LABEL maintainer="SkynetLabs <devs@siasky.net>"
|
|
||||||
|
|
||||||
ENV GOOS linux
|
|
||||||
ENV GOARCH amd64
|
|
||||||
|
|
||||||
ARG branch=main
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
|
|
||||||
RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/skynet-accounts.git && \
|
|
||||||
cd skynet-accounts && \
|
|
||||||
go mod download && \
|
|
||||||
make release
|
|
||||||
|
|
||||||
ENV SKYNET_DB_HOST="localhost"
|
|
||||||
ENV SKYNET_DB_PORT="27017"
|
|
||||||
ENV SKYNET_DB_USER="username"
|
|
||||||
ENV SKYNET_DB_PASS="password"
|
|
||||||
ENV SKYNET_ACCOUNTS_PORT=3000
|
|
||||||
|
|
||||||
ENTRYPOINT ["skynet-accounts"]
|
|
|
@ -1,16 +0,0 @@
|
||||||
FROM golang:1.16.7
|
|
||||||
LABEL maintainer="SkynetLabs <devs@siasky.net>"
|
|
||||||
|
|
||||||
ENV GOOS linux
|
|
||||||
ENV GOARCH amd64
|
|
||||||
|
|
||||||
ARG branch=main
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
|
|
||||||
RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/blocker.git && \
|
|
||||||
cd blocker && \
|
|
||||||
go mod download && \
|
|
||||||
make release
|
|
||||||
|
|
||||||
ENTRYPOINT ["blocker"]
|
|
|
@ -1,23 +0,0 @@
|
||||||
FROM golang:1.17.3
|
|
||||||
LABEL maintainer="SkynetLabs <devs@siasky.net>"
|
|
||||||
|
|
||||||
ENV GOOS linux
|
|
||||||
ENV GOARCH amd64
|
|
||||||
|
|
||||||
ARG branch=main
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
|
|
||||||
RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/malware-scanner.git && \
|
|
||||||
cd malware-scanner && \
|
|
||||||
go mod download && \
|
|
||||||
make release
|
|
||||||
|
|
||||||
ENV SKYNET_DB_HOST="localhost"
|
|
||||||
ENV SKYNET_DB_PORT="27017"
|
|
||||||
ENV SKYNET_DB_USER="username"
|
|
||||||
ENV SKYNET_DB_PASS="password"
|
|
||||||
ENV CLAMAV_IP=127.0.0.1
|
|
||||||
ENV CLAMAV_PORT=3310
|
|
||||||
|
|
||||||
ENTRYPOINT ["malware-scanner"]
|
|
|
@ -25,6 +25,8 @@ set $skynet_proof '';
|
||||||
set $limit_rate 0;
|
set $limit_rate 0;
|
||||||
|
|
||||||
access_by_lua_block {
|
access_by_lua_block {
|
||||||
|
-- the block below only makes sense if we are using nginx cache
|
||||||
|
if not ngx.var.skyd_disk_cache_enabled then
|
||||||
local httpc = require("resty.http").new()
|
local httpc = require("resty.http").new()
|
||||||
|
|
||||||
-- detect whether requested skylink is v2
|
-- detect whether requested skylink is v2
|
||||||
|
@ -61,6 +63,7 @@ access_by_lua_block {
|
||||||
if ngx.shared.nocache:get(ngx.var.skylink_v1) then
|
if ngx.shared.nocache:get(ngx.var.skylink_v1) then
|
||||||
ngx.var.nocache = "1"
|
ngx.var.nocache = "1"
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
if require("skynet.account").accounts_enabled() then
|
if require("skynet.account").accounts_enabled() then
|
||||||
-- check if portal is in authenticated only mode
|
-- check if portal is in authenticated only mode
|
||||||
|
@ -85,6 +88,8 @@ header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||||
|
|
||||||
|
-- the block below only makes sense if we are using nginx cache
|
||||||
|
if not ngx.var.skyd_disk_cache_enabled then
|
||||||
-- not empty skynet_proof means this is a skylink v2 request
|
-- not empty skynet_proof means this is a skylink v2 request
|
||||||
-- so we should replace the Skynet-Proof header with the one
|
-- so we should replace the Skynet-Proof header with the one
|
||||||
-- we got from /skynet/resolve/ endpoint, otherwise we would
|
-- we got from /skynet/resolve/ endpoint, otherwise we would
|
||||||
|
@ -98,6 +103,7 @@ header_filter_by_lua_block {
|
||||||
if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then
|
if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then
|
||||||
ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"])
|
ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"])
|
||||||
end
|
end
|
||||||
|
end
|
||||||
}
|
}
|
||||||
|
|
||||||
limit_rate_after 512k;
|
limit_rate_after 512k;
|
||||||
|
|
|
@ -2,14 +2,12 @@ lua_shared_dict dnslink 10m;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.dnslink;
|
include /etc/nginx/conf.d/server/server.dnslink;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 default_server;
|
listen 443 default_server;
|
||||||
listen [::]:443 default_server;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/local-certificate.crt;
|
ssl_certificate /etc/ssl/local-certificate.crt;
|
||||||
ssl_certificate_key /etc/ssl/local-certificate.key;
|
ssl_certificate_key /etc/ssl/local-certificate.key;
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
server {
|
server {
|
||||||
# local server - do not expose this port externally
|
# local server - do not expose this port externally
|
||||||
listen 8000;
|
listen 8000;
|
||||||
listen [::]:8000;
|
|
||||||
|
|
||||||
# secure traffic by limiting to only local networks
|
# secure traffic by limiting to only local networks
|
||||||
include /etc/nginx/conf.d/include/local-network-only;
|
include /etc/nginx/conf.d/include/local-network-only;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/ssl-settings;
|
include /etc/nginx/conf.d/include/ssl-settings;
|
||||||
include /etc/nginx/conf.d/include/init-optional-variables;
|
include /etc/nginx/conf.d/include/init-optional-variables;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/ssl-settings;
|
include /etc/nginx/conf.d/include/ssl-settings;
|
||||||
include /etc/nginx/conf.d/include/init-optional-variables;
|
include /etc/nginx/conf.d/include/init-optional-variables;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/ssl-settings;
|
include /etc/nginx/conf.d/include/ssl-settings;
|
||||||
include /etc/nginx/conf.d/include/init-optional-variables;
|
include /etc/nginx/conf.d/include/init-optional-variables;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/init-optional-variables;
|
include /etc/nginx/conf.d/include/init-optional-variables;
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/ssl-settings;
|
include /etc/nginx/conf.d/include/ssl-settings;
|
||||||
include /etc/nginx/conf.d/include/init-optional-variables;
|
include /etc/nginx/conf.d/include/init-optional-variables;
|
||||||
|
|
Reference in New Issue