Forem: Pierangelo

Keycloak Setup and Deployment Guide

Pierangelo — Wed, 26 Feb 2025 17:24:50 +0000

Keycloak Setup and Deployment Guide

This document details how to install and deploy Keycloak in both development and production environments. The setup integrates PostgreSQL as the database and uses an NGINX reverse proxy for HTTPS access.

OS Debian and Ubuntu

Prerequisites

Java: Ensure that OpenJDK is installed. For example, on Debian/Ubuntu you can install the default JDK using:

  sudo apt install default-jdk

Docker: Docker must be installed to run the Keycloak and PostgreSQL containers.
Certbot (for NGINX): Required for managing SSL certificates with Let's Encrypt.

Development Mode

To quickly test Keycloak in development mode, you can use the following Docker command:

docker run -p 8090:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=<ADMIN_PASSWORD> \
  --dns=8.8.8.8 \
  -v keycloak_data:/opt/keycloak/data \
  quay.io/keycloak/keycloak:23.0.4 \
  start-dev 2>&1 > /dev/null &

Explanation:

Port Mapping: The container exposes port 8080, which is mapped to port 8090 on the host.
Admin Credentials: Environment variables set the admin username and password.
DNS: Uses Google's DNS (8.8.8.8) for name resolution.
Volume: Data is persisted in a Docker volume named keycloak_data.
Version: This command uses Keycloak version 23.0.4 in development mode (start-dev).

Production Mode

For a production deployment, you must configure HTTPS certificates and properly set up the container.

1. Generating Certificates

Generate the necessary certificates using OpenSSL:

Generate the Private Key:

  openssl genrsa -out keycloak.key 2048

Create a Self-Signed Certificate (valid for 365 days):

  openssl req -new -x509 -sha256 -key keycloak.key -out keycloak.crt -days 365

Create the PEM File: Rename the private key file and concatenate the certificate:

  mv keycloak.key keycloak.pem
  cat keycloak.crt >> keycloak.pem

Note: You may need to adjust parameters (like CN, O, C, etc.) during certificate generation.

2. Creating a Keystore with keytool

Use the keytool command to generate a key pair and create the keystore:

sudo keytool -genkeypair -alias localhost \
  -keyalg RSA \
  -keysize 2048 \
  -validity 365 \
  -keystore server.keystore \
  -dname "CN=Server Administrator,O=OrgName,C=IN" \
  -keypass <KEY_PASSWORD> \
  -storepass <KEY_PASSWORD>

After completion, you will have three files:

keycloak.crt
keycloak.pem
server.keystore (which should be converted to PKCS12 format and then renamed)

These files will be provided as arguments when launching Keycloak:

--https-certificate-file=<path>/keycloak.crt
--https-certificate-key-file=<path>/keycloak.pem
--https-trust-store-file=<path>/server.keystore

Docker and PostgreSQL Configuration

1. Create a Docker Network

Create a dedicated Docker network for container communication:

docker network create kcnetwork

2. Set Up PostgreSQL

Create a Docker volume for PostgreSQL data persistence:

docker volume create pgdata

Run the PostgreSQL container:

docker run --name kc_pg_cont \
  --network kcnetwork \
  -e POSTGRES_PASSWORD=<POSTGRES_PASSWORD> \
  -p 5432:5432 \
  --restart="always" \
  -v pgdata:/var/lib/postgresql/data \
  -d postgres

Building a Custom Docker Image for Keycloak

1. Prepare the Directory

Create a directory for Keycloak files:

mkdir keycloak

Inside this directory, create a Dockerfile:

touch Dockerfile

Copy the certificate and keystore files into this directory:

cp keycloak.crt keycloak/
cp keycloak.pem keycloak/
cp server.keystore keycloak/server.keystore.p12

2. Dockerfile Contents

Place the following content in your Dockerfile (passwords have been anonymized):

# Dockerfile contents START

# Use the latest Keycloak image
FROM quay.io/keycloak/keycloak:latest

USER root

# Copy the certificates and keystore into the configuration directory
COPY keycloak.crt /opt/keycloak/conf/keycloak.crt
COPY keycloak.pem /opt/keycloak/conf/keycloak.pem
COPY server.keystore.p12 /opt/keycloak/conf/server.keystore.p12

# Debug: list the copied files to confirm their presence
RUN ls -la /opt/keycloak/conf/

# Set the trust store type to PKCS12
ENV KC_HTTPS_TRUST_STORE_TYPE=PKCS12

# Database configuration
ENV KC_DB=postgres
ENV KC_DB_USERNAME=postgres
ENV KC_DB_PASSWORD=<POSTGRES_PASSWORD>
ENV KC_DB_URL=jdbc:postgresql://kc_pg_cont:5432/postgres

# Keycloak admin credentials
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=<ADMIN_PASSWORD>

# (Optional) Set correct permissions on the files
RUN chmod 600 /opt/keycloak/conf/keycloak.pem
RUN chmod 600 /opt/keycloak/conf/keycloak.crt
RUN chmod 600 /opt/keycloak/conf/server.keystore.p12

# Start the Keycloak server with HTTPS options and specified hostname
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start",
  "--https-port=9443", "--http-port=8095",
  "--https-certificate-file", "/opt/keycloak/conf/keycloak.crt",
  "--https-certificate-key-file", "/opt/keycloak/conf/keycloak.pem",
  "--https-trust-store-file", "/opt/keycloak/conf/server.keystore.p12",
  "--https-trust-store-password", "<KEYSTORE_PASSWORD>",
  "--hostname", "keycloak-develop.example.com",
  "--https-trust-store-type", "PKCS12"]

# Dockerfile contents END

3. Build the Docker Image

Build your custom Keycloak image:

docker build -t kcprod_v1 .

4. Run the Container

Start the Keycloak container on the created network:

docker run --name kctest_container --network kcnetwork -p 9443:9443 -p 8095:8095 -d kcprod_v1

Configuring NGINX as a Reverse Proxy

To expose Keycloak under your domain and manage HTTPS, set up NGINX.

1. Create the NGINX Site Configuration File

For example, create a file at:

sudo touch /etc/nginx/sites-available/keycloak-develop.example.com

2. Configure the File with the Following Content

server {
    server_name keycloak-develop.example.com;
    client_max_body_size 100M;

    location / {
        proxy_pass https://keycloak-develop.example.com:9443;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Disable SSL verification for Keycloak if necessary:
        proxy_ssl_verify off;
    }

    listen 443 ssl; # Managed by Certbot
    ssl_certificate /etc/letsencrypt/live/keycloak-develop.example.com/fullchain.pem; # Managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/keycloak-develop.example.com/privkey.pem; # Managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # Managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # Managed by Certbot
}

server {
    if ($host = keycloak-develop.example.com) {
        return 301 https://$host$request_uri;
    }

    server_name keycloak-develop.example.com;

    listen 80;
    return 404;
}

3. Enable the Site and Restart NGINX

Link the configuration file:

sudo ln -s /etc/nginx/sites-available/keycloak-develop.example.com /etc/nginx/sites-enabled/

Test the configuration:

sudo nginx -t

Restart NGINX:

sudo systemctl restart nginx

Accessing Keycloak

After the configuration, Keycloak will be available at:

https://keycloak-develop.example.com/

Ensure that DNS records point to your server and that Let's Encrypt certificates are properly obtained and installed.

Final Notes

Security: Verify the permissions on the certificate and keystore files. Consider using secure environment variables for passwords.
Persistence: Make sure Docker volumes for both Keycloak and PostgreSQL are correctly configured to persist data.
Monitoring and Logging: Set up monitoring to observe container performance in production.
Updates: Plan for periodic updates to Keycloak, the operating system, and security components.

This guide provides a comprehensive overview for setting up and deploying Keycloak in a Docker environment with HTTPS support, PostgreSQL as the database, and an NGINX reverse proxy. Replace the placeholder values (e.g., <ADMIN_PASSWORD>, <POSTGRES_PASSWORD>, <KEYSTORE_PASSWORD>, and domain names) with your actual production values while keeping them secure.

Monitoring with Prometheus & Grafana

Pierangelo — Tue, 10 Aug 2021 19:45:02 +0000

How set a monitoring system with prometheus, node_exporter and grafana dashboard.

N.B: this tutorial is based on UBUNTU

Prometheus

create prometheus user:

sudo useradd --no-create-home --shell /bin/false prome

create directories

sudo mkdir /etc/prometheus

sudo mkdir /var/lib/prometheus

download prometheus on your server:

wget https://github.com/prometheus/prometheus/releases/download/v2.29.0-rc.1/prometheus-2.29.0-rc.1.linux-amd64.tar.gz

extract the tar file

tar xvfz prometheus-*.tar.gz

enter in the folder:

cd prometheus-*

edit prometheus.yml

vim prometheus.yml

copy prometheus folder (not the root folder but the folder inside the root folder) in:

sudo cp -rf prometheus /usr/local/bin/

sudo cp -rf promtool /usr/local/bin/

set permission:

sudo chown prome:prome /usr/local/bin/prometheus

sudo chown prome:prome /usr/local/bin/promtool

copy files:

sudo cp -rf consoles /etc/prometheus

sudo cp -rf console_libraries/ /etc/prometheus/

set permissions in /etc

sudo chown -R prome:prome /etc/prometheus/consoles

sudo chown -R prome:prome /etc/prometheus/console_libraries

copy prometheus.yml

sudo cp prometheus.yml /etc/prometheus/prometheus.yml

start prometheus

./prometheus --config.file=prometheus.yml

create service file:

sudo vim /etc/systemd/system/prometheus.service

and add this code:

[Unit]
Description=Prometheus
Wants=network-online.target
After=network-online.target

[Service]
User=prome
Group=prome
Type=simple
ExecStart=/usr/local/bin/prometheus \
    --config.file /etc/prometheus/prometheus.yml \
    --storage.tsdb.path /var/lib/prometheus/ \
    --web.console.templates=/etc/prometheus/consoles \
    --web.console.libraries=/etc/prometheus/console_libraries

[Install]
WantedBy=multi-user.target

reload daemon

sudo systemctl daemon-reload

system command:

sudo systemctl start prometheus

sudo systemctl enable prometheus

sudo systemctl status prometheus

check:

http://your-machine-ip:9090

node exporter

download node exportyet:

wget https://github.com/prometheus/node_exporter/releases/download/v1.2.2/node_exporter-1.2.2.linux-amd64.tar.gz

extract:

tar xvfz node_exporter-1.2.2.linux-amd64.tar.gz

enter in the extracted folder:

 cd node_exporter-1.2.2.linux-amd64

run node exportyer

./node_exporter

check metrics on:
http://your-vps-ip:9100

back to prometheus.yml and add ip and port node_exporter

 - job_name: "node exporter test"
    static_configs:
      - targets: ['localhost:9100']

node exporter as service

create user:

sudo useradd -rs /bin/false node_exporter

copy node exporter in bin folder

sudo cp -rf node_exporter-1.2.2.linux-amd64/node_exporter /usr/local/bin

create service file

vim /etc/systemd/system/node_exporter.service

[Unit]
Description=Node Exporter
After=network.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter

[Install]
WantedBy=multi-user.target

launch sevice commands:

sudo systemctl daemon-reload
sudo systemctl start node_exporter
sudo systemctl enable node_exporter
sudo systemctl status node_exporter

grafana

install dependency library:

sudo apt-get install -y adduser libfontconfig1

download deb

wget https://dl.grafana.com/oss/release/grafana_8.1.0_amd64.deb

install:

sudo dpkg -i grafana_8.1.0_amd64.deb

check:

http://your-vps-ip:3000/login

Using NodeJS App with Apache

Pierangelo — Tue, 10 Nov 2020 13:13:15 +0000

How setting Apache2 using proxy for expose a NodeJS app.

First install apache2:

apt update

apt install apache2

install nodejs e npm

apt install nodejs

apt install npm

copy your app in /var/www/demo

here a repo to my demo app if you want use it:

https://github.com/pierangelo1982/nodejs-experiment/tree/master/06%20-%20show_hostname

install pm2

npm install -g pm2

we use pm2 for start a daemon of our app, and for enable an autostart in case of reboot of our machine.

from your terminal go into the root folder of the app

cd /var/www/demo

and launch the command:

pm2 start app.js

after that we must config an automatic start in case of reboot:

so launch this command:

pm2 startup systemd

and copy the env that will be print and paste it in the terminal, in my case is this:

sudo env PATH=$PATH:/usr/bin /usr/local/lib/node_modules/pm2/bin/pm2 startup systemd -u pierangelo — hp /home/pierangelo

now we go to settings apache2
as first things we must enable two modules:

proxy

proxy_http

so from terminal launch this:

a2enmod proxy

a2enmod proxy_http

after that go in /etc/sites/available and create a file named myapp.conf

myapp.conf

<VirtualHost *:80>
 ServerName node.mysite.it 
 ProxyPreserveHost on
 ProxyPass / http://localhost:3000/
 ProxyPassReverse / http://localhost:3000/
</VirtualHost>

check carefully, in ProxyPass and ProxyPassReverse you mast show the localhost with the port that you use in your nodejs app.

after that enable your virtualhost:

a2ensite myapp.conf

and restart apache2

service apache2 restart

now you should see your app running on your domain address.

Vedi Tutorial Here

Dockerize an existing Laravel application with docker-compose

Pierangelo — Sun, 08 Nov 2020 07:04:04 +0000

in the main folder of your Laravel app, create a file named Dockerfile and insert this code:

FROM php:7
RUN apt-get update -y && apt-get install -y openssl zip unzip git
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN docker-php-ext-install pdo pdo_mysql
WORKDIR /app
COPY . /app
RUN composer install
CMD php artisan serve --host=0.0.0.0 --port=8181
EXPOSE 8181

In the same main folder of Dockerfile, create a file named docker-compose.yml and insert this code:

version: '2'
services:
  app:
    build: .
    ports:
      - "8009:8000"
    volumes:
      - .:/app
    env_file: .env
    working_dir: /app
    command: bash -c 'php artisan migrate && php artisan serve --host 0.0.0.0'
    depends_on:
      - db
    links:
      - db
  db:
    image: "mysql:5.7"
    environment:
      - MYSQL_ROOT_PASSWORD=yourpassword
      - MYSQL_DATABASE=yourdbname
      - MYSQL_USER=root
      - MYSQL_PASSWORD=yourpassword
    volumes:
      - ./data/:/var/lib/mysql
    ports:
      - "3306:3306"
  phpmyadmin:
    depends_on:
      - db
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - 8090:80
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: yourpassword

Open the terminal command line and go inside the laravel folder, and launch this commands:

docker.compose build

docker-compose up -d

if have need to create and migrate the db, or use other commands, launch the Laravel commands in this way:
docker-compose run app php artisan

The app will available at the address http://0.0.0.0:8009

Dockerize an existing GOLANG web server

Pierangelo — Thu, 29 Oct 2020 10:59:03 +0000

in the golang project folder create a file named Dockerfile and a file named docker-compose.yml

Dockerile

FROM golang:latest
LABEL maintainer "Pierangelo Orizio <pierangelo1982@gmail.com>"
# for install go packages RUN go get /path
RUN go get github.com/go-sql-driver/mysql
# Copy the local package files to the container's workspace.
ADD . /go/src/github.com/pierangelo1982/myproject
# build executable
RUN go install github.com/pierangelo1982/myproject
# execute 
ENTRYPOINT /go/bin/myproject
# Document that the service listens on port 8080.
EXPOSE 8080

N.B: in the paths you can substitute pierangelo1982 with your github username.

For add other GO packages add in dockerfile this command (see line 5 in Dockerfile for see an example):

RUN go get github.com/<nameofthepackages>

docker-compose.yml

version: '2'
services:
  app:
    build: .
    volumes:
      - .:/go/src/github.com/pierangelo1982/myproject
    expose:
      - "8080"
    ports:
      - 8080:8080

From the terminal, from inside the project folder launch this commands:

docker-compose build

and

docker-compose up -d

check with the browser if the app run at the address http://0.0.0.0:8080

Dockerize a Flask App

Pierangelo — Tue, 27 Oct 2020 11:25:15 +0000

How dockerize a Flask app…

here my very basic app:
main.py

from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_world():
    return 'Hello, World!'
if __name__ == "__main__":
    app.run(debug=True, host="0.0.0.0")

N.B: above I have set public ip 0.0.0.0, beacuse with 127.0.0.1 it’s reachable only inside the container and not from the outside outside.
create a file requirements.txt
and insert all the pip libraries that your app require (in my case only Flask).

requirements.txt

flask

create a file named Dockerfile:

FROM ubuntu:18.04
LABEL maintainer “yor name <your@email.com>”
RUN apt-get update -y && \
apt-get install -y python3-pip python3-dev
# We copy just the requirements.txt first to leverage Docker cache
COPY ./requirements.txt /app/requirements.txt
WORKDIR /app
RUN pip3 install -r requirements.txt
COPY . /app
ENTRYPOINT [ “python3” ]
CMD [ “main.py” ]

build the image launching from terminal the command:
docker build -t name_of_yuor_image:latest .

run the container launching from terminal the command:

docker run --name name_your_container -p 5000:5000 -d name_of_yuor_image:latest

connected to address: http://0.0.0.0:5000

Watch the video tutorial:

https://youtu.be/Pjd4k4l8oV0

nodejs vs golang server web

Pierangelo — Sat, 24 Oct 2020 12:16:16 +0000

After the comparison between NodeJS and GO about how to use MongoDB, now will see how programming a very simple and basic web server with this two technologies.

Golang:

file main.go

package main

import "net/http"

func homePage(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("Welcome to my Home Page"))
}
func main() {
    http.HandleFunc("/", homePage)
    if err := http.ListenAndServe(":8080", nil); err != nil {
        panic(err)
    }
}

Run server:

go run main.go

Should be run on:
http://127.0.0.1:8080

NodeJS

file app.js

const http = require('http');

const hostname = '127.0.0.1';
const port = 3000;

const server = http.createServer((req, res) => {
    res.statusCode = 200;
    res.setHeader('Content-Type', 'text/plain');
    res.end('Welcome to my Home Page');
});

server.listen(port, hostname, () =>  {
    console.log(`Server running at http://${hostname}:${port}/`);
});

run server:

node app.js

Should be run on:
http://127.0.0.1:3000

So as you see, with both you can get a running web server with few lines of code.

Have a Nice Day!

Respository:

Video Tutorial:

nodejs vs golang with MongoDB

Pierangelo — Mon, 19 Oct 2020 14:50:12 +0000

I'm trying to learn and use MongoDB, so i had try to connect a app in golang and an other in nodejs, below the two piece of code of both languages...
They are very similar, probably in nodejs is a bit simple, but in both case MongoDB offer a very good documentations.

Golang:

As packages I had used the offical mongodb packages (import "github.com/mongodb/mongo-go-driver/mongo").

go get github.com/mongodb/mongo-go-driver/mongo

in my main.go

package main

import (
    "context"
    "fmt"
    "log"

    "github.com/mongodb/mongo-go-driver/bson"
    "github.com/mongodb/mongo-go-driver/mongo"
)

type agenda struct {
    Nome    string
    Cognome string
    Nazione string
}

func main() {
    client, err := mongo.NewClient("mongodb://127.0.0.1:27017")
    if err != nil {
        log.Fatal(err)
    }
    err = client.Connect(context.TODO())
    if err != nil {
        log.Fatal(err)
    }

    collection := client.Database("demo").Collection("agenda")
    fmt.Println(collection)
    cur, err := collection.Find(context.Background(), nil)
    if err != nil {
        log.Fatalln(err)
    }
    defer cur.Close(context.Background())
    fmt.Println("test", cur)

    for cur.Next(context.Background()) {
        elem := bson.NewDocument()
        if err = cur.Decode(elem); err != nil {
            fmt.Errorf("readTasks: couldn't make to-do item ready for display: %v", err)
        }
        fmt.Println(elem.Lookup("nome").StringValue())
    }
}

Run application:

go run main.go

NodeJS

Also in nodejs I had used official mongodb library:
https://mongodb.github.io/node-mongodb-native/

In your app folder:

npm install mongodb --save

my package.json file

{
  "name": "nodejs-mongodb",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "mongodb": "^3.1.8"
  }
}

my app.js file:

// mongodb
const MongoClient = require('mongodb').MongoClient;
const assert = require('assert');

// connection to mongodb url
const mongohost = 'mongodb://127.0.0.1:27017';

// create a new MongoClient
const client = new MongoClient(mongohost);

// database name
const dbName = 'demo';

// connect to the server
client.connect(function(err) {
    assert.equal(null, err);
    console.log("Connected succesfully to server db");

    // passo db
    const db = client.db(dbName);
    const collection = db.collection('agenda');
    collection.find({}).toArray(function(err, docs){
        assert.equal(err, null);
        console.log("trovati i seguenti record");
        console.log(docs);
        for (i = 0; i < docs.length; i++) {
            console.log(docs[i].nome + " " + docs[i].cognome + " " + docs[i].nazione);
        }
    });
});

Launch app:

node app.js

Have a nice day!

Repository:

Golang: https://github.com/pierangelo1982/go-experiment/tree/master/mongodb-golang/01

NodeJS: https://github.com/pierangelo1982/nodejs-experiment/tree/master/02%20-%20nodejs-mongodb

using superheroes for refresh my mind about Golang structs

Pierangelo — Sat, 17 Oct 2020 20:02:03 +0000

After have followed an amazing course about golang one years ago, I had need to refresh my mind about the Struct in golang, and for do it I had used some superheroes:

First Example:

package main

import "fmt"

type skill struct {
    Power string
}

type hero struct {
    Name  string
    Alias string
    skill
}

func main() {
    h1 := hero{
        Name:  "Bruce Wayne",
        Alias: "Batman",
        skill: skill{
            Power: "a lot of gadgets",
        },
    }
    h2 := hero{
        Name:  "Tony Stark",
        Alias: "Iron",
        skill: skill{
            Power: "hi-tech armor",
        },
    }

    fmt.Printf("the best skill of %s is %s \n", h1.Alias, h1.skill.Power)
    fmt.Printf("the best skill of %s is %s \n", h2.Alias, h2.skill.Power)

    s1 := skill{
        Power: "velocity",
    }

    h3 := hero{
        Name:  "Barry Allen",
        Alias: "Flash",
        skill: skill{
            Power: s1.Power,
        },
    }

    fmt.Printf("the best skill of %s is %s \n", h3.Alias, h3.skill.Power)
}

Second Example

package main

import "fmt"

type skill struct {
    Power string
}

type hero struct {
    Name  string
    Alias string
}

type heroSkill struct {
    hero
    skill
}

func main() {
    hs1 := heroSkill{
        hero: hero{
            Name:  "Clark Kent / Kal-El",
            Alias: "Superman",
        },
        skill: skill{
            Power: "a lot of cool superpowers",
        },
    }

    hs2 := heroSkill{
        hero: hero{
            Name:  "Steve Rogers",
            Alias: "Capitan America",
        },
        skill: skill{
            Power: "strong",
        },
    }

    fmt.Printf("the best skill of %s is %s \n", hs1.hero.Alias, hs1.skill.Power)
    // check the different way to call the struct, in this second Print, there no need to call the sub struct.
    fmt.Printf("the best skill of %s is %s \n", hs2.Alias, hs2.Power)
}

Dockerize an existing Rails application

Pierangelo — Sat, 17 Oct 2020 07:46:13 +0000

crea un app in rails:

rails new demo -d mysql

create a Dockerfile:

FROM ruby:2.5.1
RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
RUN mkdir /usr/src/demo
WORKDIR /usr/src/demo
ADD Gemfile /usr/src/demo/Gemfile
ADD Gemfile.lock /usr/src/demo/Gemfile.lock
RUN bundle install
ADD . /usr/src/demo
RUN RAILS_ENV=production bundle exec rake assets:precompile --trace

create docker-compose.yml

version: '2'
services:
  app:
    build: .
    command: bundle exec puma -C config/puma.rb
    volumes:
      - .:/usr/src/demo
    expose:
      - "3000"
    environment:
      RACK_ENV: production
      RAILS_ENV: production
    ports:
        - 3000:3000
    depends_on:
      - db
    links:
      - db

  db:
    image: "mysql:5.7"
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_DATABASE=db
      - MYSQL_USER=root
      - MYSQL_PASSWORD=password
    ports:
      - "3306:3306"

  phpmyadmin:
    depends_on:
      - db
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - 8081:80
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: password

kong api gateways with docker

Pierangelo — Sat, 17 Oct 2020 07:44:40 +0000

KONG is a api gateway placed above the microservices aimed to managing the APIs and interactions external and internal with them in a more rational, efficient, safe and "easy" way, helping the developer in the separation between public and private APIs, improving their performance , facilitating monitoring etc ...

Some Characteristic:

Built on NGINX
For the most part written in LUA
Expandable via many Plugins
It supports two types of Datastores, which can also be used simultaneously (Postgres, cassandra)

Advantages:

Easy management of APIs in a Microservice architecture
helps in the separation between Public and Private APIs
allows to measure and possibly limit the use of these APIs.
Improves performance / through the use of caching etc ...)
Expandable through many plugins

The best way for move the fists step with KONG is using docker:

first, create and internal network for the dockers:

docker network create kong-net

create a container for cassandra db:

docker run -d --name kong-cassandra-database \
              --network=kong-net \
              -p 9042:9042 \
              cassandra:3

create a postgre sql container:

docker run -d --name kong-postgres-database \
              --network=kong-net \
              -p 5432:5432 \
              -e "POSTGRES_USER=kong" \
              -e "POSTGRES_DB=kong" \
              postgres:9.6

create a migration:

docker run --rm \
    --network=kong-net \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-postgres-database" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-postgres-database" \
    kong:latest kong migrations up

create a kong container connected to the postgres and cassandra databases throught the internal network kong-net:

docker run -d --name kong \
    --network=kong-net \
    -e "KONG_DATABASE=postgres" \
    -e "KONG_PG_HOST=kong-postgres-database" \
    -e "KONG_CASSANDRA_CONTACT_POINTS=kong-cassandra-database" \
    -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
    -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
    -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
    -e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl" \
    -p 8000:8000 \
    -p 8443:8443 \
    -p 8001:8001 \
    -p 8444:8444 \
    kong:latest

check on url http://localhost:8001/

For more info, go on official web site here

a basic NGINX cookbook chef

Pierangelo — Sat, 17 Oct 2020 03:39:50 +0000

Ok, this is how create a simple nginx cookbook for Chef

For this example I don’t use chef-server, but i work directly on the machine. In my case the machine is a Vagrant VM based on Ubuntu/xenial64, but i think that you can use a VPS or Cloud service and others Linux OS.

As first thing to do, we must install ChefDK on our machine:

curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chefdk -c stable

Then we have to create a folder called cookbooks where we will go to insert our cookbooks:

mkdir cookbooks

inside the cookbooks folder we create our first cookbook named mynginx:

cd cookbooks

chef generate cookbook mynginx

Edit the file default.rb in in mynginx/recipes/default.rb

package 'git'
package 'tree'

package 'nginx' do
  action :install
end


service 'nginx' do
  action [ :enable, :start ]
end


cookbook_file "/var/www/html/index.html" do
  source "index.html"
  mode "0644"
end


template "/etc/nginx/nginx.conf" do   
  source "nginx.conf.erb"
  notifies :reload, "service[nginx]"
end

from inside the mynginx folder I must generate a file index.html:

chef generate file index.html

edit the file index.html in files/default/index.html

<html>
  <head>
    <title>Hello there</title>
  </head>
  <body>
    <h1>This is a test</h1>
    <p>Please work!</p>
  </body>
</html>

create a templates named nginx.conf:

chef generate template nginx.conf

edit the file nginx.conf.erb in templates/nginx.conf.erb and insert your custom configuration of nginx.

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

now you can launch chef-client in local mode for install or update your machine:



sudo chef-client -z --runlist "mynginx"