From 13073daa38a1b10bd94b046b520278b68f0dc7dc Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Sat, 20 Jul 2024 19:18:49 +0200 Subject: [PATCH] Refactgor, TLS support, v0.5 --- .app.config | 14 ++++++++++++++ .env.dist | 2 +- Dockerfile.target | 9 ++++++--- bin/entrypoint.sh | 3 +++ src/cmd/migrate/main.go | 2 +- src/go.mod | 4 ++-- src/go.sum | 7 +++---- src/internal/server/config.go | 2 +- src/internal/server/server.go | 12 ++++++++++-- 9 files changed, 41 insertions(+), 14 deletions(-) create mode 100644 .app.config diff --git a/.app.config b/.app.config new file mode 100644 index 0000000..f6bcaa7 --- /dev/null +++ b/.app.config @@ -0,0 +1,14 @@ +{ + "ID": "identity", + "Name": "identity", + "Address": "__IP__", + "Tags": ["identity-svc", "identity", "https", "service"], + "Port": 443, + "Connect": { + "Native": true + }, + "Check": { + "TCP": "__IP__:443", + "DeregisterCriticalServiceAfter": "10s" + } +} \ No newline at end of file diff --git a/.env.dist b/.env.dist index 948c4e1..a0d58bf 100644 --- a/.env.dist +++ b/.env.dist @@ -1,4 +1,4 @@ -SERVER_ADDR=:80 +SERVER_ADDR=:443 APP_NAME=identity-svc APP_DOMAIN=identity.service.ego.io diff --git a/Dockerfile.target b/Dockerfile.target index e550ff2..1980273 100644 --- a/Dockerfile.target +++ b/Dockerfile.target @@ -4,7 +4,7 @@ FROM ${BUILDER_IMAGE} AS builder # Destination image - server # FROM gcr.io/distroless/base-debian10 -FROM alpine:3 +FROM alpine:3.17 ARG SVC_NAME ARG SVC_VER @@ -21,11 +21,14 @@ WORKDIR / COPY --from=builder $BIN_OUTPUT /app COPY --from=builder /go/bin/migrate /bin/migrate COPY --from=builder /go/bin/health /bin/health -COPY .env.dist /.env +COPY .env.docker /.env +COPY ./.app.config / COPY ./bin /bin RUN chmod 755 /bin/entrypoint.sh /bin/migrate.sh -EXPOSE 80 +RUN apk add curl + +EXPOSE 443 ENTRYPOINT ["entrypoint.sh"] CMD ["sh", "-c", "/app"] diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh index 384ab50..276fa32 100755 --- a/bin/entrypoint.sh +++ b/bin/entrypoint.sh @@ -14,6 +14,9 @@ waitForService() done } +update-resolv # provided by stack - better approach - single copy +update-ca-certificates + waitForService "postgres-db:5432" waitForService "api-logger:24224" diff --git a/src/cmd/migrate/main.go b/src/cmd/migrate/main.go index 5664ea3..b5cf4eb 100644 --- a/src/cmd/migrate/main.go +++ b/src/cmd/migrate/main.go @@ -55,7 +55,7 @@ func main() { log.Fatalf("Error parsing logger addr: %s. Err: %v", c.LoggerAddr, err) } - logger, err := fluentd.NewLogger(c.Base.GetAppFullName(), logHost, logPort) // @Refactor NewLogger return (logger, error) + logger, err := fluentd.NewLogger(c.GetAppFullName(), logHost, logPort) // @Refactor NewLogger return (logger, error) if err != nil { log.Fatalf("Error connecting to %s:%d. Err: %v", logHost, logPort, err) } diff --git a/src/go.mod b/src/go.mod index cd22d97..3bb9ad4 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( git.pbiernat.io/egommerce/api-entities v0.2.3 - git.pbiernat.io/egommerce/go-api-pkg v0.2.88 + git.pbiernat.io/egommerce/go-api-pkg v0.3.18 github.com/go-pg/migrations/v8 v8.1.0 github.com/go-pg/pg/v10 v10.11.1 github.com/go-redis/redis/v8 v8.11.5 @@ -12,7 +12,6 @@ require ( github.com/gofiber/jwt/v2 v2.2.7 github.com/golang-jwt/jwt v3.2.2+incompatible github.com/jackc/pgx/v5 v5.4.3 - github.com/rabbitmq/amqp091-go v1.10.0 ) require ( @@ -106,6 +105,7 @@ require ( github.com/vmihailenco/msgpack/v5 v5.4.0 // indirect github.com/vmihailenco/tagparser v0.1.2 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + go.uber.org/goleak v1.3.0 // indirect golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/mod v0.12.0 // indirect diff --git a/src/go.sum b/src/go.sum index 316e10e..a3cf771 100644 --- a/src/go.sum +++ b/src/go.sum @@ -7,8 +7,8 @@ cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= git.pbiernat.io/egommerce/api-entities v0.2.3 h1:mR6EYfZkAzh4teydb7KXDBWoxwVW3qasnmmH5J3mnas= git.pbiernat.io/egommerce/api-entities v0.2.3/go.mod h1:INXAG5x4+i+vNwg1NpfPHiDW8nY1kn1K7pgLOtX+/I0= -git.pbiernat.io/egommerce/go-api-pkg v0.2.88 h1:xya/39BnFeha3Oc76ad/ppoQd6AstTGQd87Qszamr1A= -git.pbiernat.io/egommerce/go-api-pkg v0.2.88/go.mod h1:XIy2mmvRNIzQmYIUAcDZafhRPxTQFS2HDmsK7ZQ6980= +git.pbiernat.io/egommerce/go-api-pkg v0.3.18 h1:0+C9BMsllrNvRbh4kb7dJ5lrzP1Lc7J4pb+KV76YrXk= +git.pbiernat.io/egommerce/go-api-pkg v0.3.18/go.mod h1:XIy2mmvRNIzQmYIUAcDZafhRPxTQFS2HDmsK7ZQ6980= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM= @@ -428,8 +428,6 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw= -github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o= github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 h1:Wdi9nwnhFNAlseAOekn6B5G/+GMtks9UKbvRU/CMM/o= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= @@ -511,6 +509,7 @@ go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJP go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= diff --git a/src/internal/server/config.go b/src/internal/server/config.go index cc41c5a..425923b 100644 --- a/src/internal/server/config.go +++ b/src/internal/server/config.go @@ -18,7 +18,7 @@ const ( defEventBusURL = "amqp://guest:guest@api-eventbus:5672" defKVNmspc = "dev.egommerce/service/identity" defLoggerAddr = "api-logger:24224" - defNetAddr = ":80" + defNetAddr = ":443" defMongoDbURL = "mongodb://mongodb:12345678@mongo-db:27017" defPathPrefix = "/identity" defRegistryAddr = "api-registry:8500" diff --git a/src/internal/server/server.go b/src/internal/server/server.go index 0b5d570..da37813 100644 --- a/src/internal/server/server.go +++ b/src/internal/server/server.go @@ -1,6 +1,8 @@ package server import ( + "crypto/tls" + "log" "net" "time" @@ -18,7 +20,7 @@ type ( *fiber.App ID string - addr string // e.g. "127.0.0.1:80" + addr string // e.g. "127.0.0.1:443" handlers map[string]any } HeaderRequestID struct { @@ -46,8 +48,14 @@ func (s *Server) Start() error { SetupRouter(s) // fmt.Printf("Starting server at: %s...\n", s.addr) + cer, err := tls.LoadX509KeyPair("certs/client.crt", "certs/client.key") + if err != nil { + log.Fatal(err) + } + tlsCnf := &tls.Config{Certificates: []tls.Certificate{cer}} + ln, _ := net.Listen("tcp", s.addr) - // ln = tls.NewListener(ln, s.App.Server().TLSConfig) + ln = tls.NewListener(ln, tlsCnf) return s.Listener(ln) }