CodeMirror/alnoda-workspaces
1
0
Fork 0
mirror of https://github.com/bluxmit/alnoda-workspaces.git synced 2024-06-26 18:20:24 +12:00
Code Issues Projects Releases Wiki Activity
alnoda-workspaces/utils/README.md

124 lines
4.9 KiB
Markdown
Raw Normal View History

utils - compose for static server
2021-08-07 20:29:59 +12:00
# Utilities
## Running workspace on server in cloud
There are many benefits of using workspace in cloud, some of them:
- you can use workspace on any device with internet access, even on tablet
- it is great for collaboration (anyone can work together with you)
- you have access to more poverful machine
- you can use workspace for long-running or periodic jobs
There are 2 security considerations to be taken into accont, using workspace in cloud:
1. encrypted https connection
2. authentication
To enable https and auth for workspace, one can add reverse proxy to the workspace deployment.
The utility `remote.py` generates all what's needed to run workspace on cloud server behind reverse proxy.
This utility generates certificates, traefik config and docker-compose file
```
python remote.py --workspace="base-workspace" --port="8020" --host="68.183.69.198" --user="user1" --password="pass1"
```
**IMPORTANT: the best is to execute this python script inside worrkspace in docker, whick runs on local laptop**
The following 4 arguments must be provided:
- --workspace - name of the workspace (all lowercase)
- --port - port ofor the workspace UI. Workspace will also take N consequent ports after this one. base-docker for example,
uses 10 ports
- --host - IP or hostname of the server where workspace will be deployed
- --user - any username
- --password - any password
After command is executed, the new folder `remote` is created in the same directory. Copy this folder to the remote server.
*Hint: in order to copy folder to remote, you start base workspace on remote with local volume mounted `docker run --name space-temp -v /home/tmp:/tmp -p 8020-8030:8020-8030 -e WRK_HOST="<ip-of-your-remote-server>" alnoda/base-workspace` copy and remove this workspace right after that.*
On the remote server ssh to this folder, and execute
```
docker-compose up -d
```
The workspace is running, and it is secured with https and user/password. Notice, that self-sined certificate is used, and browser will
deisplay a warning when you try to assess the workspace UI on `https://<ip-of-your-remote-server>:8020`. Agree to the warning and proceed.
## Serve Static Website
Web application should be deployed with domain name and over https. To have this we suggest to use docker-compose file.
### Example: generate and serve docs
Open terminal the workspace, which has UI, and build docs
> `cd /home/docs`
> `mkdocs build -d /home/static-server/doc`
You can check that static website is served by the static web server.
Ssh to the server where the workspace is running, and commit workspace to a new image. Assuming, workspace name `remote_workspace_1`
> `docker commit remote_workspace_1 docs:0.1`
Now we will run container from image docs:0.1, and add traefik reverse proxy with https. But before doing it, you need to buy domain name,
and set A record for your new domain to point to the IP of the server, where the docs are running
```
version: "3.3"
services:
traefik:
image: "traefik:v2.4"
container_name: "traefik"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=blackmaster@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "80:80"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
workspace:
image: "docs:0.1"
container_name: "workspace"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.httprepl.redirectregex.regex=^http://(.*)"
- "traefik.http.middlewares.httprepl.redirectregex.replacement=https://$${1}"
- "traefik.http.middlewares.add-context.redirectregex.regex=^https:\\/\\/([^\\/]+)\\/?$$"
- "traefik.http.middlewares.add-context.redirectregex.replacement=https://$$1/doc/pages/home/home/"
- "traefik.http.services.STATICFS_URLhttp.loadbalancer.server.port=8022"
- "traefik.http.routers.STATICFS_URLhttp.service=STATICFS_URL"
- "traefik.http.routers.STATICFS_URLhttp.rule=PathPrefix(`/`)"
- "traefik.http.routers.STATICFS_URLhttp.entrypoints=web"
- "traefik.http.routers.STATICFS_URLhttp.middlewares=httprepl"
- "traefik.http.services.STATICFS_URL.loadbalancer.server.port=8022"
- "traefik.http.routers.STATICFS_URL.service=STATICFS_URL"
- "traefik.http.routers.STATICFS_URL.rule=Host(`elnoda.org`)"
- "traefik.http.routers.STATICFS_URL.entrypoints=websecure"
- "traefik.http.routers.STATICFS_URL.middlewares=basic-auth"
- "traefik.http.routers.STATICFS_URL.tls=true"
- "traefik.http.routers.STATICFS_URL.tls.certresolver=myresolver"
- "traefik.http.routers.STATICFS_URL.middlewares=add-context"
```
Reference in a new issue Copy permalink