search

EticaAI / aguia-pescadora

Documentação de toda pilha de soluções e de usuário do PaaS da Etica.AI. Informações do cluster Tsuru sendo configurado: [Nós: 3][CPU: 14][RAM: 32GB][Disco: 800GB SSD][Custo: < 100 BRL/mês]
https://aguia-pescadora.etica.ai
The Unlicense
1 stars 0 forks source link

OpenResty & HTTPS obtida em tempo real com uso de GUI/lua-resty-auto-ssl #16

Closed fititnt closed 5 years ago

fititnt commented 5 years ago

Issue sobre testes com OpenResty (http://openresty.org) + AutoSSL via https://github.com/GUI/lua-resty-auto-ssl. Isso pode ser uma solução mais específica para resolver o https://github.com/EticaAI/aguia-pescadora/issues/15.

Isso possivelmente ainda não resolve nosso problema com fato de aplicações estarem em mais de um IP.

fititnt commented 5 years ago

Conforme seria relativamente esperado, ele tenta dar bind na :80 (que é usada pelo Tsuru) e da erro. Colocando aqui porque se for usar mesmo já fica referencia para depois.

root@aguia-pescadora-1:~# sudo apt-get install openresty
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libgdbm-compat4 libperl5.26 openresty-openssl openresty-opm openresty-pcre openresty-resty openresty-zlib perl perl-modules-5.26
Suggested packages:
  openresty-restydoc perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make
The following NEW packages will be installed:
  libgdbm-compat4 libperl5.26 openresty openresty-openssl openresty-opm openresty-pcre openresty-resty openresty-zlib perl perl-modules-5.26
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 9,145 kB of archives.
After this operation, 50.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 

(...)

Created symlink /etc/systemd/system/multi-user.target.wants/openresty.service → /lib/systemd/system/openresty.service.
Job for openresty.service failed because the control process exited with error code.
See "systemctl status openresty.service" and "journalctl -xe" for details.
invoke-rc.d: initscript openresty, action "start" failed.
● openresty.service - full-fledged web platform
   Loaded: loaded (/lib/systemd/system/openresty.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-06-22 21:28:37 UTC; 11ms ago
  Process: 4120 ExecStart=/usr/local/openresty/nginx/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
  Process: 4115 ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Jun 22 21:28:34 aguia-pescadora-1 systemd[1]: Starting full-fledged web platform...
Jun 22 21:28:34 aguia-pescadora-1 nginx[4120]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 22 21:28:35 aguia-pescadora-1 nginx[4120]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 22 21:28:35 aguia-pescadora-1 nginx[4120]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 22 21:28:36 aguia-pescadora-1 nginx[4120]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 22 21:28:36 aguia-pescadora-1 nginx[4120]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Jun 22 21:28:37 aguia-pescadora-1 nginx[4120]: nginx: [emerg] still could not bind()
Jun 22 21:28:37 aguia-pescadora-1 systemd[1]: openresty.service: Control process exited, code=exited status=1
Jun 22 21:28:37 aguia-pescadora-1 systemd[1]: openresty.service: Failed with result 'exit-code'.
Jun 22 21:28:37 aguia-pescadora-1 systemd[1]: Failed to start full-fledged web platform.
dpkg: error processing package openresty (--configure):
 installed openresty package post-installation script subprocess returned error exit status 1
dpkg: dependency problems prevent configuration of openresty-resty:
 openresty-resty depends on openresty (>= 1.15.8.1); however:
  Package openresty is not configured yet.

dpkg: error processing package openresty-resty (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of openresty-opm:
 openresty-opm depends on openresty (>= 1.15.8.1); however:
  Package openresty is not configured yet.
 openresty-opm depends on openresty-resty (>= 1.15.8.1); however:
  Package openresty-resty is not configured yet.

dpkg: error processing package openresty-opm (--configure):
 dependency problems - leaving unconfigured
Setting up libperl5.26:amd64 (5.26.1-6ubuntu0.3) ...
Setting up perl (5.26.1-6ubuntu0.3) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.23) ...
Errors were encountered while processing:
 openresty
 openresty-resty
 openresty-opm
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@aguia-pescadora-1:~#
fititnt commented 5 years ago

Pronto. O cluster inteiro foi recriado do zero. Movi o PlanB (o roteador super integrado ao Tsuru) para porta :82.

Deixando a :80 pro OpenResty (NGinx) e em breve também a :443.

Eu pulei a :81 porque se for necessario mais na frente um Varnish pra proteger demandas altas (ou aguentar um downtime mais severo sem deixar usuários verem que backend inteiro cair) seria nessa porta ali que eu poderia colocar.

fititnt commented 5 years ago

Hummm... o OpenResty não reusa o caminho padrão do NGInx em /etc/nginx. E /etc/openresty/ é um link simbolico para /usr/local/openresty/nginx/conf.

Ok. Até que faz algum sentido, talvez façam isso para evitar conflitos. Vou ver se catalogo os arquivos antes de editar eles

Editado: aqui o que tem no diretório

root@aguia-pescadora-1:~# ls -lha /usr/local/openresty/nginx/conf
total 76K
drwxr-xr-x  2 root root 4.0K Jun 23 00:10 .
drwxr-xr-x 12 root root 4.0K Jun 23 00:10 ..
-rw-r--r--  1 root root 1.1K May 16 23:33 fastcgi.conf
-rw-r--r--  1 root root 1.1K May 16 23:33 fastcgi.conf.default
-rw-r--r--  1 root root 1007 May 16 23:33 fastcgi_params
-rw-r--r--  1 root root 1007 May 16 23:33 fastcgi_params.default
-rw-r--r--  1 root root 2.8K May 16 23:33 koi-utf
-rw-r--r--  1 root root 2.2K May 16 23:33 koi-win
-rw-r--r--  1 root root 5.2K May 16 23:33 mime.types
-rw-r--r--  1 root root 5.2K May 16 23:33 mime.types.default
-rw-r--r--  1 root root 2.6K May 16 23:33 nginx.conf
-rw-r--r--  1 root root 2.6K May 16 23:33 nginx.conf.default
-rw-r--r--  1 root root  636 May 16 23:33 scgi_params
-rw-r--r--  1 root root  636 May 16 23:33 scgi_params.default
-rw-r--r--  1 root root  664 May 16 23:33 uwsgi_params
-rw-r--r--  1 root root  664 May 16 23:33 uwsgi_params.default
-rw-r--r--  1 root root 3.6K May 16 23:33 win-utf

Edição 2:

root@aguia-pescadora-1:~# ls -lha /usr/local/openresty/nginx/
total 48K
drwxr-xr-x 12 root   root 4.0K Jun 23 00:10 .
drwxr-xr-x 10 root   root 4.0K Jun 23 00:10 ..
drwx------  2 nobody root 4.0K Jun 23 00:10 client_body_temp
drwxr-xr-x  2 root   root 4.0K Jun 23 00:10 conf
drwx------  2 nobody root 4.0K Jun 23 00:10 fastcgi_temp
drwxr-xr-x  2 root   root 4.0K Jun 23 00:10 html
drwxr-xr-x  2 root   root 4.0K Jun 23 00:10 logs
drwx------  2 nobody root 4.0K Jun 23 00:10 proxy_temp
drwxr-xr-x  2 root   root 4.0K Jun 23 00:10 sbin
drwx------  2 nobody root 4.0K Jun 23 00:10 scgi_temp
drwxr-xr-x  2 root   root 4.0K Jun 23 00:10 tapset
drwx------  2 nobody root 4.0K Jun 23 00:10 uwsgi_temp
fititnt commented 5 years ago

É. Funciona. Considerando que estou vendo várias coisas ao mesmo tempo, até que foi rápido.

Captura de tela de 2019-06-23 00-24-50

Eu ainda não sei se recomendaria esse nível de automação (obter HTTPS sem nem mesmo requisitar) para quem não precisa hospedar muitos domínios e deixar que os usuários mesmos sejam meio independentes.

Porem dessa forma aqui, de certa forma o OpenResty fica próximo do que seria o uso do Caddy.

fititnt commented 5 years ago

A versão do 2.0-alpha do águia pescadora em https://github.com/EticaAI/aguia-pescadora-ansible-playbooks já deve conter esta funcionalidade.