diff --git a/backend/Dockerfile.redis b/backend/Dockerfile.redis new file mode 100644 index 000000000..253b44c28 --- /dev/null +++ b/backend/Dockerfile.redis @@ -0,0 +1,6 @@ +FROM redis:latest + +COPY redis_entrypoint.sh /usr/local/bin/redis_entrypoint.sh +RUN chmod +x /usr/local/bin/redis_entrypoint.sh + +ENTRYPOINT ["redis_entrypoint.sh"] \ No newline at end of file diff --git a/backend/Dockerfile b/backend/Dockerfile.server similarity index 100% rename from backend/Dockerfile rename to backend/Dockerfile.server diff --git a/backend/database/store/redis.go b/backend/database/store/redis.go index c5e1c7c6c..e3bf3ec7a 100644 --- a/backend/database/store/redis.go +++ b/backend/database/store/redis.go @@ -25,9 +25,9 @@ func NewStores(limiter LimiterInterface, blacklist BlacklistInterface, activeTok func ConfigureRedis(settings config.Settings) *Stores { stores := NewStores( - NewLimiter(NewRedisClient(settings.RedisLimiter.Username, settings.RedisLimiter.Host, settings.RedisLimiter.Port, settings.RedisLimiter.Password, settings.RedisLimiter.DB)), - NewBlacklist(NewRedisClient(settings.RedisBlacklist.Username, settings.RedisBlacklist.Host, settings.RedisBlacklist.Port, settings.RedisBlacklist.Password, settings.RedisBlacklist.DB)), - NewActiveToken(NewRedisClient(settings.RedisActiveTokens.Username, settings.RedisActiveTokens.Host, settings.RedisActiveTokens.Port, settings.RedisActiveTokens.Password, settings.RedisActiveTokens.DB)), + NewLimiter(NewRedisClient(settings.RedisLimiter.Username, settings.RedisLimiter.Password, settings.RedisLimiter.Host, settings.RedisLimiter.Port, settings.RedisLimiter.DB)), + NewBlacklist(NewRedisClient(settings.RedisBlacklist.Username, settings.RedisBlacklist.Password, settings.RedisBlacklist.Host, settings.RedisBlacklist.Port, settings.RedisBlacklist.DB)), + NewActiveToken(NewRedisClient(settings.RedisActiveTokens.Username, settings.RedisActiveTokens.Password, settings.RedisActiveTokens.Host, settings.RedisActiveTokens.Port, settings.RedisActiveTokens.DB)), ) MustEstablishConn() diff --git a/backend/database/store/store.go b/backend/database/store/store.go index 074765484..82d224aec 100644 --- a/backend/database/store/store.go +++ b/backend/database/store/store.go @@ -26,15 +26,16 @@ type RedisClient struct { client *redis.Client } -func NewRedisClient(username, host string, port uint, password *m.Secret[string], db int) *RedisClient { +func NewRedisClient(username string, password *m.Secret[string], host string, port uint, db int) *RedisClient { client := redis.NewClient(&redis.Options{ - Username: username, - Addr: fmt.Sprintf("%s:%d", host, port), - Password: password.Expose(), - DB: db, - PoolSize: 10 * runtime.GOMAXPROCS(0), - MaxActiveConns: constants.REDIS_MAX_OPEN_CONNECTIONS, - MaxIdleConns: constants.REDIS_MAX_IDLE_CONNECTIONS, + Username: username, + Password: password.Expose(), + Addr: fmt.Sprintf("%s:%d", host, port), + DB: db, + PoolSize: 10 * runtime.GOMAXPROCS(0), + MaxActiveConns: constants.REDIS_MAX_OPEN_CONNECTIONS, + MaxIdleConns: constants.REDIS_MAX_IDLE_CONNECTIONS, + ContextTimeoutEnabled: true, }) return &RedisClient{ diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml index e46632407..4870e808b 100644 --- a/backend/docker-compose.yml +++ b/backend/docker-compose.yml @@ -1,35 +1,88 @@ services: redis-active-tokens: - image: redis/redis-stack-server:latest + build: + context: . + dockerfile: Dockerfile.redis container_name: redis_active_tokens ports: - 6379:6379 environment: - - REDIS_PASSWORD=redispassword!#1 + - REDIS_USERNAME=redis_active_tokens + - REDIS_PASSWORD=redis_active_tokens!#1 + - REDIS_DISABLE_DEFAULT_USER="true" volumes: - redis-active-data:/data redis-blacklist: - image: redis/redis-stack-server:latest + build: + context: . + dockerfile: Dockerfile.redis container_name: redis_blacklist ports: - 6380:6379 environment: - - REDIS_PASSWORD=redispassword!#2 + - REDIS_USERNAME=redis_blacklist + - REDIS_PASSWORD=redis_blacklist!#2 + - REDIS_DISABLE_DEFAULT_USER="true" volumes: - redis-blacklist-data:/data redis-limiter: - image: redis/redis-stack-server:latest + build: + context: . + dockerfile: Dockerfile.redis container_name: redis_limiter ports: - 6381:6379 environment: - - REDIS_PASSWORD=redispassword!#3 + - REDIS_USERNAME=redis_limiter + - REDIS_PASSWORD=redis_limiter!#3 + - REDIS_DISABLE_DEFAULT_USER="true" volumes: - redis-limiter-data:/data + opensearch-node1: + image: opensearchproject/opensearch:latest + container_name: opensearch-node1 + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch-node1 + - discovery.type=single-node + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + - DISABLE_SECURITY_PLUGIN=true # + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + volumes: + - opensearch-data1:/usr/share/opensearch/data + ports: + - 9200:9200 + - 9600:9600 # required for Performance Analyzer + networks: + - opensearch-net + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:latest + container_name: opensearch-dashboards + ports: + - 5601:5601 + expose: + - "5601" + environment: + OPENSEARCH_HOSTS: '["http://opensearch-node1:9200"]' + DISABLE_SECURITY_DASHBOARDS_PLUGIN: true + networks: + - opensearch-net + volumes: redis-active-data: redis-blacklist-data: redis-limiter-data: + opensearch-data1: + +networks: + opensearch-net: diff --git a/backend/redis_entrypoint.sh b/backend/redis_entrypoint.sh new file mode 100644 index 000000000..ffa4913bf --- /dev/null +++ b/backend/redis_entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# set up redis configuration directory +mkdir -p /usr/local/etc/redis + +# dynamically generate redis configuration and ACL files here, using environment variables +echo "aclfile /usr/local/etc/redis/custom_aclfile.acl" > /usr/local/etc/redis/redis.conf + +# generate ACL file using environment variables +if [ -n ${REDIS_USERNAME} ] && [ -n ${REDIS_PASSWORD} ]; then + echo "user ${REDIS_USERNAME} on allkeys allchannels allcommands >${REDIS_PASSWORD} " > /usr/local/etc/redis/custom_aclfile.acl +fi + +# disable default user +if [ $(echo ${REDIS_DISABLE_DEFAULT_USER}) == "true" ]; then + echo "user default off nopass nocommands" >> /usr/local/etc/redis/custom_aclfile.acl +fi + +# call the original docker entrypoint script with redis-server and the path to the custom redis configuration +exec docker-entrypoint.sh redis-server /usr/local/etc/redis/redis.conf \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index bc9ff62c3..000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,43 +0,0 @@ -services: - opensearch-node1: - image: opensearchproject/opensearch:latest - container_name: opensearch-node1 - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch-node1 - - discovery.type=single-node - - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - - DISABLE_SECURITY_PLUGIN=true # - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems - hard: 65536 - volumes: - - opensearch-data1:/usr/share/opensearch/data - ports: - - 9200:9200 - - 9600:9600 # required for Performance Analyzer - networks: - - opensearch-net - opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:latest - container_name: opensearch-dashboards - ports: - - 5601:5601 - expose: - - "5601" - environment: - OPENSEARCH_HOSTS: '["http://opensearch-node1:9200"]' - DISABLE_SECURITY_DASHBOARDS_PLUGIN: true - networks: - - opensearch-net - -volumes: - opensearch-data1: - -networks: - opensearch-net: \ No newline at end of file