Commit 17bddd02 authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Revisa configuración de labels Traefik 

Diferencia servicios Traefik "geoserver" y "geoserver-master", el
primero conjunto para servicios Swarm "geoserver-master" y
"geoserver-node", el segundo únicamente para "geoserver-master" para
trabajar con interfaz web de administración.

Ahora las peticiones generales se reparten entre todas las instancias de
"geoserver-node" y también con "geoserver-master".

Añade chequeo de salud a nivel de Traefik para servicio "geoserver".
Requiere definir valor de autorización en base64.

Añade flags para cookie sticky, mejora seguridad.
parent 48a5e60b

deploy/.env

+7 −1
Original line number Diff line number Diff line
@@ -56,6 +56,12 @@ FOOTPRINTS_VOL_NAME=geoserver-footprints-vol 
POSTGRES_DATA_VOL_NAME=postgres-gwc-data-vol

WAL_VOL_NAME=postgres-gwc-wal-vol



PUBLIC_HOSTNAME=change.me

GEOSERVER_HEALTH_PATH=/geoserver/rest/about/version.xml

TRAEFIK_ENABLE=true

TRAEFIK_ENTRYPOINT=http

PUBLIC_HOSTNAME=change.me
 
TRAEFIK_HEALTH_AUTH=Basic YWRtaW46Y2hhbmdlbWU=

TRAEFIK_COOKIE_NAME=traefik-geoserver

TRAEFIK_COOKIE_HTTPONLY=true

TRAEFIK_COOKIE_SECURE=true

TRAEFIK_COOKIE_SAMESITE=lax

deploy/docker-compose.tmpl.yml

+22 −13
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ x-geoserver-root: &geoserver-root 
    test: >

      curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null

      -u '${GEOSERVER_ADMIN_USER}:${GEOSERVER_ADMIN_PASSWORD}'

      http://localhost:${GEOSERVER_PORT}/geoserver/rest/about/version.xml

      http://localhost:${GEOSERVER_PORT}${GEOSERVER_HEALTH_PATH}

    interval: ${GEOSERVER_HEALTHCHECK_INTERVAL:-30s}

    timeout: ${GEOSERVER_HEALTHCHECK_TIMEOUT:-15s}

    retries: ${GEOSERVER_HEALTHCHECK_RETRIES:-5}
@@ -66,6 +66,16 @@ x-geoserver-deploy: &geoserver-deploy 
  update_config:

    delay: ${GEOSERVER_UPDATE_DELAY:-3m}



x-geoserver-traefik-common-service-labels: &geoserver-traefik-common-service-labels

  traefik.http.services.geoserver.loadbalancer.server.port: ${GEOSERVER_PORT}

  traefik.http.services.geoserver.loadbalancer.sticky.cookie: 'true'

  traefik.http.services.geoserver.loadbalancer.sticky.cookie.name: ${TRAEFIK_COOKIE_NAME}

  traefik.http.services.geoserver.loadbalancer.sticky.cookie.httponly: '${TRAEFIK_COOKIE_HTTPONLY}'

  traefik.http.services.geoserver.loadbalancer.sticky.cookie.secure: '${TRAEFIK_COOKIE_SECURE}'

  traefik.http.services.geoserver.loadbalancer.sticky.cookie.samesite: ${TRAEFIK_COOKIE_SAMESITE}

  traefik.http.services.geoserver.loadbalancer.healthcheck.path: ${GEOSERVER_HEALTH_PATH}

  traefik.http.services.geoserver.loadbalancer.healthcheck.headers.authorization: ${TRAEFIK_HEALTH_AUTH}



services:

  geoserver-master:

    << : *geoserver-root
@@ -81,22 +91,18 @@ services: 
      << : *geoserver-deploy

      replicas: 1

      labels:

        << : *geoserver-traefik-common-service-labels

        traefik.enable: ${TRAEFIK_ENABLE}



        traefik.http.routers.geoserver-master-admin.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-master-admin.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && (PathPrefix(`/geoserver/web`) || PathPrefix(`/geoserver/rest`) || PathPrefix(`/geoserver/j_spring_security`) || PathPrefix(`/geoserver/gwc/rest`))

        traefik.http.routers.geoserver-master-admin.service: geoserver-master



        traefik.http.routers.geoserver-master-default.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-master-default.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && PathPrefix(`/geoserver`)



        traefik.http.routers.geoserver-master-root.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-master-root.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && Path(`/`)

        traefik.http.middlewares.geoserver-addprefix.addprefix.prefix: /geoserver

        traefik.http.routers.geoserver-master-root.middlewares: geoserver-addprefix

        traefik.http.routers.geoserver-master.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-master.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && PathPrefix(`/geoserver`)

        traefik.http.routers.geoserver-master.service: geoserver



        traefik.http.services.geoserver.loadbalancer.server.port: ${GEOSERVER_PORT}

        traefik.http.services.geoserver.loadbalancer.sticky.cookie: 'true'

        traefik.http.services.geoserver.loadbalancer.sticky.cookie.name: traefik-geoserver

        traefik.http.services.geoserver-master.loadbalancer.server.port: ${GEOSERVER_PORT}



  geoserver-node:

    << : *geoserver-root
@@ -114,13 +120,16 @@ services: 
      placement:

        max_replicas_per_node: 1

      labels:

        << : *geoserver-traefik-common-service-labels

        traefik.enable: ${TRAEFIK_ENABLE}



        traefik.http.routers.geoserver-node.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-node.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && PathPrefix(`/geoserver`)

        traefik.http.routers.geoserver-node.service: geoserver



        traefik.http.services.dummy.loadbalancer.server.port: 0

        traefik.http.routers.geoserver-root.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.geoserver-root.rule: Host(`${GEOSERVER_SUBDOMAIN}.${PUBLIC_HOSTNAME}`) && PathPrefix(`/`)

        traefik.http.middlewares.geoserver-addprefix.addprefix.prefix: /geoserver

        traefik.http.routers.geoserver-root.middlewares: geoserver-addprefix



  postgres-gwc:

    image: ${POSTGRES_IMAGE_NAME:-postgres}:${POSTGRES_IMAGE_TAG:-alpine}