Add jenkins
This commit is contained in:
parent
0411eda3f0
commit
cd2a4ebdbc
16
docker/add-alias.sh
Normal file
16
docker/add-alias.sh
Normal file
@ -0,0 +1,16 @@
|
||||
echo "
|
||||
# Alias C2A
|
||||
alias letsencrypt='/opt/letsencrypt/letsencrypt-auto'
|
||||
alias sdkmanager='/root/tools/bin/sdkmanager --sdk_root=/opt/android-sdk'
|
||||
alias process='ps -ef | grep python3'
|
||||
|
||||
alias pull-dev=' git --git-dir=/home/C2A/C2A-API-DEV/C2A-Api/.git --work-tree=/home/C2A/C2A-API-DEV/C2A-Api/ pull'
|
||||
alias start-dev='nohup python3 /home/C2A/C2A-API-DEV/C2A-Api/c2a_handler_dev.py dev&> /home/C2A/C2A-API-DEV/c2a.dev.log&'
|
||||
alias stop-dev='pgrep -f \"c2a_handler_dev.py dev\" | xargs kill'
|
||||
alias update-dev='stop-dev; pull-dev; start-dev'
|
||||
|
||||
alias pull-prod=' git --git-dir=/home/C2A/C2A-API-PROD/C2A-Api/.git --work-tree=/home/C2A/C2A-API-PROD/C2A-Api/ pull'
|
||||
alias start-prod='nohup python3 /home/C2A/C2A-API-PROD/C2A-Api/c2a_handler_dev.py prod&> /home/C2A/C2A-API-PROD/c2a.prod.log&'
|
||||
alias stop-prod='pgrep -f \"c2a_handler_dev.py prod\" | xargs kill'
|
||||
alias update-prod='stop-prod; pull-prod; start-prod'
|
||||
" > /root/.bashrc
|
||||
@ -10,93 +10,9 @@ server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name gitlab.c2a-systeme.fr;
|
||||
server_name gitlab.c2a-systeme.test;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8001;
|
||||
# redirect everything to HTTPS
|
||||
# return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# https server
|
||||
server {
|
||||
server_name gitlab.c2a-systeme.fr;
|
||||
listen 443 http2;
|
||||
listen [::]:443 http2;
|
||||
|
||||
# ssl on;
|
||||
# paths are relative to prefix and not to this file
|
||||
# ssl_certificate /home/c2a/conf/nginx/certs/gitlab.c2a-systeme.fr.cert;
|
||||
# ssl_certificate_key /home/c2a/conf/nginx/certs/gitlab.c2a-systeme.fr.key;
|
||||
# ssl_session_timeout 5m;
|
||||
# ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
# https://cipherli.st/
|
||||
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
|
||||
|
||||
# ciphers according to https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.3&openssl=1.0.2g&hsts=yes&profile=modern
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
# ssl_dhparam /home/yellowtent/boxdata/dhparams.pem;
|
||||
# add_header Strict-Transport-Security "max-age=15768000";
|
||||
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
proxy_hide_header X-Frame-Options;
|
||||
|
||||
# https://github.com/twitter/secureheaders
|
||||
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix
|
||||
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
proxy_hide_header X-XSS-Protection;
|
||||
add_header X-Download-Options "noopen";
|
||||
proxy_hide_header X-Download-Options;
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
proxy_hide_header X-Content-Type-Options;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none";
|
||||
proxy_hide_header X-Permitted-Cross-Domain-Policies;
|
||||
add_header Referrer-Policy "no-referrer-when-downgrade";
|
||||
proxy_hide_header Referrer-Policy;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_intercept_errors on;
|
||||
proxy_read_timeout 3500;
|
||||
proxy_connect_timeout 3250;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
|
||||
# upgrade is a hop-by-hop header (http://nginx.org/en/docs/http/websocket.html)
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
location / {
|
||||
return 301 http://$host$request_uri;
|
||||
# increase the proxy buffer sizes to not run into buffer issues (http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffers)
|
||||
proxy_buffer_size 128k;
|
||||
proxy_buffers 4 256k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
|
||||
# No buffering to temp files, it fails for large downloads
|
||||
proxy_max_temp_file_size 0;
|
||||
|
||||
# Disable check to allow unlimited body sizes. this allows apps to accept whatever size they want
|
||||
client_max_body_size 0;
|
||||
|
||||
# Custom robots.txt
|
||||
# location = /robots.txt {
|
||||
# return 200 "";
|
||||
# }
|
||||
|
||||
proxy_pass http://127.0.0.1:8001;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
18
docker/conf/applications/jenkins.c2a-systeme.fr.conf
Normal file
18
docker/conf/applications/jenkins.c2a-systeme.fr.conf
Normal file
@ -0,0 +1,18 @@
|
||||
# http://nginx.org/en/docs/http/websocket.html
|
||||
# http://nginx.org/en/docs/http/websocket.html
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# http server
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name jenkins.c2a-systeme.test;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8002;
|
||||
}
|
||||
}
|
||||
@ -10,7 +10,7 @@ server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name portainer.c2a-systeme.fr;
|
||||
server_name portainer.c2a-systeme.test;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8003;
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
# --env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.c2a-system.dev/'; gitlab_rails['gitlab_shell_ssh_port'] = 2201;" \
|
||||
docker run --detach \
|
||||
--name gitlab \
|
||||
--publish 8001:80 \
|
||||
--publish 44301:443 \
|
||||
--publish 2201:22 \
|
||||
--hostname gitlab.c2a-system.dev \
|
||||
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.c2a-system.dev/'; gitlab_rails['gitlab_shell_ssh_port'] = 2201;" \
|
||||
--hostname gitlab.c2a-system.test \
|
||||
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.c2a-system.test/'; gitlab_rails['gitlab_shell_ssh_port'] = 2201;" \
|
||||
--volume /srv/gitlab/config:/etc/gitlab \
|
||||
--volume /srv/gitlab/logs:/var/log/gitlab \
|
||||
--volume /srv/gitlab/data:/var/opt/gitlab \
|
||||
|
||||
9
docker/install-jenkins.sh
Normal file
9
docker/install-jenkins.sh
Normal file
@ -0,0 +1,9 @@
|
||||
mkdir /home/c2a/jenkins_home
|
||||
chmod 777 /home/c2a/jenkins_home
|
||||
docker run --detach \
|
||||
--name jenkins \
|
||||
--publish 8002:8080 \
|
||||
--publish 50000:50000 \
|
||||
--volume /var/jenkins_home:/var/jenkins_home \
|
||||
--restart unless-stopped \
|
||||
jenkins/jenkins:lts
|
||||
@ -18,9 +18,16 @@ add-apt-repository \
|
||||
apt-get update
|
||||
apt-get install docker-ce docker-ce-cli containerd.io
|
||||
|
||||
# Add Alias in bash
|
||||
./docker/add-alias.sh
|
||||
|
||||
# Install let's encrypt
|
||||
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
|
||||
|
||||
# Launch Install Script
|
||||
./docker/install-nginx.sh
|
||||
./docker/install-gitlab.sh
|
||||
./docker/install-portainer.sh
|
||||
./docker/install-jenkins.sh
|
||||
|
||||
service nginx restart
|
||||
|
||||
Loading…
Reference in New Issue
Block a user