Updated ansible docker script

data/ansible/docker/ca.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDDCCAvSgAwIBAgIJAPMIQXNTuPkzMA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
+YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDEYMBYGA1UEAwwP
+ZGtyLmNncmF0ZXMub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29t
+LmNvbTAeFw0yMDAzMDUxNDA2NDhaFw0zMDAzMDMxNDA2NDhaMIGaMQswCQYDVQQG
+EwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxs
+MREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDEYMBYGA1UEAwwPZGty
+LmNncmF0ZXMub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+BKO7MNSTqoerYbVcB
+fvnCo3oNeV0qxFXECxkLgmXgB86sVLiF3qc6246PWStslajvGtODnMfV4GNZWklW
+BW0mqIrU0ZKIaPEeaOPGMDJuFmwdnWHIeHXCIkG1lO1EWI3m3iDNVIPiMAb8yRMc
+UaCJJmK40Pb8rHedkO6w4aImQvpLRvopx4y6psvV+fXdnDBXwsvz0Yp+SwmEx5bS
+ZjEoZUjY3dSP3WFEsO+QG2ED2sCg3lNnrZE5MKT68bUY+RTYybmeEQiWn+CRKkov
+QAkM+Tkmr8x6EZ6NdrE33mYU5sxS9vvY05haDKj698Gy0PbbUQh9/Hx3+RbSgzsd
+5ysCAwEAAaNTMFEwHQYDVR0OBBYEFACYtAH/RSDNgd9r1/5I3vlBxm48MB8GA1Ud
+IwQYMBaAFACYtAH/RSDNgd9r1/5I3vlBxm48MA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACX0baD0OSMBF6zaS0TTtgAYrwopTe0yDhtugrfKJkPX
+q7FMeInhHOPHZzz2aufYcln1y76ztvzzd0HdXi4UIW/VEDDfOCBlo7JbkFhOlnZX
+Kmd09TPGR0szHMVBsqu4I6Uu27L+JuUT26IgaYUaIZV7F3nSPr2KXmuU1eZSRa6x
+qb1HqjS6OTD8Er2C4eZ0zkw5/7rcHg/FZB0bEzNKahthwFRoR5WCLij7gz0fxDxo
+RrrYXvw8MwhQwmAk+YN/nwkTzqcgupNvhstWNqn6IgzbN5Fcg17xjsdBkZ9qjg+9
+wFBfKNxvlfg8VBzT4ZG8ExWDhD+phytw3aFa29Io45w=
+-----END CERTIFICATE-----

data/ansible/docker/docker.yaml

@@ -53,7 +53,7 @@
 
 - name:  Start registry
   become: yes
-  shell: sudo docker run -d --name registry --restart=always -v "$(pwd)":/var/lib/registry -p 5000:5000 registry:2
+  shell: docker run -d --name registry --restart=always -v "$(pwd)":/var/lib/registry -p 5000:5000 registry:2
   args:
     chdir: /var/docker/registry
   when: continerList.stdout_lines|length == 0

data/ansible/docker/main.yaml

@@ -121,6 +121,7 @@
 
     - name: copy default config
       copy:
+        remote_src: yes
         src: "{{ cgrates_dir }}/data/conf/cgrates/cgrates.json"
         dest: "{{ cgrates_dir }}/data/docker/scratch/cgrates.json"
     
@@ -132,8 +133,8 @@
     
     - name: tag docker image
       become: yes
-      shell: "sudo docker tag cgrates 127.0.0.1:5000/cgrates:{{ cgrates_branch }}"
+      shell: "docker tag cgrates 127.0.0.1:5000/cgrates:{{ cgrates_branch }}"
 
     - name: push docker image to repo
       become: yes
-      shell: "sudo docker image push 127.0.0.1:5000/cgrates:{{ cgrates_branch }}"
+      shell: "docker image push 127.0.0.1:5000/cgrates:{{ cgrates_branch }}"

data/ansible/docker/nginx.conf.j2

@@ -4,8 +4,18 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers
 }
 
 server {
-  listen 80;
-  server_name 192.168.59.203;
+  listen 80; # ssl;
+  server_name dkr.cgrates.org;
+
+  # SSL
+  # ssl_certificate /etc/nginx/conf.d/domain.crt;
+  # ssl_certificate_key /etc/nginx/conf.d/domain.key;
+
+  # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+  # ssl_protocols TLSv1.1 TLSv1.2;
+  # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  # ssl_prefer_server_ciphers on;
+  # ssl_session_cache shared:SSL:10m;
 
   access_log /var/log/nginx/docker-error.log;
   error_log /var/log/nginx/docker-error.log;
@@ -35,7 +45,7 @@ server {
     proxy_set_header  Host              $http_host;   # required for docker client's sake
     proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
     proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
-    # proxy_set_header  X-Forwarded-Proto $scheme;
+    proxy_set_header  X-Forwarded-Proto $scheme;
     proxy_read_timeout                  900;
   }
 }

data/ansible/docker/nginx.yaml

@@ -1,17 +1,33 @@
 ---
+- name: copy certificates nginx
+  become: true
+  copy:
+    src: server.crt
+    dest: "/etc/nginx/conf.d/domain.crt"
+    mode: '0600'
+    owner: "{{ rootUser }}"
+
+- name: copy certificates key nginx
+  become: true
+  copy:
+    src: server.key
+    dest: "/etc/nginx/conf.d/domain.key"
+    mode: '0600'
+    owner: "{{ rootUser }}"
+
 - name: Add apt.cgrates.vhost in nginx
   become: true
   template:
     src: nginx.conf.j2
-    dest: "/etc/nginx/sites-available/docker.cgrates.org.vhost"
+    dest: "/etc/nginx/sites-available/dkr.cgrates.org.vhost"
     mode: '0600'
     owner: "{{ rootUser }}"
 
 - name: Create a symlink for docker.cgrates.org
   become: true
   file:
-    src: "/etc/nginx/sites-available/docker.cgrates.org.vhost"
-    dest: "/etc/nginx/sites-enabled/docker.cgrates.org.vhost"
+    src: "/etc/nginx/sites-available/dkr.cgrates.org.vhost"
+    dest: "/etc/nginx/sites-enabled/dkr.cgrates.org.vhost"
     state: link
 
 - name: Restart the nginx so the change take effects

data/ansible/docker/server.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3zCCAsegAwIBAgIJAMgc8s+Vkiu5MA0GCSqGSIb3DQEBCwUAMIGaMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o
+YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDEYMBYGA1UEAwwP
+ZGtyLmNncmF0ZXMub3JnMSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29t
+LmNvbTAeFw0yMDAzMDUxNDA2NDhaFw0zMDAzMDMxNDA2NDhaMIGcMQswCQYDVQQG
+EwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxs
+MREwDwYDVQQKDAhJVHN5c0NPTTEPMA0GA1UECwwGc2VydmVyMRgwFgYDVQQDDA9k
+a3IuY2dyYXRlcy5vcmcxIzAhBgkqhkiG9w0BCQEWFGNvbnRhY3RAaXRzeXNjb20u
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEYBsygGv+60RtKS
+zaa9oD9LSGILeggUWyw6nC3dLNlKajDsJSIn6Vv3aB9Kf9MR4X+Vpe50yBxdR8K2
+fdNPedwFTkZrctUWmfIGkmgvfde2kXvMcdvAAWcMqNnZu8xiRD1KxfHQvh/glC/9
+K8lqiMmfKD/tToG9SUbNwhos6HLAkEgR9rSwscRv6jflpG2p/1dCgExwjU2ipGn7
+r8udKqSDJviTaPUo4SU8VeqAPkx6j7xs50tcA+cl06kCJdG2FJlpGuhwjuzt/V30
+9fssv7Fc7cMjqEPqHkKaHzECWTE7UlVIOERf+6+8rZXVlmEZ8JG2Ssj1+WX9uKAA
+DaNLUQIDAQABoyQwIjAgBgNVHREEGTAXgg9ka3IuY2dyYXRlcy5vcmeHBH8AAAEw
+DQYJKoZIhvcNAQELBQADggEBAESGUFEvlR96lddxgT1NPJ4Ay3a39Qoxl8Mkg0Yb
+dCUEWEkyDQxyVmcirUtSEsMjUAMr0+NATEF7Ay43yhO93flSsEru3lvp2QM88iVq
+l/Gfz0H6WoE9H9hd8c2E+vpnUzCyLyfntnq3Kg0WgrzHUmNmlE8UcnIuJQAT1zTI
+3I639AFL9RtbkYXwqVkWXqp2mq79skqplZlHhgENkhuFWPHq3ZhLzlOlDyl4YNND
+6p6VMcxy9aTMrGfGSn0hzrTWO33RfVBVx15UxqBtq0JejLRD6WwgK2dd5RvmZFLC
+NrYQnfHREA2/xsW4SyNlFRz1NeFIdNDvSNyHT5XxCSZqvNM=
+-----END CERTIFICATE-----

data/ansible/docker/server.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgRgGzKAa/7rRG
+0pLNpr2gP0tIYgt6CBRbLDqcLd0s2UpqMOwlIifpW/doH0p/0xHhf5Wl7nTIHF1H
+wrZ900953AVORmty1RaZ8gaSaC9917aRe8xx28ABZwyo2dm7zGJEPUrF8dC+H+CU
+L/0ryWqIyZ8oP+1Ogb1JRs3CGizocsCQSBH2tLCxxG/qN+Wkban/V0KATHCNTaKk
+afuvy50qpIMm+JNo9SjhJTxV6oA+THqPvGznS1wD5yXTqQIl0bYUmWka6HCO7O39
+XfT1+yy/sVztwyOoQ+oeQpofMQJZMTtSVUg4RF/7r7ytldWWYRnwkbZKyPX5Zf24
+oAANo0tRAgMBAAECggEAMbBCiqaYIR0CKwrRlIxjMbEtx80NvdGPbgyyRwU5EtRy
+66UrMP/72681bsR0tlhbrMt/O6hH8FpK2RqWtT+z3hXGV1Qhr8I8dZHBU9aVErCz
+2zrEUXBNgKHQHPEdPcnJlVpjOicUDj2XxJl0JgUV0D6h5zqaecJjSrp2w/yVe6LK
+PWgelrJKp6vdm+XBcyWZTy34cWwnJqcHpN2yH4xUAaUkLaEV9/hqXlc75+QDc8F9
+6fWi3hMNmtfxattjz+FryfmT8uXkW0sPJpJ9R99mooCGUv7tN3WxIzNqux7C/nza
+oCeaYoEHjZJuq7pjNtPsgDo681nAlfwCw3eikqjqIQKBgQDSMbT9TaFounfyZuDv
+bDezsQ+4FWTX2r6A1T84vJjeeE7ySdNFQZAv6d9k0r8U7gV9BuWmS03x46an7Oo6
+RHnZHpQNEr/V+MMNt9dg4JGk0ZkKBjKwPN9Nw8/eIhJqM4jhjw9+5DQ1mctCRSqk
+aTF0+UW1bqUoHyzfiPNwGY2qVQKBgQDDM1P02T7O/AeauNiLg6T1nZdAPQjNTbWI
+OHu9XYItxo4KMFz5xfGbEEz+zyWH5HzlWZ7/0MIf49rVnDIIujFwNVRitCVjQlUw
+KHm0FQ0EkTIXpEqe7xLBfGJ7S5i76hab34Sm55zT1x61866dFwWFAueRtgEhcSJn
+ZZh6WpoRDQKBgBxf523WX/ayTWTkrHLFqhNQ0K1p/e4BsnvTzbAMDZripM2iV6ne
+uucs7CJBLNhXdVg2aSP0wHXp5GKA4fGxsr0zmorVQB5TcYlVivah+idEwCMRSSBv
+ZzmpOFNlSBUcFdtVI6NejQm7VCwDCEmfhbSjvdxLLnJnGvimFS7J1EztAoGAEcE0
+bLvp25fO9ULE54O02GZaIIyspUfhMB+7GZFMyu8ZclHN0yYvAKSt7CtZRZAB0Daj
+oK8TSSVHfVB0uJh+8K7ZGxU5pVqeNwAnebrEcVrnjID0DJrAQPsYVhCdNtJm9gyR
+m0DL4fTaJUCh7EXwyZVnDLjaR3lr4K27/b0J8G0CgYEAr3i6sZ6eGtIUefAqWg8J
+hWysE6BSA5CnxLsU/eUMY6EYE3Tup/dT5N/MFXQyJvtx/L4wmCXrVSUOereK7gVM
+Jg+NDS5Likssu4CnwiRI5omislqMxxHZWl/EvE4yi/ZJ+ZemGfyR5UJPAbssE/2l
+vAY/GWwlQM7c68F2zDU1UgU=
+-----END PRIVATE KEY-----