opsforgeio/opsforge

View on GitHub
composer/anvil.yaml

Summary

Maintainability
Test Coverage
  ## ANVIL CONTAINER
  anvil_proxy:
    depends_on:
      - consul
    restart: always
    image: opsforge/nginx-auth:latest
    entrypoint: sh
    # Add htpassword here: http://www.htaccesstools.com/htpasswd-generator/ (example below is username=username password=password) - make sure to escape $ signs with $$HTPASSWD: 'username:$$apr1$$3X/xufbq$$xBqXarJxuOD0AMXJ4OYin.'
    command:
    - -c
    - |
      cat <<EOF> /etc/nginx/conf.d/default.conf
      server {
        listen 80 default_server;

        location / {
          auth_basic            "Feed me passwords";
          auth_basic_user_file  auth.htpasswd;

          proxy_connect_timeout 7d;
          proxy_read_timeout    7d;
          proxy_send_timeout    7d;

          proxy_pass            http://anvil:5757;
          proxy_http_version    1.1;

          proxy_set_header      Host \$$host;
          proxy_set_header      Upgrade \$$http_upgrade;
          proxy_set_header      Connection "upgrade";
          proxy_set_header      Origin "\$$scheme://\$$host";
        }
      }
      EOF

      cat <<EOF> /etc/nginx/auth.htpasswd
      username:\$$apr1\$$3X/xufbq\$$xBqXarJxuOD0AMXJ4OYin.
      EOF

      # cat /etc/nginx/conf.d/default.conf
      # cat /etc/nginx/auth.htpasswd

      nginx -g "daemon off;"
    ports:
      - 8001:80
    expose:
      - 80
    networks:
      - consul
  anvil:
    depends_on:
      - consul
      - anvil_proxy
    restart: always
    privileged: true
    image: opsforge/anvil
    # Replace the values in the following command with your values. Further details in the readme.
    entrypoint: /bin/zsh
    command:
      - -c
      - |
        /root/entrypoint.sh \
          --proxy \
          --shell='zsh' \
          --fullname='My.Name' \
          --myemail='my.name@email.io' \
          --pastebinurl='https://pastebin.com/raw/38bgGTK7' \
          --giturlwithcred='https://user:password@git.org/org/project.git'
    ports:
      - 8101:3501
      - 8102:3502
    expose:
      # These ports are added to make the RDP forwarding work
      - 5757
      - 3501
      - 3502
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./repos:/root/repos
    networks:
      - guac
      - splunk
      - concourse4
      - consul
      - ansible
      - es
  ## CONSUL
  consul:
    restart: unless-stopped
    command: consul agent -server -ui -bootstrap-expect=1 -data-dir=/consul/data -bind=0.0.0.0 -client=0.0.0.0 -datacenter=opsforge -node=consul_master
    image: consul
    environment:
      - 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true}'
    expose:
      - 8600
      - 8500
      - 8300
    ports:
      - 8500:8500
    networks:
      - consul
  # deskible:
  #   restart: unless-stopped
  #   image: opsforge/deskible
  #   ports:
  #     - 8004:80
  #   expose:
  #     - 80
  #   volumes:
  #     - ./deskible:/usr/share/nginx/html


  ## CONSUL SIDEKICK
  consul_anvil:
    restart: unless-stopped
    command:
      - /bin/sh
      - -c
      - |
        cat <<EOF> /etc/consul.json
        {
          "services": [
            {
              "id": "anvil_shell_1",
              "name": "anvil_web_shell",
              "tags": ["anvil","linux shell"],
              "address": "localhost",
              "meta": {
                "meta": "access anvil from a browser"
              },
              "port": 8001,
              "checks": [
                {
                  "id": "shell_check",
                  "name": "remote shell tcp check",
                  "tcp": "anvil:5757",
                  "interval": "10s",
                  "timeout": "3s"
                }
              ],
              "weights": {
                "passing": 1,
                "warning": 1
              }
            },
            {
              "id": "anvil_tcp_fw_1",
              "name": "anvil_tcp_forwarder_socket_1",
              "tags": ["anvil","tcp forwarding"],
              "address": "anvil",
              "meta": {
                "meta": "used with ssh tunnels in guacamole or for regular port forwarding"
              },
              "port": 3501,
              "checks": [
                {
                  "id": "rdp_check_1",
                  "name": "tcp check on port 3501",
                  "tcp": "anvil:3501",
                  "interval": "10s",
                  "timeout": "3s"
                }
              ],
              "weights": {
                "passing": 1,
                "warning": 1
              }
            },
            {
              "id": "anvil_tcp_fw_on_host_1",
              "name": "anvil_tcp_forwarder_socket_on_host1",
              "tags": ["anvil","tcp forwarding"],
              "address": "localhost",
              "meta": {
                "meta": "used on the host machine to access the port forwarding"
              },
              "port": 8101
            },
            {
              "id": "anvil_tcp_fw_2",
              "name": "anvil_tcp_forwarder_socket_2",
              "tags": ["anvil","tcp forwarding"],
              "address": "anvil",
              "meta": {
                "meta": "used with ssh tunnels in guacamole or for regular port forwarding"
              },
              "port": 3501,
              "checks": [
                {
                  "id": "rdp_check_2",
                  "name": "tcp check on port 3502",
                  "tcp": "anvil:3502",
                  "interval": "10s",
                  "timeout": "3s"
                }
              ],
              "weights": {
                "passing": 1,
                "warning": 1
              }
            },
            {
              "id": "anvil_tcp_fw_on_host_2",
              "name": "anvil_tcp_forwarder_socket_on_host2",
              "tags": ["anvil","tcp forwarding"],
              "address": "localhost",
              "meta": {
                "meta": "used on the host machine to access the port forwarding"
              },
              "port": 8102
            }
          ]
        }
        EOF
        consul_if=$$(getent hosts consul | cut -d ' ' -f 1 | cut -d '.' -f1-2 | cut -d ' ' -f3)
        consul_addr=$$(ip addr | grep $$consul_if | grep inet | sed 's/.*inet.//' | sed 's/\ brd.*//' | sed 's/\/.*//')
        consul agent -retry-join "consul" -bind=$$consul_addr -data-dir=/etc/consul/data -datacenter=opsforge -node=anvil -config-file=/etc/consul.json
    image: consul
    networks:
      - consul