LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use portal modules env to discover services in nginx

This commit is contained in:
Karol Wypchlo 2022-01-04 14:57:20 +01:00
parent 2815cae756
commit d24c677a30
No known key found for this signature in database
GPG Key ID: B515DE9EEBE241E1
7 changed files with 94 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/nginx/conf.d/include/location-skylink
View File

@ -66,7 +66,7 @@ access_by_lua_block {
end end
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if not os.getenv("PORTAL_MODULES"):match("a") then return end
-- 10.10.10.70 points to accounts service (alias not available when using resty-http) -- 10.10.10.70 points to accounts service (alias not available when using resty-http)
local res, err = httpc:request_uri("http://10.10.10.70:3000/user/limits", { local res, err = httpc:request_uri("http://10.10.10.70:3000/user/limits", {

2
docker/nginx/conf.d/include/location-skynet-registry
View File

@ -11,7 +11,7 @@ proxy_pass http://sia:9980/skynet/registry;
access_by_lua_block { access_by_lua_block {
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if not os.getenv("PORTAL_MODULES"):match("a") then return end
local httpc = require("resty.http").new() local httpc = require("resty.http").new()

25
docker/nginx/conf.d/include/track-download
View File

@ -1,8 +1,7 @@
# register the download in accounts service (cookies should contain jwt) # register the download in accounts service (cookies should contain jwt)
log_by_lua_block { log_by_lua_block {
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if os.getenv("PORTAL_MODULES"):match("a") then
local function track(premature, skylink, status, body_bytes_sent, jwt) local function track(premature, skylink, status, body_bytes_sent, jwt)
if premature then return end if premature then return end
@ -20,7 +19,15 @@ log_by_lua_block {
end end
end end
local function scan(premature, skylink, jwt) if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" and ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_SPECIAL_RESPONSE then
local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.status, ngx.var.body_bytes_sent, ngx.var.skynet_jwt)
if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
end
end
-- this block runs only when scanner module is enabled
if os.getenv("PORTAL_MODULES"):match("s") then
local function scan(premature, skylink)
if premature then return end if premature then return end
local httpc = require("resty.http").new() local httpc = require("resty.http").new()
@ -28,7 +35,6 @@ log_by_lua_block {
-- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http) -- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http)
local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, { local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, {
method = "POST", method = "POST",
headers = { ["Cookie"] = "skynet-jwt=" .. jwt },
}) })
if err or (res and res.status ~= ngx.HTTP_OK) then if err or (res and res.status ~= ngx.HTTP_OK) then
@ -36,13 +42,10 @@ log_by_lua_block {
end end
end end
if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" and ngx.status >= ngx.HTTP_OK and ngx.status < ngx.HTTP_SPECIAL_RESPONSE then -- scan all skylinks but make sure to only run if skylink is present (empty if request failed)
local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.status, ngx.var.body_bytes_sent, ngx.var.skynet_jwt) if ngx.header["Skynet-Skylink"] then
local ok, err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"])
if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
end end
end
-- Unlike accounts, malware-scanner wants to be pinged about each skylink,
-- not only the ones downloaded by registered accounts.
local scan_ok, scan_err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
if scan_err then ngx.log(ngx.ERR, "Failed to create timer: ", scan_err) end
} }

4
docker/nginx/conf.d/include/track-registry
View File

@ -1,8 +1,7 @@
# register the registry access in accounts service (cookies should contain jwt) # register the registry access in accounts service (cookies should contain jwt)
log_by_lua_block { log_by_lua_block {
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if os.getenv("PORTAL_MODULES"):match("a") then
local function track(premature, request_method, jwt) local function track(premature, request_method, jwt)
if premature then return end if premature then return end
@ -24,4 +23,5 @@ log_by_lua_block {
local ok, err = ngx.timer.at(0, track, ngx.req.get_method(), ngx.var.skynet_jwt) local ok, err = ngx.timer.at(0, track, ngx.req.get_method(), ngx.var.skynet_jwt)
if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
end end
end
} }

26
docker/nginx/conf.d/include/track-upload
View File

@ -1,8 +1,7 @@
# register the upload in accounts service (cookies should contain jwt) # register the upload in accounts service (cookies should contain jwt)
log_by_lua_block { log_by_lua_block {
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if os.getenv("PORTAL_MODULES"):match("a") then
local function track(premature, skylink, jwt) local function track(premature, skylink, jwt)
if premature then return end if premature then return end
@ -19,7 +18,16 @@ log_by_lua_block {
end end
end end
local function scan(premature, skylink, jwt) -- report all skylinks (header empty if request failed) but only if jwt is preset (user is authenticated)
if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" then
local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
end
end
-- this block runs only when scanner module is enabled
if os.getenv("PORTAL_MODULES"):match("s") then
local function scan(premature, skylink)
if premature then return end if premature then return end
local httpc = require("resty.http").new() local httpc = require("resty.http").new()
@ -27,7 +35,6 @@ log_by_lua_block {
-- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http) -- 10.10.10.101 points to malware-scanner service (alias not available when using resty-http)
local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, { local res, err = httpc:request_uri("http://10.10.10.101:4000/scan/" .. skylink, {
method = "POST", method = "POST",
headers = { ["Cookie"] = "skynet-jwt=" .. jwt },
}) })
if err or (res and res.status ~= ngx.HTTP_OK) then if err or (res and res.status ~= ngx.HTTP_OK) then
@ -35,13 +42,10 @@ log_by_lua_block {
end end
end end
if ngx.header["Skynet-Skylink"] and ngx.var.skynet_jwt ~= "" then -- scan all skylinks but make sure to only run if skylink is present (empty if request failed)
local ok, err = ngx.timer.at(0, track, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt) if ngx.header["Skynet-Skylink"] then
local ok, err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"])
if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end if err then ngx.log(ngx.ERR, "Failed to create timer: ", err) end
end end
end
-- Unlike accounts, malware-scanner wants to be pinged about each skylink,
-- not only the ones uploaded by registered accounts.
local scan_ok, scan_err = ngx.timer.at(0, scan, ngx.header["Skynet-Skylink"], ngx.var.skynet_jwt)
if scan_err then ngx.log(ngx.ERR, "Failed to create timer: ", scan_err) end
} }

6
docker/nginx/conf.d/server/server.api
View File

@ -180,7 +180,7 @@ location /skynet/skyfile {
# access_by_lua_block { # access_by_lua_block {
# -- this block runs only when accounts are enabled # -- this block runs only when accounts are enabled
# if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end # if not os.getenv("PORTAL_MODULES"):match("a") then return end
# ngx.var.upload_limit_rate = 5 * 1024 * 1024 # ngx.var.upload_limit_rate = 5 * 1024 * 1024
# local res = ngx.location.capture("/accounts/user", { copy_all_vars = true }) # local res = ngx.location.capture("/accounts/user", { copy_all_vars = true })
@ -231,7 +231,7 @@ location /skynet/tus {
ngx.req.set_header("SkynetMaxUploadSize", 5368709120) ngx.req.set_header("SkynetMaxUploadSize", 5368709120)
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then return end if not os.getenv("PORTAL_MODULES"):match("a") then return end
local httpc = require("resty.http").new() local httpc = require("resty.http").new()
@ -340,7 +340,7 @@ location /__internal/do/not/use/authenticated {
local json = require('cjson') local json = require('cjson')
-- this block runs only when accounts are enabled -- this block runs only when accounts are enabled
if os.getenv("ACCOUNTS_ENABLED") ~= "true" then if not os.getenv("PORTAL_MODULES"):match("a") then
ngx.say(json.encode{authenticated = false}) ngx.say(json.encode{authenticated = false})
return ngx.exit(ngx.HTTP_OK) return ngx.exit(ngx.HTTP_OK)
end end

2
docker/nginx/nginx.conf
View File

@ -28,7 +28,7 @@ worker_processes auto;
# declare env variables to use it in config # declare env variables to use it in config
env SKYNET_PORTAL_API; env SKYNET_PORTAL_API;
env SKYNET_SERVER_API; env SKYNET_SERVER_API;
env ACCOUNTS_ENABLED; env PORTAL_MODULES;
events { events {
worker_connections 8192; worker_connections 8192;