Skip to content

Commit

Permalink
[ENG-286] Use caddy instead of nginx (#16)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cheran-senthil
cheran-senthil authored Jan 10, 2025
1 parent f7f6d50 commit 2590797
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 186 deletions.
83 changes: 29 additions & 54 deletions content-node/docker-compose/docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -1,66 +1,32 @@
services:
nginx:
image: nginx:latest
caddy:
image: caddy:2.9
ports:
- "80:80"
- "443:443"
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./webroot:/var/www/certbot
- ./nginx-entrypoint.sh:/docker-entrypoint.d/40-config-nginx.sh:ro
environment:
- SERVER_NAME=${SERVER_NAME}
- SETUP_SSL=${SETUP_SSL:-false}
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped

certbot:
image: certbot/certbot
volumes:
- ./letsencrypt:/etc/letsencrypt
- ./webroot:/var/www/certbot
entrypoint: sh
- caddy_data:/data
- caddy_config:/config
command: >
-c '
if [ "$SETUP_SSL" != "true" ]; then
echo "SSL setup not enabled, skipping certbot"
exit 0
fi;
certbot certonly --webroot --webroot-path=/var/www/certbot
--email ${CERTBOT_EMAIL} --agree-tos --no-eff-email
--force-renewal -d ${SERVER_NAME}'
sh -c 'echo "{
admin off
}
http://localhost:80 {
reverse_proxy content-node:5000
}
http://${SERVER_NAME}, https://${SERVER_NAME} {
reverse_proxy content-node:5000
}" > /etc/caddy/Caddyfile && caddy run --config /etc/caddy/Caddyfile'
environment:
- SETUP_SSL=${SETUP_SSL:-false}
depends_on:
- nginx
- SERVER_NAME
labels:
- "com.centurylinklabs.watchtower.enable=true"

cert-handler:
image: docker:cli
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/etc/letsencrypt:ro
entrypoint: sh
command: >
-c '
if [ "$SETUP_SSL" != "true" ]; then
echo "SSL setup not enabled, skipping cert handler"
exit 0
fi;
while ! test -f /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem; do
sleep 1;
done;
sleep 1;
NGINX_CONTAINER=$$(docker ps -q -f name=nginx); docker restart $$NGINX_CONTAINER;
echo "Nginx restarted successfully"'
environment:
- SETUP_SSL=${SETUP_SSL:-false}
- SERVER_NAME=${SERVER_NAME}
restart: unless-stopped
depends_on:
certbot:
condition: service_completed_successfully
- content-node
networks:
- content_network

content-node:
image: earthfast/content-node:09347bad740a7881915b31143458482abb1cb75b
Expand All @@ -77,6 +43,8 @@ services:
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
- content_network

watchtower:
profiles:
Expand All @@ -90,6 +58,13 @@ services:
- WATCHTOWER_POLL_INTERVAL=60
command: --interval 60 --cleanup --include-restarting
restart: unless-stopped
networks:
- content_network

networks:
content_network:
driver: bridge

volumes:
letsencrypt:
caddy_data:
caddy_config:
60 changes: 0 additions & 60 deletions content-node/docker-compose/nginx-entrypoint.sh
View file

This file was deleted.

93 changes: 21 additions & 72 deletions content-node/docker-compose/setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ AUTO_UPGRADE="false"

while [[ "$#" -gt 0 ]]; do
case $1 in
--help|-h) usage ;;
--help | -h) usage ;;
--staging) ENVIRONMENT="staging" ;;
--auto-upgrade) AUTO_UPGRADE="true" ;;
*)
Expand Down Expand Up @@ -141,46 +141,16 @@ fi
CONTRACT_ADDRESS=$([ "$ENVIRONMENT" = "staging" ] && echo "0x69e4aa095489E8613B4C4d396DD916e66D66aE23" || echo "0xb1c5F9914648403cb32a4f83B0fb946E5f7702CC")
log_info "Using contract address: $CONTRACT_ADDRESS"

# Validation functions
validate_input() {
local type=$1
local value=$2
case $type in
domain) [[ $value =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]] ;;
node_id) [[ $value =~ ^0x[a-fA-F0-9]{64}$ ]] ;;
email) [[ $value =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]] ;;
boolean) [[ $value =~ ^(true|false)$ ]] ;;
esac
}

# Get and validate inputs with a generic function
get_validated_input() {
local prompt=$1
local type=$2
local value
while true; do
printf "${BLUE}%s${NC}: " "$prompt"
read -r value || return 1
value=$(echo "$value" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')
if validate_input "$type" "$value"; then
echo "$value"
break
else
log_error "Invalid input format. Please try again."
fi
done
}

# Check if .env file exists and handle setup process
if [ -f ".env" ]; then
log_info "Current .env file contents:"
echo "----------------------------------------"
cat .env
echo "----------------------------------------"

log_warning "An .env file already exists!"
read -p "Would you like to go through the .env setup process again? (y/n): " setup_again

if [[ ! $setup_again =~ ^[Yy]$ ]]; then
log_info "Keeping existing .env file."
echo
Expand All @@ -195,7 +165,7 @@ if [ -f ".env" ]; then
fi
exit 0
fi

# Backup existing .env file
backup_file=".env.backup.$(date +%Y%m%d_%H%M%S)"
mv .env "$backup_file"
Expand All @@ -206,7 +176,6 @@ fi
log_info "Please provide the following information:"
printf "\n"

# Get inputs - with explicit prompts
printf "${BLUE}Enter your server name (e.g., content-1.us-east-1.sepolia.earthfastnodes.com)${NC}: "
read -r SERVER_NAME
SERVER_NAME=$(echo "$SERVER_NAME" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')
Expand All @@ -215,20 +184,21 @@ printf "${BLUE}Enter your node ID (e.g., 0xb10e2d52...)${NC}: "
read -r NODE_ID
NODE_ID=$(echo "$NODE_ID" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')

printf "${BLUE}Do you want to set up SSL? (true/false)${NC}: "
read -r SETUP_SSL
SETUP_SSL=$(echo "$SETUP_SSL" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')

printf "${BLUE}Enter your certbot email${NC}: "
printf "${BLUE}Enter your email for SSL certificates${NC}: "
read -r CERTBOT_EMAIL
CERTBOT_EMAIL=$(echo "$CERTBOT_EMAIL" | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')

check_ports_and_ip() {
# Verify FQDN points to correct IP
log_info "Verifying FQDN..."
if ! verify_fqdn "$SERVER_NAME"; then
log_error "FQDN verification failed. Exiting..."
exit 1
fi

# Check ports
check_ports() {
local ports=("80" "443")
local ip=$(curl -s ifconfig.me)
local success=true

# Check if ports are open
for port in "${ports[@]}"; do
if netstat -tuln | grep -q ":$port "; then
log_error "Port $port is already in use"
Expand All @@ -238,47 +208,26 @@ check_ports_and_ip() {
fi
done

# Check if ports are accessible from outside
# log_info "Checking port accessibility from external service..."
# for port in "${ports[@]}"; do
# if curl -s "https://ports.yougetsignal.com/check-port.php" \
# -H "User-Agent: Mozilla/5.0" \
# --data-raw "remoteAddress=${ip}&portNumber=${port}" \
# | grep -q "open"; then
# log_success "Port $port is accessible from outside"
# else
# log_warning "Port $port might be blocked by firewall"
# success=false
# fi
# done
# TODO: Check if ports are accessible from outside

return $([[ "$success" == "true" ]] && echo 0 || echo 1)
}

if [ "$SETUP_SSL" = "true" ]; then
log_info "Verifying FQDN..."
if ! verify_fqdn "$SERVER_NAME"; then
log_error "FQDN verification failed. Exiting..."
log_info "Checking ports..."
if ! check_ports; then
log_error "Port check failed. Please ensure ports 80 and 443 are open and available."
read -p "Continue anyway? (y/n): " continue
if [[ ! $continue =~ ^[Yy]$ ]]; then
log_error "Setup cancelled due to port verification failure."
exit 1
fi

log_info "Checking ports for SSL..."
if ! check_ports_and_ip; then
log_error "Port check failed. Please ensure ports 80 and 443 are open and available."
read -p "Continue anyway? (y/n): " continue
if [[ ! $continue =~ ^[Yy]$ ]]; then
log_error "Setup cancelled due to port verification failure."
exit 1
fi
fi
fi

# Create .env file
log_info "Creating .env file..."
cat >.env <<EOF
SERVER_NAME=$SERVER_NAME
NODE_ID=$NODE_ID
SETUP_SSL=$SETUP_SSL
CERTBOT_EMAIL=$CERTBOT_EMAIL
RPC_URL=https://eth-sepolia.g.alchemy.com/v2/7xFp9qkRZTVC7CvUHODk7TgyemLtkzxt
CONTRACT_ADDRESS=$CONTRACT_ADDRESS
Expand Down

0 comments on commit 2590797

Please sign in to comment.