reactioncommerce / proxy-traefik Goto Github PK
View Code? Open in Web Editor NEWA reverse proxy powered by Traefik for deploying the Reaction Platform on Digital Ocean
License: Apache License 2.0
A reverse proxy powered by Traefik for deploying the Reaction Platform on Digital Ocean
License: Apache License 2.0
The ansible playbook only sets ROOT_URL
in the .env
file in the reaction
folder.
Reaction's api-plugin-accounts
also uses the following env vars which are by default set to localhost
and thus should be updated to the domain in this playbook. See file config.js
of this plugin:
REACTION_IDENTITY_PUBLIC_PASSWORD_RESET_URL: str({ devDefault: "http://localhost:4100/account/reset-password/TOKEN" }),
REACTION_IDENTITY_PUBLIC_VERIFY_EMAIL_URL: str({ devDefault: "http://localhost:4100/#/verify-email/TOKEN" }),
REACTION_ADMIN_PUBLIC_ACCOUNT_REGISTRATION_URL: str({ devDefault: "http://localhost:4080" })
Thus in the playbook:
- name: "Set Reaction's environment variables"
lineinfile:
path: "{{ reaction_platform_path }}/reaction/.env"
regexp: "^ROOT_URL"
line: "ROOT_URL=https://api.{{ domain }}"
should be replaced with:
- name: "Set Reaction's environment variables"
lineinfile:
path: "{{ reaction_platform_path }}/reaction/.env"
regexp: "^{{ item.variable }}"
line: "{{ item.variable }}={{ item.value }}"
loop:
- {
variable: "ROOT_URL",
value: "https://api.{{ domain }}"
}
- {
variable: "REACTION_IDENTITY_PUBLIC_PASSWORD_RESET_URL",
value: "https://identity.{{ domain }}/account/reset-password/TOKEN"
}
- {
variable: "REACTION_IDENTITY_PUBLIC_VERIFY_EMAIL_URL",
value: "https://identity.{{ domain }}/#/verify-email/TOKEN"
}
- {
variable: "REACTION_ADMIN_PUBLIC_ACCOUNT_REGISTRATION_URL",
value: "https://admin.{{ domain }}"
}
I looked through the code and found that DigitalOcean token is being used nowhere, so I wonder if the token is even required or necessary ?
Does this work with other hosts ?
I went through your Simple Deployment Guide and made a few notes on how it could be improved...
Requirements say “A Linux host with at least 2GB of RAM” but the first section states “create a new droplet using the Ubuntu 18.4 image with at least 1GB of RAM “.
Need to run apt-get update
before apt get build-essentials
make
has to be run as sudo
otherwise docker connection fails (permission error), which then creates a whole heap of other issues. It's best to ensure docker permissions are set first - sudo usermod -a -G docker $USER
“Further, substitute REPLACE_WITH_PATH_TO_TRAEFIK_FOLDER with the path to the traefik folder” - this variable doesn’t exist, instead I had to update the paths under volumes manually.
docker create network
should be docker network create
chmod 600 acme.json
needs to be run
Docker-compose traefik.frontend.rule
label must be set to proper domain otherwise it fails.
These were just quick notes I made while going through the process. Unfortunately, after getting through it, I then had a load of other errors (e.g. OAuth2 errors) and I had to abandon and go another direction.
Hope this helps 👍
This repo was hard to find for me, and also saved my day when trying to deploy with docker.
It would be great it to be mentioned on the docs, maybe it is and I didn't find it so easily?
Also, I understand docker-compose is not perfect for production, but since I'm launching a new website and expect 0 visits first day, I might go with it.
I'm guessing next steps would be to separate properly a mongodb cluster with shrading, replica_set, and what not.
And maybe the same for the hydra_postgresql instance.
I'm guessing kubernetes would be a next good step if one wanted to keep all in cloud services but controlling more the subjacent architecture or so.
Thanks for all your work, loving the framework, and can't wait for v3.0.0
It should be better if it can allow you to change the provider in the dnsChallenge to ones of the providers listed in traefik by setting a new environment variable
Hello!, I’m having trouble with hydra on my proxy-traefik deployment
Having found the repo is a godsend to deploy current 2.9.0 reaction-platform in a DO droplet, but I can’t get auth to work, and I’m not sure what I’m doing wrong. I found some issues from when the example-storefront repo was called next-starterkit, but I couldn’t debug it by myself!
I'm using all packages on v2.9
I get the following error when clicking on sign up or login in my storefront.
The OAuth2 request resulted in an error.
Error: invalid_client
Description: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)
Hint: The requested OAuth 2.0 Client does not exist.
Debug:
You are seeing this default error page because the administrator has not set a dedicated error URL (environment variable OAUTH2_ERROR_URL is not set). If you are an administrator, please read the guide to understand what you need to do. If you are a user, please contact the administrator.
reaction-hydra-hydra-1 logs
Creating reaction-hydra_hydra_1 ... done
Attaching to reaction-hydra_postgres_1, reaction-hydra_hydra-migrate_1, reaction-hydra_hydra_1
postgres_1 | 2019-11-18 14:04:24.956 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgres_1 | 2019-11-18 14:04:24.956 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgres_1 | 2019-11-18 14:04:24.959 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1 | 2019-11-18 14:04:24.984 UTC [21] LOG: database system was shut down at 2019-11-18 14:04:22 UTC
postgres_1 | 2019-11-18 14:04:25.009 UTC [1] LOG: database system is ready to accept connections
hydra-migrate_1 | Applying `client` SQL migrations...
hydra-migrate_1 | Applied 0 `client` SQL migrations.
hydra-migrate_1 | Applying `oauth2` SQL migrations...
hydra-migrate_1 | Applied 0 `oauth2` SQL migrations.
hydra-migrate_1 | Applying `jwk` SQL migrations...
hydra-migrate_1 | Applied 0 `jwk` SQL migrations.
hydra-migrate_1 | Applying `consent` SQL migrations...
hydra-migrate_1 | Applied 0 `consent` SQL migrations.
hydra-migrate_1 | Migration successful! Applied a total of 0 SQL migrations.
hydra-migrate_1 | Migration successful!
reaction-hydra_hydra-migrate_1 exited with code 0
hydra_1 | Thank you for using ORY Hydra v1.0.0-beta.9!
hydra_1 |
hydra_1 | Take security seriously and subscribe to the ORY Security Newsletter. Stay on top of new patches and security insights.
hydra_1 |
hydra_1 | >> Subscribe now: http://eepurl.com/di390P <<
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Connecting with postgres://*:*@postgres:5432/hydra?sslmode=disable"
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Connected to SQL!"
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Setting up Prometheus middleware"
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/guides/latest/telemetry/"
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Setting up http server on :4445"
hydra_1 | time="2019-11-18T14:04:27Z" level=warning msg="HTTPS disabled. Never do this in production."
hydra_1 | time="2019-11-18T14:04:27Z" level=info msg="Setting up http server on :4444"
hydra_1 | time="2019-11-18T14:04:27Z" level=warning msg="HTTPS disabled. Never do this in production."
Creating reaction-hydra_hydra_1 ... done
Attaching to reaction-hydra_postgres_1, reaction-hydra_hydra-migrate_1, reaction-hydra_hydra_1
postgres_1 | 2019-11-18 14:04:24.956 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgres_1 | 2019-11-18 14:04:24.956 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgres_1 | 2019-11-18 14:04:24.959 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1 | 2019-11-18 14:04:24.984 UTC [21] LOG: database system was shut down at 2019-11-18 14:04:22 UTC
postgres_1 | 2019-11-18 14:04:25.009 UTC [1] LOG: database system is ready to accept connections
hydra-migrate_1 | Applying `client` SQL migrations...
hydra-migrate_1 | Applied 0 `client` SQL migrations.
hydra-migrate_1 | Applying `oauth2` SQL migrations...
hydra-migrate_1 | Applied 0 `oauth2` SQL migrations.
hydra-migrate_1 | Applying `jwk` SQL migrations...
hydra-migrate_1 | Applied 0 `jwk` SQL migrations.
HI,
excellent work to simplify the deploy of RC on DO.
I have this working BUT it requires the extra steps in your video:
Also, the DNS (CAA and A records) need to be configured BEFORE you run the Ansible program as otherwise the certificate creation will fail.
I would suggest to add the above to the written tutorial.
Any ideas what cause this one?
failed: [reaction.server] (item=/home/reaction/reaction-development-platform/reaction-hydra/docker-compose.override.yml) => {"ansible_loop_var": "item", "changed": false, "item": "/home/reaction/reaction-development-platform/reaction-hydra/docker-compose.override.yml", "msg": "Path /home/reaction/reaction-development-platform/reaction-hydra/docker-compose.override.yml does not exist !", "rc": 257}
failed: [reaction.server] (item=/home/reaction/reaction-development-platform/reaction-identity/docker-compose.override.yml) => {"ansible_loop_var": "item", "changed": false, "item": "/home/reaction/reaction-development-platform/reaction-identity/docker-compose.override.yml", "msg": "Path /home/reaction/reaction-development-platform/reaction-identity/docker-compose.override.yml does not exist !", "rc": 257}
Hi,
The reaction.yml script don't set the volumes path in docker-compose.yml according to {{create_user}} and {{proxy_dir}}
- /home/reaction/proxy/traefik/traefik.yml:/traefik.yml:ro
- /home/reaction/proxy/traefik/acme.json:/acme.jso
I've tried to use https://github.com/containous/traefik-migration-tool to upgrade both the acme.json and traefik.toml, acme works fine, but with TOML, since v2 is scraping the backends/frontends and going with middlewares and what not, needs to be manually rewritten I think.
traefik-migration-tool acme works fine, but
➜ traefik-migration-tool static
Redirect on entry point "http" must be converted manually. See https://docs.traefik.io/v2.0/middlewares/redirectscheme/
TLS on entry point "https" must be converted manually. See https://docs.traefik.io/v2.0/routing/routers/#tls
The domain (domain.com) defined in the Docker provider must be converted manually. See https://docs.traefik.io/v2.0/providers/docker/#defaultrule
The entry point (dashboard) defined in API must be converted manually. See https://docs.traefik.io/v2.0/operations/api/
The entry point (https) defined in the ACME configuration must be converted manually. See https://docs.traefik.io/v2.0/routing/routers/#certresolver
Opening this to make a place to jot down some basics for hardening the installation once deployed. Obviously these things are outside the scope of this project but this repo feels a timely place to communicate some basics. Nothing here should be misconstrued as security advice. Caveat lector.
mongodb://api.example.com:27017
(update based on domain
var). If you're able to access it without authenticating, shell into the droplet and change ports
key in /home/reaction/reaction-development-platform/reaction/docker-compose.yml
to expose
, change the setting value to "27017"
and restart the API with make stop-reaction && make start-reaction
for settings to take effect.admin.example.com
(update based on domain
var) and register a new user to assume the Owner role. Ownership is immediate and no service restarts are required.traefik.domain.example
. Detailed instructions here..env
files in each of the projects and modify PLACEHOLDERS
necessary.Please add additional suggestions below.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.