Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The OP component is  based on POUND (http://www.apsis.ch/pound/) and handles https offloading and reverse proxy for SVS component.

The setup of pound is very straightforward hence it does not require a deploy script.

Directory structure

Code Block
├── app
│   └── start.sh
├── build_op.sh
├── config
│   └── etc
│       ├── pound
│       │   └── pound.cfg
│       └── ssl
│           └── private
│               ├── op.inacademia.local.crt
│               ├── op.inacademia.local.key
│               └── server.pem
├── Dockerfile
└── run_op.sh


The Dockerfile is the basis for the docker to be build. The build_op.sh and run_op.sh scripts will build and run the docker image respectively. The run_op.sh script will test if the image exists, and if not, try to build it before running it.

In the config directory 2 subdirectories exist.

  • app directory files are copied into the contained just before the ansible deploy script is run. starts.sh is what configures and runs pound on the fly at start opf the container
  • config has only one subdirectory, etc, which gets copied into the etc directly of the docker
    • the pound directory holds the pound config file
    • the ssl directory holds the https certificated and a server.pem file which concatenates both certificate and key (and if needed intermediate cert) as pound wants all certs in 1 file.

Docker file

The docker file is completely self contained, so it will build the OP based on the condig and by pulling relevant repositories if needed

FROM debian:stretch
MAINTAINER leifj@sunet.se
RUN apt-get update
RUN apt-get -y dist-upgrade
RUN apt-get install -y pound ssl-cert
RUN apt-get -y clean
ADD app/start.sh /start.sh
COPY config/etc/pound/pound.cfg /etc/pound/pound.cfg
RUN chmod a+rx /start.sh
VOLUME /etc/ssl
ENV HTTP_PORT 80
ENV REWRITE_LOCATION 1
EXPOSE 443
ENTRYPOINT ["/start.sh"]

Now run the run script to build and run our docker based OP

Image Added

Using the OP

Assuming your deploy went without errors, you can now run the OP. It should now have available trough: https://op.inacademia.local/

Image Added

By itself the OP cannot do much. If you did not start SVS yet, the OP will complain it cannot reach the back-end

Image Added


As soon as you also start the SVS component however, the OP should now proxy https requests to the SVS component and back to the browser again.

Image Added

Similar to the last step of the SVS setup this is now SaToSa complaining you did not send a valid request.

Note

For proper operations of the OP, the SVS component must be started BEFORE the OP is started.