refactor(proxy): replace Zero-Nginx with standalone Zero and Nginx co…

…ntainers
yarlson · Jan 26, 2025 · 2849584 · 2849584
1 parent b2d0fcc
commit 2849584
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 61 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -50,6 +50,7 @@ type Service struct {
 	Routes       []Route             `yaml:"routes" validate:"required,dive"`
 	Volumes      []string            `yaml:"volumes" validate:"dive,volume_reference"`
 	Command      string              `yaml:"command"`
+	CommandSlice []string            `yaml:"_"`
 	Entrypoint   []string            `yaml:"entrypoint"`
 	Env          []string            `yaml:"env"`
 	Forwards     []string            `yaml:"forwards"`

diff --git a/pkg/deployment/container.go b/pkg/deployment/container.go
@@ -176,9 +176,15 @@ func (d *Deployment) createContainer(project string, service *config.Service, su
 			"--health-cmd", service.Container.HealthCheck.Cmd,
 			"--health-interval", service.Container.HealthCheck.Interval,
 			"--health-retries", fmt.Sprintf("%d", service.Container.HealthCheck.Retries),
-			"--health-timeout", service.Container.HealthCheck.Timeout,
-			"--health-start-period", service.Container.HealthCheck.StartPeriod,
-			"--health-start-timeout", service.Container.HealthCheck.StartTimeout,
+		}
+		if service.Container.HealthCheck.Timeout != "" {
+			healthCheckArgs = append(healthCheckArgs, "--health-timeout", service.Container.HealthCheck.Timeout)
+		}
+		if service.Container.HealthCheck.StartPeriod != "" {
+			healthCheckArgs = append(healthCheckArgs, "--health-start-period", service.Container.HealthCheck.StartPeriod)
+		}
+		if service.Container.HealthCheck.StartTimeout != "" {
+			healthCheckArgs = append(healthCheckArgs, "--health-start-timeout", service.Container.HealthCheck.StartTimeout)
 		}
 	}
 
@@ -213,6 +219,9 @@ func (d *Deployment) createContainer(project string, service *config.Service, su
 	if service.Command != "" {
 		args = append(args, service.Command)
 	}
+	if len(service.CommandSlice) > 0 {
+		args = append(args, service.CommandSlice...)
+	}
 
 	_, err = d.runCommand(context.Background(), "docker", args...)
 	return err

diff --git a/pkg/deployment/proxy.go b/pkg/deployment/proxy.go
@@ -3,13 +3,11 @@ package deployment
 import (
 	"context"
 	"fmt"
+	"github.com/yarlson/ftl/pkg/config"
+	"github.com/yarlson/ftl/pkg/proxy"
 	"os"
 	"path/filepath"
 	"strings"
-	"time"
-
-	"github.com/yarlson/ftl/pkg/config"
-	"github.com/yarlson/ftl/pkg/proxy"
 )
 
 func (d *Deployment) startProxy(ctx context.Context, project string, cfg *config.Config) error {
@@ -30,29 +28,31 @@ func (d *Deployment) startProxy(ctx context.Context, project string, cfg *config
 	}
 	spinner.Complete()
 
-	// Deploy proxy service
+	spinner = d.sm.AddSpinner("zero", fmt.Sprintf("[%s] Deploying Zero certificate manager", hostname))
+	if err := d.deployZero(project, cfg); err != nil {
+		spinner.Error()
+		return fmt.Errorf("failed to deploy Zero certificate manager: %w", err)
+	}
+	spinner.Complete()
+
 	spinner = d.sm.AddSpinner("proxy", fmt.Sprintf("[%s] Deploying proxy service", hostname))
 	service := &config.Service{
 		Name:  "proxy",
-		Image: "yarlson/zero-nginx:1.27-alpine3.20-zero0.2.1",
-		Port:  80,
+		Image: "nginx:alpine",
 		Volumes: []string{
-			"certs:/etc/nginx/ssl",
-			configPath + ":/etc/nginx/conf.d",
-		},
-		Env: []string{
-			"DOMAIN=" + cfg.Project.Domain,
-			"EMAIL=" + cfg.Project.Email,
+			"certs:/etc/nginx/certs:ro",
+			configPath + ":/etc/nginx/conf.d:ro",
 		},
 		Forwards: []string{
-			"80:80",
 			"443:443",
 		},
-		HealthCheck: &config.ServiceHealthCheck{
-			Path:     "/",
-			Interval: time.Second,
-			Timeout:  time.Second,
-			Retries:  30,
+		Container: &config.Container{
+			HealthCheck: &config.ContainerHealthCheck{
+				Cmd:      "curl -k https://localhost/",
+				Interval: "10s",
+				Retries:  3,
+				Timeout:  "5s",
+			},
 		},
 		Recreate: true,
 	}
@@ -63,22 +63,6 @@ func (d *Deployment) startProxy(ctx context.Context, project string, cfg *config
 	}
 	spinner.Complete()
 
-	// Reload nginx config
-	spinner = d.sm.AddSpinner("nginx", fmt.Sprintf("[%s] Reloading Nginx configuration", hostname))
-	if err := d.reloadNginxConfig(ctx); err != nil {
-		spinner.Error()
-		return fmt.Errorf("failed to reload nginx config: %w", err)
-	}
-	spinner.Complete()
-
-	// Deploy cert renewer
-	spinner = d.sm.AddSpinner("certrenewer", fmt.Sprintf("[%s] Deploying certificate renewer", hostname))
-	if err := d.deployCertRenewer(project, cfg); err != nil {
-		spinner.Error()
-		return fmt.Errorf("failed to deploy certificate renewer: %w", err)
-	}
-	spinner.Complete()
-
 	return nil
 }
 
@@ -117,26 +101,30 @@ func (d *Deployment) prepareNginxConfig(cfg *config.Config, projectPath string)
 	return configPath, d.runner.CopyFile(context.Background(), tmpFile.Name(), filepath.Join(configPath, "default.conf"))
 }
 
-func (d *Deployment) reloadNginxConfig(ctx context.Context) error {
-	_, err := d.runCommand(ctx, "docker", "exec", "proxy", "nginx", "-s", "reload")
-	return err
-}
-
-func (d *Deployment) deployCertRenewer(project string, cfg *config.Config) error {
+func (d *Deployment) deployZero(project string, cfg *config.Config) error {
 	service := &config.Service{
-		Name:  "certrenewer",
-		Image: "yarlson/zero-nginx:1.27-alpine3.20-zero0.2.1",
+		Name:  "zero",
+		Image: "yarlson/zero:latest",
 		Volumes: []string{
-			"certs:/etc/nginx/ssl",
+			"certs:/certs",
 			"/var/run/docker.sock:/var/run/docker.sock",
 		},
-		Env: []string{
-			"DOMAIN=" + cfg.Project.Domain,
-			"EMAIL=" + cfg.Project.Email,
-			"PROXY_CONTAINER_NAME=proxy",
+		Forwards: []string{
+			"80:80",
+		},
+		CommandSlice: []string{
+			"-d",
+			cfg.Project.Domain,
+			"-e",
+			cfg.Project.Email,
+			"-c",
+			"/certs",
+			"--hook",
+			"nginx -s reload",
+			"--hook-container",
+			"proxy",
 		},
-		Entrypoint: []string{"/renew-certificates.sh"},
-		Recreate:   true,
+		Recreate: true,
 	}
 
 	if err := d.deployService(project, service); err != nil {

diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -21,19 +21,13 @@ func GenerateNginxConfig(cfg *config.Config) (string, error) {
 	}
 {{- end}}
 
-	server {
-		listen 80;
-		server_name {{.Project.Domain}};
-		return 301 https://$server_name$request_uri;
-	}
-
 	server {
 		listen 443 ssl;
 		http2 on;
 		server_name {{.Project.Domain}};
 
-		ssl_certificate /etc/nginx/ssl/{{.Project.Domain}}.crt;
-		ssl_certificate_key /etc/nginx/ssl/{{.Project.Domain}}.key;
+		ssl_certificate /etc/nginx/certs/{{.Project.Domain}}.crt;
+		ssl_certificate_key /etc/nginx/certs/{{.Project.Domain}}.key;
 		ssl_protocols TLSv1.2 TLSv1.3;
 		ssl_prefer_server_ciphers on;