-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstart-lb-json-p1.sh
executable file
·78 lines (61 loc) · 2.97 KB
/
start-lb-json-p1.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/bin/bash
# Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# set -e
source env.sh
ENABLE_HA="LOADBALANCER"
if [ ! "LOADBALANCER" == "$ENABLE_HA" ] ; then
echo " Not running as not in Load Balancer mode"
exit 1
fi
# Run NGINX load balancer for Participant
case "$(uname -s)" in
Darwin)
#JSON_API_1_HOST=host.docker.internal
JSON_API_1A_HOST=host.docker.internal
JSON_API_1B_HOST=host.docker.internal
;;
esac
# https://fardog.io/blog/2017/12/30/client-side-certificate-authentication-with-nginx/
docker stop lb-json-p1
docker rm lb-json-p1
DOMAIN=customer1.com
if [ "NGINX" == "$LOADBALANCER_TYPE" ] ; then
cat ./nginx-conf/nginx.conf-json-template | \
sed -e "s;<DOMAIN>;$DOMAIN;g" | \
sed -e "s;<JSON_API_HOST>;$JSON_API_1_HOST;g" | \
sed -e "s;<JSON_API_PORT>;$JSON_API_1_PORT;g" | \
sed -e "s;<JSON_API_A_HOST>;$JSON_API_1A_HOST;g" | \
sed -e "s;<JSON_API_A_PORT>;$JSON_API_1A_PORT;g" | \
sed -e "s;<JSON_API_B_HOST>;$JSON_API_1B_HOST;g" | \
sed -e "s;<JSON_API_B_PORT>;$JSON_API_1B_PORT;g" \
> ./nginx-conf/nginx-json-p1.conf
docker run --name lb-json-p1 -p $JSON_API_1_PORT:$JSON_API_1_PORT \
-v "$(pwd)/nginx-conf/nginx-json-p1.conf:/etc/nginx/nginx.conf:ro" \
-v "$(pwd)/certs/participant1/json/certs/json-chain.$DOMAIN.cert.pem:/etc/ssl/server.crt:ro" \
-v "$(pwd)/certs/participant1/json/private/json.$DOMAIN.key.pem:/etc/ssl/server.key:ro" \
-v "$(pwd)/certs/participant1/intermediate/certs/ca-chain.cert.pem:/etc/ssl/certs/ca-chain.crt:ro" \
-v "$(pwd)/certs/participant1/client/admin-api.$DOMAIN.cert.pem:/etc/ssl/client.crt:ro" \
-v "$(pwd)/certs/participant1/client/admin-api.$DOMAIN.key.pem:/etc/ssl/client.key:ro" \
-d $LOADBALANCER_VERSION
fi
if [ "HAPROXY" == "$LOADBALANCER_TYPE" ] ; then
cat ./haproxy-conf/haproxy.conf-json-template | \
sed -e "s;<DOMAIN>;$DOMAIN;g" | \
sed -e "s;<JSON_API_HOST>;$JSON_API_1_HOST;g" | \
sed -e "s;<JSON_API_PORT>;$JSON_API_1_PORT;g" | \
sed -e "s;<JSON_API_A_HOST>;$JSON_API_1A_HOST;g" | \
sed -e "s;<JSON_API_A_PORT>;$JSON_API_1A_PORT;g" | \
sed -e "s;<JSON_API_B_HOST>;$JSON_API_1B_HOST;g" | \
sed -e "s;<JSON_API_B_PORT>;$JSON_API_1B_PORT;g" \
> ./haproxy-conf/haproxy-json-p1.conf
docker run --name lb-json-p1 -p $JSON_API_1_PORT:$JSON_API_1_PORT \
--sysctl net.ipv4.ip_unprivileged_port_start=0 \
-v "$(pwd)/haproxy-conf/haproxy-json-p1.conf:/usr/local/etc/haproxy/haproxy.cfg:ro" \
-v "$(pwd)/certs/participant1/json/certs/json-chain.$DOMAIN.cert.pem:/etc/ssl/server.crt:ro" \
-v "$(pwd)/certs/participant1/json/private/json.$DOMAIN.key.pem:/etc/ssl/server.crt.key:ro" \
-v "$(pwd)/certs/participant1/intermediate/certs/ca-chain.cert.pem:/etc/ssl/certs/ca-chain.crt:ro" \
-v "$(pwd)/certs/participant1/client/admin-api.$DOMAIN.cert.pem:/etc/ssl/client.crt:ro" \
-v "$(pwd)/certs/participant1/client/admin-api.$DOMAIN.key.pem:/etc/ssl/client.crt.key:ro" \
-P -d $LOADBALANCER_VERSION
fi