feat(myheats-demo): update env variables - nomad - HCL and Docker files for Nomad deployments

commit 97a3bb8e3189cc5973bedc3caa1d436dc7fab0c9
parent 6417dc1977389921a0300044dee948b8bf979417
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Sat, 28 Sep 2024 16:34:46 +0200

feat(myheats-demo): update env variables

Diffstat:
M hcl/default/myheats-demo/myheats-demo.nomad  | 17 +++++++----------
A hcl/default/myheats-demo/templates/backend-env.local.tmpl  | 34 ++++++++++++++++++++++++++++++++++
D hcl/default/myheats-demo/templates/env.local.tmpl  | 48 ------------------------------------------------
A hcl/default/myheats-demo/templates/frontend-env.local.tmpl  | 18 ++++++++++++++++++
M hcl/default/myheats-demo/templates/nginx.conf.tmpl  | 10 ++++++++--

5 files changed, 67 insertions(+), 60 deletions(-)
diff --git a/hcl/default/myheats-demo/myheats-demo.nomad b/hcl/default/myheats-demo/myheats-demo.nomad
@@ -16,15 +16,12 @@ job "myheats-demo" {
     }
 
     network {
-      port "frontent_https" {
+      port "frontend_http" {}
+      port "api_http" {}
+
+      port "frontend_https" {
         static = 44396
       }
-      port "fontend_http" {
-        to = 5173
-      }
-      port "api_http" {
-        to = 8000
-      }
       port "api_https" {
         static = 44407
       }
@@ -66,7 +63,7 @@ job "myheats-demo" {
         image = "127.0.0.1:5000/myheats:latest"
         command = "/bin/sh"
         # run dev build
-        args = ["-c", "npm run dev"]
+        args = ["-c", "node_modules/.bin/vite --host 0.0.0.0 --port ${NOMAD_PORT_frontend_http}"]
         force_pull = true
         ports = ["frontend_http"]
         volumes = [
@@ -79,7 +76,7 @@ job "myheats-demo" {
         # render sensitive env vars in a template from Vault secrets
         env = true
         destination = "${NOMAD_SECRETS_DIR}/env"
-        data = file("./templates/env.local.tmpl")
+        data = file("./templates/frontend-env.local.tmpl")
       }
       template {
         destination = "${NOMAD_TASK_DIR}/myheats-demo.conf"
@@ -115,7 +112,7 @@ job "myheats-demo" {
         # render sensitive env vars in a template from Vault secrets
         env = true
         destination = "${NOMAD_SECRETS_DIR}/env"
-        data = file("./templates/env.local.tmpl")
+        data = file("./templates/backend-env.local.tmpl")
       }
 
       resources {
diff --git a/hcl/default/myheats-demo/templates/backend-env.local.tmpl b/hcl/default/myheats-demo/templates/backend-env.local.tmpl
@@ -0,0 +1,34 @@
+# Full URI to backend http API
+VITE_API_URI=http://{{ env "NOMAD_IP_api_http" }}
+# Backend API port
+VITE_API_PORT={{ env "NOMAD_PORT_api_http" }}
+# Full URI to backend websocket API
+VITE_WS_URI=wss://{{ env "NOMAD_IP_api_http" }}
+# Backend API websocket port
+VITE_WS_PORT={{ env "NOMAD_PORT_api_http" }}
+
+API_REDIRECT_URI=https://myheats-demo.p0c.ch/authverify
+# Backend API CORS allowed origins
+API_CORS_ALLOW_ORIGIN=https://myheats-demo.p0c.ch
+# JWT secret for magic links (`openssl rand -base64 48`)
+API_JWT_SECRET={{with secret "kv/myheats-demo"}}{{index .Data.data.api_jwt_secret}}{{end}}
+# JWT TTL in seconds, make it biger than VITE_SESSION_TTL, 60m
+API_JWT_TTL=259200 #72h
+
+# SMTP settings for sending magic links
+SMTP_HOST={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_host}}{{end}}
+# upgrade later with STARTTLS
+SMTP_STARTTLS={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_starttls}}{{end}}
+SMTP_PORT={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_port}}{{end}}
+SMTP_USER={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_user}}{{end}}
+SMTP_FROM={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_from}}{{end}}
+SMTP_PASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_password}}{{end}}
+
+# PostgreSQL environment variables
+# https://github.com/porsager/postgres?tab=readme-ov-file#environmental-variables
+# PGHOST, PGPORT, PGDATABASE, PGUSERNAME, PGPASSWORD, etc.
+PGHOST={{with secret "kv/myheats-demo"}}{{index .Data.data.pghost}}{{end}}
+PGPORT={{with secret "kv/myheats-demo"}}{{index .Data.data.pgport}}{{end}}
+PGDATABASE={{with secret "kv/myheats-demo"}}{{index .Data.data.pgdatabase}}{{end}}
+PGUSERNAME={{with secret "kv/myheats-demo"}}{{index .Data.data.pgusername}}{{end}}
+PGPASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.pgpassword}}{{end}}
diff --git a/hcl/default/myheats-demo/templates/env.local.tmpl b/hcl/default/myheats-demo/templates/env.local.tmpl
@@ -1,48 +0,0 @@
-############
-# Frontend #
-############
-
-# Application window title
-VITE_APP_DOC_TITLE='MyHeats Demo'
-# Cookie TTL in seconds (session ttl in the admin/judges frontend), 60m
-VITE_SESSION_TTL=259200 #72h
-# Full URI to backend http API
-VITE_API_URI=http://{{ env "NOMAD_IP_api_http" }}
-# Backend API port
-VITE_API_PORT={{ env "NOMAD_PORT_api_http" }}
-# Full URI to backend websocket API
-VITE_WS_URI=wss://{{ env "NOMAD_IP_api_https" }}
-# Backend API websocket port
-VITE_WS_PORT={{ env "NOMAD_PORT_api_https" }}
-# Locale for frontend date formatting
-VITE_LOCALE=de-CH
-
-###########
-# Backend #
-###########
-
-API_REDIRECT_URI=https://myheats-demo.p0c.ch/authverify
-# Backend API CORS allowed origins
-API_CORS_ALLOW_ORIGIN=https://myheats-demo.p0c.ch
-# JWT secret for magic links (`openssl rand -base64 48`)
-API_JWT_SECRET={{with secret "kv/myheats-demo"}}{{index .Data.data.api_jwt_secret}}{{end}}
-# JWT TTL in seconds, make it biger than VITE_SESSION_TTL, 60m
-API_JWT_TTL=259200 #72h
-
-# SMTP settings for sending magic links
-SMTP_HOST={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_host}}{{end}}
-# upgrade later with STARTTLS
-SMTP_STARTTLS={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_starttls}}{{end}}
-SMTP_PORT={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_port}}{{end}}
-SMTP_USER={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_user}}{{end}}
-SMTP_FROM={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_from}}{{end}}
-SMTP_PASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.smtp_password}}{{end}}
-
-# PostgreSQL environment variables
-# https://github.com/porsager/postgres?tab=readme-ov-file#environmental-variables
-# PGHOST, PGPORT, PGDATABASE, PGUSERNAME, PGPASSWORD, etc.
-PGHOST={{with secret "kv/myheats-demo"}}{{index .Data.data.pghost}}{{end}}
-PGPORT={{with secret "kv/myheats-demo"}}{{index .Data.data.pgport}}{{end}}
-PGDATABASE={{with secret "kv/myheats-demo"}}{{index .Data.data.pgdatabase}}{{end}}
-PGUSERNAME={{with secret "kv/myheats-demo"}}{{index .Data.data.pgusername}}{{end}}
-PGPASSWORD={{with secret "kv/myheats-demo"}}{{index .Data.data.pgpassword}}{{end}}
diff --git a/hcl/default/myheats-demo/templates/frontend-env.local.tmpl b/hcl/default/myheats-demo/templates/frontend-env.local.tmpl
@@ -0,0 +1,18 @@
+############
+# Frontend #
+############
+
+# Application window title
+VITE_APP_DOC_TITLE='MyHeats Demo'
+# Cookie TTL in seconds (session ttl in the admin/judges frontend), 60m
+VITE_SESSION_TTL=259200 #72h
+# Full URI to backend http API
+VITE_API_URI=https://api-myheats-demo.p0c.ch
+# Backend API port
+VITE_API_PORT=443
+# Full URI to backend websocket API
+VITE_WS_URI=wss://api-myheats-demo.p0c.ch
+# Backend API websocket port
+VITE_WS_PORT=443
+# Locale for frontend date formatting
+VITE_LOCALE=de-CH
diff --git a/hcl/default/myheats-demo/templates/nginx.conf.tmpl b/hcl/default/myheats-demo/templates/nginx.conf.tmpl
@@ -16,8 +16,8 @@ server {
 server {
     listen               {{ env "NOMAD_PORT_api_https" }} ssl;
 
-    ssl_certificate      /etc/letsencrypt/live/api.myheats-demo.p0c.ch/fullchain.pem;
-    ssl_certificate_key  /etc/letsencrypt/live/api.myheats-demo.p0c.ch/privkey.pem;
+    ssl_certificate      /etc/letsencrypt/live/api-myheats-demo.p0c.ch/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/api-myheats-demo.p0c.ch/privkey.pem;
 
     location / {
         proxy_pass       http://{{ env "NOMAD_ADDR_api_http" }};
@@ -25,5 +25,11 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket proxying
+        # https://nginx.org/en/docs/http/websocket.html
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
     }
 }

	nomad HCL and Docker files for Nomad deployments
	git clone https://git.in0rdr.ch/nomad.git
	Log \| Files \| Refs \| Pull requests

M	hcl/default/myheats-demo/myheats-demo.nomad	\|	17	+++++++----------
A	hcl/default/myheats-demo/templates/backend-env.local.tmpl	\|	34	++++++++++++++++++++++++++++++++++
D	hcl/default/myheats-demo/templates/env.local.tmpl	\|	48	------------------------------------------------
A	hcl/default/myheats-demo/templates/frontend-env.local.tmpl	\|	18	++++++++++++++++++
M	hcl/default/myheats-demo/templates/nginx.conf.tmpl	\|	10	++++++++--