From 166469efdee9b2fff670fcdb6eb9ba9d72a73255 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 30 Dec 2021 05:01:07 +0100 Subject: [PATCH 001/158] moved old scripts in old folder, included gradido setup script for ubuntu --- .../{ => old}/build_and_start_login_server.sh | 0 .../bare_metal/{ => old}/build_frontend.sh | 0 .../{ => old}/nginx/sites-available/gradido | 0 .../nginx/sites-available/gradido_updating | 0 .../{ => old}/nginx/updating_original.html | 0 .../old/setup_server_online_ubuntu18.sh | 322 ++++++++++++++++++ deployment/bare_metal/{ => old}/update_all.sh | 0 7 files changed, 322 insertions(+) rename deployment/bare_metal/{ => old}/build_and_start_login_server.sh (100%) rename deployment/bare_metal/{ => old}/build_frontend.sh (100%) rename deployment/bare_metal/{ => old}/nginx/sites-available/gradido (100%) rename deployment/bare_metal/{ => old}/nginx/sites-available/gradido_updating (100%) rename deployment/bare_metal/{ => old}/nginx/updating_original.html (100%) create mode 100644 deployment/bare_metal/old/setup_server_online_ubuntu18.sh rename deployment/bare_metal/{ => old}/update_all.sh (100%) diff --git a/deployment/bare_metal/build_and_start_login_server.sh b/deployment/bare_metal/old/build_and_start_login_server.sh similarity index 100% rename from deployment/bare_metal/build_and_start_login_server.sh rename to deployment/bare_metal/old/build_and_start_login_server.sh diff --git a/deployment/bare_metal/build_frontend.sh b/deployment/bare_metal/old/build_frontend.sh similarity index 100% rename from deployment/bare_metal/build_frontend.sh rename to deployment/bare_metal/old/build_frontend.sh diff --git a/deployment/bare_metal/nginx/sites-available/gradido b/deployment/bare_metal/old/nginx/sites-available/gradido similarity index 100% rename from deployment/bare_metal/nginx/sites-available/gradido rename to deployment/bare_metal/old/nginx/sites-available/gradido diff --git a/deployment/bare_metal/nginx/sites-available/gradido_updating b/deployment/bare_metal/old/nginx/sites-available/gradido_updating similarity index 100% rename from deployment/bare_metal/nginx/sites-available/gradido_updating rename to deployment/bare_metal/old/nginx/sites-available/gradido_updating diff --git a/deployment/bare_metal/nginx/updating_original.html b/deployment/bare_metal/old/nginx/updating_original.html similarity index 100% rename from deployment/bare_metal/nginx/updating_original.html rename to deployment/bare_metal/old/nginx/updating_original.html diff --git a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh new file mode 100644 index 000000000..cd0ce8ee9 --- /dev/null +++ b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh @@ -0,0 +1,322 @@ +#!/bin/bash +echo "Start with installing necessary packets" +echo "Maria DB MySql-Server" +sudo apt update +sudo apt install -y mariadb-server +sudo mysql_secure_installation +echo "nginx and php 7.2" +sudo apt-get install -y nginx php7.2-fpm php7.2-mbstring php7.2-intl php7.2-xml php7.2-pdo php7.2-mysql +echo "firewall and fail2ban" +sudo apt-get install -y fail2ban ufw net-tools certbot python3-certbot-nginx + +echo "ufw" +sudo ufw allow http +sudo ufw allow https +sudo ufw allow ssh +sudo ufw enable + +# for installing packages for community-server +echo "Composer" +# Composer install script from https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md +cd ~ +EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)" +php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" +ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + +if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] +then + echo 'ERROR: Invalid installer checksum' + rm composer-setup.php + exit 1 +fi + +php composer-setup.php --quiet +RESULT=$? +rm composer-setup.php +#exit $RESULT +echo "Composer install result: ${RESULT}" + +sudo mv composer.phar /usr/local/bin/composer + +# for compiling login server +# you can use another folder if you like, this is not the default folder for this +cd ~/ +mkdir code +cd code + + +git clone https://github.com/Kitware/CMake.git --branch v3.19.8 +cd CMake + +./bootstrap && make -j${CPU_COUNT} && sudo make install + +# nginx security +echo "Additional Security for nginx" +sudo mkdir /etc/nginx/common +cd /etc/nginx/common +sudo cat << "EOF" > protect.conf +# Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files +location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" { + deny all; +} +# Deny access to backup extensions & log files +location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" { + deny all; +} +# deny access to hidden files and directories +location ~ /\.(?!well-known\/) { + deny all; +} +# deny access to base64 encoded urls +location ~* \"(base64_encode)(.*)(\()\" { + deny all; +} +# deny access to url with the javascript eval() function +location ~* \"(eval\()\" { + deny all; +} +# deny access to url which include \"127.0.0.1\" +location ~* \"(127\.0\.0\.1)\" { + deny all; +} +location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" { + deny all; +} +location ~* \"(<|%3C).*script.*(>|%3)\" { + deny all; +} +location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" { + deny all; +} +location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" { + deny all; +} +location ~* \"(https?|ftp|php):/\" { + deny all; +} +location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" { + deny all; +} +location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" { + deny all; +} +location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" { + deny all; +} +location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" { + deny all; +} +location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" { + deny all; +} +EOF + +sudo cat << "EOF" > protect_add_header.conf +# Prevent browsers from incorrectly detecting non-scripts as scripts +# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options +add_header X-Content-Type-Options "nosniff"; + +# prevent clickjacking: https://www.owasp.org/index.php/Clickjacking +# https://geekflare.com/add-x-frame-options-nginx/ +# https://infosec.mozilla.org/guidelines/web_security#x-frame-options +add_header Content-Security-Policy "frame-ancestors 'none'"; +add_header X-Frame-Options "DENY"; +EOF + +sudo cat << "EOF" > ssl.conf +## + # SSL Settings + ## + + # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + + # enables server-side protection from BEAST attacks + # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html + ssl_prefer_server_ciphers on; + + # enable session resumption to improve https performance + # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + + # ciphers chosen for forward secrecy and compatibility + # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + + # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner) + # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ + resolver 8.8.8.8 8.8.4.4; + ssl_stapling on; + ssl_stapling_verify on; + # ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt; + + # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security + # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping + # also https://hstspreload.org/ + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; +EOF + +cd /etc/nginx/sites-available +sudo cp default default_original +sudo cat< default +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + include /etc/nginx/common/protect.conf; + + server_name _; + + location / { + deny all; + } + + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + +# catch requests with empty hosts +server { + listen 80; + server_name ""; + return 444; +} +EOF + +cd /etc/nginx/conf.d +sudo cat < logging.conf +log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' + '"$request_method $scheme://$host$request_uri $server_protocol" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" $request_time'; +EOF + +# fail2ban enable blocking to many http request resulting in forbidden +echo "fail2ban config" +cd /etc/fail2ban/filter.d +sudo cat < nginx-forbidden.conf +[Definition] +failregex = ^.*\[error\] \d+#\d+: .* forbidden .*, client: , .*$ + +ignoreregex = +EOF + +cd /etc/fail2ban/jail.d +sudo cat < nginx-forbidden.conf +[nginx-forbidden] +enabled = true +filter = nginx-forbidden +port = http,https +logpath = /var/log/nginx/*error*.log +findtime = 60 +bantime = 6000 +maxretry = 3 +EOF + +sudo service fail2ban restart + +# phpmyadmin +echo "install and secure phpmyadmin" +sudo apt install phpmyadmin +cd /etc/phpmyadmin/conf.d +sudo cat < pma_secure.php + +EOF +phpmyadminPwd = $(openssl passwd) +echo "Please give a username for phpmyadmin, but not root" +read phpmyadmin_user +# TODO: check if phpmyadmin_user isn't really root +sudo cat < /etc/nginx/pma_pass +$phpmyadmin_user:$phpmyadminPwd +EOF + +serverIP = $(ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1') + +sudo cat < /etc/nginx/sites-available/phpmyadmin + +server { + listen 80 ; + + listen [::]:80; + server_name $serverIP; + + + location ~* \.(png|jpg|ico)$ { + expires 30d; + } + + location ~* \.(js|css) { + expires 30d; + } + + location /phpmyadmin { + root /usr/share/phpmyadmin + index index.php; + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/access.log main; +} + +EOF +sudo ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled + +# certbot +#echo "Install certbot" +#sudo apt update +#sudo apt install software-properties-common +#sudo add repository universe +#sudo apt update +#sudo apt install certbot \ No newline at end of file diff --git a/deployment/bare_metal/update_all.sh b/deployment/bare_metal/old/update_all.sh similarity index 100% rename from deployment/bare_metal/update_all.sh rename to deployment/bare_metal/old/update_all.sh From b9d9bb59356baad75368af94323f8ca0276d6694 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 30 Dec 2021 05:01:44 +0100 Subject: [PATCH 002/158] setup.md describing how to setup a bare debian host --- deployment/bare_metal/setup.md | 73 ++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 deployment/bare_metal/setup.md diff --git a/deployment/bare_metal/setup.md b/deployment/bare_metal/setup.md new file mode 100644 index 000000000..a501b6dba --- /dev/null +++ b/deployment/bare_metal/setup.md @@ -0,0 +1,73 @@ +# Setup script to setup the server be ready to run gradido +# This assums you have root access via ssh to your cleanly setup server +# Furthermore this assums you have debian (10 64bit) running + +> ssh root@gddhost.tld + +# Create user `gradido` +> useradd -d /home/gradido -m gradido +> passwd gradido +>> enter new + +# Gives the user priviledges - this might be omitted in order to harden security +> usermod -a -G sudo gradido + +# switch to the new user +> su gradido + +# Register first ssh key for user `gradido` +> mkdir ~/.ssh +> chmod 700 ~/.ssh +> vim ~/.ssh/authorized_keys +>> press i +>> insert public key +>> press esc +>> write :wq +>> press enter + +# Test authentication via SSH +> ssh -i /path/to/privKey gradido@gddhost.tld +>> This should log you in and allow you to use sudo commands, which will require the user's password + +# Disable password authentication & root login +> cd /etc/ssh +> sudo cp sshd_config sshd_config.org +> sudo vim sshd_config +>> press i +>> change `PermitRootLogin yes` to `PermitRootLogin no` +>> change `#PasswordAuthentication yes` to `PasswordAuthentication no` +>> change `UsePAM yes` to `UsePAM no` +>> press esc +>> write :wq +>> press enter +> sudo /etc/init.d/ssh restart + +# Test SSH Access only, no root ssh access +> ssh gradido@gddhost.tld +>> Will result in in either a password request for your key or the message `Permission denied (publickey)` +> ssh -i /path/to/privKey root@gddhost.tld +>> Will result in `Permission denied (publickey)` +> ssh -i /path/to/privKey gradido@gddhost.tld +>> Will succeed after entering the correct keys password (if any) + +# update system +> sudo apt-get update +> sudo apt-get upgrade + +# Install security tools +## UFW +> sudo apt-get install ufw +> sudo ufw allow http +> sudo ufw allow https +> sudo ufw allow ssh +> sudo ufw enable + +## fail2ban +> sudo apt-get install fail2ban +> sudo /etc/init.d/fail2ban restart + +# Install gradido +> sudo apt-get install git +> git clone https://github.com/gradido/gradido.git +> cd gradido/deployment/bare_metal +> ./install.sh \ No newline at end of file From e7f6085401f6e86a28b805ef2cc3521fab316686 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 30 Dec 2021 05:02:01 +0100 Subject: [PATCH 003/158] gradido install script template --- deployment/bare_metal/install.sh | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 deployment/bare_metal/install.sh diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh new file mode 100644 index 000000000..d98bc3bfa --- /dev/null +++ b/deployment/bare_metal/install.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +# This install script requires the minimum requirements already installed. +# This is described in detail in [setup.md](./setup.md) + From 49548ecd480b18ff231038375d1a9d43a231fd82 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 30 Dec 2021 05:02:40 +0100 Subject: [PATCH 004/158] make install script executable --- deployment/bare_metal/install.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/bare_metal/install.sh diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh old mode 100644 new mode 100755 From 798a620c5a5f54cacb32c115bca07ddc5aaf8e6b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 30 Dec 2021 05:17:28 +0100 Subject: [PATCH 005/158] some textual changes --- deployment/bare_metal/install.sh | 2 +- deployment/bare_metal/setup.md | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index d98bc3bfa..149c55f91 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -1,5 +1,5 @@ #!/bin/bash # This install script requires the minimum requirements already installed. -# This is described in detail in [setup.md](./setup.md) +# How to do this is described in detail in [setup.md](./setup.md) diff --git a/deployment/bare_metal/setup.md b/deployment/bare_metal/setup.md index a501b6dba..85ae26526 100644 --- a/deployment/bare_metal/setup.md +++ b/deployment/bare_metal/setup.md @@ -9,7 +9,11 @@ > passwd gradido >> enter new -# Gives the user priviledges - this might be omitted in order to harden security +# Gives the user priviledges - this might be omitted in order to harden security +# Care: This will require another administering user if you don't want root access. +# Since this setup expects the user running the software be the same as the administering user, +# you have to adjust the instructions according to that scenario. +# You might lock yourself out, if done wrong. > usermod -a -G sudo gradido # switch to the new user From a2c914d2a1d730fff889f32eb691ca33945e95b9 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 03:45:26 +0100 Subject: [PATCH 006/158] install script mariadb, nginx, curl, yarn, nodejs, pm2 --- deployment/bare_metal/install.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 149c55f91..a3cb134f1 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -3,3 +3,23 @@ # This install script requires the minimum requirements already installed. # How to do this is described in detail in [setup.md](./setup.md) +# Install mariadb +sudo apt-get install -y mariadb-server +#TODO sudo mysql_secure_installation + +# Install nginx +sudo apt-get install -y nginx + +# Install yarn +sudo apt-get install -y curl +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - +echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list +sudo apt-get update +sudo apt-get install -y yarn + +# Install node 16.x +curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash - +sudo apt-get install -y nodejs + +# Install pm2 +sudo yarn global add pm2 From 4cda535cee9003f8415efb2f36eff6c055e759ef Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 03:45:48 +0100 Subject: [PATCH 007/158] maintenance script --- deployment/bare_metal/maintenance.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deployment/bare_metal/maintenance.sh diff --git a/deployment/bare_metal/maintenance.sh b/deployment/bare_metal/maintenance.sh new file mode 100644 index 000000000..4a268d270 --- /dev/null +++ b/deployment/bare_metal/maintenance.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# update system +sudo apt-get update +sudo apt-get upgrade + +# update pm2 +sudo yarn global add pm2 +pm2 update \ No newline at end of file From 330281fc58f0f73702cfcf52b980780eabde7628 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 03:46:28 +0100 Subject: [PATCH 008/158] make maintenance script executable --- deployment/bare_metal/maintenance.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/bare_metal/maintenance.sh diff --git a/deployment/bare_metal/maintenance.sh b/deployment/bare_metal/maintenance.sh old mode 100644 new mode 100755 From 64c11ba925012cc603962495d2735ac042b4c966 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 04:21:12 +0100 Subject: [PATCH 009/158] start script --- deployment/bare_metal/start.sh | 46 ++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 deployment/bare_metal/start.sh diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh new file mode 100644 index 000000000..cfcf8cefa --- /dev/null +++ b/deployment/bare_metal/start.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# TODO Load .env + +# TODO update git branch + +# Node build process can be memory hungry - make sure you have either enoght memory or swap space +export NODE_OPTIONS="--max-old-space-size=6000" + +# Install & build database +# TODO change directory correcty +yarn install +yarn build + +# Install & build backend +# TODO change directory correcty +yarn install +yarn build + +# Install & build frontend +# TODO change directory correcty +yarn install +yarn build + +# Install & build admin +# TODO change directory correcty +yarn install +yarn build + +# start backend +# TODO pm2 stop gradido-backend +pm2 delete gradido-backend +# TODO working directory +pm2 start --name gradido-backend "yarn start" + +# start frontend +# TODO pm2 stop gradido-frontend +pm2 delete gradido-frontend +# TODO working directory +pm2 start --name gradido-frontend "yarn start" + +# start admin +# TODO pm2 stop gradido-admin +pm2 delete gradido-admin +# TODO working directory +pm2 start --name gradido-admin "yarn start" \ No newline at end of file From b5f0b2600b027444ef9fab4d6a685af5c9f57261 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 04:21:54 +0100 Subject: [PATCH 010/158] make start.sh executable --- deployment/bare_metal/start.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 deployment/bare_metal/start.sh diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh old mode 100644 new mode 100755 From fd7867ad5016f8e6e8852c6e5d5eeb1de154cc3d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 04:22:07 +0100 Subject: [PATCH 011/158] nginx gradido.conf --- .../nginx/sites-available/gradido.conf | 134 ++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 deployment/bare_metal/nginx/sites-available/gradido.conf diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf new file mode 100644 index 000000000..279ca9efb --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -0,0 +1,134 @@ +server { + server_name _; + #server_name 0.0.0.0; + listen 80; + listen [::]:80; + + #include /etc/nginx/common/protect.conf; + #include /etc/nginx/common/protect_add_header.conf; + #include /etc/nginx/common/ssl.conf; + + #root /var/www/html/gradido/community_server/webroot; + #index index.php; + + #gzip_static on; + + # Frontend + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } + + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:4000; + proxy_redirect off; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:8080; + proxy_redirect off; + } + + #location ~ \.php$ { + # fastcgi_pass community-server:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # # fastcgi_param PHP_VALUE "error_log=/var/www/myapp/logs/php_errors.log"; + # fastcgi_buffers 16 16k; + # fastcgi_buffer_size 32k; + # include fastcgi_params; + #} + + + #location / { + # try_files $uri $uri/ /index.php?$args; + #} + + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + #} + + #location ~ /\.ht { + # deny all; + # } + + #location /vue { + # alias /var/www/html/gradido/frontend/dist; + # index index.html; + # + # location ~* \.(png)$ { + # expires 39d; + # } + # try_files $uri $uri/ /index.html = 404; + #} + + #location /account { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_cache_bypass $http_upgrade; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header Host $host; + # rewrite /account/(.*) /$1 break; + # + # proxy_pass http://127.0.0.1:1200; + # proxy_redirect off; + #} + + #location /login_api { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_cache_bypass $http_upgrade; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header Host $host; + # rewrite /login_api/(.*) /$1 break; + # + # proxy_pass http://127.0.0.1:1201; + # proxy_redirect off; + #} + + #location / { + # try_files $uri $uri/ /index.php?$args; + #} + + #location /sockjs-node { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header Host $host; + # + # proxy_pass http://frontend:3000; + # proxy_redirect off; + #} + + access_log /var/log/nginx/access.log main; +} \ No newline at end of file From d3d0dc57ebf166d5db034447d8700ae580b1067e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 11:34:46 +0100 Subject: [PATCH 012/158] disable log --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 279ca9efb..6b03e759a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -130,5 +130,5 @@ server { # proxy_redirect off; #} - access_log /var/log/nginx/access.log main; + #access_log /var/log/nginx/access.log main; } \ No newline at end of file From f8e4a48700cb835ee2ca257d8a3fb465dace9f41 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 11:42:52 +0100 Subject: [PATCH 013/158] wildcard location for frontend --- .../nginx/sites-available/gradido.conf | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 6b03e759a..fce47c612 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -14,7 +14,7 @@ server { #gzip_static on; # Frontend - location / { + location ~ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -26,6 +26,18 @@ server { proxy_redirect off; } + #location /sockjs-node { + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header X-Forwarded-For $remote_addr; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header Host $host; + # + # proxy_pass http://frontend:3000; + # proxy_redirect off; + #} + # Backend location /graphql { proxy_http_version 1.1; @@ -118,17 +130,5 @@ server { # try_files $uri $uri/ /index.php?$args; #} - #location /sockjs-node { - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection 'upgrade'; - # proxy_set_header X-Forwarded-For $remote_addr; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header Host $host; - # - # proxy_pass http://frontend:3000; - # proxy_redirect off; - #} - #access_log /var/log/nginx/access.log main; } \ No newline at end of file From 7915cf171eadd8de73a6235b47ea5086c02dbc4c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 11:44:43 +0100 Subject: [PATCH 014/158] revert wildcard --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index fce47c612..4af1184ee 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -14,7 +14,7 @@ server { #gzip_static on; # Frontend - location ~ { + location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From 60848cc8188a7388b150c9f3e2956864528fa6a5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 11:45:54 +0100 Subject: [PATCH 015/158] cahnge public path to / (frontend) --- frontend/vue.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/vue.config.js b/frontend/vue.config.js index 88dae8c4c..47b016aea 100644 --- a/frontend/vue.config.js +++ b/frontend/vue.config.js @@ -17,7 +17,7 @@ module.exports = { }, }, lintOnSave: true, - publicPath: '/vue', + publicPath: '/', configureWebpack: { // Set up all the aliases we use in our app. resolve: { From a49cf65f0faba39ec170d075115dc685b5a70161 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 11:55:59 +0100 Subject: [PATCH 016/158] base path / not /vue (frontend) --- frontend/src/routes/router.js | 2 +- frontend/src/routes/router.test.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/frontend/src/routes/router.js b/frontend/src/routes/router.js index b44c8ab7e..9cfee6242 100644 --- a/frontend/src/routes/router.js +++ b/frontend/src/routes/router.js @@ -5,7 +5,7 @@ import routes from './routes' Vue.use(VueRouter) const router = new VueRouter({ - base: '/vue', + base: '/', routes, linkActiveClass: 'active', mode: 'history', diff --git a/frontend/src/routes/router.test.js b/frontend/src/routes/router.test.js index bc2f3d340..f82065bc0 100644 --- a/frontend/src/routes/router.test.js +++ b/frontend/src/routes/router.test.js @@ -6,10 +6,10 @@ describe('router', () => { const { options } = router const { scrollBehavior, routes } = options - it('has "/vue" as base', () => { + it('has "/" as base', () => { expect(options).toEqual( expect.objectContaining({ - base: '/vue', + base: '/', }), ) }) From acd04b34325173674b3ff2795d4698cd3dcd47e8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:12:33 +0100 Subject: [PATCH 017/158] removed /vue from tests, configs and references --- README.md | 4 ++-- admin/.env.dist | 4 ++-- admin/src/config/index.js | 4 ++-- backend/.env.dist | 2 +- backend/src/config/index.ts | 9 ++++---- .../resolver/CommunityResolver.test.ts | 16 +++++++------- .../src/graphql/resolver/CommunityResolver.ts | 12 +++++----- .../T02-C001-01-LoginMaske.md | 4 ++-- .../T02-C001-02-LoginMaske.md | 4 ++-- .../T02-C001-03-LoginMaske.md | 20 ++++++++--------- docu/create-coins-as-admin.md | 2 +- frontend/src/views/Pages/Login.spec.js | 8 +++---- frontend/src/views/Pages/Register.spec.js | 8 +++---- .../src/views/Pages/RegisterCommunity.spec.js | 8 +++---- .../Pages/RegisterSelectCommunity.spec.js | 22 +++++++++---------- login_server/README.md | 2 +- login_server/src/cpsp/Login.cpsp | 2 +- nginx/nginx.conf | 8 +++---- 18 files changed, 69 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index ce8e84df0..355a40b82 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ We are currently restructuring the service to reduce dependencies and unify busi ### Open the wallet -Once you have `docker-compose` up and running, you can open [http://localhost/vue](http://localhost/vue) and create yourself a new wallet account. +Once you have `docker-compose` up and running, you can open [http://localhost/](http://localhost/) and create yourself a new wallet account. ## How to release @@ -90,7 +90,7 @@ Note: The Changelog will be regenerated with all tags on release on the external | Problem | Issue | Solution | Description | | ------- | ----- | -------- | ----------- | | docker-compose raises database connection errors | [#1062](https://github.com/gradido/gradido/issues/1062) | End `ctrl+c` and restart the `docker-compose up` after a successful build | Several Database connection related errors occur in the docker-compose log. | -| Wallet page is empty | [#1063](https://github.com/gradido/gradido/issues/1063) | Accept Cookies and Local Storage in your Browser | The page stays empty when navigating to [http://localhost/vue](http://localhost/vue) | +| Wallet page is empty | [#1063](https://github.com/gradido/gradido/issues/1063) | Accept Cookies and Local Storage in your Browser | The page stays empty when navigating to [http://localhost/](http://localhost/) | ## Useful Links diff --git a/admin/.env.dist b/admin/.env.dist index 7e81ca9ab..9d9a6fc4c 100644 --- a/admin/.env.dist +++ b/admin/.env.dist @@ -1,4 +1,4 @@ GRAPHQL_URI=http://localhost:4000/graphql -WALLET_AUTH_URL=http://localhost/vue/authenticate?token=$1 -WALLET_URL=http://localhost/vue/login +WALLET_AUTH_URL=http://localhost/authenticate?token=$1 +WALLET_URL=http://localhost/login DEBUG_DISABLE_AUTH=false \ No newline at end of file diff --git a/admin/src/config/index.js b/admin/src/config/index.js index 430f10d36..5bcf7938b 100644 --- a/admin/src/config/index.js +++ b/admin/src/config/index.js @@ -19,8 +19,8 @@ const environment = { const endpoints = { GRAPHQL_URI: process.env.GRAPHQL_URI || 'http://localhost:4000/graphql', - WALLET_AUTH_URL: process.env.WALLET_AUTH_URL || 'http://localhost/vue/authenticate?token=$1', - WALLET_URL: process.env.WALLET_URL || 'http://localhost/vue/login', + WALLET_AUTH_URL: process.env.WALLET_AUTH_URL || 'http://localhost/authenticate?token=$1', + WALLET_URL: process.env.WALLET_URL || 'http://localhost/login', } const debug = { diff --git a/backend/.env.dist b/backend/.env.dist index f38e31be5..77fd9f6cc 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -19,7 +19,7 @@ DB_DATABASE=gradido_community #RESEND_TIME= RESEND_TIME=10 -#EMAIL_LINK_VERIFICATION=http://localhost/vue/checkEmail/$1 +#EMAIL_LINK_VERIFICATION=http://localhost/checkEmail/$1 #KLICKTIPP_USER= #KLICKTIPP_PASSWORD= diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 88d07737c..2ef382ee3 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -31,8 +31,8 @@ const klicktipp = { const community = { COMMUNITY_NAME: process.env.COMMUNITY_NAME || 'Gradido Entwicklung', - COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/vue/', - COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/vue/register', + COMMUNITY_URL: process.env.COMMUNITY_URL || 'http://localhost/', + COMMUNITY_REGISTER_URL: process.env.COMMUNITY_REGISTER_URL || 'http://localhost/register', COMMUNITY_DESCRIPTION: process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.', } @@ -50,9 +50,8 @@ const email = { EMAIL_PASSWORD: process.env.EMAIL_PASSWORD || 'xxx', EMAIL_SMTP_URL: process.env.EMAIL_SMTP_URL || 'gmail.com', EMAIL_SMTP_PORT: process.env.EMAIL_SMTP_PORT || '587', - EMAIL_LINK_VERIFICATION: - process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/vue/checkEmail/$1', - EMAIL_LINK_SETPASSWORD: process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/vue/reset/$1', + EMAIL_LINK_VERIFICATION: process.env.EMAIL_LINK_VERIFICATION || 'http://localhost/checkEmail/$1', + EMAIL_LINK_SETPASSWORD: process.env.EMAIL_LINK_SETPASSWORD || 'http://localhost/reset/$1', RESEND_TIME: isNaN(resendTime) ? 10 : resendTime, } diff --git a/backend/src/graphql/resolver/CommunityResolver.test.ts b/backend/src/graphql/resolver/CommunityResolver.test.ts index afc6decec..cc481c101 100644 --- a/backend/src/graphql/resolver/CommunityResolver.test.ts +++ b/backend/src/graphql/resolver/CommunityResolver.test.ts @@ -53,8 +53,8 @@ describe('CommunityResolver', () => { getCommunityInfo: { name: 'Gradido Entwicklung', description: 'Die lokale Entwicklungsumgebung von Gradido.', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register', + url: 'http://localhost/', + registerUrl: 'http://localhost/register', }, }, }) @@ -75,22 +75,22 @@ describe('CommunityResolver', () => { id: 1, name: 'Gradido Entwicklung', description: 'Die lokale Entwicklungsumgebung von Gradido.', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register-community', + url: 'http://localhost/', + registerUrl: 'http://localhost/register-community', }, { id: 2, name: 'Gradido Staging', description: 'Der Testserver der Gradido-Akademie.', - url: 'https://stage1.gradido.net/vue/', - registerUrl: 'https://stage1.gradido.net/vue/register-community', + url: 'https://stage1.gradido.net/', + registerUrl: 'https://stage1.gradido.net/register-community', }, { id: 3, name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }, ], }, @@ -112,7 +112,7 @@ describe('CommunityResolver', () => { name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }, ], }, diff --git a/backend/src/graphql/resolver/CommunityResolver.ts b/backend/src/graphql/resolver/CommunityResolver.ts index 5c9d46f34..1fa3887dc 100644 --- a/backend/src/graphql/resolver/CommunityResolver.ts +++ b/backend/src/graphql/resolver/CommunityResolver.ts @@ -29,7 +29,7 @@ export class CommunityResolver { name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }), ] return [ @@ -37,22 +37,22 @@ export class CommunityResolver { id: 1, name: 'Gradido Entwicklung', description: 'Die lokale Entwicklungsumgebung von Gradido.', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register-community', + url: 'http://localhost/', + registerUrl: 'http://localhost/register-community', }), new Community({ id: 2, name: 'Gradido Staging', description: 'Der Testserver der Gradido-Akademie.', - url: 'https://stage1.gradido.net/vue/', - registerUrl: 'https://stage1.gradido.net/vue/register-community', + url: 'https://stage1.gradido.net/', + registerUrl: 'https://stage1.gradido.net/register-community', }), new Community({ id: 3, name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }), ] } diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md index eae90354f..86beef1d9 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md @@ -28,8 +28,8 @@ Es wird die Anzeige der Login-Maske geprüft auf: Es wird die URL -* Testumgebung: https://stage1.gradido.net/vue/login -* Produktionsumgebung: https://gradido.net/vue/login +* Testumgebung: https://stage1.gradido.net/login +* Produktionsumgebung: https://gradido.net/login aufgerufen und die Login-Maske wird angezeigt. diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md index db14a3d1c..66296e892 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md @@ -31,8 +31,8 @@ Prüfung auf korrekten Funktionsweise des Buttons "Anmeldung": 2. Mit Betätigen des Buttons "Anmeldung" wird der Login-Prozess gestartet 1. *Gibt es noch weitere Prüfschritte (LOG-Ausgaben auf Login-, Community-Server o.ä.) die hier überprüft werden sollten?* 3. Bei erfolgreichem Login wird die URL angezeigt - * Testumgebung: "https://stage1.gradido.net/vue/overview" - * Produktionsumgebung: "https://gradido.net/vue/overview" + * Testumgebung: "https://stage1.gradido.net/overview" + * Produktionsumgebung: "https://gradido.net/overview" 4. Bei fehlerhaftem Login wird eine entsprechend aussagekräftige Fehlermeldung angezeigt und die Anzeige verbleibt auf der Login-Maske. ## Ende-Bedingungen: diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md index 3d9a373b2..a69573e99 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md @@ -21,8 +21,8 @@ Es wird in der Login-Maske die Funktion des Links "Passwort vergessen?"geprüft: Es wird die URL -* Testumgebung: https://stage1.gradido.net/vue/login -* Produktionsumgebung: https://gradido.net/vue/login +* Testumgebung: https://stage1.gradido.net/login +* Produktionsumgebung: https://gradido.net/login aufgerufen und die Login-Maske wird angezeigt. @@ -33,8 +33,8 @@ aufgerufen und die Login-Maske wird angezeigt. * Prüfung auf korrekte Funktionsweise des Links "Passwort vergessen?" * keine sonstigen Eingaben bzw. Vorraussetzungen notwendig * Mit Betätigen des Links "Passwort vergessen?" wird der Passwort-Zurücksetzen-Prozess gestartet und unter - * der Testumgebung: https://stage1.gradido.net/vue/password - * der Produktionsumgebung: https://gradido.net/vue/password + * der Testumgebung: https://stage1.gradido.net/password + * der Produktionsumgebung: https://gradido.net/password * folgende Maske angezeigt: ![1te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske1.png) @@ -70,8 +70,8 @@ aufgerufen und die Login-Maske wird angezeigt. 3. Wiederholung von Schritt 2.4.1 und 2.4.2 bis alle verfügbaren Sprachen geprüft sind 5. Link "Zurück" ist aktiv und landet auf URL - 1. Testumgebung: https://stage1.gradido.net/vue/Login - 2. Produktionsumgebung: https://gradido.net/vue/Login + 1. Testumgebung: https://stage1.gradido.net/Login + 2. Produktionsumgebung: https://gradido.net/Login 6. Footer-Links: 1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de" @@ -91,8 +91,8 @@ aufgerufen und die Login-Maske wird angezeigt. ![Email-Versandmakse](../image/T02-C001-03-LoginMaske2.png) 5. **In dem angegebenen Email-Postfach wird eine Email empfangen, die ein Zurücksetzen-Link enthält:** - 1. Testumgebung: https://stage1.gradido.net/vue/reset/'erzeugter rest-code' - 2. Produktionsumgebung: https://gradido.net/vue/reset/'erzeugter reset-code' + 1. Testumgebung: https://stage1.gradido.net/reset/'erzeugter rest-code' + 2. Produktionsumgebung: https://gradido.net/reset/'erzeugter reset-code' 6. **Mit Betätigen des Reset-Links bzw. Aufruf des Rest-Links im Browser wird folgende Maske angezeigt:** ![2te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske3.png) @@ -137,8 +137,8 @@ aufgerufen und die Login-Maske wird angezeigt. 3. Wiederholung von Schritt 8.3.1 und 8.3.2 bis alle verfügbaren Sprachen geprüft sind 12. Link "Zurück" ist aktiv und landet auf URL - 1. Testumgebung: https://stage1.gradido.net/vue/Login - 2. Produktionsumgebung: https://gradido.net/vue/Login + 1. Testumgebung: https://stage1.gradido.net/Login + 2. Produktionsumgebung: https://gradido.net/Login 13. Footer-Links: 1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de" diff --git a/docu/create-coins-as-admin.md b/docu/create-coins-as-admin.md index 6a95df119..f03da7733 100644 --- a/docu/create-coins-as-admin.md +++ b/docu/create-coins-as-admin.md @@ -1,5 +1,5 @@ ### User creation -A user needs to be created on the login_server we do this when we create a User in the client https://$community_domain/vue/register. +A user needs to be created on the login_server we do this when we create a User in the client https://$community_domain/register. ### Admin user To set a User admin we need the following SQL query on the gradido_login database: diff --git a/frontend/src/views/Pages/Login.spec.js b/frontend/src/views/Pages/Login.spec.js index f9fde0e1e..ccca848ba 100644 --- a/frontend/src/views/Pages/Login.spec.js +++ b/frontend/src/views/Pages/Login.spec.js @@ -10,7 +10,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({ name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }, }, }) @@ -79,7 +79,7 @@ describe('Login', () => { name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }) }) @@ -111,8 +111,8 @@ describe('Login', () => { jest.clearAllMocks() mocks.$store.state.community = { name: 'Gradido Entwicklung', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register', + url: 'http://localhost/', + registerUrl: 'http://localhost/register', description: 'Die lokale Entwicklungsumgebung von Gradido.', } wrapper = Wrapper() diff --git a/frontend/src/views/Pages/Register.spec.js b/frontend/src/views/Pages/Register.spec.js index 820229a4a..56f97549d 100644 --- a/frontend/src/views/Pages/Register.spec.js +++ b/frontend/src/views/Pages/Register.spec.js @@ -11,7 +11,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({ name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }, }, }) @@ -73,7 +73,7 @@ describe('Register', () => { name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }) }) @@ -105,8 +105,8 @@ describe('Register', () => { jest.clearAllMocks() mocks.$store.state.community = { name: 'Gradido Entwicklung', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register', + url: 'http://localhost/', + registerUrl: 'http://localhost/register', description: 'Die lokale Entwicklungsumgebung von Gradido.', } wrapper = Wrapper() diff --git a/frontend/src/views/Pages/RegisterCommunity.spec.js b/frontend/src/views/Pages/RegisterCommunity.spec.js index 477e5e08e..6d6574881 100644 --- a/frontend/src/views/Pages/RegisterCommunity.spec.js +++ b/frontend/src/views/Pages/RegisterCommunity.spec.js @@ -9,7 +9,7 @@ const apolloQueryMock = jest.fn().mockResolvedValue({ name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }, }, }) @@ -61,7 +61,7 @@ describe('RegisterCommunity', () => { name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }) }) @@ -87,8 +87,8 @@ describe('RegisterCommunity', () => { jest.clearAllMocks() mocks.$store.state.community = { name: 'Gradido Entwicklung', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register', + url: 'http://localhost/', + registerUrl: 'http://localhost/register', description: 'Die lokale Entwicklungsumgebung von Gradido.', } wrapper = Wrapper() diff --git a/frontend/src/views/Pages/RegisterSelectCommunity.spec.js b/frontend/src/views/Pages/RegisterSelectCommunity.spec.js index ad80c7e38..f4e980cd0 100644 --- a/frontend/src/views/Pages/RegisterSelectCommunity.spec.js +++ b/frontend/src/views/Pages/RegisterSelectCommunity.spec.js @@ -20,7 +20,7 @@ const apolloQueryMock = jest name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }, }, }) @@ -31,22 +31,22 @@ const apolloQueryMock = jest id: 1, name: 'Gradido Entwicklung', description: 'Die lokale Entwicklungsumgebung von Gradido.', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register-community', + url: 'http://localhost/', + registerUrl: 'http://localhost/register-community', }, { id: 2, name: 'Gradido Staging', description: 'Der Testserver der Gradido-Akademie.', - url: 'https://stage1.gradido.net/vue/', - registerUrl: 'https://stage1.gradido.net/vue/register-community', + url: 'https://stage1.gradido.net/', + registerUrl: 'https://stage1.gradido.net/register-community', }, { id: 3, name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }, ], }, @@ -139,8 +139,8 @@ describe('RegisterSelectCommunity', () => { mocks.$store.state.community = { name: 'Gradido Entwicklung', description: 'Die lokale Entwicklungsumgebung von Gradido.', - url: 'http://localhost/vue/', - registerUrl: 'http://localhost/vue/register-community', + url: 'http://localhost/', + registerUrl: 'http://localhost/register-community', } wrapper = Wrapper() }) @@ -172,15 +172,15 @@ describe('RegisterSelectCommunity', () => { id: 2, name: 'Gradido Staging', description: 'Der Testserver der Gradido-Akademie.', - url: 'https://stage1.gradido.net/vue/', - registerUrl: 'https://stage1.gradido.net/vue/register-community', + url: 'https://stage1.gradido.net/', + registerUrl: 'https://stage1.gradido.net/register-community', }, { id: 3, name: 'Gradido-Akademie', description: 'Freies Institut für Wirtschaftsbionik.', url: 'https://gradido.net', - registerUrl: 'https://gdd1.gradido.com/vue/register-community', + registerUrl: 'https://gdd1.gradido.com/register-community', }, ], }) diff --git a/login_server/README.md b/login_server/README.md index 118d0d53c..0628fc800 100644 --- a/login_server/README.md +++ b/login_server/README.md @@ -113,7 +113,7 @@ loginServer.db.password = loginServer.db.port = 3306 # check email path for new frontend for link generation in emails -frontend.checkEmailPath = http://localhost/vue/reset +frontend.checkEmailPath = http://localhost/reset # disable email all together email.disable = true diff --git a/login_server/src/cpsp/Login.cpsp b/login_server/src/cpsp/Login.cpsp index 6ddd8a066..4ee21ecae 100644 --- a/login_server/src/cpsp/Login.cpsp +++ b/login_server/src/cpsp/Login.cpsp @@ -299,7 +299,7 @@
- <%= langCatalog->gettext("Passwort vergessen") %> + <%= langCatalog->gettext("Passwort vergessen") %>
diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 48d703997..7e9ad6365 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -53,11 +53,11 @@ server { proxy_redirect off; } - location / { - try_files $uri $uri/ /index.php?$args; - } + #location / { + # try_files $uri $uri/ /index.php?$args; + #} - location /vue { + location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From 268d8b6ed1fb59edc6945ece527a7148ef42fea3 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:12:52 +0100 Subject: [PATCH 018/158] updated install script to match debian 11 --- deployment/bare_metal/install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index a3cb134f1..ae41145a5 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -9,9 +9,13 @@ sudo apt-get install -y mariadb-server # Install nginx sudo apt-get install -y nginx +cd /etc/nginx/sites-enabled # TODO change directory again +sudo rm default +sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf gradido.conf # Install yarn sudo apt-get install -y curl +sudo apt-get install -y gnupg curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update @@ -20,6 +24,7 @@ sudo apt-get install -y yarn # Install node 16.x curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash - sudo apt-get install -y nodejs +sudo apt-get install -y build-essential # Install pm2 sudo yarn global add pm2 From 0c5527ee9a05d4f48b8c3035db61755244535780 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:13:09 +0100 Subject: [PATCH 019/158] setup description for debian 11 --- deployment/bare_metal/setup.md | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/deployment/bare_metal/setup.md b/deployment/bare_metal/setup.md index 85ae26526..f3312a80b 100644 --- a/deployment/bare_metal/setup.md +++ b/deployment/bare_metal/setup.md @@ -1,6 +1,6 @@ # Setup script to setup the server be ready to run gradido # This assums you have root access via ssh to your cleanly setup server -# Furthermore this assums you have debian (10 64bit) running +# Furthermore this assums you have debian (11 64bit) running > ssh root@gddhost.tld @@ -16,18 +16,18 @@ # You might lock yourself out, if done wrong. > usermod -a -G sudo gradido +# Install sudo +> apt-get install sudo # switch to the new user > su gradido # Register first ssh key for user `gradido` > mkdir ~/.ssh > chmod 700 ~/.ssh -> vim ~/.ssh/authorized_keys ->> press i +> nano ~/.ssh/authorized_keys >> insert public key ->> press esc ->> write :wq ->> press enter +>> ctrl + x +>> save # Test authentication via SSH > ssh -i /path/to/privKey gradido@gddhost.tld @@ -36,14 +36,12 @@ # Disable password authentication & root login > cd /etc/ssh > sudo cp sshd_config sshd_config.org -> sudo vim sshd_config ->> press i +> sudo nano sshd_config >> change `PermitRootLogin yes` to `PermitRootLogin no` >> change `#PasswordAuthentication yes` to `PasswordAuthentication no` >> change `UsePAM yes` to `UsePAM no` ->> press esc ->> write :wq ->> press enter +>> ctrl + x +>> save > sudo /etc/init.d/ssh restart # Test SSH Access only, no root ssh access From 3f6f7506705bd9add6b027cc332a5e77af268c13 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:13:40 +0100 Subject: [PATCH 020/158] removed sockjs-node configuration from nginx config --- .../bare_metal/nginx/sites-available/gradido.conf | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 4af1184ee..90b01b3bb 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -26,18 +26,6 @@ server { proxy_redirect off; } - #location /sockjs-node { - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection 'upgrade'; - # proxy_set_header X-Forwarded-For $remote_addr; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header Host $host; - # - # proxy_pass http://frontend:3000; - # proxy_redirect off; - #} - # Backend location /graphql { proxy_http_version 1.1; From 773e92e0bff3ffce187411f1284c0faa080cddc4 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:14:23 +0100 Subject: [PATCH 021/158] try ~ wildcard again --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 90b01b3bb..4fcbfeacd 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -14,7 +14,7 @@ server { #gzip_static on; # Frontend - location / { + location ~ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From 29a086648141d344e24901cb5f269697471c3ae8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:17:46 +0100 Subject: [PATCH 022/158] wildcard fix(?) --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 4fcbfeacd..2b9488bd3 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -14,7 +14,7 @@ server { #gzip_static on; # Frontend - location ~ { + location ~* { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From ab94184e0889b5957ab8dfe48672f972f7c3c795 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:23:36 +0100 Subject: [PATCH 023/158] more nginx config things --- .../nginx/sites-available/gradido.conf | 56 ++++++++++--------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 2b9488bd3..bcc2b4f28 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -13,8 +13,34 @@ server { #gzip_static on; - # Frontend - location ~* { + location / { + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:4000; + proxy_redirect off; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:8080; + proxy_redirect off; + } + + # Frontend (default) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -26,31 +52,7 @@ server { proxy_redirect off; } - # Backend - location /graphql { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:4000; - proxy_redirect off; - } - - # Admin Frontend - location /admin { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:8080; - proxy_redirect off; - } + #location ~ \.php$ { # fastcgi_pass community-server:9000; From a7291bb68e3f9afb9c0089b2a6586f68078615b1 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:45:33 +0100 Subject: [PATCH 024/158] seperate locations again --- .../nginx/sites-available/gradido.conf | 54 +++++++++---------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index bcc2b4f28..2c5336dec 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -13,34 +13,8 @@ server { #gzip_static on; + # Frontend (default) location / { - # Backend - location /graphql { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:4000; - proxy_redirect off; - } - - # Admin Frontend - location /admin { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://127.0.0.1:8080; - proxy_redirect off; - } - - # Frontend (default) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -52,7 +26,31 @@ server { proxy_redirect off; } - + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:4000; + proxy_redirect off; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:8080; + proxy_redirect off; + } #location ~ \.php$ { # fastcgi_pass community-server:9000; From 71c3d3c37ffad86823a899fddb18d0cce7be41aa Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 12:47:30 +0100 Subject: [PATCH 025/158] update subfolder paths --- deployment/bare_metal/nginx/sites-available/gradido.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 2c5336dec..4e488819a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -27,7 +27,7 @@ server { } # Backend - location /graphql { + location /graphql/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -40,7 +40,7 @@ server { } # Admin Frontend - location /admin { + location /admin/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From 2347deb31757dec24de87818489040379ab2f8be Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 19:58:34 +0100 Subject: [PATCH 026/158] updated run script for frontend --- frontend/run/server.js | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/frontend/run/server.js b/frontend/run/server.js index 8a3f54557..c935009d8 100644 --- a/frontend/run/server.js +++ b/frontend/run/server.js @@ -1,3 +1,4 @@ +/* // Imports const express = require('express') const serveStatic = require('serve-static') @@ -13,3 +14,22 @@ app.listen(port) // eslint-disable-next-line no-console console.log(`http://frontend:${port} server started.`) +*/ + +const express = require('express') +const path = require('path') + +const hostname = '127.0.0.1' +const port = process.env.PORT || 3000 + +const app = express() +app.use(express.static(path.join(__dirname, '../dist'))) + +app.get('*', (req, res) => { + res.sendFile(__dirname, '../dist/index.html') +}) + +app.listen(port, hostname, () => { + // eslint-disable-next-line no-console + console.log('Listening at http://%s:%s/', hostname, port) +}) From f8878ce65a0bc2a34945f913d8fa85604ad7f803 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 20:05:48 +0100 Subject: [PATCH 027/158] log requests on frontend server script --- frontend/run/server.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frontend/run/server.js b/frontend/run/server.js index c935009d8..6d26503cf 100644 --- a/frontend/run/server.js +++ b/frontend/run/server.js @@ -26,6 +26,8 @@ const app = express() app.use(express.static(path.join(__dirname, '../dist'))) app.get('*', (req, res) => { + // eslint-disable-next-line no-console + console.log('Request', req) res.sendFile(__dirname, '../dist/index.html') }) From c0d5fea248527d231483f083f91d4f79cea77278 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 20:14:29 +0100 Subject: [PATCH 028/158] updated server.js --- frontend/run/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/run/server.js b/frontend/run/server.js index 6d26503cf..12a9cbd79 100644 --- a/frontend/run/server.js +++ b/frontend/run/server.js @@ -28,7 +28,7 @@ app.use(express.static(path.join(__dirname, '../dist'))) app.get('*', (req, res) => { // eslint-disable-next-line no-console console.log('Request', req) - res.sendFile(__dirname, '../dist/index.html') + res.sendFile(path.join(__dirname, '../dist/index.html')) }) app.listen(port, hostname, () => { From 00ecc2b9996b34a48806b8aa3023147cefe37702 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 20:20:49 +0100 Subject: [PATCH 029/158] cleanup run script (frontend) include new run script(admin) --- admin/run/server.js | 22 ++++++++++++++-------- frontend/run/server.js | 26 +++++--------------------- 2 files changed, 19 insertions(+), 29 deletions(-) diff --git a/admin/run/server.js b/admin/run/server.js index 97a525427..7d75acba8 100644 --- a/admin/run/server.js +++ b/admin/run/server.js @@ -1,15 +1,21 @@ // Imports const express = require('express') -const serveStatic = require('serve-static') +const path = require('path') -// Port -const port = process.env.PORT || 8080 +// Host & Port +const hostname = '127.0.0.1' +const port = process.env.PORT || 3000 // Express Server const app = express() -// eslint-disable-next-line node/no-path-concat -app.use(serveStatic(__dirname + '/../dist')) -app.listen(port) +// Serve files +app.use(express.static(path.join(__dirname, '../dist'))) +// Default to index.html +app.get('*', (req, res) => { + res.sendFile(path.join(__dirname, '../dist/index.html')) +}) -// eslint-disable-next-line no-console -console.log(`http://admin:${port} server started.`) +app.listen(port, hostname, () => { + // eslint-disable-next-line no-console + console.log('Listening at http://%s:%s/', hostname, port) +}) diff --git a/frontend/run/server.js b/frontend/run/server.js index 12a9cbd79..7d75acba8 100644 --- a/frontend/run/server.js +++ b/frontend/run/server.js @@ -1,33 +1,17 @@ -/* // Imports const express = require('express') -const serveStatic = require('serve-static') +const path = require('path') -// Port +// Host & Port +const hostname = '127.0.0.1' const port = process.env.PORT || 3000 // Express Server const app = express() -// eslint-disable-next-line node/no-path-concat -app.use(serveStatic(__dirname + '/../dist')) -app.listen(port) - -// eslint-disable-next-line no-console -console.log(`http://frontend:${port} server started.`) -*/ - -const express = require('express') -const path = require('path') - -const hostname = '127.0.0.1' -const port = process.env.PORT || 3000 - -const app = express() +// Serve files app.use(express.static(path.join(__dirname, '../dist'))) - +// Default to index.html app.get('*', (req, res) => { - // eslint-disable-next-line no-console - console.log('Request', req) res.sendFile(path.join(__dirname, '../dist/index.html')) }) From 644c55b5736526a3066b85993116e5d5f3b956fc Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 20:22:55 +0100 Subject: [PATCH 030/158] corrected admin port --- admin/run/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/run/server.js b/admin/run/server.js index 7d75acba8..bccefc65c 100644 --- a/admin/run/server.js +++ b/admin/run/server.js @@ -4,7 +4,7 @@ const path = require('path') // Host & Port const hostname = '127.0.0.1' -const port = process.env.PORT || 3000 +const port = process.env.PORT || 8080 // Express Server const app = express() From 4b099d7e5883d84d79f90bbc94a011966f0085e5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 21:19:35 +0100 Subject: [PATCH 031/158] correct comments try to fix backend proxy in nginx missing change for /vue remove --- deployment/bare_metal/nginx/sites-available/gradido.conf | 3 ++- deployment/bare_metal/setup.md | 4 ++-- frontend/src/store/store.test.js | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 4e488819a..9b4b5f58c 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -35,7 +35,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000; + #todo remove /graphql + proxy_pass http://127.0.0.1:4000/graphql; proxy_redirect off; } diff --git a/deployment/bare_metal/setup.md b/deployment/bare_metal/setup.md index f3312a80b..bc1ee81eb 100644 --- a/deployment/bare_metal/setup.md +++ b/deployment/bare_metal/setup.md @@ -1,6 +1,6 @@ # Setup script to setup the server be ready to run gradido # This assums you have root access via ssh to your cleanly setup server -# Furthermore this assums you have debian (11 64bit) running +# Furthermore this assumes you have debian (11 64bit) running > ssh root@gddhost.tld @@ -57,7 +57,7 @@ > sudo apt-get upgrade # Install security tools -## UFW +## ufw > sudo apt-get install ufw > sudo ufw allow http > sudo ufw allow https diff --git a/frontend/src/store/store.test.js b/frontend/src/store/store.test.js index 41a0540be..da108b9ff 100644 --- a/frontend/src/store/store.test.js +++ b/frontend/src/store/store.test.js @@ -124,13 +124,13 @@ describe('Vuex store', () => { name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }) expect(state.community).toEqual({ name: 'test12', description: 'test community 12', url: 'http://test12.test12/', - registerUrl: 'http://test12.test12/vue/register', + registerUrl: 'http://test12.test12/register', }) }) }) From 9c36fc798fc95b498026c8cd084708c3ba0d7a58 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 21:22:26 +0100 Subject: [PATCH 032/158] try without trailing slash for backend (nginx) updated start script --- .../bare_metal/nginx/sites-available/gradido.conf | 4 ++-- deployment/bare_metal/start.sh | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 9b4b5f58c..cb031c50e 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -27,7 +27,7 @@ server { } # Backend - location /graphql/ { + location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -41,7 +41,7 @@ server { } # Admin Frontend - location /admin/ { + location /admin { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index cfcf8cefa..870b0c0d2 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -5,12 +5,15 @@ # TODO update git branch # Node build process can be memory hungry - make sure you have either enoght memory or swap space -export NODE_OPTIONS="--max-old-space-size=6000" +#export NODE_OPTIONS="--max-old-space-size=6000" # Install & build database # TODO change directory correcty yarn install yarn build +yarn up +# TODO only in staging! +yarn seed # Install & build backend # TODO change directory correcty @@ -32,15 +35,21 @@ yarn build pm2 delete gradido-backend # TODO working directory pm2 start --name gradido-backend "yarn start" +pm2 save # start frontend # TODO pm2 stop gradido-frontend pm2 delete gradido-frontend # TODO working directory pm2 start --name gradido-frontend "yarn start" +pm2 save # start admin # TODO pm2 stop gradido-admin pm2 delete gradido-admin # TODO working directory -pm2 start --name gradido-admin "yarn start" \ No newline at end of file +pm2 start --name gradido-admin "yarn start" +pm2 save + +# restart nginx +sudo /etc/init.d/nginx restart \ No newline at end of file From 55089b4b10c152e5a8ec0f691cb665e3388f57c6 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 21:44:34 +0100 Subject: [PATCH 033/158] change servername --- deployment/bare_metal/nginx/sites-available/gradido.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index cb031c50e..1543b05af 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -1,5 +1,6 @@ server { - server_name _; + # TODO correct server name stage1.gradido.net + server_name stage1.gradido.net; #server_name 0.0.0.0; listen 80; listen [::]:80; From 564261a72fc2332e650b75362612e663402b033e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 21:57:52 +0100 Subject: [PATCH 034/158] nginx /admin forwarding --- deployment/bare_metal/nginx/sites-available/gradido.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 1543b05af..a6723a500 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -50,7 +50,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; + #todo remove /admin + proxy_pass http://127.0.0.1:8080/admin; proxy_redirect off; } From ccc9b9bf58d43f2bac25bbb096be48ded3194fca Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 22:02:48 +0100 Subject: [PATCH 035/158] nginx do not forward /admin, but enforce trailing slash --- deployment/bare_metal/nginx/sites-available/gradido.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index a6723a500..c0955c4ce 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -42,7 +42,7 @@ server { } # Admin Frontend - location /admin { + location /admin/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -50,8 +50,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - #todo remove /admin - proxy_pass http://127.0.0.1:8080/admin; + proxy_pass http://127.0.0.1:8080; proxy_redirect off; } From 40cb92d076858ab5fa1e432d4185d2d2bdf1c09c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 5 Jan 2022 22:06:13 +0100 Subject: [PATCH 036/158] nginx admin trailing slahs and forward with slash --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index c0955c4ce..c80776513 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -50,7 +50,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:8080/admin/; proxy_redirect off; } From 6b4f0b9478081268ff32c0442cd7b37a5e263cb2 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:15:46 +0100 Subject: [PATCH 037/158] updated nginx config for ssl --- .../nginx/sites-available/gradido.conf | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index c80776513..82384243f 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -1,9 +1,33 @@ +# HTTP server +server { + if ($host = stage1.gradido.net) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name stage1.gradido.net; + listen 80; + listen [::]:80; + return 404; # managed by Certbot + + +} + +# HTTPS Server server { # TODO correct server name stage1.gradido.net server_name stage1.gradido.net; #server_name 0.0.0.0; - listen 80; - listen [::]:80; + #listen 80; + #listen [::]:80; + + # TODO + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/stage1.gradido.net/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/stage1.gradido.net/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot #include /etc/nginx/common/protect.conf; #include /etc/nginx/common/protect_add_header.conf; @@ -42,7 +66,7 @@ server { } # Admin Frontend - location /admin/ { + location /admin { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; From 70266e23ce49dca8c4f2fb1afc98e2edb5625940 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:16:58 +0100 Subject: [PATCH 038/158] install script cert bot, database setup --- deployment/bare_metal/install.sh | 62 +++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index ae41145a5..e342fa546 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -5,13 +5,64 @@ # Install mariadb sudo apt-get install -y mariadb-server -#TODO sudo mysql_secure_installation +sudo mysql_secure_installation +# Enter current password for root (enter for none): enter +# Switch to unix_socket authentication [Y/n] Y +# Change the root password? [Y/n] n +# Remove anonymous users? [Y/n] Y +# Disallow root login remotely? [Y/n] Y +# Remove test database and access to it? [Y/n] Y +# Reload privilege tables now? [Y/n] Y + +# create db user +DB_USER=gradido +DB_PASSWORD=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo); +# create table +#create database gradido_community +# DEFAULT CHARACTER SET utf8mb4 +# DEFAULT COLLATE utf8mb4_unicode_ci; +# GRANT ALL PRIVILEGES ON gradido_community.* TO '$DB_USER'@'localhost'; +sudo mysql < Enter email address (used for urgent renewal and security notices) > support@gradido.net +> Please read the Terms of Service at > Y +> Would you be willing, once your first certificate is successfully issued, to > N +> No names were found in your configuration files. Please enter in your domain > stage1.gradido.net \ No newline at end of file From aba2b272f6c8063c955d55aea60353f0cec59823 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:23:07 +0100 Subject: [PATCH 039/158] include express explicitly since its required for the run script --- admin/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/admin/package.json b/admin/package.json index c94d0a2b0..93fbed8ae 100644 --- a/admin/package.json +++ b/admin/package.json @@ -33,6 +33,7 @@ "core-js": "^3.6.5", "dotenv-webpack": "^7.0.3", "graphql": "^15.6.1", + "express": "^4.17.1", "identity-obj-proxy": "^3.0.0", "jest": "26.6.3", "moment": "^2.29.1", From 76c8f971eba1f497b136afd983e0b3cdce46b93d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:27:35 +0100 Subject: [PATCH 040/158] corrected admin nginx conf(?) --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 82384243f..8b776bc44 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -74,7 +74,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080/admin/; + proxy_pass http://127.0.0.1:8080; proxy_redirect off; } From 1852bcda541a2607ea13e55a68b793c0b7802c21 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:30:28 +0100 Subject: [PATCH 041/158] correct admin nginx for good --- deployment/bare_metal/nginx/sites-available/gradido.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 8b776bc44..001f4924e 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -74,7 +74,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:8080/; proxy_redirect off; } From 6ad8bc79ab77f041c0e1bc23c57cfc8cfd8d6775 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:41:45 +0100 Subject: [PATCH 042/158] clean start script --- deployment/bare_metal/start.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 870b0c0d2..14b2c5c6b 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -4,9 +4,6 @@ # TODO update git branch -# Node build process can be memory hungry - make sure you have either enoght memory or swap space -#export NODE_OPTIONS="--max-old-space-size=6000" - # Install & build database # TODO change directory correcty yarn install From f3e4bc805a22034d7bcc8f2fe0aca2e7346c804e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:41:56 +0100 Subject: [PATCH 043/158] clean nginx config --- .../nginx/sites-available/gradido.conf | 64 +------------------ 1 file changed, 2 insertions(+), 62 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 001f4924e..99e288b2a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -1,25 +1,20 @@ # HTTP server +#TODO server { if ($host = stage1.gradido.net) { return 301 https://$host$request_uri; } # managed by Certbot - server_name stage1.gradido.net; listen 80; listen [::]:80; return 404; # managed by Certbot - - } # HTTPS Server server { # TODO correct server name stage1.gradido.net server_name stage1.gradido.net; - #server_name 0.0.0.0; - #listen 80; - #listen [::]:80; # TODO listen [::]:443 ssl ipv6only=on; # managed by Certbot @@ -31,10 +26,7 @@ server { #include /etc/nginx/common/protect.conf; #include /etc/nginx/common/protect_add_header.conf; - #include /etc/nginx/common/ssl.conf; - - #root /var/www/html/gradido/community_server/webroot; - #index index.php; + #include /etc/nginx/common/ssl.conf; #gzip_static on; @@ -78,26 +70,6 @@ server { proxy_redirect off; } - #location ~ \.php$ { - # fastcgi_pass community-server:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # # fastcgi_param PHP_VALUE "error_log=/var/www/myapp/logs/php_errors.log"; - # fastcgi_buffers 16 16k; - # fastcgi_buffer_size 32k; - # include fastcgi_params; - #} - - - #location / { - # try_files $uri $uri/ /index.php?$args; - #} - - #location ~ \.php$ { - # include snippets/fastcgi-php.conf; - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - #} - #location ~ /\.ht { # deny all; # } @@ -112,37 +84,5 @@ server { # try_files $uri $uri/ /index.html = 404; #} - #location /account { - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection 'upgrade'; - # proxy_cache_bypass $http_upgrade; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $remote_addr; - # proxy_set_header Host $host; - # rewrite /account/(.*) /$1 break; - # - # proxy_pass http://127.0.0.1:1200; - # proxy_redirect off; - #} - - #location /login_api { - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection 'upgrade'; - # proxy_cache_bypass $http_upgrade; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $remote_addr; - # proxy_set_header Host $host; - # rewrite /login_api/(.*) /$1 break; - # - # proxy_pass http://127.0.0.1:1201; - # proxy_redirect off; - #} - - #location / { - # try_files $uri $uri/ /index.php?$args; - #} - #access_log /var/log/nginx/access.log main; } \ No newline at end of file From 2281e791b80a5bd413f3d7f49e2389b420b161b5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:54:36 +0100 Subject: [PATCH 044/158] reduced original script to whats left to do --- .../old/setup_server_online_ubuntu18.sh | 186 +----------------- 1 file changed, 1 insertion(+), 185 deletions(-) diff --git a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh index cd0ce8ee9..e8f766424 100644 --- a/deployment/bare_metal/old/setup_server_online_ubuntu18.sh +++ b/deployment/bare_metal/old/setup_server_online_ubuntu18.sh @@ -1,128 +1,4 @@ -#!/bin/bash -echo "Start with installing necessary packets" -echo "Maria DB MySql-Server" -sudo apt update -sudo apt install -y mariadb-server -sudo mysql_secure_installation -echo "nginx and php 7.2" -sudo apt-get install -y nginx php7.2-fpm php7.2-mbstring php7.2-intl php7.2-xml php7.2-pdo php7.2-mysql -echo "firewall and fail2ban" -sudo apt-get install -y fail2ban ufw net-tools certbot python3-certbot-nginx - -echo "ufw" -sudo ufw allow http -sudo ufw allow https -sudo ufw allow ssh -sudo ufw enable - -# for installing packages for community-server -echo "Composer" -# Composer install script from https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md -cd ~ -EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)" -php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" -ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" - -if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] -then - echo 'ERROR: Invalid installer checksum' - rm composer-setup.php - exit 1 -fi - -php composer-setup.php --quiet -RESULT=$? -rm composer-setup.php -#exit $RESULT -echo "Composer install result: ${RESULT}" - -sudo mv composer.phar /usr/local/bin/composer - -# for compiling login server -# you can use another folder if you like, this is not the default folder for this -cd ~/ -mkdir code -cd code - - -git clone https://github.com/Kitware/CMake.git --branch v3.19.8 -cd CMake - -./bootstrap && make -j${CPU_COUNT} && sudo make install - # nginx security -echo "Additional Security for nginx" -sudo mkdir /etc/nginx/common -cd /etc/nginx/common -sudo cat << "EOF" > protect.conf -# Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files -location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" { - deny all; -} -# Deny access to backup extensions & log files -location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" { - deny all; -} -# deny access to hidden files and directories -location ~ /\.(?!well-known\/) { - deny all; -} -# deny access to base64 encoded urls -location ~* \"(base64_encode)(.*)(\()\" { - deny all; -} -# deny access to url with the javascript eval() function -location ~* \"(eval\()\" { - deny all; -} -# deny access to url which include \"127.0.0.1\" -location ~* \"(127\.0\.0\.1)\" { - deny all; -} -location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" { - deny all; -} -location ~* \"(<|%3C).*script.*(>|%3)\" { - deny all; -} -location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" { - deny all; -} -location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" { - deny all; -} -location ~* \"(https?|ftp|php):/\" { - deny all; -} -location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" { - deny all; -} -location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" { - deny all; -} -location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" { - deny all; -} -location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" { - deny all; -} -location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" { - deny all; -} -EOF - -sudo cat << "EOF" > protect_add_header.conf -# Prevent browsers from incorrectly detecting non-scripts as scripts -# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options -add_header X-Content-Type-Options "nosniff"; - -# prevent clickjacking: https://www.owasp.org/index.php/Clickjacking -# https://geekflare.com/add-x-frame-options-nginx/ -# https://infosec.mozilla.org/guidelines/web_security#x-frame-options -add_header Content-Security-Policy "frame-ancestors 'none'"; -add_header X-Frame-Options "DENY"; -EOF - sudo cat << "EOF" > ssl.conf ## # SSL Settings @@ -158,58 +34,6 @@ sudo cat << "EOF" > ssl.conf add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; EOF -cd /etc/nginx/sites-available -sudo cp default default_original -sudo cat< default -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# https://www.nginx.com/resources/wiki/start/ -# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ -# https://wiki.debian.org/Nginx/DirectoryStructure -# -# In most cases, administrators will remove this file from sites-enabled/ and -# leave it as reference inside of sites-available where it will continue to be -# updated by the nginx packaging team. -# -# This file will automatically load configuration files provided by other -# applications, such as Drupal or Wordpress. These applications will be made -# available underneath a path with that package name, such as /drupal8. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - -# Default server configuration -# -server { - listen 80 default_server; - listen [::]:80 default_server; - - include /etc/nginx/common/protect.conf; - - server_name _; - - location / { - deny all; - } - - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - -# catch requests with empty hosts -server { - listen 80; - server_name ""; - return 444; -} -EOF - cd /etc/nginx/conf.d sudo cat < logging.conf log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' @@ -311,12 +135,4 @@ server { } EOF -sudo ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled - -# certbot -#echo "Install certbot" -#sudo apt update -#sudo apt install software-properties-common -#sudo add repository universe -#sudo apt update -#sudo apt install certbot \ No newline at end of file +sudo ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled \ No newline at end of file From c563bd58f7af720a428e53fa3248c1489dc3ddf7 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 07:55:09 +0100 Subject: [PATCH 045/158] include protective configs for nginx --- deployment/bare_metal/install.sh | 2 + .../bare_metal/nginx/common/protect.conf | 54 +++++++++++++++++++ .../nginx/common/protect_add_header.conf | 9 ++++ .../nginx/sites-available/gradido.conf | 4 +- 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 deployment/bare_metal/nginx/common/protect.conf create mode 100644 deployment/bare_metal/nginx/common/protect_add_header.conf diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index e342fa546..300cc1533 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -63,6 +63,8 @@ sudo rm default sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf gradido.conf cd /etc/nginx/sites-available sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf gradido.conf +cd /etc/nginx +sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common # Install yarn sudo apt-get install -y curl diff --git a/deployment/bare_metal/nginx/common/protect.conf b/deployment/bare_metal/nginx/common/protect.conf new file mode 100644 index 000000000..358549a53 --- /dev/null +++ b/deployment/bare_metal/nginx/common/protect.conf @@ -0,0 +1,54 @@ +# Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files +location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" { + deny all; +} +# Deny access to backup extensions & log files +location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" { + deny all; +} +# deny access to hidden files and directories +location ~ /\.(?!well-known\/) { + deny all; +} +# deny access to base64 encoded urls +location ~* \"(base64_encode)(.*)(\()\" { + deny all; +} +# deny access to url with the javascript eval() function +location ~* \"(eval\()\" { + deny all; +} +# deny access to url which include \"127.0.0.1\" +location ~* \"(127\.0\.0\.1)\" { + deny all; +} +location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" { + deny all; +} +location ~* \"(<|%3C).*script.*(>|%3)\" { + deny all; +} +location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" { + deny all; +} +location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" { + deny all; +} +location ~* \"(https?|ftp|php):/\" { + deny all; +} +location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" { + deny all; +} +location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" { + deny all; +} +location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" { + deny all; +} +location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" { + deny all; +} +location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" { + deny all; +} \ No newline at end of file diff --git a/deployment/bare_metal/nginx/common/protect_add_header.conf b/deployment/bare_metal/nginx/common/protect_add_header.conf new file mode 100644 index 000000000..998f10696 --- /dev/null +++ b/deployment/bare_metal/nginx/common/protect_add_header.conf @@ -0,0 +1,9 @@ +# Prevent browsers from incorrectly detecting non-scripts as scripts +# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options +add_header X-Content-Type-Options "nosniff"; + +# prevent clickjacking: https://www.owasp.org/index.php/Clickjacking +# https://geekflare.com/add-x-frame-options-nginx/ +# https://infosec.mozilla.org/guidelines/web_security#x-frame-options +add_header Content-Security-Policy "frame-ancestors 'none'"; +add_header X-Frame-Options "DENY"; \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 99e288b2a..02425fcc0 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -24,8 +24,8 @@ server { include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - #include /etc/nginx/common/protect.conf; - #include /etc/nginx/common/protect_add_header.conf; + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; #include /etc/nginx/common/ssl.conf; #gzip_static on; From d0f8a5221141717631b196056b7adab0105bf892 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 08:00:47 +0100 Subject: [PATCH 046/158] corrected escaping --- .../bare_metal/nginx/common/protect.conf | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/deployment/bare_metal/nginx/common/protect.conf b/deployment/bare_metal/nginx/common/protect.conf index 358549a53..334aec28f 100644 --- a/deployment/bare_metal/nginx/common/protect.conf +++ b/deployment/bare_metal/nginx/common/protect.conf @@ -1,9 +1,9 @@ # Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files -location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" { +location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { deny all; } # Deny access to backup extensions & log files -location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" { +location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; } # deny access to hidden files and directories @@ -11,44 +11,44 @@ location ~ /\.(?!well-known\/) { deny all; } # deny access to base64 encoded urls -location ~* \"(base64_encode)(.*)(\()\" { +location ~* "(base64_encode)(.*)(\()" { deny all; } # deny access to url with the javascript eval() function -location ~* \"(eval\()\" { +location ~* "(eval\()" { deny all; } # deny access to url which include \"127.0.0.1\" -location ~* \"(127\.0\.0\.1)\" { +location ~* "(127\.0\.0\.1)" { deny all; } -location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" { +location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; } -location ~* \"(<|%3C).*script.*(>|%3)\" { +location ~* "(<|%3C).*script.*(>|%3)" { deny all; } -location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" { +location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; } -location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" { +location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; } -location ~* \"(https?|ftp|php):/\" { +location ~* "(https?|ftp|php):/" { deny all; } -location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" { +location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; } -location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" { +location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")" { deny all; } -location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" { +location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; } -location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" { +location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)" { deny all; } -location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" { +location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php" { deny all; } \ No newline at end of file From 19697e1acca772ca1ae94befa7125fa2f628ab35 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 08:03:16 +0100 Subject: [PATCH 047/158] more escaping --- deployment/bare_metal/nginx/common/protect.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/common/protect.conf b/deployment/bare_metal/nginx/common/protect.conf index 334aec28f..6ad33bd8e 100644 --- a/deployment/bare_metal/nginx/common/protect.conf +++ b/deployment/bare_metal/nginx/common/protect.conf @@ -40,7 +40,7 @@ location ~* "(https?|ftp|php):/" { location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; } -location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")" { +location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; } location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { From 85466e68bfea6d49c9c699c5e64b6d1b6a899781 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 08:08:07 +0100 Subject: [PATCH 048/158] more cleanup --- .../nginx/sites-available/gradido.conf | 5 +- .../old/build_and_start_login_server.sh | 29 -------- .../old/nginx/sites-available/gradido | 73 ------------------- 3 files changed, 1 insertion(+), 106 deletions(-) delete mode 100755 deployment/bare_metal/old/build_and_start_login_server.sh delete mode 100644 deployment/bare_metal/old/nginx/sites-available/gradido diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf index 02425fcc0..fe2e47f99 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf @@ -70,10 +70,7 @@ server { proxy_redirect off; } - #location ~ /\.ht { - # deny all; - # } - + # TODO this could be a performance optimization #location /vue { # alias /var/www/html/gradido/frontend/dist; # index index.html; diff --git a/deployment/bare_metal/old/build_and_start_login_server.sh b/deployment/bare_metal/old/build_and_start_login_server.sh deleted file mode 100755 index b97d1d4a9..000000000 --- a/deployment/bare_metal/old/build_and_start_login_server.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -# stop login_server running in screen -screen -XS login quit - -# rebuild login-server -cd ../../login_server -if [ ! -d "./build" ] ; then - cd scripts - ./prepare_build.sh - cd .. -fi -cd build -cmake .. -make -j$(nproc) Gradido_LoginServer - -# rebuild locales -cd ../scripts -./compile_pot.sh -cd ../src/LOCALE -cp *.mo *.po /etc/grd_login/LOCALE/ - -cd ../../build/bin - -# start login-server -screen -dmS 'login_server' bash -c './Gradido_LoginServer' - - - diff --git a/deployment/bare_metal/old/nginx/sites-available/gradido b/deployment/bare_metal/old/nginx/sites-available/gradido deleted file mode 100644 index c32d82483..000000000 --- a/deployment/bare_metal/old/nginx/sites-available/gradido +++ /dev/null @@ -1,73 +0,0 @@ -server { - server_name _; - listen 80; - listen [::]:80; - - include /etc/nginx/common/protect.conf; - include /etc/nginx/common/protect_add_header.conf; - - root /var/www/html/gradido/community_server/webroot; - index index.php; - - gzip_static on; - - - location ~ \.php$ { - include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - } - - location ~ /\.ht { - deny all; - } - - location /vue { - alias /var/www/html/gradido/frontend/dist; - index index.html; - - location ~* \.(png)$ { - expires 39d; - } - try_files $uri $uri/ /index.html = 404; - } - - location /account { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_cache_bypass $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - rewrite /account/(.*) /$1 break; - - proxy_pass http://127.0.0.1:1200; - proxy_redirect off; - - - } - - location /login_api { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_cache_bypass $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - rewrite /login_api/(.*) /$1 break; - - proxy_pass http://127.0.0.1:1201; - proxy_redirect off; - - - } - - - location / { - try_files $uri $uri/ /index.php?$args; - } - - access_log /var/log/nginx/access.log main; - -} From 3e8ffbf5ae638ccb5aa2fa31859f7951f3c84e67 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Fri, 7 Jan 2022 00:59:15 +0100 Subject: [PATCH 049/158] typo in comment - thanks @dario --- deployment/bare_metal/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 300cc1533..c83741ab8 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -41,7 +41,7 @@ cp .env.dist .env #TODOchange jwt secret cp .env.dist .env -#TODO go to backend +#TODO go to frontend #TODO generate this #TODO backend url #TODO admin url From 58f391f1675057ee485aa2d2ced8c667f179bd67 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 04:39:55 +0100 Subject: [PATCH 050/158] templatified nginx config and added loading .env, added .env.dist --- .gitignore | 1 + deployment/bare_metal/.env.dist | 11 +++++ deployment/bare_metal/install.sh | 17 ++++++- .../{gradido.conf => gradido.conf.template} | 46 +++++++++++-------- 4 files changed, 53 insertions(+), 22 deletions(-) create mode 100644 deployment/bare_metal/.env.dist rename deployment/bare_metal/nginx/sites-available/{gradido.conf => gradido.conf.template} (68%) diff --git a/.gitignore b/.gitignore index 5682953d4..fa13312a1 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ nbproject .metadata /.env package-lock.json +/deployment/bare_metal/.env diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist new file mode 100644 index 000000000..fa64ae770 --- /dev/null +++ b/deployment/bare_metal/.env.dist @@ -0,0 +1,11 @@ +NGINX_SSL=false +NGINX_SERVER_NAME=_ + +#Example data + +#NGINX_SSL=true +#NGINX_SERVER_NAME=stage1.gradido.net +#NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem +#NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem +#NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem +#NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf \ No newline at end of file diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index c83741ab8..933571e7e 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -3,6 +3,15 @@ # This install script requires the minimum requirements already installed. # How to do this is described in detail in [setup.md](./setup.md) +# Load .env or .env.dist if not present +set -o allexport +if [ -f ".env"]; then + source .env +else + source .env.dist +fi +set +o allexport + # Install mariadb sudo apt-get install -y mariadb-server sudo mysql_secure_installation @@ -85,8 +94,12 @@ sudo yarn global add pm2 # Install certbot sudo apt-get install -y certbot sudo apt-get install -y python3-certbot-nginx -sudo certbot +sudo certbot --certonly > Enter email address (used for urgent renewal and security notices) > support@gradido.net > Please read the Terms of Service at > Y > Would you be willing, once your first certificate is successfully issued, to > N -> No names were found in your configuration files. Please enter in your domain > stage1.gradido.net \ No newline at end of file +> No names were found in your configuration files. Please enter in your domain > stage1.gradido.net + +# Generate gradido.conf from template +# TODO order - first certbot, then nginx setup +envsubst < gradido.conf.template > gradido.conf \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf b/deployment/bare_metal/nginx/sites-available/gradido.conf.template similarity index 68% rename from deployment/bare_metal/nginx/sites-available/gradido.conf rename to deployment/bare_metal/nginx/sites-available/gradido.conf.template index fe2e47f99..2868ac136 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,28 +1,34 @@ -# HTTP server -#TODO -server { - if ($host = stage1.gradido.net) { - return 301 https://$host$request_uri; - } # managed by Certbot +if ($NGINX_SSL = 'true') + server { + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; + } - server_name stage1.gradido.net; - listen 80; - listen [::]:80; - return 404; # managed by Certbot + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; + } } -# HTTPS Server server { - # TODO correct server name stage1.gradido.net - server_name stage1.gradido.net; + server_name $NGINX_SERVER_NAME; - # TODO - listen [::]:443 ssl ipv6only=on; # managed by Certbot - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/stage1.gradido.net/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/stage1.gradido.net/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + if ($NGINX_SSL = 'true') { + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate $NGINX_SSL_CERTIFICATE; + ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; + ssl_dhparam $NGINX_SSL_DHPARAM; + if ($NGINX_SSL_INCLUDE != '') { + include $NGINX_SSL_INCLUDE; + } + } + + if ($NGINX_SSL != 'true'){ + listen 80; + listen [::]:80; + } include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; From f511882f5714ab873be1bc1b5efd927c541f1a90 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 04:57:30 +0100 Subject: [PATCH 051/158] only replace variables that are defined, try to fix nginx template --- deployment/bare_metal/install.sh | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 933571e7e..dfd8dab7a 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -102,4 +102,4 @@ sudo certbot --certonly # Generate gradido.conf from template # TODO order - first certbot, then nginx setup -envsubst < gradido.conf.template > gradido.conf \ No newline at end of file +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < gradido.conf.template > gradido.conf \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 2868ac136..cceee1ef5 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,5 +1,5 @@ -if ($NGINX_SSL = 'true') - server { +server { + if ($NGINX_SSL = 'true') { if ($host = $NGINX_SERVER_NAME) { return 301 https://$host$request_uri; } From d86c336299895e9c166ddacf51741af3e5cfe05a Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 04:59:21 +0100 Subject: [PATCH 052/158] ignore generated gradido.conf --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index fa13312a1..138e6dea4 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ nbproject /.env package-lock.json /deployment/bare_metal/.env +/deployment/bare_metal/nginx/sites-available/gradido.conf From 1e0f456fdb37e4b720f9ebadd31bc3858395b3e3 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:16:33 +0100 Subject: [PATCH 053/158] more template tests --- .../sites-available/gradido.conf.template | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index cceee1ef5..4e2a37796 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,20 +1,21 @@ server { - if ($NGINX_SSL = 'true') { - if ($host = $NGINX_SERVER_NAME) { - return 301 https://$host$request_uri; - } - - server_name $NGINX_SERVER_NAME; - listen 80; - listen [::]:80; - return 404; + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; } + + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; } server { server_name $NGINX_SERVER_NAME; - if ($NGINX_SSL = 'true') { + # Set variables to allow if checks + set $SSL "$NGINX_SSL"; + + if ($SSL = 'true') { listen [::]:443 ssl ipv6only=on; listen 443 ssl; ssl_certificate $NGINX_SSL_CERTIFICATE; @@ -25,7 +26,7 @@ server { } } - if ($NGINX_SSL != 'true'){ + if ($SSL != 'true'){ listen 80; listen [::]:80; } From 571e737fe5158f0cc56208a30a63913c17a83db6 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:28:26 +0100 Subject: [PATCH 054/158] seperate http and https templates --- deployment/bare_metal/install.sh | 6 +- .../sites-available/gradido.conf.ssl.template | 80 +++++++++++++++++++ .../sites-available/gradido.conf.template | 29 +------ 3 files changed, 86 insertions(+), 29 deletions(-) create mode 100644 deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index dfd8dab7a..9c50f3586 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -102,4 +102,8 @@ sudo certbot --certonly # Generate gradido.conf from template # TODO order - first certbot, then nginx setup -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < gradido.conf.template > gradido.conf \ No newline at end of file +case "$NGINX_SSL" in + true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; + *) TEMPLATE_FILE="gradido.conf.template" ;; +esac +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template new file mode 100644 index 000000000..8cffa43ba --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -0,0 +1,80 @@ +server { + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; + } + + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; +} + +server { + server_name $NGINX_SERVER_NAME; + + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate $NGINX_SSL_CERTIFICATE; + ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; + include $NGINX_SSL_INCLUDE; + ssl_dhparam $NGINX_SSL_DHPARAM; + + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; + #include /etc/nginx/common/ssl.conf; + + #gzip_static on; + + # Frontend (default) + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } + + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + #todo remove /graphql + proxy_pass http://127.0.0.1:4000/graphql; + proxy_redirect off; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:8080/; + proxy_redirect off; + } + + # TODO this could be a performance optimization + #location /vue { + # alias /var/www/html/gradido/frontend/dist; + # index index.html; + # + # location ~* \.(png)$ { + # expires 39d; + # } + # try_files $uri $uri/ /index.html = 404; + #} + + #access_log /var/log/nginx/access.log main; +} \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 4e2a37796..311c3646a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -1,35 +1,8 @@ server { - if ($host = $NGINX_SERVER_NAME) { - return 301 https://$host$request_uri; - } - server_name $NGINX_SERVER_NAME; + listen 80; listen [::]:80; - return 404; -} - -server { - server_name $NGINX_SERVER_NAME; - - # Set variables to allow if checks - set $SSL "$NGINX_SSL"; - - if ($SSL = 'true') { - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - ssl_certificate $NGINX_SSL_CERTIFICATE; - ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; - ssl_dhparam $NGINX_SSL_DHPARAM; - if ($NGINX_SSL_INCLUDE != '') { - include $NGINX_SSL_INCLUDE; - } - } - - if ($SSL != 'true'){ - listen 80; - listen [::]:80; - } include /etc/nginx/common/protect.conf; include /etc/nginx/common/protect_add_header.conf; From 32930677b902cc5f735c19ed38dd150cee1dd67b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:44:04 +0100 Subject: [PATCH 055/158] legacy url rewrite support --- deployment/bare_metal/.env.dist | 2 +- .../nginx/sites-available/gradido.conf.ssl.template | 7 +++++++ .../bare_metal/nginx/sites-available/gradido.conf.template | 6 ++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index fa64ae770..68852fbf7 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -1,8 +1,8 @@ -NGINX_SSL=false NGINX_SERVER_NAME=_ #Example data +#NGINX_REWRITE_LEGACY_URLS=true #NGINX_SSL=true #NGINX_SERVER_NAME=stage1.gradido.net #NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 8cffa43ba..a2b9ec900 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -65,6 +65,13 @@ server { proxy_redirect off; } + # Legacy URLS + set REWRITE_LEGACY_URLS = $NGINX_REWRITE_LEGACY_URLS; + if( $REWRITE_LEGACY_URLS = 'true' ){ + rewrite ^/vue$1 /$1 permanent; + } + + # TODO this could be a performance optimization #location /vue { # alias /var/www/html/gradido/frontend/dist; diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 311c3646a..f523a0b81 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -50,6 +50,12 @@ server { proxy_redirect off; } + # Legacy URLS + set REWRITE_LEGACY_URLS = $NGINX_REWRITE_LEGACY_URLS; + if( $REWRITE_LEGACY_URLS = 'true' ){ + rewrite ^/vue$1 /$1 permanent; + } + # TODO this could be a performance optimization #location /vue { # alias /var/www/html/gradido/frontend/dist; From 732dff9a6f56f546b62ff3caa854b2db87367de5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:45:47 +0100 Subject: [PATCH 056/158] typo --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index a2b9ec900..acb831661 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -66,7 +66,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS = $NGINX_REWRITE_LEGACY_URLS; + set REWRITE_LEGACY_URLS = "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index f523a0b81..0b02b4a01 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -51,7 +51,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS = $NGINX_REWRITE_LEGACY_URLS; + set REWRITE_LEGACY_URLS = "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } From d805cc793e252b0ebe772d15f827412b6859ba3d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:46:39 +0100 Subject: [PATCH 057/158] more typos --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index acb831661..281b7e115 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -66,7 +66,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS = "$NGINX_REWRITE_LEGACY_URLS"; + set REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 0b02b4a01..b5b1caf4b 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -51,7 +51,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS = "$NGINX_REWRITE_LEGACY_URLS"; + set REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } From 544e0418077e6b846425baf2f62bc8b169788b6f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:50:36 +0100 Subject: [PATCH 058/158] last typo (?) --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 281b7e115..cf6608833 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -66,7 +66,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; + set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index b5b1caf4b..ef5d8ce7d 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -51,7 +51,7 @@ server { } # Legacy URLS - set REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; + set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if( $REWRITE_LEGACY_URLS = 'true' ){ rewrite ^/vue$1 /$1 permanent; } From c777a5a9d878fe04a1a81f6cf245db1fed031b36 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:52:55 +0100 Subject: [PATCH 059/158] apparently the second last typo --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index cf6608833..9a891d1ac 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -67,7 +67,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; - if( $REWRITE_LEGACY_URLS = 'true' ){ + if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$1 /$1 permanent; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index ef5d8ce7d..b48e6da7b 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -52,7 +52,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; - if( $REWRITE_LEGACY_URLS = 'true' ){ + if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$1 /$1 permanent; } From 449e0933ebe3907e46af477c272cb1f1745c307c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:55:00 +0100 Subject: [PATCH 060/158] move rewrite before location blocks --- .../nginx/sites-available/gradido.conf.ssl.template | 13 ++++++------- .../nginx/sites-available/gradido.conf.template | 12 ++++++------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 9a891d1ac..8fa8d746f 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -25,6 +25,12 @@ server { #gzip_static on; + # Legacy URLS + set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; + if ($REWRITE_LEGACY_URLS = 'true') { + rewrite ^/vue$1 /$1 permanent; + } + # Frontend (default) location / { proxy_http_version 1.1; @@ -64,13 +70,6 @@ server { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; } - - # Legacy URLS - set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; - if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$1 /$1 permanent; - } - # TODO this could be a performance optimization #location /vue { diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index b48e6da7b..4464e407e 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -10,6 +10,12 @@ server { #gzip_static on; + # Legacy URLS + set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; + if ($REWRITE_LEGACY_URLS = 'true') { + rewrite ^/vue$1 /$1 permanent; + } + # Frontend (default) location / { proxy_http_version 1.1; @@ -50,12 +56,6 @@ server { proxy_redirect off; } - # Legacy URLS - set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; - if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$1 /$1 permanent; - } - # TODO this could be a performance optimization #location /vue { # alias /var/www/html/gradido/frontend/dist; From 9cfa240cee7670616fbbddf52f94a40f23a1bccb Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:56:54 +0100 Subject: [PATCH 061/158] corrected regex --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 8fa8d746f..ae502bacf 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -28,7 +28,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$1 /$1 permanent; + rewrite ^/vue/(.+)/?$ /$1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 4464e407e..103a5402a 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -13,7 +13,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$1 /$1 permanent; + rewrite ^/vue/(.+)/?$ /$1 permanent; } # Frontend (default) From 29ea4a29d46c5329b1a336757d1a7f6bf7b38b20 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 05:58:26 +0100 Subject: [PATCH 062/158] more regex corrections --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index ae502bacf..9b13020b7 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -28,7 +28,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue/(.+)/?$ /$1 permanent; + rewrite ^/vue(.+)/?$ /$1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 103a5402a..be433639f 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -13,7 +13,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue/(.+)/?$ /$1 permanent; + rewrite ^/vue(.+)/?$ /$1 permanent; } # Frontend (default) From 27ca4740832f95c2d5aedc2af3854ac0a0a54f1c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 06:05:38 +0100 Subject: [PATCH 063/158] more regex adjustments --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 9b13020b7..6ba653bea 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -28,7 +28,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue(.+)/?$ /$1 permanent; + rewrite ^/vue(.?)/?$ $1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index be433639f..4d19e55a1 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -13,7 +13,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue(.+)/?$ /$1 permanent; + rewrite ^/vue(.?)/?$ $1 permanent; } # Frontend (default) From 1a584193bd95e37d856595a8a83b9f01b948f949 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 06:07:13 +0100 Subject: [PATCH 064/158] more regexes --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 3 ++- .../bare_metal/nginx/sites-available/gradido.conf.template | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 6ba653bea..7aa3a59fa 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -28,7 +28,8 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue(.?)/?$ $1 permanent; + rewrite ^/vue$ / permanent; + rewrite ^/vue/(.?)/?$ /$1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 4d19e55a1..ad0893eaa 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -13,7 +13,8 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue(.?)/?$ $1 permanent; + rewrite ^/vue$ / permanent; + rewrite ^/vue/(.?)/?$ /$1 permanent; } # Frontend (default) From 9746542ce8cbba46c4bff94cbf275ac63cca0f86 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 06:08:17 +0100 Subject: [PATCH 065/158] even more --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 3 ++- .../bare_metal/nginx/sites-available/gradido.conf.template | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 7aa3a59fa..334392d87 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -29,7 +29,8 @@ server { set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$ / permanent; - rewrite ^/vue/(.?)/?$ /$1 permanent; + rewrite ^/vue/$ / permanent; + rewrite ^/vue/(.+)/?$ /$1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index ad0893eaa..c00ff346c 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -14,7 +14,8 @@ server { set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$ / permanent; - rewrite ^/vue/(.?)/?$ /$1 permanent; + rewrite ^/vue/$ / permanent; + rewrite ^/vue/(.+)/?$ /$1 permanent; } # Frontend (default) From ea07df4c81c0b2d4ac198c5f203fde744b568874 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 06:10:21 +0100 Subject: [PATCH 066/158] final regex fix --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 334392d87..07e66f397 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -30,7 +30,7 @@ server { if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$ / permanent; rewrite ^/vue/$ / permanent; - rewrite ^/vue/(.+)/?$ /$1 permanent; + rewrite ^/vue/(.+)/?$ $1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index c00ff346c..97c7c614c 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -15,7 +15,7 @@ server { if ($REWRITE_LEGACY_URLS = 'true') { rewrite ^/vue$ / permanent; rewrite ^/vue/$ / permanent; - rewrite ^/vue/(.+)/?$ /$1 permanent; + rewrite ^/vue/(.+)/?$ $1 permanent; } # Frontend (default) From 62df6621e07a59b3cd61e613855f796df478d31f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 06:21:53 +0100 Subject: [PATCH 067/158] final regex final ;) --- .../nginx/sites-available/gradido.conf.ssl.template | 4 +--- .../bare_metal/nginx/sites-available/gradido.conf.template | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 07e66f397..68cd0717d 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -28,9 +28,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$ / permanent; - rewrite ^/vue/$ / permanent; - rewrite ^/vue/(.+)/?$ $1 permanent; + rewrite ^/vue/?(.*)$ /$1 permanent; } # Frontend (default) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 97c7c614c..d6362a1b9 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -13,9 +13,7 @@ server { # Legacy URLS set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS"; if ($REWRITE_LEGACY_URLS = 'true') { - rewrite ^/vue$ / permanent; - rewrite ^/vue/$ / permanent; - rewrite ^/vue/(.+)/?$ $1 permanent; + rewrite ^/vue/?(.*)$ /$1 permanent; } # Frontend (default) From 44da4ea4332da27ef56df49d631a2ea6767a4516 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 07:09:40 +0100 Subject: [PATCH 068/158] adjusted docker nginx to match the current deployment configuration --- docker-compose.override.yml | 4 -- docker-compose.yml | 9 ++-- nginx/Dockerfile | 9 +--- nginx/fastcgi.conf | 25 ---------- nginx/gradido.conf | 71 +++++++++++++++++++++++++++ nginx/mime.types | 88 --------------------------------- nginx/nginx.conf | 98 ------------------------------------- 7 files changed, 76 insertions(+), 228 deletions(-) delete mode 100644 nginx/fastcgi.conf create mode 100644 nginx/gradido.conf delete mode 100644 nginx/mime.types delete mode 100644 nginx/nginx.conf diff --git a/docker-compose.override.yml b/docker-compose.override.yml index cdaf46a7a..64a38e244 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -129,10 +129,6 @@ services: ## NGINX ################################################ ######################################################### nginx: - depends_on: - - frontend - - community-server - - login-server volumes: - ./logs/nginx:/var/log/nginx diff --git a/docker-compose.yml b/docker-compose.yml index ae72f3137..1d449fcea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -151,15 +151,14 @@ services: ## nginx, connect login-server and community-server together (and php-fpm to community-server) nginx: build: - context: . - dockerfile: ./nginx/Dockerfile + context: ./nginx/ networks: - external-net - internal-net depends_on: - - community-server - - login-server - - frontend + - frontend + - backend + - admin ports: - 80:80 diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 225d16ed8..dc4ecb826 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,10 +1,3 @@ FROM nginx:1.21.0 -WORKDIR /var/www/cakephp - -COPY ./nginx/nginx.conf /etc/nginx/conf.d/default.conf -COPY ./nginx/fastcgi.conf /etc/nginx/ -COPY ./nginx/mime.types /etc/nginx/ - -COPY ./community_server/webroot webroot - +COPY ./gradido.conf /etc/nginx/conf.d/default.conf \ No newline at end of file diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf deleted file mode 100644 index 238f7869f..000000000 --- a/nginx/fastcgi.conf +++ /dev/null @@ -1,25 +0,0 @@ -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/nginx/gradido.conf b/nginx/gradido.conf new file mode 100644 index 000000000..b61913fb2 --- /dev/null +++ b/nginx/gradido.conf @@ -0,0 +1,71 @@ +server { + server_name $NGINX_SERVER_NAME; + + listen 80; + listen [::]:80; + + #include /etc/nginx/common/protect.conf; + #include /etc/nginx/common/protect_add_header.conf; + #include /etc/nginx/common/ssl.conf; + + #gzip_static on; + + # Legacy URLS + set $REWRITE_LEGACY_URLS "true"; + if ($REWRITE_LEGACY_URLS = 'true') { + rewrite ^/vue/?(.*)$ /$1 permanent; + } + + # Frontend (default) + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://frontend:3000; + proxy_redirect off; + } + + # Backend + location /graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + #todo remove /graphql + proxy_pass http://backend:4000/graphql; + proxy_redirect off; + } + + # Admin Frontend + location /admin { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://admin:8080/; + proxy_redirect off; + } + + # TODO this could be a performance optimization + #location /vue { + # alias /var/www/html/gradido/frontend/dist; + # index index.html; + # + # location ~* \.(png)$ { + # expires 39d; + # } + # try_files $uri $uri/ /index.html = 404; + #} + + #access_log /var/log/nginx/access.log main; +} \ No newline at end of file diff --git a/nginx/mime.types b/nginx/mime.types deleted file mode 100644 index cd3d700ea..000000000 --- a/nginx/mime.types +++ /dev/null @@ -1,88 +0,0 @@ -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/png png; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - image/svg+xml svg svgz; - image/webp webp; - - application/font-woff woff; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 7e9ad6365..000000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,98 +0,0 @@ -server { - - listen 80 ; - listen [::]:80; - server_name 0.0.0.0; - - #include /etc/nginx/common/protect.conf; - #include /etc/nginx/common/protect_add_header.conf; - #include /etc/nginx/common/ssl.conf; - - root /var/www/cakephp/webroot; - index index.php; - - location ~ \.php$ { - fastcgi_pass community-server:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # fastcgi_param PHP_VALUE "error_log=/var/www/myapp/logs/php_errors.log"; - fastcgi_buffers 16 16k; - fastcgi_buffer_size 32k; - include fastcgi_params; - } - - location ~ /\.ht { - deny all; - } - - location /account { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_cache_bypass $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - rewrite /account/(.*) /$1 break; - - proxy_pass http://login-server:1200; - proxy_redirect off; - } - - location /login_api { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_cache_bypass $http_upgrade; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - rewrite /login_api/(.*) /$1 break; - - proxy_pass http://login-server:1201; - proxy_redirect off; - } - - #location / { - # try_files $uri $uri/ /index.php?$args; - #} - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://frontend:3000; - proxy_redirect off; - } - - location /admin { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://admin:8080; - proxy_redirect off; - } - -location /sockjs-node { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - proxy_pass http://frontend:3000; - proxy_redirect off; - } - -# access_log /var/log/nginx/access.log main; - -} \ No newline at end of file From b6bd3f839dbf8eb71cd440122e5caf66411a2219 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sat, 8 Jan 2022 07:41:00 +0100 Subject: [PATCH 069/158] unified all urls of our services. every server now serves on / and nginxs routes accordingly --- admin/src/router/router.js | 2 +- admin/vue.config.js | 2 +- backend/src/index.ts | 2 +- backend/src/server/createServer.ts | 2 +- .../nginx/sites-available/gradido.conf.ssl.template | 5 ++--- .../bare_metal/nginx/sites-available/gradido.conf.template | 5 ++--- nginx/gradido.conf | 5 ++--- 7 files changed, 10 insertions(+), 13 deletions(-) diff --git a/admin/src/router/router.js b/admin/src/router/router.js index dbad9ac6b..9cfee6242 100644 --- a/admin/src/router/router.js +++ b/admin/src/router/router.js @@ -5,7 +5,7 @@ import routes from './routes' Vue.use(VueRouter) const router = new VueRouter({ - base: '/admin', + base: '/', routes, linkActiveClass: 'active', mode: 'history', diff --git a/admin/vue.config.js b/admin/vue.config.js index 18929c38c..657ae23a7 100644 --- a/admin/vue.config.js +++ b/admin/vue.config.js @@ -17,7 +17,7 @@ module.exports = { }, }, lintOnSave: true, - publicPath: '/admin', + publicPath: '/', configureWebpack: { // Set up all the aliases we use in our app. resolve: { diff --git a/backend/src/index.ts b/backend/src/index.ts index a2e533e34..4c08b422d 100644 --- a/backend/src/index.ts +++ b/backend/src/index.ts @@ -13,7 +13,7 @@ async function main() { console.log(`Server is running at http://localhost:${CONFIG.PORT}`) if (CONFIG.GRAPHIQL) { // eslint-disable-next-line no-console - console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}/graphql`) + console.log(`GraphIQL available at http://localhost:${CONFIG.PORT}`) } }) } diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 4ed20232d..70a093a2f 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -67,7 +67,7 @@ const createServer = async (context: any = serverContext): Promise => { context, plugins, }) - apollo.applyMiddleware({ app }) + apollo.applyMiddleware({ app, path: '/' }) return { apollo, app, con } } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 68cd0717d..73b45bf56 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -53,8 +53,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - #todo remove /graphql - proxy_pass http://127.0.0.1:4000/graphql; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } @@ -67,7 +66,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080/; + proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index d6362a1b9..f5494b248 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -38,8 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - #todo remove /graphql - proxy_pass http://127.0.0.1:4000/graphql; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } @@ -52,7 +51,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080/; + proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/nginx/gradido.conf b/nginx/gradido.conf index b61913fb2..fe5a60363 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -38,8 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - #todo remove /graphql - proxy_pass http://backend:4000/graphql; + proxy_pass http://backend:4000; proxy_redirect off; } @@ -52,7 +51,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://admin:8080/; + proxy_pass http://admin:8080; proxy_redirect off; } From 49954ac4db338c44fbe0ed465dd5812d8545bc26 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Sun, 9 Jan 2022 11:56:10 +0100 Subject: [PATCH 070/158] added todo --- deployment/bare_metal/install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 9c50f3586..8ba2c518a 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -48,6 +48,7 @@ cp .env.dist .env #TODO generate this #TODO database setup #TODOchange jwt secret +#TODO change email releated stuff cp .env.dist .env #TODO go to frontend From f4c26151a7e4b6e8e2d06e971335ba828d8056db Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 06:30:25 +0100 Subject: [PATCH 071/158] fix bodyparser json deprecated - using express instead --- backend/package.json | 1 - backend/src/server/createServer.ts | 5 ++--- backend/yarn.lock | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/backend/package.json b/backend/package.json index c9314f0fd..65ce3c801 100644 --- a/backend/package.json +++ b/backend/package.json @@ -21,7 +21,6 @@ "apollo-server-express": "^2.25.2", "apollo-server-testing": "^2.25.2", "axios": "^0.21.1", - "body-parser": "^1.19.0", "class-validator": "^0.13.1", "cors": "^2.8.5", "dotenv": "^10.0.0", diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 70a093a2f..6aac2d4c4 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -6,7 +6,6 @@ import 'module-alias/register' import { ApolloServer } from 'apollo-server-express' import express from 'express' -import bodyParser from 'body-parser' // database import connection from '../typeorm/connection' @@ -54,8 +53,8 @@ const createServer = async (context: any = serverContext): Promise => { // cors app.use(cors) - // bodyparser - app.use(bodyParser.json()) + // bodyparser json + app.use(express.json()) // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) diff --git a/backend/yarn.lock b/backend/yarn.lock index b46bc183d..2c1603fbd 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -1552,7 +1552,7 @@ binary-extensions@^2.0.0: resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.2.0.tgz#75f502eeaf9ffde42fc98829645be4ea76bd9e2d" integrity sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA== -body-parser@1.19.0, body-parser@^1.18.3, body-parser@^1.19.0: +body-parser@1.19.0, body-parser@^1.18.3: version "1.19.0" resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.0.tgz#96b2709e57c9c4e09a6fd66a8fd979844f69f08a" integrity sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw== From aea773167b209345269273317f6c4007bf3419e5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 07:05:45 +0100 Subject: [PATCH 072/158] fixed elopage webhook --- backend/src/server/createServer.ts | 2 ++ backend/src/webhook/elopage.ts | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 6aac2d4c4..0393da202 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -55,6 +55,8 @@ const createServer = async (context: any = serverContext): Promise => { // bodyparser json app.use(express.json()) + // bodyparser text for elopage + app.use(express.text()) // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) diff --git a/backend/src/webhook/elopage.ts b/backend/src/webhook/elopage.ts index 80fa90933..178523cd0 100644 --- a/backend/src/webhook/elopage.ts +++ b/backend/src/webhook/elopage.ts @@ -29,18 +29,21 @@ import { LoginElopageBuys } from '@entity/LoginElopageBuys' import { LoginUser } from '@entity/LoginUser' +import { getCustomRepository } from 'typeorm' import { UserResolver } from '../graphql/resolver/UserResolver' +import { LoginElopageBuysRepository } from '../typeorm/repository/LoginElopageBuys' +import { LoginUserRepository } from '../typeorm/repository/LoginUser' export const elopageWebhook = async (req: any, res: any): Promise => { res.status(200).end() // Responding is important - + const loginElopgaeBuyRepository = await getCustomRepository(LoginElopageBuysRepository) const loginElopgaeBuy = new LoginElopageBuys() let firstName = '' let lastName = '' const entries = req.body.split('&') - entries.foreach((entry: string) => { + entries.forEach((entry: string) => { const keyVal = entry.split('=') - if (keyVal.length !== 2) { + if (keyVal.length > 2) { throw new Error(`Error parsing entry '${entry}'`) } const key = keyVal[0] @@ -88,8 +91,10 @@ export const elopageWebhook = async (req: any, res: any): Promise => { lastName = val break default: + // this is too spammy // eslint-disable-next-line no-console - console.log(`Unknown Elopage Value '${entry}'`) + // console.log(`Unknown Elopage Value '${entry}'`) + break } }) @@ -101,7 +106,7 @@ export const elopageWebhook = async (req: any, res: any): Promise => { } // Save the hook data - await loginElopgaeBuy.save() + await loginElopgaeBuyRepository.save(loginElopgaeBuy) // create user for certain products /* @@ -133,7 +138,8 @@ export const elopageWebhook = async (req: any, res: any): Promise => { } // Do we already have such a user? - if ((await LoginUser.count({ email })) !== 0) { + const loginUserRepository = await getCustomRepository(LoginUserRepository) + if ((await loginUserRepository.count({ email })) !== 0) { // eslint-disable-next-line no-console console.log(`Did not create User - already exists with email: ${email}`) return From 27cfc585e6019f8d170e8be505d9b837cfd27bbd Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 07:16:57 +0100 Subject: [PATCH 073/158] own backend webhook endpoint definition in nginx to handle webhook properly --- .../nginx/sites-available/gradido.conf.ssl.template | 13 +++++++++++++ .../nginx/sites-available/gradido.conf.template | 13 +++++++++++++ nginx/gradido.conf | 13 +++++++++++++ 3 files changed, 39 insertions(+) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 73b45bf56..435949d7e 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -57,6 +57,19 @@ server { proxy_redirect off; } + # Backend webhooks + location /hook { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://backend:4000; + proxy_redirect off; + } + # Admin Frontend location /admin { proxy_http_version 1.1; diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index f5494b248..0ebdc36d7 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -42,6 +42,19 @@ server { proxy_redirect off; } + # Backend webhooks + location /hook { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://backend:4000; + proxy_redirect off; + } + # Admin Frontend location /admin { proxy_http_version 1.1; diff --git a/nginx/gradido.conf b/nginx/gradido.conf index fe5a60363..820e4a705 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -42,6 +42,19 @@ server { proxy_redirect off; } + # Backend webhooks + location /hook { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_pass http://backend:4000; + proxy_redirect off; + } + # Admin Frontend location /admin { proxy_http_version 1.1; From 031987aaab7dd0f9c68e72140f863ca02d56eb48 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 07:41:07 +0100 Subject: [PATCH 074/158] corrected some minor routings in nginx --- .../nginx/sites-available/gradido.conf.ssl.template | 8 +++++--- .../nginx/sites-available/gradido.conf.template | 8 +++++--- nginx/gradido.conf | 10 ++++++---- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 435949d7e..7325127e6 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -40,12 +40,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; + proxy_pass http://127.0.0.1:3000/; proxy_redirect off; } # Backend - location /graphql { + location /graphql/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -53,7 +53,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000; + proxy_pass http://127.0.0.1:4000/; proxy_redirect off; } @@ -66,6 +66,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # no trailing slash to keep the hook/ prefix proxy_pass http://backend:4000; proxy_redirect off; } @@ -79,6 +80,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # no trailing slash to keep the admin/ prefix proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 0ebdc36d7..c820033f3 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -25,12 +25,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000; + proxy_pass http://127.0.0.1:3000/; proxy_redirect off; } # Backend - location /graphql { + location /graphql/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -38,7 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000; + proxy_pass http://127.0.0.1:4000/; proxy_redirect off; } @@ -51,6 +51,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # no trailing slash to keep the hook/ prefix proxy_pass http://backend:4000; proxy_redirect off; } @@ -64,6 +65,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # no trailing slash to keep the admin/ prefix proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/nginx/gradido.conf b/nginx/gradido.conf index 820e4a705..cceed59d5 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -25,12 +25,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://frontend:3000; + proxy_pass http://frontend:3000/; proxy_redirect off; } # Backend - location /graphql { + location /graphql/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -38,7 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://backend:4000; + proxy_pass http://backend:4000/; proxy_redirect off; } @@ -51,6 +51,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # no trailing slash to keep the hook/ prefix proxy_pass http://backend:4000; proxy_redirect off; } @@ -63,7 +64,8 @@ server { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - + + # no trailing slash to keep the admin/ prefix proxy_pass http://admin:8080; proxy_redirect off; } From b08b54b0dd047fc6a1eabf8d1cf9179d80482038 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 07:48:09 +0100 Subject: [PATCH 075/158] corrected docker specific file --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 7325127e6..cb12ae5f3 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -67,7 +67,7 @@ server { proxy_set_header Host $host; # no trailing slash to keep the hook/ prefix - proxy_pass http://backend:4000; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index c820033f3..06d7956bb 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -52,7 +52,7 @@ server { proxy_set_header Host $host; # no trailing slash to keep the hook/ prefix - proxy_pass http://backend:4000; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } From 323215628e8fbc1771466d3097c4e9bf5d1d40d0 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 07:53:11 +0100 Subject: [PATCH 076/158] fix for deployed version --- .../nginx/sites-available/gradido.conf.ssl.template | 8 +++----- .../nginx/sites-available/gradido.conf.template | 7 +++---- nginx/gradido.conf | 10 ++++------ 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index cb12ae5f3..b8d127192 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -40,12 +40,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000/; + proxy_pass http://127.0.0.1:3000; proxy_redirect off; } # Backend - location /graphql/ { + location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -53,7 +53,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000/; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } @@ -66,7 +66,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - # no trailing slash to keep the hook/ prefix proxy_pass http://127.0.0.1:4000; proxy_redirect off; } @@ -80,7 +79,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - # no trailing slash to keep the admin/ prefix proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 06d7956bb..286075c89 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -25,12 +25,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:3000/; + proxy_pass http://127.0.0.1:3000; proxy_redirect off; } # Backend - location /graphql/ { + location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -38,7 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000/; + proxy_pass http://127.0.0.1:4000; proxy_redirect off; } @@ -65,7 +65,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - # no trailing slash to keep the admin/ prefix proxy_pass http://127.0.0.1:8080; proxy_redirect off; } diff --git a/nginx/gradido.conf b/nginx/gradido.conf index cceed59d5..31f4474e0 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -25,12 +25,12 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://frontend:3000/; + proxy_pass http://frontend:3000; proxy_redirect off; } # Backend - location /graphql/ { + location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; @@ -38,7 +38,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://backend:4000/; + proxy_pass http://backend:4000; proxy_redirect off; } @@ -51,7 +51,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - # no trailing slash to keep the hook/ prefix proxy_pass http://backend:4000; proxy_redirect off; } @@ -64,8 +63,7 @@ server { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - - # no trailing slash to keep the admin/ prefix + proxy_pass http://admin:8080; proxy_redirect off; } From 6adb2298c06517a2de836e11ab041c39c2be458f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 08:13:56 +0100 Subject: [PATCH 077/158] admin must be reachable under /admin even locally - till we parameterize this there is no other solution --- admin/src/router/router.js | 2 +- admin/vue.config.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/src/router/router.js b/admin/src/router/router.js index 9cfee6242..dbad9ac6b 100644 --- a/admin/src/router/router.js +++ b/admin/src/router/router.js @@ -5,7 +5,7 @@ import routes from './routes' Vue.use(VueRouter) const router = new VueRouter({ - base: '/', + base: '/admin', routes, linkActiveClass: 'active', mode: 'history', diff --git a/admin/vue.config.js b/admin/vue.config.js index 657ae23a7..18929c38c 100644 --- a/admin/vue.config.js +++ b/admin/vue.config.js @@ -17,7 +17,7 @@ module.exports = { }, }, lintOnSave: true, - publicPath: '/', + publicPath: '/admin', configureWebpack: { // Set up all the aliases we use in our app. resolve: { From 14726ed387b04116c3b9661d4827e20c31651632 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 08:34:21 +0100 Subject: [PATCH 078/158] some more nginx fixes --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- nginx/gradido.conf | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index b8d127192..bec683263 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -79,7 +79,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:8080/; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 286075c89..7457fc963 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -65,7 +65,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; + proxy_pass http://127.0.0.1:8080/; proxy_redirect off; } diff --git a/nginx/gradido.conf b/nginx/gradido.conf index 31f4474e0..fcd1f441e 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -64,6 +64,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; + # TODO: in docker environemnt we do not have the trailing slash. This needs work proxy_pass http://admin:8080; proxy_redirect off; } From c7e1654d25e2f6214d33a9e0b0ea0bba56b869ec Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:00:50 +0100 Subject: [PATCH 079/158] change default shell in setup.md --- deployment/bare_metal/setup.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/bare_metal/setup.md b/deployment/bare_metal/setup.md index bc1ee81eb..31db1f42a 100644 --- a/deployment/bare_metal/setup.md +++ b/deployment/bare_metal/setup.md @@ -4,6 +4,8 @@ > ssh root@gddhost.tld +# change default shell +chsh # Create user `gradido` > useradd -d /home/gradido -m gradido > passwd gradido From a07543fd68de5be3eb6ad5d955256f11565beeb3 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:01:25 +0100 Subject: [PATCH 080/158] update start script - first try to make it runnable --- deployment/bare_metal/install.sh | 8 +-- deployment/bare_metal/start.sh | 94 +++++++++++++++++++++++--------- 2 files changed, 71 insertions(+), 31 deletions(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 8ba2c518a..4257b0917 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -68,11 +68,9 @@ cp .env.dist .env # Install nginx sudo apt-get install -y nginx -cd /etc/nginx/sites-enabled # TODO change directory again -sudo rm default -sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf gradido.conf -cd /etc/nginx/sites-available -sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf gradido.conf +sudo rm /etc/nginx/sites-enabled/default +sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available +sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled cd /etc/nginx sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 14b2c5c6b..22c31f0c7 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,52 +1,94 @@ #!/bin/bash -# TODO Load .env +# Find current directory & configure paths +SCRIPT_PATH=$(realpath $0) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) +LOCK_FILE=$SCRIPT_PATH/update.lock +UPDATE_HTML=$SCRIPT_PATH/update-page/updating.html +PROJECT_ROOT=$SCRIPT_DIR/../../ -# TODO update git branch +# Load .env or .env.dist if not present +set -o allexport +if [ -f "$SCRIPT_DIR.env"]; then + source $SCRIPT_DIR.env +else + source $SCRIPT_DIR.env.dist +fi +set +o allexport + +# lock start +if [ -f $LOCK_FILE ] ; then + retVal="Already building!" + return "${retVal}" 2>/dev/null || exit "${retVal}" +fi +touch $LOCK_FILE + +UPDATE_SITE_CONFIG=stage1_updating + +# Create a new updating.html from the template +\cp $SCRIPT_PATH/update-page/updating.html.template $UPDATE_HTML + +# configure nginx for the update-page +echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML +rm /etc/nginx/sites-enabled/gradido.conf +ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ +sudo /etc/init.d/nginx restart + + +# stop all services +echo 'Stopping all Gradido services
' >> $UPDATE_HTML +pm2 stop all + +# git +BRANCH=${1:-master} +echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML +cd $PROJECT_ROOT +git fetch origin/$BRANCH $BRANCH +git checkout $BRANCH +export BUILD_COMMIT="$(git rev-parse HEAD)" # Install & build database -# TODO change directory correcty +echo 'Updating database
' >> $UPDATE_HTML +cd $PROJECT_ROOT/database yarn install yarn build yarn up # TODO only in staging! +yarn dev_reset yarn seed # Install & build backend -# TODO change directory correcty +echo 'Updating backend
' >> $UPDATE_HTML +cd $PROJECT_ROOT/backend yarn install yarn build - -# Install & build frontend -# TODO change directory correcty -yarn install -yarn build - -# Install & build admin -# TODO change directory correcty -yarn install -yarn build - -# start backend -# TODO pm2 stop gradido-backend pm2 delete gradido-backend -# TODO working directory pm2 start --name gradido-backend "yarn start" pm2 save -# start frontend -# TODO pm2 stop gradido-frontend +# Install & build frontend +echo 'Updating frontend
' >> $UPDATE_HTML +cd $PROJECT_ROOT/frontend +yarn install +yarn build pm2 delete gradido-frontend -# TODO working directory pm2 start --name gradido-frontend "yarn start" pm2 save -# start admin -# TODO pm2 stop gradido-admin +# Install & build admin +echo 'Updating admin
' >> $UPDATE_HTML +cd $PROJECT_ROOT/admin +yarn install +yarn build pm2 delete gradido-admin -# TODO working directory pm2 start --name gradido-admin "yarn start" pm2 save -# restart nginx -sudo /etc/init.d/nginx restart \ No newline at end of file +# let nginx showing gradido +echo 'Configuring nginx to serve gradido again
' >> $UPDATE_HTML +ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ +rm /etc/nginx/sites-enabled/update-page.conf +sudo /etc/init.d/nginx restart + +#release lock +rm $LOCK_FILE \ No newline at end of file From 8304b5839c704e61d5e10b39ad452f3ac658abbe Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:01:38 +0100 Subject: [PATCH 081/158] missing template --- deployment/bare_metal/nginx/update-page/updating.html.template | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 deployment/bare_metal/nginx/update-page/updating.html.template diff --git a/deployment/bare_metal/nginx/update-page/updating.html.template b/deployment/bare_metal/nginx/update-page/updating.html.template new file mode 100644 index 000000000..c77def380 --- /dev/null +++ b/deployment/bare_metal/nginx/update-page/updating.html.template @@ -0,0 +1,3 @@ +Gradido is currently updating... +please stand by and try again in some minutes + From c04fb363c2216b0c575d40539e3d4616f3abba6d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:02:07 +0100 Subject: [PATCH 082/158] remove unused scripts --- .../old/nginx/updating_original.html | 1 - deployment/bare_metal/old/update_all.sh | 51 ------------------- 2 files changed, 52 deletions(-) delete mode 100644 deployment/bare_metal/old/nginx/updating_original.html delete mode 100755 deployment/bare_metal/old/update_all.sh diff --git a/deployment/bare_metal/old/nginx/updating_original.html b/deployment/bare_metal/old/nginx/updating_original.html deleted file mode 100644 index 8975e3970..000000000 --- a/deployment/bare_metal/old/nginx/updating_original.html +++ /dev/null @@ -1 +0,0 @@ -Gradido Servers are updating..., please stand by and try again in some minutes diff --git a/deployment/bare_metal/old/update_all.sh b/deployment/bare_metal/old/update_all.sh deleted file mode 100755 index e045d3f39..000000000 --- a/deployment/bare_metal/old/update_all.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -EMPTY_UPDATE_HTML=/var/www/html/updating_original.html -UPDATE_HTML=/var/www/html/updating.html -LOCK_FILE=/root/relay.lock -PROJECT_PATH=/var/www/html/gradido -SITE_CONFIG=stage1 -UPDATE_SITE_CONFIG=stage1_updating - -# this script can be called for example from webhookrelay.com relay -# to auto-deploy automatic after a update to the master branch - -if [ -f $LOCK_FILE ] ; then - retVal="Already building!" - return "${retVal}" 2>/dev/null || exit "${retVal}" -fi - -touch $LOCK_FILE - -# start with nearly empty html -# needed a nearly empty html page in the folder -cp $EMPTY_UPDATE_HTML $UPDATE_HTML - -# let nginx showing a update page -# needed nginx site-configs in nginx folders -# gradido for running gradido servers -# gradido_updating for showing upddate.html idealy for all pathes -rm /etc/nginx/sites-enabled/$SITE_CONFIG -ln -s /etc/nginx/sites-available/$UPDATE_SITE_CONFIG /etc/nginx/sites-enabled/ -service nginx restart - -# stop login server -screen -XS login quit -echo 'starting with git pull
' >> $UPDATE_HTML -cd $PROJECT_PATH -# git checkout -f master -git pull -cd deployment/bare_metal -echo 'starting with rebuilding login-server
' >> $UPDATE_HTML -./build_and_start_login_server.sh -echo 'starting with rebuilding frontend
' >> $UPDATE_HTML -./build_frontend.sh - - -# let nginx showing gradido -rm /etc/nginx/sites-enabled/$UPDATE_SITE_CONFIG -ln -s /etc/nginx/sites-available/$SITE_CONFIG /etc/nginx/sites-enabled/ -service nginx restart - -rm $LOCK_FILE - From 3d09b989b389fba4179438ed2eb011d3fc14e426 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:08:40 +0100 Subject: [PATCH 083/158] generate update-page.conf from template --- deployment/bare_metal/install.sh | 5 ++++- .../sites-available/update-page.conf.template | 21 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 deployment/bare_metal/nginx/sites-available/update-page.conf.template diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 4257b0917..e11206912 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -105,4 +105,7 @@ case "$NGINX_SSL" in true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; *) TEMPLATE_FILE="gradido.conf.template" ;; esac -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf \ No newline at end of file +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf + +# Generate update-page.conf from template +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < update-page.conf.template > update-page.conf \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template new file mode 100644 index 000000000..902908ab0 --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -0,0 +1,21 @@ + +server { + server_name _; + listen 80; + listen [::]:80; + + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; + + root $NGINX_UPDATE_PAGE_ROOT; + index updating.html; + + #location / { + # alias $NGINX_UPDATE_PAGE_ROOT; + # index updating.html; + #} + + #access_log /var/log/nginx/access.log main; + +} + From 2b6b6c62c1aadde18729c7ec5b4d855a825b2432 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:14:14 +0100 Subject: [PATCH 084/158] update start script --- deployment/bare_metal/start.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 22c31f0c7..f1aec3b5d 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -9,10 +9,10 @@ PROJECT_ROOT=$SCRIPT_DIR/../../ # Load .env or .env.dist if not present set -o allexport -if [ -f "$SCRIPT_DIR.env"]; then - source $SCRIPT_DIR.env +if [ -f "$SCRIPT_DIR/.env"]; then + source $SCRIPT_DIR/.env else - source $SCRIPT_DIR.env.dist + source $SCRIPT_DIR/.env.dist fi set +o allexport From 8b51486564326e63e0ec6aa7ea0c59a91248ab6c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:35:27 +0100 Subject: [PATCH 085/158] updated start script --- deployment/bare_metal/start.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index f1aec3b5d..0a2735921 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -4,12 +4,13 @@ SCRIPT_PATH=$(realpath $0) SCRIPT_DIR=$(dirname $SCRIPT_PATH) LOCK_FILE=$SCRIPT_PATH/update.lock -UPDATE_HTML=$SCRIPT_PATH/update-page/updating.html +UPDATE_HTML=$SCRIPT_DIR/update-page/updating.html PROJECT_ROOT=$SCRIPT_DIR/../../ # Load .env or .env.dist if not present set -o allexport -if [ -f "$SCRIPT_DIR/.env"]; then +#TODO +if [ -f "$SCRIPT_DIR/.env" ]; then source $SCRIPT_DIR/.env else source $SCRIPT_DIR/.env.dist @@ -26,12 +27,12 @@ touch $LOCK_FILE UPDATE_SITE_CONFIG=stage1_updating # Create a new updating.html from the template -\cp $SCRIPT_PATH/update-page/updating.html.template $UPDATE_HTML +\cp $SCRIPT_DIR/update-page/updating.html.template $UPDATE_HTML # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML -rm /etc/nginx/sites-enabled/gradido.conf -ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ +sudo rm /etc/nginx/sites-enabled/gradido.conf +sudo ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ sudo /etc/init.d/nginx restart @@ -43,7 +44,7 @@ pm2 stop all BRANCH=${1:-master} echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML cd $PROJECT_ROOT -git fetch origin/$BRANCH $BRANCH +git fetch origin $BRANCH git checkout $BRANCH export BUILD_COMMIT="$(git rev-parse HEAD)" @@ -52,7 +53,8 @@ echo 'Updating database
' >> $UPDATE_HTML cd $PROJECT_ROOT/database yarn install yarn build -yarn up +# TODO only in staging! +yarn dev_up # TODO only in staging! yarn dev_reset yarn seed From 8ba1f48157b1df30829f1a26015e50ae2230fb8c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 10:44:01 +0100 Subject: [PATCH 086/158] update startscript --- deployment/bare_metal/start.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 0a2735921..e3906af97 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -3,8 +3,8 @@ # Find current directory & configure paths SCRIPT_PATH=$(realpath $0) SCRIPT_DIR=$(dirname $SCRIPT_PATH) -LOCK_FILE=$SCRIPT_PATH/update.lock -UPDATE_HTML=$SCRIPT_DIR/update-page/updating.html +LOCK_FILE=$SCRIPT_DIR/update.lock +UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html PROJECT_ROOT=$SCRIPT_DIR/../../ # Load .env or .env.dist if not present @@ -27,7 +27,7 @@ touch $LOCK_FILE UPDATE_SITE_CONFIG=stage1_updating # Create a new updating.html from the template -\cp $SCRIPT_DIR/update-page/updating.html.template $UPDATE_HTML +\cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML @@ -88,8 +88,8 @@ pm2 save # let nginx showing gradido echo 'Configuring nginx to serve gradido again
' >> $UPDATE_HTML -ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ -rm /etc/nginx/sites-enabled/update-page.conf +sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ +sudo rm /etc/nginx/sites-enabled/update-page.conf sudo /etc/init.d/nginx restart #release lock From 5d5221f789704d01544d7937e28a685419b52dfe Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:00:24 +0100 Subject: [PATCH 087/158] ssl config for update-page --- deployment/bare_metal/install.sh | 7 ++++- .../sites-available/update-page.conf.template | 21 +++++-------- .../update-page.ssl.conf.template | 31 +++++++++++++++++++ 3 files changed, 45 insertions(+), 14 deletions(-) create mode 100644 deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index e11206912..27ddf844f 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -71,6 +71,7 @@ sudo apt-get install -y nginx sudo rm /etc/nginx/sites-enabled/default sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/gradido.conf /etc/nginx/sites-available sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled +sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/sites-available/update-page.conf /etc/nginx/sites-available cd /etc/nginx sudo ln -s /home/gradido/gradido/deployment/bare_metal/nginx/common common @@ -108,4 +109,8 @@ esac envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf # Generate update-page.conf from template -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < update-page.conf.template > update-page.conf \ No newline at end of file +case "$NGINX_SSL" in + true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; + *) TEMPLATE_FILE="update-page.conf.template" ;; +esac +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template index 902908ab0..9e7a96328 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -1,21 +1,16 @@ server { - server_name _; - listen 80; - listen [::]:80; + server_name _; + listen 80; + listen [::]:80; - include /etc/nginx/common/protect.conf; - include /etc/nginx/common/protect_add_header.conf; + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; - root $NGINX_UPDATE_PAGE_ROOT; - index updating.html; + root $NGINX_UPDATE_PAGE_ROOT; + index updating.html; - #location / { - # alias $NGINX_UPDATE_PAGE_ROOT; - # index updating.html; - #} - - #access_log /var/log/nginx/access.log main; + #access_log /var/log/nginx/access.log main; } diff --git a/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template new file mode 100644 index 000000000..4dd44c4c6 --- /dev/null +++ b/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template @@ -0,0 +1,31 @@ + +server { + if ($host = $NGINX_SERVER_NAME) { + return 301 https://$host$request_uri; + } + + server_name $NGINX_SERVER_NAME; + listen 80; + listen [::]:80; + return 404; +} +server { + server_name $NGINX_SERVER_NAME; + + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate $NGINX_SSL_CERTIFICATE; + ssl_certificate_key $NGINX_SSL_CERTIFICATE_KEY; + include $NGINX_SSL_INCLUDE; + ssl_dhparam $NGINX_SSL_DHPARAM; + + include /etc/nginx/common/protect.conf; + include /etc/nginx/common/protect_add_header.conf; + + root $NGINX_UPDATE_PAGE_ROOT; + index updating.html; + + #access_log /var/log/nginx/access.log main; + +} + From 20b98358bd1761052b69b2367a9d05281c5a2a90 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:01:55 +0100 Subject: [PATCH 088/158] name file properly --- ...pdate-page.ssl.conf.template => update-page.conf.ssl.template} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deployment/bare_metal/nginx/sites-available/{update-page.ssl.conf.template => update-page.conf.ssl.template} (100%) diff --git a/deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template similarity index 100% rename from deployment/bare_metal/nginx/sites-available/update-page.ssl.conf.template rename to deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template From 8dd05d69cd1fcfd02cdc7dc559c061bff35bad91 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:07:25 +0100 Subject: [PATCH 089/158] try to match all paths --- .../nginx/sites-available/update-page.conf.ssl.template | 5 +++++ .../nginx/sites-available/update-page.conf.template | 7 ++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template index 4dd44c4c6..6e5ce8c40 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template @@ -25,6 +25,11 @@ server { root $NGINX_UPDATE_PAGE_ROOT; index updating.html; + location / { + alias $NGINX_UPDATE_PAGE_ROOT; + index updating.html; + } + #access_log /var/log/nginx/access.log main; } diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template index 9e7a96328..84f66d4c9 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -10,7 +10,12 @@ server { root $NGINX_UPDATE_PAGE_ROOT; index updating.html; - #access_log /var/log/nginx/access.log main; + location / { + alias $NGINX_UPDATE_PAGE_ROOT; + index updating.html; + } + + access_log /var/log/nginx/access.log main; } From c7184e392153a0bf070f5b6e8e1b63c5c680f47b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:09:10 +0100 Subject: [PATCH 090/158] not working, revert --- .../nginx/sites-available/update-page.conf.ssl.template | 8 ++++---- .../nginx/sites-available/update-page.conf.template | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template index 6e5ce8c40..1724ac61e 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.ssl.template @@ -25,10 +25,10 @@ server { root $NGINX_UPDATE_PAGE_ROOT; index updating.html; - location / { - alias $NGINX_UPDATE_PAGE_ROOT; - index updating.html; - } + #location / { + # alias $NGINX_UPDATE_PAGE_ROOT; + # index updating.html; + #} #access_log /var/log/nginx/access.log main; diff --git a/deployment/bare_metal/nginx/sites-available/update-page.conf.template b/deployment/bare_metal/nginx/sites-available/update-page.conf.template index 84f66d4c9..edc191d54 100644 --- a/deployment/bare_metal/nginx/sites-available/update-page.conf.template +++ b/deployment/bare_metal/nginx/sites-available/update-page.conf.template @@ -10,10 +10,10 @@ server { root $NGINX_UPDATE_PAGE_ROOT; index updating.html; - location / { - alias $NGINX_UPDATE_PAGE_ROOT; - index updating.html; - } + #location / { + # alias $NGINX_UPDATE_PAGE_ROOT; + # index updating.html; + #} access_log /var/log/nginx/access.log main; From 9659ed85767e7c33c8637775d137e61046bb7256 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:12:28 +0100 Subject: [PATCH 091/158] update template to include
tags instead of plain newlines --- .../bare_metal/nginx/update-page/updating.html.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/nginx/update-page/updating.html.template b/deployment/bare_metal/nginx/update-page/updating.html.template index c77def380..a88a40b0f 100644 --- a/deployment/bare_metal/nginx/update-page/updating.html.template +++ b/deployment/bare_metal/nginx/update-page/updating.html.template @@ -1,3 +1,3 @@ -Gradido is currently updating... -please stand by and try again in some minutes - +Gradido is currently updating...
+please stand by and try again in some minutes
+
\ No newline at end of file From 9e0e9afd889a5ee077986f013d4c2a32e219ebb1 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:14:02 +0100 Subject: [PATCH 092/158] update .env.dist --- deployment/bare_metal/.env.dist | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 68852fbf7..81c8cf769 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -8,4 +8,5 @@ NGINX_SERVER_NAME=_ #NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/stage1.gradido.net/fullchain.pem #NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/stage1.gradido.net/privkey.pem #NGINX_SSL_DHPARAM=/etc/letsencrypt/ssl-dhparams.pem -#NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf \ No newline at end of file +#NGINX_SSL_INCLUDE=/etc/letsencrypt/options-ssl-nginx.conf +#NGINX_UPDATE_PAGE_ROOT=/home/gradido/gradido/deployment/bare_metal/nginx/update-page \ No newline at end of file From a31dbd86cb078a5730788f3a8ba388d3281f159e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:15:04 +0100 Subject: [PATCH 093/158] properly pull --- deployment/bare_metal/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index e3906af97..829f0a59d 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -46,6 +46,7 @@ echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML cd $PROJECT_ROOT git fetch origin $BRANCH git checkout $BRANCH +git pull export BUILD_COMMIT="$(git rev-parse HEAD)" # Install & build database From dd346ca123f2f0b615ecfe9339c0b315db08aa0b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Mon, 10 Jan 2022 11:20:43 +0100 Subject: [PATCH 094/158] update install.sh --- deployment/bare_metal/install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 27ddf844f..40e5bc6ac 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -113,4 +113,6 @@ case "$NGINX_SSL" in true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; *) TEMPLATE_FILE="update-page.conf.template" ;; esac -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf \ No newline at end of file +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf + +git config pull.ff only \ No newline at end of file From 43fab937f9360445c54ec2a66e4dd5e54cd659fd Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 06:52:44 +0100 Subject: [PATCH 095/158] removed old update nginx config --- .../nginx/sites-available/gradido_updating | 29 ------------------- 1 file changed, 29 deletions(-) delete mode 100644 deployment/bare_metal/old/nginx/sites-available/gradido_updating diff --git a/deployment/bare_metal/old/nginx/sites-available/gradido_updating b/deployment/bare_metal/old/nginx/sites-available/gradido_updating deleted file mode 100644 index df07e3715..000000000 --- a/deployment/bare_metal/old/nginx/sites-available/gradido_updating +++ /dev/null @@ -1,29 +0,0 @@ - -server { - server_name _; - listen 80; - listen [::]:80; - - include /etc/nginx/common/protect.conf; - include /etc/nginx/common/protect_add_header.conf; - - root /var/www/html/; - index updating.html; - - location /account { - alias /var/www/html/; - index updating.html; - } - location /vue { - alias /var/www/html/; - index updating.html; - } - - location ~ /\.ht { - deny all; - } - - access_log /var/log/nginx/access.log main; - -} - From 1e39f5049bccbefc3fc2dcaa10f627601af9dd9e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 07:39:22 +0100 Subject: [PATCH 096/158] first implementation of github webhook --- backend/.env.dist | 7 +++- backend/package.json | 1 + backend/src/config/index.ts | 6 +++ backend/src/server/createServer.ts | 18 +++++++++ backend/src/webhook/github.ts | 22 +++++++++++ backend/yarn.lock | 59 ++++++++++++++++++++++++++++++ 6 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 backend/src/webhook/github.ts diff --git a/backend/.env.dist b/backend/.env.dist index 77fd9f6cc..2c20e6b7a 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -33,4 +33,9 @@ COMMUNITY_DESCRIPTION= LOGIN_APP_SECRET=21ffbbc616fe LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a -WEBHOOK_ELOPAGE_SECRET=secret \ No newline at end of file +WEBHOOK_ELOPAGE_SECRET=secret + +WEBHOOK_GITHUB=false +WEBHOOK_GITHUB_SECRET= +WEBHOOK_GITHUB_PAYLOAD_LIMIT=1mb +WEBHOOK_GITHUB_BRANCH=master \ No newline at end of file diff --git a/backend/package.json b/backend/package.json index 65ce3c801..aad8452ac 100644 --- a/backend/package.json +++ b/backend/package.json @@ -25,6 +25,7 @@ "cors": "^2.8.5", "dotenv": "^10.0.0", "express": "^4.17.1", + "github-webhook-middleware": "^0.0.2", "graphql": "^15.5.1", "jest": "^27.2.4", "jsonwebtoken": "^8.5.1", diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 2ef382ee3..4027f26c2 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -56,7 +56,13 @@ const email = { } const webhook = { + // Elopage WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret', + // Github + WEBHOOK_GITHUB: process.env.WEBHOOK_GITHUB || false, + WEBHOOK_GITHUB_SECRET: process.env.WEBHOOK_GITHUB_SECRET || '', + WEBHOOK_GITHUB_PAYLOAD_LIMIT: process.env.WEBHOOK_GITHUB_PAYLOAD_LIMIT || '1mb', + WEBHOOK_GITHUB_BRANCH: process.env.WEBHOOK_GITHUB_BRANCH || 'master', } // This is needed by graphql-directive-auth diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 0393da202..c6c4207bc 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -24,6 +24,13 @@ import schema from '../graphql/schema' // webhooks import { elopageWebhook } from '../webhook/elopage' +import { githubWebhook } from '../webhook/github' + +// github middleware +// This library has no types available +// TODO: fork it an make it typescript +// eslint-disable-next-line @typescript-eslint/no-var-requires +const githubMiddleware = require('github-webhook-middleware') // TODO implement // import queryComplexity, { simpleEstimator, fieldConfigEstimator } from "graphql-query-complexity"; @@ -60,6 +67,17 @@ const createServer = async (context: any = serverContext): Promise => { // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) + // Github Webhook + if (CONFIG.WEBHOOK_GITHUB) { + app.post( + '/hook/github/', + githubMiddleware({ + secret: CONFIG.WEBHOOK_GITHUB_SECRET, + limit: CONFIG.WEBHOOK_GITHUB_PAYLOAD_LIMIT, + }), + githubWebhook, + ) + } // Apollo Server const apollo = new ApolloServer({ diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts new file mode 100644 index 000000000..5a88f5f21 --- /dev/null +++ b/backend/src/webhook/github.ts @@ -0,0 +1,22 @@ +import CONFIG from '../config' + +export const githubWebhook = async (req: any, res: any): Promise => { + // eslint-disable-next-line no-console + console.log('Hook received') + // End call as early as possible + res.status(200).end() + // eslint-disable-next-line no-console + console.log('Call ended') + + // Handle push events + if (req.headers['x-github-event'] === 'push') { + const payload = req.body + // eslint-disable-next-line no-console + console.log(payload) + + if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { + // eslint-disable-next-line no-console + console.log('MATCH!') + } + } +} diff --git a/backend/yarn.lock b/backend/yarn.lock index 2c1603fbd..04ef5505c 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -1568,6 +1568,22 @@ body-parser@1.19.0, body-parser@^1.18.3: raw-body "2.4.0" type-is "~1.6.17" +body-parser@^1.10.0: + version "1.19.1" + resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4" + integrity sha512-8ljfQi5eBk8EJfECMrgqNGWPEY5jWP+1IzkzkGdFFEwFQZZyaZ21UqdaHktgiMlH0xLHqIFtE/u2OYE5dOtViA== + dependencies: + bytes "3.1.1" + content-type "~1.0.4" + debug "2.6.9" + depd "~1.1.2" + http-errors "1.8.1" + iconv-lite "0.4.24" + on-finished "~2.3.0" + qs "6.9.6" + raw-body "2.4.2" + type-is "~1.6.18" + boxen@^5.0.0: version "5.1.2" resolved "https://registry.yarnpkg.com/boxen/-/boxen-5.1.2.tgz#788cb686fc83c1f486dfa8a40c68fc2b831d2b50" @@ -1657,6 +1673,11 @@ bytes@3.1.0: resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6" integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg== +bytes@3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a" + integrity sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg== + cacheable-request@^6.0.0: version "6.1.0" resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-6.1.0.tgz#20ffb8bd162ba4be11e9567d823db651052ca912" @@ -2747,6 +2768,13 @@ get-symbol-description@^1.0.0: call-bind "^1.0.2" get-intrinsic "^1.1.1" +github-webhook-middleware@^0.0.2: + version "0.0.2" + resolved "https://registry.yarnpkg.com/github-webhook-middleware/-/github-webhook-middleware-0.0.2.tgz#8f26c9d45b7171c57d033c42b84d0e5013a69958" + integrity sha1-jybJ1FtxccV9AzxCuE0OUBOmmVg= + dependencies: + body-parser "^1.10.0" + glob-parent@^5.1.2, glob-parent@~5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" @@ -2949,6 +2977,17 @@ http-errors@1.7.2: statuses ">= 1.5.0 < 2" toidentifier "1.0.0" +http-errors@1.8.1: + version "1.8.1" + resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c" + integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g== + dependencies: + depd "~1.1.2" + inherits "2.0.4" + setprototypeof "1.2.0" + statuses ">= 1.5.0 < 2" + toidentifier "1.0.1" + http-errors@^1.7.3: version "1.8.0" resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507" @@ -4662,6 +4701,11 @@ qs@6.7.0: resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc" integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ== +qs@6.9.6: + version "6.9.6" + resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.6.tgz#26ed3c8243a431b2924aca84cc90471f35d5a0ee" + integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ== + queue-microtask@^1.2.2: version "1.2.3" resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" @@ -4687,6 +4731,16 @@ raw-body@2.4.0: iconv-lite "0.4.24" unpipe "1.0.0" +raw-body@2.4.2: + version "2.4.2" + resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.2.tgz#baf3e9c21eebced59dd6533ac872b71f7b61cb32" + integrity sha512-RPMAFUJP19WIet/99ngh6Iv8fzAbqum4Li7AD6DtGaW2RpMB/11xDoalPiJMTbu6I3hkbMVkATvZrqb9EEqeeQ== + dependencies: + bytes "3.1.1" + http-errors "1.8.1" + iconv-lite "0.4.24" + unpipe "1.0.0" + rc@^1.2.8: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" @@ -5254,6 +5308,11 @@ toidentifier@1.0.0: resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553" integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw== +toidentifier@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" + integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== + touch@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/touch/-/touch-3.1.0.tgz#fe365f5f75ec9ed4e56825e0bb76d24ab74af83b" From e378136106c6e41d9861e81be484f510fcf66f0c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 08:05:47 +0100 Subject: [PATCH 097/158] correct config value for GITHUB_WEBHOOK, log every request for debugging purposes --- backend/src/config/index.ts | 2 +- backend/src/server/createServer.ts | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index 4027f26c2..d2a087346 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -59,7 +59,7 @@ const webhook = { // Elopage WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret', // Github - WEBHOOK_GITHUB: process.env.WEBHOOK_GITHUB || false, + WEBHOOK_GITHUB: process.env.WEBHOOK_GITHUB === 'true' || false, WEBHOOK_GITHUB_SECRET: process.env.WEBHOOK_GITHUB_SECRET || '', WEBHOOK_GITHUB_PAYLOAD_LIMIT: process.env.WEBHOOK_GITHUB_PAYLOAD_LIMIT || '1mb', WEBHOOK_GITHUB_BRANCH: process.env.WEBHOOK_GITHUB_BRANCH || 'master', diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index c6c4207bc..1f0048677 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -65,6 +65,13 @@ const createServer = async (context: any = serverContext): Promise => { // bodyparser text for elopage app.use(express.text()) + // Log every request + app.use((req, res, next) => { + // eslint-disable-next-line no-console + console.log(req) + next() + }) + // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) // Github Webhook From 2d81d9d7d7c8bef5e1b31d8851806b5a428d0705 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 08:17:50 +0100 Subject: [PATCH 098/158] updated nginx configurations for hook/ subpath --- .../bare_metal/nginx/sites-available/gradido.conf.ssl.template | 2 +- .../bare_metal/nginx/sites-available/gradido.conf.template | 2 +- nginx/gradido.conf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index bec683263..07c7c3779 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -66,7 +66,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://127.0.0.1:4000; + proxy_pass http://127.0.0.1:4000/hook; proxy_redirect off; } diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 7457fc963..44521823d 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -52,7 +52,7 @@ server { proxy_set_header Host $host; # no trailing slash to keep the hook/ prefix - proxy_pass http://127.0.0.1:4000; + proxy_pass http://127.0.0.1:4000/hook; proxy_redirect off; } diff --git a/nginx/gradido.conf b/nginx/gradido.conf index fcd1f441e..bfb079d32 100644 --- a/nginx/gradido.conf +++ b/nginx/gradido.conf @@ -51,7 +51,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - proxy_pass http://backend:4000; + proxy_pass http://backend:4000/hook; proxy_redirect off; } From 9cbd9139dff0fa3bfb93d1680bedb4a6da1a3040 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 08:19:43 +0100 Subject: [PATCH 099/158] ad trailing slash for elopage hook --- backend/src/server/createServer.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 1f0048677..b0524a585 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -73,7 +73,7 @@ const createServer = async (context: any = serverContext): Promise => { }) // Elopage Webhook - app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) + app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET + '/', elopageWebhook) // Github Webhook if (CONFIG.WEBHOOK_GITHUB) { app.post( From 18256e02ca9aa62ef33cd25e9d724a079bc3e29e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 08:26:59 +0100 Subject: [PATCH 100/158] typo in shell script --- deployment/bare_metal/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 40e5bc6ac..8c0b74ea7 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -5,7 +5,7 @@ # Load .env or .env.dist if not present set -o allexport -if [ -f ".env"]; then +if [ -f ".env" ]; then source .env else source .env.dist From 41ee819abab3e94b4bc4b563d9450f9fe00f132e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 08:56:05 +0100 Subject: [PATCH 101/158] remove trailing slash again, log when eopage hook was recieved --- backend/src/server/createServer.ts | 2 +- backend/src/webhook/elopage.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index b0524a585..1f0048677 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -73,7 +73,7 @@ const createServer = async (context: any = serverContext): Promise => { }) // Elopage Webhook - app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET + '/', elopageWebhook) + app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) // Github Webhook if (CONFIG.WEBHOOK_GITHUB) { app.post( diff --git a/backend/src/webhook/elopage.ts b/backend/src/webhook/elopage.ts index 178523cd0..1be6c730d 100644 --- a/backend/src/webhook/elopage.ts +++ b/backend/src/webhook/elopage.ts @@ -28,13 +28,14 @@ */ import { LoginElopageBuys } from '@entity/LoginElopageBuys' -import { LoginUser } from '@entity/LoginUser' import { getCustomRepository } from 'typeorm' import { UserResolver } from '../graphql/resolver/UserResolver' import { LoginElopageBuysRepository } from '../typeorm/repository/LoginElopageBuys' import { LoginUserRepository } from '../typeorm/repository/LoginUser' export const elopageWebhook = async (req: any, res: any): Promise => { + // eslint-disable-next-line no-console + console.log('Elopage Hook received') res.status(200).end() // Responding is important const loginElopgaeBuyRepository = await getCustomRepository(LoginElopageBuysRepository) const loginElopgaeBuy = new LoginElopageBuys() From 1d59fc7a4eb3bce08bc4e1be1f2426f08046d2dc Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 09:32:21 +0100 Subject: [PATCH 102/158] adjust script to handle seeding, regeneration of configs and alow unprivileged user to execute start.sh --- deployment/bare_metal/.env.dist | 2 ++ deployment/bare_metal/install.sh | 20 +++++------------- deployment/bare_metal/start.sh | 35 ++++++++++++++++++++++++-------- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/deployment/bare_metal/.env.dist b/deployment/bare_metal/.env.dist index 81c8cf769..70cc95521 100644 --- a/deployment/bare_metal/.env.dist +++ b/deployment/bare_metal/.env.dist @@ -2,6 +2,8 @@ NGINX_SERVER_NAME=_ #Example data +#DEPLOY_SEED_DATA=true +# #NGINX_REWRITE_LEGACY_URLS=true #NGINX_SSL=true #NGINX_SERVER_NAME=stage1.gradido.net diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 8c0b74ea7..091f86e5b 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -100,19 +100,9 @@ sudo certbot --certonly > Would you be willing, once your first certificate is successfully issued, to > N > No names were found in your configuration files. Please enter in your domain > stage1.gradido.net -# Generate gradido.conf from template -# TODO order - first certbot, then nginx setup -case "$NGINX_SSL" in - true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; - *) TEMPLATE_FILE="gradido.conf.template" ;; -esac -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > gradido.conf +git config pull.ff only -# Generate update-page.conf from template -case "$NGINX_SSL" in - true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; - *) TEMPLATE_FILE="update-page.conf.template" ;; -esac -envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $TEMPLATE_FILE > update-page.conf - -git config pull.ff only \ No newline at end of file +# Allow nginx configuration and restart for gradido +sudo nano /etc/sudoers.d/gradido +> gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart +sudo chmod a+rw /etc/nginx/sites-enabled \ No newline at end of file diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 829f0a59d..2b1abf07a 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -6,6 +6,7 @@ SCRIPT_DIR=$(dirname $SCRIPT_PATH) LOCK_FILE=$SCRIPT_DIR/update.lock UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html PROJECT_ROOT=$SCRIPT_DIR/../../ +NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available # Load .env or .env.dist if not present set -o allexport @@ -31,8 +32,8 @@ UPDATE_SITE_CONFIG=stage1_updating # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML -sudo rm /etc/nginx/sites-enabled/gradido.conf -sudo ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ +rm /etc/nginx/sites-enabled/gradido.conf +ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ sudo /etc/init.d/nginx restart @@ -49,16 +50,32 @@ git checkout $BRANCH git pull export BUILD_COMMIT="$(git rev-parse HEAD)" +# Generate gradido.conf from template +case "$NGINX_SSL" in + true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; + *) TEMPLATE_FILE="gradido.conf.template" ;; +esac +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf + +# Generate update-page.conf from template +case "$NGINX_SSL" in + true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; + *) TEMPLATE_FILE="update-page.conf.template" ;; +esac +envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/update-page.conf + # Install & build database echo 'Updating database
' >> $UPDATE_HTML cd $PROJECT_ROOT/database yarn install yarn build -# TODO only in staging! -yarn dev_up -# TODO only in staging! -yarn dev_reset -yarn seed +if [ "$DEPLOY_SEED_DATA" = "true" ]; then + yarn dev_up + yarn dev_reset + yarn seed +else + yarn up +fi # Install & build backend echo 'Updating backend
' >> $UPDATE_HTML @@ -89,8 +106,8 @@ pm2 save # let nginx showing gradido echo 'Configuring nginx to serve gradido again
' >> $UPDATE_HTML -sudo ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ -sudo rm /etc/nginx/sites-enabled/update-page.conf +ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ +rm /etc/nginx/sites-enabled/update-page.conf sudo /etc/init.d/nginx restart #release lock From 59efb3fcf515e7aab400c038f13d8f45523e2cba Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 09:53:30 +0100 Subject: [PATCH 103/158] start start.sh on githook --- backend/src/webhook/github.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 5a88f5f21..514e39e50 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -1,3 +1,6 @@ +// eslint-disable-next-line camelcase +import child_process from 'child_process' +import path from 'path' import CONFIG from '../config' export const githubWebhook = async (req: any, res: any): Promise => { @@ -15,8 +18,9 @@ export const githubWebhook = async (req: any, res: any): Promise => { console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { - // eslint-disable-next-line no-console - console.log('MATCH!') + child_process.execFile(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ + CONFIG.WEBHOOK_GITHUB_BRANCH, + ]) } } } From 4101ac6a07d1a1f981b65fac32efd77567f1d5ca Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 09:56:44 +0100 Subject: [PATCH 104/158] more logs --- deployment/bare_metal/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 2b1abf07a..ebf0acb78 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -51,6 +51,7 @@ git pull export BUILD_COMMIT="$(git rev-parse HEAD)" # Generate gradido.conf from template +echo 'Generate new gradido nginx config
' >> $UPDATE_HTML case "$NGINX_SSL" in true) TEMPLATE_FILE="gradido.conf.ssl.template" ;; *) TEMPLATE_FILE="gradido.conf.template" ;; @@ -58,6 +59,7 @@ esac envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE_FILE > $NGINX_CONFIG_DIR/gradido.conf # Generate update-page.conf from template +echo 'Generate new update-page nginx config
' >> $UPDATE_HTML case "$NGINX_SSL" in true) TEMPLATE_FILE="update-page.conf.ssl.template" ;; *) TEMPLATE_FILE="update-page.conf.template" ;; From 4ccfc5fcfc8fc5ad71399d4ad19f7b582b55a2b9 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:05:27 +0100 Subject: [PATCH 105/158] unref the spawned script instance in order to allow it to end the backend process --- backend/src/webhook/github.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 514e39e50..d7186bb10 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -1,5 +1,5 @@ // eslint-disable-next-line camelcase -import child_process from 'child_process' +import { spawn } from 'child_process' import path from 'path' import CONFIG from '../config' @@ -18,9 +18,10 @@ export const githubWebhook = async (req: any, res: any): Promise => { console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { - child_process.execFile(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ + const child = spawn(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ CONFIG.WEBHOOK_GITHUB_BRANCH, ]) + child.unref() } } } From 1bd3e7df001d3ea0b0812e5097faf3d988549312 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:11:02 +0100 Subject: [PATCH 106/158] some comment --- backend/src/webhook/github.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index d7186bb10..e0887c543 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -21,6 +21,7 @@ export const githubWebhook = async (req: any, res: any): Promise => { const child = spawn(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ CONFIG.WEBHOOK_GITHUB_BRANCH, ]) + // detach process to allow killing of parent process in the update script child.unref() } } From 3f4ba4c50cd2b352dc556e59c8d1fb783a1c0230 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:27:34 +0100 Subject: [PATCH 107/158] try fork --- backend/src/webhook/github.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index e0887c543..316a9c0d3 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -1,5 +1,5 @@ // eslint-disable-next-line camelcase -import { spawn } from 'child_process' +import { fork } from 'child_process' import path from 'path' import CONFIG from '../config' @@ -18,7 +18,7 @@ export const githubWebhook = async (req: any, res: any): Promise => { console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { - const child = spawn(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ + const child = fork(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ CONFIG.WEBHOOK_GITHUB_BRANCH, ]) // detach process to allow killing of parent process in the update script From 7ed327c4cf464d50287c11177e17edfde601dd4e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:32:03 +0100 Subject: [PATCH 108/158] typo --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index ebf0acb78..883ebda8b 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -112,5 +112,5 @@ ln -s /etc/nginx/sites-available/gradido.conf /etc/nginx/sites-enabled/ rm /etc/nginx/sites-enabled/update-page.conf sudo /etc/init.d/nginx restart -#release lock +# release lock rm $LOCK_FILE \ No newline at end of file From 610f3454a60af446822290e75d27ac14adf63f08 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:41:04 +0100 Subject: [PATCH 109/158] update detach code --- backend/src/webhook/github.ts | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 316a9c0d3..0c41dc728 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -1,5 +1,5 @@ // eslint-disable-next-line camelcase -import { fork } from 'child_process' +import { spawn } from 'child_process' import path from 'path' import CONFIG from '../config' @@ -18,9 +18,14 @@ export const githubWebhook = async (req: any, res: any): Promise => { console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { - const child = fork(path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [ - CONFIG.WEBHOOK_GITHUB_BRANCH, - ]) + const child = spawn( + path.join(__dirname, '../../../deployment/bare_metal/start.sh'), + [CONFIG.WEBHOOK_GITHUB_BRANCH], + { + detached: true, + stdio: ['ignore', 'ignore', 'ignore'], + }, + ) // detach process to allow killing of parent process in the update script child.unref() } From 09670126f24eceb14bb31a1b8fa0ae4c3ebac3c9 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:43:46 +0100 Subject: [PATCH 110/158] comment fix --- backend/src/webhook/github.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 0c41dc728..69b0ccc73 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -18,6 +18,7 @@ export const githubWebhook = async (req: any, res: any): Promise => { console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { + // spawn shell and detach process to allow killing of parent process in the update script const child = spawn( path.join(__dirname, '../../../deployment/bare_metal/start.sh'), [CONFIG.WEBHOOK_GITHUB_BRANCH], @@ -26,7 +27,6 @@ export const githubWebhook = async (req: any, res: any): Promise => { stdio: ['ignore', 'ignore', 'ignore'], }, ) - // detach process to allow killing of parent process in the update script child.unref() } } From a93d5b08469c26d989a1118fec0e09ca91f3d3aa Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:48:49 +0100 Subject: [PATCH 111/158] dont kill detached processes --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 883ebda8b..f012a5e26 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -39,7 +39,7 @@ sudo /etc/init.d/nginx restart # stop all services echo 'Stopping all Gradido services
' >> $UPDATE_HTML -pm2 stop all +pm2 stop all --no-treekill # git BRANCH=${1:-master} From 42542b53b3d022ed36d00e1547e126896e8b587a Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:50:43 +0100 Subject: [PATCH 112/158] remove unused eslint ignore --- backend/src/webhook/github.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 69b0ccc73..0ce9fb11d 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -1,4 +1,3 @@ -// eslint-disable-next-line camelcase import { spawn } from 'child_process' import path from 'path' import CONFIG from '../config' From 68da12cfa1a83d4f465b34d96884a92da791fd53 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 10:54:25 +0100 Subject: [PATCH 113/158] sleep for node --- deployment/bare_metal/start.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index f012a5e26..991115646 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,5 +1,8 @@ #!/bin/bash +# wait for node to properly unref the process(?) +sleep 15 + # Find current directory & configure paths SCRIPT_PATH=$(realpath $0) SCRIPT_DIR=$(dirname $SCRIPT_PATH) From bfda1984ec8ccf1607a399125d2c7f031e9c0822 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 11:00:32 +0100 Subject: [PATCH 114/158] remove console log --- backend/src/webhook/github.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 0ce9fb11d..d1d5034d3 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -14,7 +14,7 @@ export const githubWebhook = async (req: any, res: any): Promise => { if (req.headers['x-github-event'] === 'push') { const payload = req.body // eslint-disable-next-line no-console - console.log(payload) + // console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { // spawn shell and detach process to allow killing of parent process in the update script From 8b684f3ce6243728319b8340949b4f62d2bd1cb2 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 14:43:42 +0100 Subject: [PATCH 115/158] stop each process on its own --- deployment/bare_metal/start.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 991115646..03a2377c8 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -39,10 +39,11 @@ rm /etc/nginx/sites-enabled/gradido.conf ln -s /etc/nginx/sites-available/update-page.conf /etc/nginx/sites-enabled/ sudo /etc/init.d/nginx restart - # stop all services echo 'Stopping all Gradido services
' >> $UPDATE_HTML -pm2 stop all --no-treekill +pm2 stop gradido-backend --no-treekill +pm2 stop gradido-frontend +pm2 stop gradido-admin # git BRANCH=${1:-master} @@ -88,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn start" +pm2 start --name gradido-backend "yarn start" --no-treekill pm2 save # Install & build frontend From 1f2c3ee4dab889b83b70805014251e93562d4c41 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:20:12 +0100 Subject: [PATCH 116/158] sleep 60 seconds to evaluate tree --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 03a2377c8..c64f4e94e 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,7 +1,7 @@ #!/bin/bash # wait for node to properly unref the process(?) -sleep 15 +sleep 60 # Find current directory & configure paths SCRIPT_PATH=$(realpath $0) From ba88160735d1007623d5647fb7cea3c09a962b3f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:25:01 +0100 Subject: [PATCH 117/158] comment --- deployment/bare_metal/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index c64f4e94e..5bfa6bec2 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,6 +1,7 @@ #!/bin/bash # wait for node to properly unref the process(?) +# Wait 60 seconds to evaluate ps -x --forest sleep 60 # Find current directory & configure paths From c01f684e8c82ae2a58e58737b86dc9a58c897d97 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:30:47 +0100 Subject: [PATCH 118/158] echo the script and project dor, sleep only 30 sec --- deployment/bare_metal/start.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 5bfa6bec2..0b228d3c2 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -2,7 +2,7 @@ # wait for node to properly unref the process(?) # Wait 60 seconds to evaluate ps -x --forest -sleep 60 +sleep 30 # Find current directory & configure paths SCRIPT_PATH=$(realpath $0) @@ -34,6 +34,9 @@ UPDATE_SITE_CONFIG=stage1_updating # Create a new updating.html from the template \cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML +echo "SCRIPT_DIR ${SCRIPT_DIR}
" >> $UPDATE_HTML +echo "PROJECT_DIR ${PROJECT_DIR}
" >> $UPDATE_HTML + # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML rm /etc/nginx/sites-enabled/gradido.conf From 0cde80312a37e9bb2d0ad389e30661d36ce1072b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:34:39 +0100 Subject: [PATCH 119/158] comment --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 0b228d3c2..f2c47635c 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,6 +1,6 @@ #!/bin/bash -# wait for node to properly unref the process(?) +# wait for node to properly unref the process 15sec is too less, 60 is enough # Wait 60 seconds to evaluate ps -x --forest sleep 30 From da9e167f55eb9a4d503a6965d362e04943371e65 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:49:44 +0100 Subject: [PATCH 120/158] ecapsulate all cd commands in functions --- deployment/bare_metal/start.sh | 84 ++++++++++++++++++++-------------- 1 file changed, 50 insertions(+), 34 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index f2c47635c..de2ab5ea0 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -35,7 +35,7 @@ UPDATE_SITE_CONFIG=stage1_updating \cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML echo "SCRIPT_DIR ${SCRIPT_DIR}
" >> $UPDATE_HTML -echo "PROJECT_DIR ${PROJECT_DIR}
" >> $UPDATE_HTML +echo "PROJECT_ROOT ${PROJECT_ROOT}
" >> $UPDATE_HTML # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML @@ -52,11 +52,15 @@ pm2 stop gradido-admin # git BRANCH=${1:-master} echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML -cd $PROJECT_ROOT -git fetch origin $BRANCH -git checkout $BRANCH -git pull -export BUILD_COMMIT="$(git rev-parse HEAD)" +update_git(){ + cd $PROJECT_ROOT + git fetch origin $BRANCH + git checkout $BRANCH + git pull + export BUILD_COMMIT="$(git rev-parse HEAD)" +} +update_git + # Generate gradido.conf from template echo 'Generate new gradido nginx config
' >> $UPDATE_HTML @@ -76,43 +80,55 @@ envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE # Install & build database echo 'Updating database
' >> $UPDATE_HTML -cd $PROJECT_ROOT/database -yarn install -yarn build -if [ "$DEPLOY_SEED_DATA" = "true" ]; then - yarn dev_up - yarn dev_reset - yarn seed -else - yarn up -fi +update_database(){ + cd $PROJECT_ROOT/database + yarn install + yarn build + if [ "$DEPLOY_SEED_DATA" = "true" ]; then + yarn dev_up + yarn dev_reset + yarn seed + else + yarn up + fi +} +update_database # Install & build backend echo 'Updating backend
' >> $UPDATE_HTML -cd $PROJECT_ROOT/backend -yarn install -yarn build -pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn start" --no-treekill -pm2 save +update_backend() { + cd $PROJECT_ROOT/backend + yarn install + yarn build + pm2 delete gradido-backend + pm2 start --name gradido-backend "yarn start" --no-treekill + pm2 save +} +update_backend # Install & build frontend echo 'Updating frontend
' >> $UPDATE_HTML -cd $PROJECT_ROOT/frontend -yarn install -yarn build -pm2 delete gradido-frontend -pm2 start --name gradido-frontend "yarn start" -pm2 save +update_frontend() { + cd $PROJECT_ROOT/frontend && + yarn install + yarn build + pm2 delete gradido-frontend + pm2 start --name gradido-frontend "yarn start" + pm2 save +} +update_frontend # Install & build admin echo 'Updating admin
' >> $UPDATE_HTML -cd $PROJECT_ROOT/admin -yarn install -yarn build -pm2 delete gradido-admin -pm2 start --name gradido-admin "yarn start" -pm2 save +update_admin() { + cd $PROJECT_ROOT/admin + yarn install + yarn build + pm2 delete gradido-admin + pm2 start --name gradido-admin "yarn start" + pm2 save +} +update_admin # let nginx showing gradido echo 'Configuring nginx to serve gradido again
' >> $UPDATE_HTML From c9b4a5257b323b4924aa2bd5c0049f4a5af4b2d8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 15:54:56 +0100 Subject: [PATCH 121/158] removed unused variable --- deployment/bare_metal/start.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index de2ab5ea0..fd052579c 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -29,8 +29,6 @@ if [ -f $LOCK_FILE ] ; then fi touch $LOCK_FILE -UPDATE_SITE_CONFIG=stage1_updating - # Create a new updating.html from the template \cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML From 02f519ae9b28e650a624122d2502b48030edfe16 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:02:16 +0100 Subject: [PATCH 122/158] try && as connection --- deployment/bare_metal/start.sh | 82 ++++++++++++++-------------------- 1 file changed, 33 insertions(+), 49 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index fd052579c..82b2a0f1d 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -50,15 +50,11 @@ pm2 stop gradido-admin # git BRANCH=${1:-master} echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML -update_git(){ - cd $PROJECT_ROOT - git fetch origin $BRANCH - git checkout $BRANCH - git pull - export BUILD_COMMIT="$(git rev-parse HEAD)" -} -update_git - +cd $PROJECT_ROOT && \ +git fetch origin $BRANCH && \ +git checkout $BRANCH && \ +git pull && \ +export BUILD_COMMIT="$(git rev-parse HEAD)" # Generate gradido.conf from template echo 'Generate new gradido nginx config
' >> $UPDATE_HTML @@ -78,55 +74,43 @@ envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE # Install & build database echo 'Updating database
' >> $UPDATE_HTML -update_database(){ - cd $PROJECT_ROOT/database - yarn install - yarn build - if [ "$DEPLOY_SEED_DATA" = "true" ]; then - yarn dev_up - yarn dev_reset - yarn seed - else - yarn up - fi -} -update_database +#cd $PROJECT_ROOT/database +#yarn install +#yarn build +#if [ "$DEPLOY_SEED_DATA" = "true" ]; then +# yarn dev_up +# yarn dev_reset +# yarn seed +#else +# yarn up +#fi # Install & build backend echo 'Updating backend
' >> $UPDATE_HTML -update_backend() { - cd $PROJECT_ROOT/backend - yarn install - yarn build - pm2 delete gradido-backend - pm2 start --name gradido-backend "yarn start" --no-treekill - pm2 save -} -update_backend +cd $PROJECT_ROOT/backend && \ +yarn install && \ +yarn build && \ +pm2 delete gradido-backend && \ +pm2 start --name gradido-backend "yarn start" --no-treekill && \ +pm2 save # Install & build frontend echo 'Updating frontend
' >> $UPDATE_HTML -update_frontend() { - cd $PROJECT_ROOT/frontend && - yarn install - yarn build - pm2 delete gradido-frontend - pm2 start --name gradido-frontend "yarn start" - pm2 save -} -update_frontend +cd $PROJECT_ROOT/frontend && \ +yarn install && \ +yarn build && \ +pm2 delete gradido-frontend && \ +pm2 start --name gradido-frontend "yarn start" && \ +pm2 save # Install & build admin echo 'Updating admin
' >> $UPDATE_HTML -update_admin() { - cd $PROJECT_ROOT/admin - yarn install - yarn build - pm2 delete gradido-admin - pm2 start --name gradido-admin "yarn start" - pm2 save -} -update_admin +cd $PROJECT_ROOT/admin && \ +yarn install && \ +yarn build && \ +pm2 delete gradido-admin && \ +pm2 start --name gradido-admin "yarn start" && \ +pm2 save # let nginx showing gradido echo 'Configuring nginx to serve gradido again
' >> $UPDATE_HTML From 940e3dd17d1ad6083d304ae787b89d50e3e735d8 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:13:19 +0100 Subject: [PATCH 123/158] include database update as 1-command --- deployment/bare_metal/start.sh | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 82b2a0f1d..a8bfee1c4 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -74,16 +74,25 @@ envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE # Install & build database echo 'Updating database
' >> $UPDATE_HTML -#cd $PROJECT_ROOT/database -#yarn install -#yarn build -#if [ "$DEPLOY_SEED_DATA" = "true" ]; then -# yarn dev_up -# yarn dev_reset -# yarn seed -#else -# yarn up -#fi +update_database(){ + cd $PROJECT_ROOT/database && \ + yarn install && \ + yarn build && \ + yarn up +} +update_database_seed(){ + cd $PROJECT_ROOT/database && \ + yarn install && \ + yarn build && \ + yarn dev_up && \ + yarn dev_reset && \ + yarn seed +} +if [ "$DEPLOY_SEED_DATA" = "true" ]; then + update_database +else + update_database_seed +fi # Install & build backend echo 'Updating backend
' >> $UPDATE_HTML From f332bae932bc1187593d29f70340affb2641cbbf Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:22:54 +0100 Subject: [PATCH 124/158] reverted all trys to fix things within the script, use /bin/bash to spawn interpret the script --- backend/src/webhook/github.ts | 7 ++-- deployment/bare_metal/start.sh | 61 +++++++++++++++------------------- 2 files changed, 31 insertions(+), 37 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index d1d5034d3..df14726ab 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -19,8 +19,11 @@ export const githubWebhook = async (req: any, res: any): Promise => { if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { // spawn shell and detach process to allow killing of parent process in the update script const child = spawn( - path.join(__dirname, '../../../deployment/bare_metal/start.sh'), - [CONFIG.WEBHOOK_GITHUB_BRANCH], + '/bin/bash', + [ + path.join(__dirname, '../../../deployment/bare_metal/start.sh'), + CONFIG.WEBHOOK_GITHUB_BRANCH, + ], { detached: true, stdio: ['ignore', 'ignore', 'ignore'], diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index a8bfee1c4..ce4846ce2 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -50,10 +50,10 @@ pm2 stop gradido-admin # git BRANCH=${1:-master} echo "Starting with git pull - branch:$BRANCH
" >> $UPDATE_HTML -cd $PROJECT_ROOT && \ -git fetch origin $BRANCH && \ -git checkout $BRANCH && \ -git pull && \ +cd $PROJECT_ROOT +git fetch origin $BRANCH +git checkout $BRANCH +git pull export BUILD_COMMIT="$(git rev-parse HEAD)" # Generate gradido.conf from template @@ -74,51 +74,42 @@ envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" < $NGINX_CONFIG_DIR/$TEMPLATE # Install & build database echo 'Updating database
' >> $UPDATE_HTML -update_database(){ - cd $PROJECT_ROOT/database && \ - yarn install && \ - yarn build && \ - yarn up -} -update_database_seed(){ - cd $PROJECT_ROOT/database && \ - yarn install && \ - yarn build && \ - yarn dev_up && \ - yarn dev_reset && \ - yarn seed -} +cd $PROJECT_ROOT/database +yarn install +yarn build if [ "$DEPLOY_SEED_DATA" = "true" ]; then - update_database + yarn dev_up + yarn dev_reset + yarn seed else - update_database_seed + yarn up fi # Install & build backend echo 'Updating backend
' >> $UPDATE_HTML -cd $PROJECT_ROOT/backend && \ -yarn install && \ -yarn build && \ -pm2 delete gradido-backend && \ -pm2 start --name gradido-backend "yarn start" --no-treekill && \ +cd $PROJECT_ROOT/backend +yarn install +yarn build +pm2 delete gradido-backend +pm2 start --name gradido-backend "yarn start" --no-treekill pm2 save # Install & build frontend echo 'Updating frontend
' >> $UPDATE_HTML -cd $PROJECT_ROOT/frontend && \ -yarn install && \ -yarn build && \ -pm2 delete gradido-frontend && \ -pm2 start --name gradido-frontend "yarn start" && \ +cd $PROJECT_ROOT/frontend +yarn install +yarn build +pm2 delete gradido-frontend +pm2 start --name gradido-frontend "yarn start" pm2 save # Install & build admin echo 'Updating admin
' >> $UPDATE_HTML -cd $PROJECT_ROOT/admin && \ -yarn install && \ -yarn build && \ -pm2 delete gradido-admin && \ -pm2 start --name gradido-admin "yarn start" && \ +cd $PROJECT_ROOT/admin +yarn install +yarn build +pm2 delete gradido-admin +pm2 start --name gradido-admin "yarn start" pm2 save # let nginx showing gradido From 833c3c48519584a74f1ed19987ae67cb1b9a5ffb Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:29:51 +0100 Subject: [PATCH 125/158] use pm2 stop all again --- deployment/bare_metal/start.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index ce4846ce2..e1f67ff92 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -43,9 +43,7 @@ sudo /etc/init.d/nginx restart # stop all services echo 'Stopping all Gradido services
' >> $UPDATE_HTML -pm2 stop gradido-backend --no-treekill -pm2 stop gradido-frontend -pm2 stop gradido-admin +pm2 stop all # git BRANCH=${1:-master} From 421d95c611467122c16beddcb1d74c010f2a9b71 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:32:16 +0100 Subject: [PATCH 126/158] maybe the pm2 start command is the problem --- deployment/bare_metal/start.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index e1f67ff92..eef4021ce 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -89,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn start" --no-treekill +pm2 start --name gradido-backend "cd $PROJECT_ROOT/backend && yarn start" --no-treekill pm2 save # Install & build frontend @@ -98,7 +98,7 @@ cd $PROJECT_ROOT/frontend yarn install yarn build pm2 delete gradido-frontend -pm2 start --name gradido-frontend "yarn start" +pm2 start --name gradido-frontend cd $PROJECT_ROOT/frontend && yarn start" pm2 save # Install & build admin @@ -107,7 +107,7 @@ cd $PROJECT_ROOT/admin yarn install yarn build pm2 delete gradido-admin -pm2 start --name gradido-admin "yarn start" +pm2 start --name gradido-admin "cd $PROJECT_ROOT/admin && yarn start" pm2 save # let nginx showing gradido From 42e23578d4b5822343cde269fda2178179c8a2b5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:38:12 +0100 Subject: [PATCH 127/158] typo --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index eef4021ce..307ecf0ae 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -98,7 +98,7 @@ cd $PROJECT_ROOT/frontend yarn install yarn build pm2 delete gradido-frontend -pm2 start --name gradido-frontend cd $PROJECT_ROOT/frontend && yarn start" +pm2 start --name gradido-frontend "cd $PROJECT_ROOT/frontend && yarn start" pm2 save # Install & build admin From d2d22f68b2172522670b3505a2591584b7292e33 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:46:24 +0100 Subject: [PATCH 128/158] remove console log --- backend/src/webhook/github.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index df14726ab..77171507a 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -3,8 +3,6 @@ import path from 'path' import CONFIG from '../config' export const githubWebhook = async (req: any, res: any): Promise => { - // eslint-disable-next-line no-console - console.log('Hook received') // End call as early as possible res.status(200).end() // eslint-disable-next-line no-console From e1a1af0c8f77652711f83e57c27288b2d16e8f63 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:56:56 +0100 Subject: [PATCH 129/158] use cd infront of pm2 start command --- deployment/bare_metal/start.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 307ecf0ae..ec73b9374 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -89,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "cd $PROJECT_ROOT/backend && yarn start" --no-treekill +cd $PROJECT_ROOT/backend && pm2 start --name gradido-backend "yarn start" --no-treekill pm2 save # Install & build frontend @@ -98,7 +98,7 @@ cd $PROJECT_ROOT/frontend yarn install yarn build pm2 delete gradido-frontend -pm2 start --name gradido-frontend "cd $PROJECT_ROOT/frontend && yarn start" +cd $PROJECT_ROOT/frontend && pm2 start --name gradido-frontend "yarn start" pm2 save # Install & build admin @@ -107,7 +107,7 @@ cd $PROJECT_ROOT/admin yarn install yarn build pm2 delete gradido-admin -pm2 start --name gradido-admin "cd $PROJECT_ROOT/admin && yarn start" +cd $PROJECT_ROOT/admin && pm2 start --name gradido-admin "yarn start" pm2 save # let nginx showing gradido From d41c404288aecc907b35a75fbc04d6a73185f579 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 16:59:53 +0100 Subject: [PATCH 130/158] removed comment --- backend/src/webhook/github.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 77171507a..31ce5ed94 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -5,8 +5,6 @@ import CONFIG from '../config' export const githubWebhook = async (req: any, res: any): Promise => { // End call as early as possible res.status(200).end() - // eslint-disable-next-line no-console - console.log('Call ended') // Handle push events if (req.headers['x-github-event'] === 'push') { From b7132865a11a9aa74a2b230f2ce7d7257fbe7f49 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 17:05:36 +0100 Subject: [PATCH 131/158] exit process after forking, use semicolon instead of && --- backend/src/webhook/github.ts | 1 + deployment/bare_metal/start.sh | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 31ce5ed94..e96e8cf2d 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -26,6 +26,7 @@ export const githubWebhook = async (req: any, res: any): Promise => { }, ) child.unref() + process.exit() } } } diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index ec73b9374..47f180a88 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -89,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -cd $PROJECT_ROOT/backend && pm2 start --name gradido-backend "yarn start" --no-treekill +cd $PROJECT_ROOT/backend; pm2 start --name gradido-backend "yarn start" --no-treekill pm2 save # Install & build frontend @@ -98,7 +98,7 @@ cd $PROJECT_ROOT/frontend yarn install yarn build pm2 delete gradido-frontend -cd $PROJECT_ROOT/frontend && pm2 start --name gradido-frontend "yarn start" +cd $PROJECT_ROOT/frontend; pm2 start --name gradido-frontend "yarn start" pm2 save # Install & build admin @@ -107,7 +107,7 @@ cd $PROJECT_ROOT/admin yarn install yarn build pm2 delete gradido-admin -cd $PROJECT_ROOT/admin && pm2 start --name gradido-admin "yarn start" +cd $PROJECT_ROOT/admin; pm2 start --name gradido-admin "yarn start" pm2 save # let nginx showing gradido From 8da334aa7716683623a9ec883c4d70690fbb742b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 17:11:18 +0100 Subject: [PATCH 132/158] remove process.exit since it does not have any effect --- backend/src/webhook/github.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index e96e8cf2d..31ce5ed94 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -26,7 +26,6 @@ export const githubWebhook = async (req: any, res: any): Promise => { }, ) child.unref() - process.exit() } } } From 477d59a3f844b737c57df71b518d9c056550f994 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 17:16:53 +0100 Subject: [PATCH 133/158] use yarn to change working directory --- deployment/bare_metal/start.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 47f180a88..bd1484cda 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -89,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -cd $PROJECT_ROOT/backend; pm2 start --name gradido-backend "yarn start" --no-treekill +pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" --no-treekill pm2 save # Install & build frontend @@ -98,7 +98,7 @@ cd $PROJECT_ROOT/frontend yarn install yarn build pm2 delete gradido-frontend -cd $PROJECT_ROOT/frontend; pm2 start --name gradido-frontend "yarn start" +pm2 start --name gradido-frontend "yarn --cwd $PROJECT_ROOT/frontend start" pm2 save # Install & build admin @@ -107,7 +107,7 @@ cd $PROJECT_ROOT/admin yarn install yarn build pm2 delete gradido-admin -cd $PROJECT_ROOT/admin; pm2 start --name gradido-admin "yarn start" +pm2 start --name gradido-admin "yarn --cwd $PROJECT_ROOT/admin start" pm2 save # let nginx showing gradido From f75ff56785f2c9c2a91b982209a4102a52a4ea6d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 17:23:34 +0100 Subject: [PATCH 134/158] execute script directly --- backend/src/webhook/github.ts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index 31ce5ed94..fdeb0dfaf 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -15,11 +15,8 @@ export const githubWebhook = async (req: any, res: any): Promise => { if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { // spawn shell and detach process to allow killing of parent process in the update script const child = spawn( - '/bin/bash', - [ - path.join(__dirname, '../../../deployment/bare_metal/start.sh'), - CONFIG.WEBHOOK_GITHUB_BRANCH, - ], + path.join(__dirname, '../../../deployment/bare_metal/start.sh'), + [CONFIG.WEBHOOK_GITHUB_BRANCH], { detached: true, stdio: ['ignore', 'ignore', 'ignore'], From 088d4c02190eaed7d8371884a8f88916dc604c97 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 18:33:26 +0100 Subject: [PATCH 135/158] fix trailing slash, remove --no-treekill --- deployment/bare_metal/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index bd1484cda..8db828488 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -9,7 +9,7 @@ SCRIPT_PATH=$(realpath $0) SCRIPT_DIR=$(dirname $SCRIPT_PATH) LOCK_FILE=$SCRIPT_DIR/update.lock UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html -PROJECT_ROOT=$SCRIPT_DIR/../../ +PROJECT_ROOT=$SCRIPT_DIR/../.. NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available # Load .env or .env.dist if not present @@ -89,7 +89,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" --no-treekill +pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" # --no-treekill pm2 save # Install & build frontend From 5e5991d0046f25ba717a243ae43a77dbf1f90bbd Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 18:36:19 +0100 Subject: [PATCH 136/158] remove unused comment --- backend/src/webhook/github.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts index fdeb0dfaf..ebebe652c 100644 --- a/backend/src/webhook/github.ts +++ b/backend/src/webhook/github.ts @@ -9,8 +9,6 @@ export const githubWebhook = async (req: any, res: any): Promise => { // Handle push events if (req.headers['x-github-event'] === 'push') { const payload = req.body - // eslint-disable-next-line no-console - // console.log(payload) if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { // spawn shell and detach process to allow killing of parent process in the update script From b6f191f157879b4b3520592a76f5e95c54479551 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 18:56:12 +0100 Subject: [PATCH 137/158] try exporting things --- deployment/bare_metal/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 8db828488..19a5ba45a 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -5,12 +5,14 @@ sleep 30 # Find current directory & configure paths +set -o allexport SCRIPT_PATH=$(realpath $0) SCRIPT_DIR=$(dirname $SCRIPT_PATH) LOCK_FILE=$SCRIPT_DIR/update.lock UPDATE_HTML=$SCRIPT_DIR/nginx/update-page/updating.html PROJECT_ROOT=$SCRIPT_DIR/../.. NGINX_CONFIG_DIR=$SCRIPT_DIR/nginx/sites-available +set +o allexport # Load .env or .env.dist if not present set -o allexport From 45d9d81ae7bb11c0dccce0520a30da872eb84bc6 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 18:57:12 +0100 Subject: [PATCH 138/158] readd --no-treekill for debugging --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 19a5ba45a..6c1b0558c 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -91,7 +91,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" # --no-treekill +pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" --no-treekill pm2 save # Install & build frontend From 53c7991a030ba18974e1475480ec0bde91198058 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 19:01:30 +0100 Subject: [PATCH 139/158] fixed exit code to be numeric --- deployment/bare_metal/start.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 6c1b0558c..211e4ac5a 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -26,8 +26,7 @@ set +o allexport # lock start if [ -f $LOCK_FILE ] ; then - retVal="Already building!" - return "${retVal}" 2>/dev/null || exit "${retVal}" + return "Already building!" 2>/dev/null || exit 1 fi touch $LOCK_FILE From 125857dd1bccf11a5386aa5a4093f9b30328d88c Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 19:08:38 +0100 Subject: [PATCH 140/158] saving some time --- deployment/bare_metal/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 211e4ac5a..09a4b5234 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -2,7 +2,7 @@ # wait for node to properly unref the process 15sec is too less, 60 is enough # Wait 60 seconds to evaluate ps -x --forest -sleep 30 +sleep 25 # Find current directory & configure paths set -o allexport From df8c6ef8f7c47af7f0757eae49a7ad2bd56a1ea5 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 19:43:31 +0100 Subject: [PATCH 141/158] use webhook tool --- deployment/bare_metal/install.sh | 41 ++++++++++++++++++- .../sites-available/gradido.conf.ssl.template | 5 +++ .../sites-available/gradido.conf.template | 5 +++ 3 files changed, 50 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 091f86e5b..fe6c770ae 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -105,4 +105,43 @@ git config pull.ff only # Allow nginx configuration and restart for gradido sudo nano /etc/sudoers.d/gradido > gradido ALL=(ALL) NOPASSWD: /etc/init.d/nginx start,/etc/init.d/nginx stop,/etc/init.d/nginx restart -sudo chmod a+rw /etc/nginx/sites-enabled \ No newline at end of file +sudo chmod a+rw /etc/nginx/sites-enabled + +# Webhooks (optional) +sudo apt install webhook +nano ~/hooks.json +``` +[ + { + "id": "gradido", + "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh", + "command-working-directory": "/home/gradido/gradido/deployment/bare_metal", + "trigger-rule": { + "and": [ + { + "match": { + "type": "payload-hash-sha1", + "secret": "secret", + "parameter": { + "source": "header", + "name": "X-Hub-Signature" + } + } + }, + { + "match": { + "type": "value", + "value": "refs/heads/new_deployment", + "parameter": { + "source": "payload", + "name": "ref" + } + } + } + ] + } + } +] +``` + +webhook -hooks ~/hooks.json & \ No newline at end of file diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template index 07c7c3779..845cf56ad 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.ssl.template @@ -70,6 +70,11 @@ server { proxy_redirect off; } + # Webhook reverse proxy + location /hooks/ { + proxy_pass http://127.0.0.1:9000/hooks/; + } + # Admin Frontend location /admin { proxy_http_version 1.1; diff --git a/deployment/bare_metal/nginx/sites-available/gradido.conf.template b/deployment/bare_metal/nginx/sites-available/gradido.conf.template index 44521823d..e76140b56 100644 --- a/deployment/bare_metal/nginx/sites-available/gradido.conf.template +++ b/deployment/bare_metal/nginx/sites-available/gradido.conf.template @@ -56,6 +56,11 @@ server { proxy_redirect off; } + # Webhook reverse proxy + location /hooks/ { + proxy_pass http://127.0.0.1:9000/hooks/; + } + # Admin Frontend location /admin { proxy_http_version 1.1; From e5955a80672f0ab754dae2a7f905406253676498 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 19:46:26 +0100 Subject: [PATCH 142/158] remove wait time alltogether --- deployment/bare_metal/start.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 09a4b5234..b76f5c48b 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -1,9 +1,5 @@ #!/bin/bash -# wait for node to properly unref the process 15sec is too less, 60 is enough -# Wait 60 seconds to evaluate ps -x --forest -sleep 25 - # Find current directory & configure paths set -o allexport SCRIPT_PATH=$(realpath $0) From 7e1a7482ef4cdd29ab89cbf59ea291102564ffd4 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:11:37 +0100 Subject: [PATCH 143/158] webhook debug command --- deployment/bare_metal/install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index fe6c770ae..09e12754a 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -144,4 +144,6 @@ nano ~/hooks.json ] ``` -webhook -hooks ~/hooks.json & \ No newline at end of file +webhook -hooks ~/hooks.json & +# or for debugging +webhook -hooks ~/hooks.json -verbose \ No newline at end of file From 670099f765fd99393bdbfa5c52c521312e12732e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:14:10 +0100 Subject: [PATCH 144/158] corrected hook id --- deployment/bare_metal/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 09e12754a..bffec6fde 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -113,7 +113,7 @@ nano ~/hooks.json ``` [ { - "id": "gradido", + "id": "github", "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh", "command-working-directory": "/home/gradido/gradido/deployment/bare_metal", "trigger-rule": { From 6dbec1bd269ac6e2dc32f3254c281f77e6d9ed3b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:18:24 +0100 Subject: [PATCH 145/158] do not start with --no-treekill, checkout correct branch --- deployment/bare_metal/install.sh | 2 +- deployment/bare_metal/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index bffec6fde..1bf632b5f 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -114,7 +114,7 @@ nano ~/hooks.json [ { "id": "github", - "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh", + "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh new_deployment", "command-working-directory": "/home/gradido/gradido/deployment/bare_metal", "trigger-rule": { "and": [ diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index b76f5c48b..7ca623a7b 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -86,7 +86,7 @@ cd $PROJECT_ROOT/backend yarn install yarn build pm2 delete gradido-backend -pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" --no-treekill +pm2 start --name gradido-backend "yarn --cwd $PROJECT_ROOT/backend start" pm2 save # Install & build frontend From 4a175f0ef803174f5cee6b2028be6ed108e42e22 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:25:21 +0100 Subject: [PATCH 146/158] removed github webhook, its now external --- backend/.env.dist | 7 +--- backend/package.json | 1 - backend/src/config/index.ts | 5 --- backend/src/server/createServer.ts | 18 --------- backend/yarn.lock | 59 ------------------------------ 5 files changed, 1 insertion(+), 89 deletions(-) diff --git a/backend/.env.dist b/backend/.env.dist index 2c20e6b7a..77fd9f6cc 100644 --- a/backend/.env.dist +++ b/backend/.env.dist @@ -33,9 +33,4 @@ COMMUNITY_DESCRIPTION= LOGIN_APP_SECRET=21ffbbc616fe LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a -WEBHOOK_ELOPAGE_SECRET=secret - -WEBHOOK_GITHUB=false -WEBHOOK_GITHUB_SECRET= -WEBHOOK_GITHUB_PAYLOAD_LIMIT=1mb -WEBHOOK_GITHUB_BRANCH=master \ No newline at end of file +WEBHOOK_ELOPAGE_SECRET=secret \ No newline at end of file diff --git a/backend/package.json b/backend/package.json index aad8452ac..65ce3c801 100644 --- a/backend/package.json +++ b/backend/package.json @@ -25,7 +25,6 @@ "cors": "^2.8.5", "dotenv": "^10.0.0", "express": "^4.17.1", - "github-webhook-middleware": "^0.0.2", "graphql": "^15.5.1", "jest": "^27.2.4", "jsonwebtoken": "^8.5.1", diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts index d2a087346..8e1218f12 100644 --- a/backend/src/config/index.ts +++ b/backend/src/config/index.ts @@ -58,11 +58,6 @@ const email = { const webhook = { // Elopage WEBHOOK_ELOPAGE_SECRET: process.env.WEBHOOK_ELOPAGE_SECRET || 'secret', - // Github - WEBHOOK_GITHUB: process.env.WEBHOOK_GITHUB === 'true' || false, - WEBHOOK_GITHUB_SECRET: process.env.WEBHOOK_GITHUB_SECRET || '', - WEBHOOK_GITHUB_PAYLOAD_LIMIT: process.env.WEBHOOK_GITHUB_PAYLOAD_LIMIT || '1mb', - WEBHOOK_GITHUB_BRANCH: process.env.WEBHOOK_GITHUB_BRANCH || 'master', } // This is needed by graphql-directive-auth diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index 1f0048677..e620c5074 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -24,13 +24,6 @@ import schema from '../graphql/schema' // webhooks import { elopageWebhook } from '../webhook/elopage' -import { githubWebhook } from '../webhook/github' - -// github middleware -// This library has no types available -// TODO: fork it an make it typescript -// eslint-disable-next-line @typescript-eslint/no-var-requires -const githubMiddleware = require('github-webhook-middleware') // TODO implement // import queryComplexity, { simpleEstimator, fieldConfigEstimator } from "graphql-query-complexity"; @@ -74,17 +67,6 @@ const createServer = async (context: any = serverContext): Promise => { // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) - // Github Webhook - if (CONFIG.WEBHOOK_GITHUB) { - app.post( - '/hook/github/', - githubMiddleware({ - secret: CONFIG.WEBHOOK_GITHUB_SECRET, - limit: CONFIG.WEBHOOK_GITHUB_PAYLOAD_LIMIT, - }), - githubWebhook, - ) - } // Apollo Server const apollo = new ApolloServer({ diff --git a/backend/yarn.lock b/backend/yarn.lock index 04ef5505c..2c1603fbd 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -1568,22 +1568,6 @@ body-parser@1.19.0, body-parser@^1.18.3: raw-body "2.4.0" type-is "~1.6.17" -body-parser@^1.10.0: - version "1.19.1" - resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.1.tgz#1499abbaa9274af3ecc9f6f10396c995943e31d4" - integrity sha512-8ljfQi5eBk8EJfECMrgqNGWPEY5jWP+1IzkzkGdFFEwFQZZyaZ21UqdaHktgiMlH0xLHqIFtE/u2OYE5dOtViA== - dependencies: - bytes "3.1.1" - content-type "~1.0.4" - debug "2.6.9" - depd "~1.1.2" - http-errors "1.8.1" - iconv-lite "0.4.24" - on-finished "~2.3.0" - qs "6.9.6" - raw-body "2.4.2" - type-is "~1.6.18" - boxen@^5.0.0: version "5.1.2" resolved "https://registry.yarnpkg.com/boxen/-/boxen-5.1.2.tgz#788cb686fc83c1f486dfa8a40c68fc2b831d2b50" @@ -1673,11 +1657,6 @@ bytes@3.1.0: resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.0.tgz#f6cf7933a360e0588fa9fde85651cdc7f805d1f6" integrity sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg== -bytes@3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.1.tgz#3f018291cb4cbad9accb6e6970bca9c8889e879a" - integrity sha512-dWe4nWO/ruEOY7HkUJ5gFt1DCFV9zPRoJr8pV0/ASQermOZjtq8jMjOprC0Kd10GLN+l7xaUPvxzJFWtxGu8Fg== - cacheable-request@^6.0.0: version "6.1.0" resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-6.1.0.tgz#20ffb8bd162ba4be11e9567d823db651052ca912" @@ -2768,13 +2747,6 @@ get-symbol-description@^1.0.0: call-bind "^1.0.2" get-intrinsic "^1.1.1" -github-webhook-middleware@^0.0.2: - version "0.0.2" - resolved "https://registry.yarnpkg.com/github-webhook-middleware/-/github-webhook-middleware-0.0.2.tgz#8f26c9d45b7171c57d033c42b84d0e5013a69958" - integrity sha1-jybJ1FtxccV9AzxCuE0OUBOmmVg= - dependencies: - body-parser "^1.10.0" - glob-parent@^5.1.2, glob-parent@~5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" @@ -2977,17 +2949,6 @@ http-errors@1.7.2: statuses ">= 1.5.0 < 2" toidentifier "1.0.0" -http-errors@1.8.1: - version "1.8.1" - resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.1.tgz#7c3f28577cbc8a207388455dbd62295ed07bd68c" - integrity sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g== - dependencies: - depd "~1.1.2" - inherits "2.0.4" - setprototypeof "1.2.0" - statuses ">= 1.5.0 < 2" - toidentifier "1.0.1" - http-errors@^1.7.3: version "1.8.0" resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507" @@ -4701,11 +4662,6 @@ qs@6.7.0: resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc" integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ== -qs@6.9.6: - version "6.9.6" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.6.tgz#26ed3c8243a431b2924aca84cc90471f35d5a0ee" - integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ== - queue-microtask@^1.2.2: version "1.2.3" resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" @@ -4731,16 +4687,6 @@ raw-body@2.4.0: iconv-lite "0.4.24" unpipe "1.0.0" -raw-body@2.4.2: - version "2.4.2" - resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.4.2.tgz#baf3e9c21eebced59dd6533ac872b71f7b61cb32" - integrity sha512-RPMAFUJP19WIet/99ngh6Iv8fzAbqum4Li7AD6DtGaW2RpMB/11xDoalPiJMTbu6I3hkbMVkATvZrqb9EEqeeQ== - dependencies: - bytes "3.1.1" - http-errors "1.8.1" - iconv-lite "0.4.24" - unpipe "1.0.0" - rc@^1.2.8: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" @@ -5308,11 +5254,6 @@ toidentifier@1.0.0: resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.0.tgz#7e1be3470f1e77948bc43d94a3c8f4d7752ba553" integrity sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw== -toidentifier@1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" - integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== - touch@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/touch/-/touch-3.1.0.tgz#fe365f5f75ec9ed4e56825e0bb76d24ab74af83b" From 8df6fe859be912c1466dc20960e07f757708c756 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:32:48 +0100 Subject: [PATCH 147/158] corrected argument definition for webhook --- deployment/bare_metal/install.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deployment/bare_metal/install.sh b/deployment/bare_metal/install.sh index 1bf632b5f..3d1d44a2c 100755 --- a/deployment/bare_metal/install.sh +++ b/deployment/bare_metal/install.sh @@ -114,7 +114,13 @@ nano ~/hooks.json [ { "id": "github", - "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh new_deployment", + "execute-command": "/home/gradido/gradido/deployment/bare_metal/start.sh", + "pass-arguments-to-command": [ + { + "source": "string", + "name": "new_deployment" + }, + ], "command-working-directory": "/home/gradido/gradido/deployment/bare_metal", "trigger-rule": { "and": [ From 601f5de0612b3b45ae6f9d33178d8979c759188b Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:35:04 +0100 Subject: [PATCH 148/158] remove directory output --- deployment/bare_metal/start.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/deployment/bare_metal/start.sh b/deployment/bare_metal/start.sh index 7ca623a7b..2be5eaee4 100755 --- a/deployment/bare_metal/start.sh +++ b/deployment/bare_metal/start.sh @@ -29,9 +29,6 @@ touch $LOCK_FILE # Create a new updating.html from the template \cp $SCRIPT_DIR/nginx/update-page/updating.html.template $UPDATE_HTML -echo "SCRIPT_DIR ${SCRIPT_DIR}
" >> $UPDATE_HTML -echo "PROJECT_ROOT ${PROJECT_ROOT}
" >> $UPDATE_HTML - # configure nginx for the update-page echo 'Configuring nginx to serve the update-page
' >> $UPDATE_HTML rm /etc/nginx/sites-enabled/gradido.conf From 85101f02b7e0a1e269f9e4d9beae62c6c3e3795e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:40:48 +0100 Subject: [PATCH 149/158] more git ignores --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 138e6dea4..de49b2fc1 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ nbproject package-lock.json /deployment/bare_metal/.env /deployment/bare_metal/nginx/sites-available/gradido.conf +/deployment/bare_metal/nginx/sites-available/update-page.conf +/deployment/bare_metal/nginx/update-page/updating.html \ No newline at end of file From 2efdb412327fea6ad36036da2ea1fd630f72166f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:44:19 +0100 Subject: [PATCH 150/158] disable debugging logs --- backend/src/server/createServer.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/backend/src/server/createServer.ts b/backend/src/server/createServer.ts index e620c5074..201c420f6 100644 --- a/backend/src/server/createServer.ts +++ b/backend/src/server/createServer.ts @@ -59,11 +59,13 @@ const createServer = async (context: any = serverContext): Promise => { app.use(express.text()) // Log every request + /* app.use((req, res, next) => { // eslint-disable-next-line no-console console.log(req) next() }) + */ // Elopage Webhook app.post('/hook/elopage/' + CONFIG.WEBHOOK_ELOPAGE_SECRET, elopageWebhook) From eaa59180d3b3d7904cab9daf05ec373bf8a5ca7e Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:46:34 +0100 Subject: [PATCH 151/158] removed github webhook, its now external --- backend/src/webhook/github.ts | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 backend/src/webhook/github.ts diff --git a/backend/src/webhook/github.ts b/backend/src/webhook/github.ts deleted file mode 100644 index ebebe652c..000000000 --- a/backend/src/webhook/github.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { spawn } from 'child_process' -import path from 'path' -import CONFIG from '../config' - -export const githubWebhook = async (req: any, res: any): Promise => { - // End call as early as possible - res.status(200).end() - - // Handle push events - if (req.headers['x-github-event'] === 'push') { - const payload = req.body - - if (payload.ref === `refs/heads/${CONFIG.WEBHOOK_GITHUB_BRANCH}`) { - // spawn shell and detach process to allow killing of parent process in the update script - const child = spawn( - path.join(__dirname, '../../../deployment/bare_metal/start.sh'), - [CONFIG.WEBHOOK_GITHUB_BRANCH], - { - detached: true, - stdio: ['ignore', 'ignore', 'ignore'], - }, - ) - child.unref() - } - } -} From 06b96719707b53ff29514a2c71cfb48124edb967 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:55:32 +0100 Subject: [PATCH 152/158] corrected url --- .../T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md index a69573e99..60752be8a 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md @@ -138,7 +138,7 @@ aufgerufen und die Login-Maske wird angezeigt. 12. Link "Zurück" ist aktiv und landet auf URL 1. Testumgebung: https://stage1.gradido.net/Login - 2. Produktionsumgebung: https://gradido.net/Login + 2. Produktionsumgebung: https://gdd1.gradido.net/Login 13. Footer-Links: 1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de" From 696ac3275fcfa5ee6cbcfccd7288bd85f40ff38d Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:58:08 +0100 Subject: [PATCH 153/158] another broken url --- .../T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md index 86beef1d9..d1a788a6b 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-01-LoginMaske.md @@ -29,7 +29,7 @@ Es wird die Anzeige der Login-Maske geprüft auf: Es wird die URL * Testumgebung: https://stage1.gradido.net/login -* Produktionsumgebung: https://gradido.net/login +* Produktionsumgebung: https://gdd1.gradido.net/login aufgerufen und die Login-Maske wird angezeigt. From 8e4d7a3e3ac3e7c0508c68febffe3a49be57ccdf Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 20:58:56 +0100 Subject: [PATCH 154/158] more urls --- .../T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md index 66296e892..1d0a26c3e 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-02-LoginMaske.md @@ -32,7 +32,7 @@ Prüfung auf korrekten Funktionsweise des Buttons "Anmeldung": 1. *Gibt es noch weitere Prüfschritte (LOG-Ausgaben auf Login-, Community-Server o.ä.) die hier überprüft werden sollten?* 3. Bei erfolgreichem Login wird die URL angezeigt * Testumgebung: "https://stage1.gradido.net/overview" - * Produktionsumgebung: "https://gradido.net/overview" + * Produktionsumgebung: "https://gdd1.gradido.net/overview" 4. Bei fehlerhaftem Login wird eine entsprechend aussagekräftige Fehlermeldung angezeigt und die Anzeige verbleibt auf der Login-Maske. ## Ende-Bedingungen: From 5036ecf515502efc0e2b54fa5b3b058b87a05bd3 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 21:00:02 +0100 Subject: [PATCH 155/158] more urls --- .../T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md index 60752be8a..1891f44a5 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md @@ -22,7 +22,7 @@ Es wird in der Login-Maske die Funktion des Links "Passwort vergessen?"geprüft: Es wird die URL * Testumgebung: https://stage1.gradido.net/login -* Produktionsumgebung: https://gradido.net/login +* Produktionsumgebung: https://gdd1.gradido.net/login aufgerufen und die Login-Maske wird angezeigt. @@ -70,8 +70,8 @@ aufgerufen und die Login-Maske wird angezeigt. 3. Wiederholung von Schritt 2.4.1 und 2.4.2 bis alle verfügbaren Sprachen geprüft sind 5. Link "Zurück" ist aktiv und landet auf URL - 1. Testumgebung: https://stage1.gradido.net/Login - 2. Produktionsumgebung: https://gradido.net/Login + 1. Testumgebung: https://stage1.gradido.net/login + 2. Produktionsumgebung: https://gdd1.gradido.net/login 6. Footer-Links: 1. "Gradido-Akademie" reagiert und landet je nach aktuell eingestellter Sprache auf URL "https://gradido.net/de" @@ -92,7 +92,7 @@ aufgerufen und die Login-Maske wird angezeigt. 5. **In dem angegebenen Email-Postfach wird eine Email empfangen, die ein Zurücksetzen-Link enthält:** 1. Testumgebung: https://stage1.gradido.net/reset/'erzeugter rest-code' - 2. Produktionsumgebung: https://gradido.net/reset/'erzeugter reset-code' + 2. Produktionsumgebung: https://ggd1.gradido.net/reset/'erzeugter reset-code' 6. **Mit Betätigen des Reset-Links bzw. Aufruf des Rest-Links im Browser wird folgende Maske angezeigt:** ![2te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske3.png) From 66e5aa25947bf3ab48606456ab9efd23a5602b02 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 21:01:02 +0100 Subject: [PATCH 156/158] last url (this document) --- .../T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md index 1891f44a5..5623aebdf 100644 --- a/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md +++ b/docu/Concepts/Testfallkatalog/T02-Benutzerverwaltung/T02-C001-03-LoginMaske.md @@ -34,7 +34,7 @@ aufgerufen und die Login-Maske wird angezeigt. * keine sonstigen Eingaben bzw. Vorraussetzungen notwendig * Mit Betätigen des Links "Passwort vergessen?" wird der Passwort-Zurücksetzen-Prozess gestartet und unter * der Testumgebung: https://stage1.gradido.net/password - * der Produktionsumgebung: https://gradido.net/password + * der Produktionsumgebung: https://gdd1.gradido.net/password * folgende Maske angezeigt: ![1te Passwort zurücksetzen Maske](../image/T02-C001-03-LoginMaske1.png) From 4be6ca83dc863d2b9ab374fe37c11eb298da3b6f Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 21:06:28 +0100 Subject: [PATCH 157/158] fix nginx workflow --- .github/workflows/publish.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 55e28db4b..08ecc0379 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -248,7 +248,7 @@ jobs: ########################################################################## - name: Nginx | Build `production` image run: | - docker build -t "gradido/nginx:latest" -t "gradido/nginx:production" -t "gradido/nginx:${VERSION}" -t "gradido/nginx:${BUILD_VERSION}" -f ./nginx/Dockerfile ./ + docker build -t "gradido/nginx:latest" -t "gradido/nginx:production" -t "gradido/nginx:${VERSION}" -t "gradido/nginx:${BUILD_VERSION}" nginx/ docker save "gradido/nginx" > /tmp/nginx.tar - name: Upload Artifact uses: actions/upload-artifact@v2 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51f8e49b0..0928dc992 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -199,7 +199,7 @@ jobs: ########################################################################## - name: nginx | Build `test` image run: | - docker build -t "gradido/nginx:test" -f ./nginx/Dockerfile ./ + docker build -t "gradido/nginx:test" nginx/ docker save "gradido/nginx:test" > /tmp/nginx.tar - name: Upload Artifact uses: actions/upload-artifact@v2 From d387ae9592346cc1ea03a26ba884d257559ecc42 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Wed, 12 Jan 2022 21:32:47 +0100 Subject: [PATCH 158/158] corrected two urls --- admin/src/components/NavBar.spec.js | 2 +- community_server/src/Template/Pages/js.ctp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/src/components/NavBar.spec.js b/admin/src/components/NavBar.spec.js index 621ba0eb9..b084dd18b 100644 --- a/admin/src/components/NavBar.spec.js +++ b/admin/src/components/NavBar.spec.js @@ -63,7 +63,7 @@ describe('NavBar', () => { }) it('redirects to /logout', () => { - expect(windowLocationMock).toBeCalledWith('http://localhost/vue/login') + expect(windowLocationMock).toBeCalledWith('http://localhost/login') }) it('dispatches logout to store', () => { diff --git a/community_server/src/Template/Pages/js.ctp b/community_server/src/Template/Pages/js.ctp index 60868adc4..dd1525dbe 100644 --- a/community_server/src/Template/Pages/js.ctp +++ b/community_server/src/Template/Pages/js.ctp @@ -37,5 +37,5 @@ - +