Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rebase generic off monolithic #133

Merged
merged 6 commits into from
Oct 9, 2021
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 33 additions & 23 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
workflows:
version: 2
version: 2.1
build_test_deploy:
jobs:
- test
Expand All @@ -11,22 +11,26 @@ workflows:
branches:
only:
- master
- build_children:
context: circle-api
requires:
- publish_latest

version: 2
version: 2.1
executors:
testbuild-executor:
machine:
image: ubuntu-1604:201903-01
jobs:
test:
docker:
- image: circleci/python:2-jessie
executor: testbuild-executor
steps:
- checkout

- setup_remote_docker: # (2)
docker_layer_caching: false # (3)
- run:
name: Install goss
command: |
# rather than give internet scripts SU rights, we install to local user bin and add to path
mkdir ~/bin
[ -d ~/bin ] || mkdir ~/bin
export GOSS_DST=~/bin
export PATH=$PATH:~/bin
curl -fsSL https://goss.rocks/install | sh
Expand All @@ -36,39 +40,45 @@ jobs:
command: |
# Don't forget path!
export PATH=$PATH:~/bin
# Important, change from mount to work on remote docker, see https://github.com/aelsabbahy/goss/pull/271
# If using machine image you do not need this.
export GOSS_FILES_STRATEGY=cp
./run-tests.sh circleci keepimage
./run-tests.sh --circleci --keepimage
- run:
name: Save docker image
command: |
mkdir -p workspace
[ -d workspace ] || mkdir workspace
docker save -o workspace/lancachenet-monolithic.tar lancachenet/monolithic:goss-test
- persist_to_workspace:
root: workspace
paths:
lancachenet-monolithic.tar
#Download from Artifacts and Load this into your own docker using the following command
#docker load -i /tmp/workspace/lancachenet-monolithic.tar
- store_test_results:
path: reports
path: reports/goss/report.xml
- store_artifacts:
path: reports
destination: reports
- store_artifacts:
path: workspace/lancachenet-monolithic.tar
destination: docker-lancachenet-monolithic.tar
- persist_to_workspace:
root: workspace
paths:
lancachenet-monolithic.tar
publish_latest:
docker:
- image: circleci/python:2-jessie
executor: testbuild-executor
steps:
- setup_remote_docker: # (2)
docker_layer_caching: false # (3)
- attach_workspace:
at: /tmp/workspace
- run:
name: "Deploy latest to docker hub"
command: |
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker load -i /tmp/workspace/lancachenet-monolithic.tar
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker tag lancachenet/monolithic:goss-test lancachenet/monolithic:latest
docker push lancachenet/monolithic:latest
build_children:
executor: testbuild-executor
steps:
- run:
name: "Request API to build children"
command: |
for child in {"monolithic"}; do
echo "Asking API to trigger build for $child"
curl -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/lancachenet/$child/build?circle-token=${CIRCLE_API_USER_TOKEN}
done
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
reports
22 changes: 19 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
FROM lancachenet/generic:latest
MAINTAINER LanCache.Net Team <[email protected]>
FROM lancachenet/ubuntu-nginx:latest
LABEL version=3
LABEL description="Single caching container for caching game content at lan parties."
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
LABEL maintainer=" LanCache.Net Team <[email protected]>"
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved

ENV GENERICCACHE_VERSION=2 \
CACHE_MODE=monolithic \
Expand All @@ -17,6 +19,20 @@ ENV GENERICCACHE_VERSION=2 \

COPY overlay/ /

RUN rm /etc/nginx/sites-enabled/* /etc/nginx/stream-enabled/* ;\
rm /etc/nginx/conf.d/gzip.conf ;\
chmod 754 /var/log/tallylog ; \
id -u ${WEBUSER} &> /dev/null || adduser --system --home /var/www/ --no-create-home --shell /bin/false --group --disabled-login ${WEBUSER} ;\
chmod 755 /scripts/* ;\
mkdir -m 755 -p /data/cache ;\
mkdir -m 755 -p /data/info ;\
mkdir -m 755 -p /data/logs ;\
mkdir -m 755 -p /tmp/nginx/ ;\
chown -R ${WEBUSER}:${WEBUSER} /data/ ;\
mkdir -p /etc/nginx/sites-enabled ;\
ln -s /etc/nginx/sites-available/10_cache.conf /etc/nginx/sites-enabled/10_generic.conf; \
ln -s /etc/nginx/stream-available/10_sni.conf /etc/nginx/stream-enabled/10_sni.conf

RUN mkdir -m 755 -p /data/cachedomains ;\
mkdir -m 755 -p /tmp/nginx ;\
apt-get update ;\
Expand All @@ -26,5 +42,5 @@ RUN git clone --depth=1 --no-single-branch https://github.com/uklans/cache-domai

VOLUME ["/data/logs", "/data/cache", "/data/cachedomains", "/var/www"]

EXPOSE 80
EXPOSE 80 443
WORKDIR /scripts
2 changes: 1 addition & 1 deletion goss.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ command:
exit-status: 0
stdout:
- Succesfully Cached
timeout: 10000
timeout: 20000
process:
nginx:
running: true
Expand Down
1 change: 1 addition & 0 deletions overlay/etc/nginx/conf.d/20_proxy_cache_path.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
proxy_cache_path /data/cache/cache levels=2:2 keys_zone=generic:CACHE_MEM_SIZE inactive=200d max_size=CACHE_DISK_SIZE loader_files=1000 loader_sleep=50ms loader_threshold=300ms use_temp_path=off;
39 changes: 39 additions & 0 deletions overlay/etc/nginx/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
user www-data;
include /etc/nginx/workers.conf;
pid /run/nginx.pid;

include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 4096;
multi_accept on;
use epoll;
}

http {
aio threads;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;


gzip on;

include /etc/nginx/conf.d/*.conf;

include /etc/nginx/sites-enabled/*.conf;
}


stream {
include /etc/nginx/stream.d/*.conf;
include /etc/nginx/stream-enabled/*;
}
10 changes: 10 additions & 0 deletions overlay/etc/nginx/sites-available/10_cache.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@

VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
server {
listen 80 reuseport;

access_log /data/logs/access.log cachelog;
error_log /data/logs/error.log;


VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
include /etc/nginx/sites-available/cache.conf.d/*.conf;
}
8 changes: 8 additions & 0 deletions overlay/etc/nginx/sites-available/cache.conf.d/10_root.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resolver UPSTREAM_DNS ipv6=off;

location / {

include /etc/nginx/sites-available/cache.conf.d/root/*.conf;

}

VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
5 changes: 5 additions & 0 deletions overlay/etc/nginx/sites-available/cache.conf.d/20_lol.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@

VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
# Fix for League of Legends Updater
location ~ ^.+(releaselisting_.*|.version$) {
proxy_pass http://$host;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Fix for GW2 manifest
location ^~ /latest64 {
proxy_cache_bypass 1;
proxy_no_cache 1;
proxy_pass http://$host$request_uri;
}
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Fix for WSUS authroot cab files
location ~* (authrootstl.cab|pinrulesstl.cab|disallowedcertstl.cab)$ {
proxy_cache_bypass 1;
proxy_no_cache 1;
proxy_pass http://$host$request_uri;
}
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
location = /server-status {
proxy_no_cache 1;
proxy_cache_bypass 1;
}
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
location = /lancache-heartbeat {
add_header X-LanCache-Processed-By $hostname;
add_header 'Access-Control-Expose-Headers' '*';
add_header 'Access-Control-Allow-Origin' '*';
return 204;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Abort any circular requests
if ($http_X_LanCache_Processed_By = $hostname) {
return 508;
}

proxy_set_header X-LanCache-Processed-By $hostname;
add_header X-LanCache-Processed-By $hostname,$http_X_LanCache_Processed_By;
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
30 changes: 30 additions & 0 deletions overlay/etc/nginx/sites-available/cache.conf.d/root/20_cache.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Cache Location
slice 1m;
proxy_cache generic;

proxy_ignore_headers Expires Cache-Control;
proxy_cache_valid 200 206 CACHE_MAX_AGE;
proxy_set_header Range $slice_range;

# Only download one copy at a time and use a large timeout so
# this really happens, otherwise we end up wasting bandwith
# getting the file multiple times.
proxy_cache_lock on;
proxy_cache_lock_timeout 1h;

# Allow the use of state entries
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;

# Allow caching of 200 but not 301 or 302 as our cache key may not include query params
# hence may not be valid for all users
proxy_cache_valid 301 302 0;

# Enable cache revalidation
proxy_cache_revalidate on;

# Don't cache requests marked as nocache=1
proxy_cache_bypass $arg_nocache;

# 40G max file
proxy_max_temp_file_size 40960m;

Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Battle.net Fix
proxy_hide_header ETag;

Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Upstream Configuration
proxy_next_upstream error timeout http_404;
proxy_pass http://$host$request_uri;
proxy_redirect off;
proxy_ignore_client_abort on;

# Upstream request headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Debug Headers
add_header X-Upstream-Status $upstream_status;
add_header X-Upstream-Response-Time $upstream_response_time;
add_header X-Upstream-Cache-Status $upstream_cache_status;
9 changes: 9 additions & 0 deletions overlay/etc/nginx/stream-available/10_sni.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
server {
listen 443;
resolver UPSTREAM_DNS ipv6=off;
VibroAxe marked this conversation as resolved.
Show resolved Hide resolved
proxy_pass $ssl_preread_server_name:443;
ssl_preread on;

access_log /data/logs/stream-access.log stream_basic;
error_log /data/logs/stream-error.log;
}
1 change: 1 addition & 0 deletions overlay/etc/nginx/workers.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
worker_processes 16;
4 changes: 4 additions & 0 deletions overlay/etc/supervisor/conf.d/heartbeat.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[program:heartbeat]
command=/scripts/heartbeat.sh
stdout_events_enabled=true
stderr_events_enabled=true
46 changes: 46 additions & 0 deletions overlay/hooks/entrypoint-pre.d/05_config_check.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/bin/bash

echo "Checking cache configuration"


print_confighash_warning () {
echo ""
echo "ABORTING STARTUP TO AVOID POTENTIALLY INVALIDATING THE CACHE"
echo ""
echo "If you are happy that this cache is valid with the current config changes"
echo "please delete \`/<cache_mount>/CONFIGHASH\`"
echo ""
echo "See: https://lancache.net/docs/advanced/config-hash/ for more details"

}

DETECTED_CACHE_KEY=`grep proxy_cache_key /etc/nginx/sites-available/cache.conf.d/root/30_cache_key.conf | awk '{print $2}'`
NEWHASH="GENERICCACHE_VERSION=${GENERICCACHE_VERSION};CACHE_MODE=${CACHE_MODE};CACHE_SLICE_SIZE=${CACHE_SLICE_SIZE};CACHE_KEY=${DETECTED_CACHE_KEY}"

if [ -d /data/cache/cache ]; then
echo " Detected existing cache data, checking config hash for consistency"
if [ -f /data/cache/CONFIGHASH ]; then
OLDHASH=`cat /data/cache/CONFIGHASH`
if [ ${OLDHASH} != ${NEWHASH} ]; then
echo "ERROR: Detected CONFIGHASH does not match current CONFIGHASH"
echo " Detected: ${OLDHASH}"
echo " Current: ${NEWHASH}"
print_confighash_warning ${NEWHASH}
exit -1;
else
echo " CONFIGHASH matches current configuration"
fi
else
echo " Could not find CONFIGHASH for existing cachedata"
echo " This is either an upgrade from an older instance of Lancache"
echo " or CONFIGHASH has been deleted intentionally"
echo ""
echo " Creating CONFIGHASH from current live configuration"
echo " Current: ${NEWHASH}"
echo ""
echo " See: https://lancache.net/docs/advanced/config-hash/ for more details"
fi
fi

mkdir -p /data/cache/cache
echo ${NEWHASH} > /data/cache/CONFIGHASH
14 changes: 14 additions & 0 deletions overlay/hooks/entrypoint-pre.d/10_setup.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/sh
set -e

# Preprocess UPSTREAM_DNS to allow for multiple resolvers using the same syntax as lancache-dns
UPSTREAM_DNS="$(echo -n "${UPSTREAM_DNS}" | sed 's/[;]/ /g')"

echo "worker_processes ${NGINX_WORKER_PROCESSES};" > /etc/nginx/workers.conf
sed -i "s/^user .*/user ${WEBUSER};/" /etc/nginx/nginx.conf
sed -i "s/CACHE_MEM_SIZE/${CACHE_MEM_SIZE}/" /etc/nginx/conf.d/20_proxy_cache_path.conf
sed -i "s/CACHE_DISK_SIZE/${CACHE_DISK_SIZE}/" /etc/nginx/conf.d/20_proxy_cache_path.conf
sed -i "s/CACHE_MAX_AGE/${CACHE_MAX_AGE}/" /etc/nginx/sites-available/cache.conf.d/root/20_cache.conf
sed -i "s/slice 1m;/slice ${CACHE_SLICE_SIZE};/" /etc/nginx/sites-available/cache.conf.d/root/20_cache.conf
sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/nginx/sites-available/cache.conf.d/10_root.conf
sed -i "s/UPSTREAM_DNS/${UPSTREAM_DNS}/" /etc/nginx/stream-available/10_sni.conf
14 changes: 14 additions & 0 deletions overlay/hooks/entrypoint-pre.d/20_perms_check.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash
if [ -d "/data/cache/cache" ]; then
echo "Running fast permissions check"
ls -l /data/cache/cache | tail --lines=+2 | grep -v ${WEBUSER} > /dev/null

if [[ $? -eq 0 || "$FORCE_PERMS_CHECK" == "true" ]]; then
echo "Doing full checking of permissions (This WILL take a long time on large caches)..."
find /data \! -user ${WEBUSER} -exec chown ${WEBUSER}:${WEBUSER} '{}' +
echo "Permissions ok"
else
echo "Fast permissions check successful, if you have any permissions error try running with -e FORCE_PERMS_CHECK = true"
fi

fi
Loading