From 7d23ac3be73063f7d2071b404a8a011384ac2843 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 10 Jan 2025 13:18:32 +0300 Subject: [PATCH] OZ-753: Superset to run behind an Nginx proxy --- docker/docker-compose-superset-ports.yaml | 4 --- docker/docker-compose-superset.yaml | 7 ++--- docker/proxy/docker-compose-nginx.yaml | 23 +++++++++++++++ docker/proxy/nginx.conf | 31 ++++++++++++++++++++ docker/proxy/superset.nginx.conf | 9 ++++++ scripts/destroy.sh | 2 +- scripts/start.sh | 35 ++++++++++++++++++++--- scripts/utils.sh | 28 ++++++++++++++++++ 8 files changed, 126 insertions(+), 13 deletions(-) delete mode 100644 docker/docker-compose-superset-ports.yaml create mode 100644 docker/proxy/docker-compose-nginx.yaml create mode 100644 docker/proxy/nginx.conf create mode 100644 docker/proxy/superset.nginx.conf diff --git a/docker/docker-compose-superset-ports.yaml b/docker/docker-compose-superset-ports.yaml deleted file mode 100644 index b000b8b..0000000 --- a/docker/docker-compose-superset-ports.yaml +++ /dev/null @@ -1,4 +0,0 @@ -services: - superset: - ports: - - "8188:8088" diff --git a/docker/docker-compose-superset.yaml b/docker/docker-compose-superset.yaml index 8758e81..5827aeb 100644 --- a/docker/docker-compose-superset.yaml +++ b/docker/docker-compose-superset.yaml @@ -20,9 +20,9 @@ services: - ANALYTICS_DB_USER=${ANALYTICS_DB_USER} - ANALYTICS_DB_HOST=${ANALYTICS_DB_HOST} - ANALYTICS_DATASOURCE_NAME=${ANALYTICS_DATASOURCE_NAME} - - SUPERSET_PUBLIC_URL=https://${SUPERSET_HOSTNAME} - - KEYCLOAK_URL=https://${KEYCLOAK_HOSTNAME} - - ISSUER_URL=https://${KEYCLOAK_HOSTNAME}/realms/ozone/ + - SUPERSET_PUBLIC_URL=${SCHEME}://${SUPERSET_HOSTNAME} + - KEYCLOAK_URL=${SCHEME}://${KEYCLOAK_HOSTNAME} + - ISSUER_URL=${SCHEME}://${KEYCLOAK_HOSTNAME}/realms/ozone/ - SUPERSET_CLIENT_SECRET=${SUPERSET_CLIENT_SECRET} - SUPERSET_CLIENT_ID=superset - ENABLE_OAUTH=${ENABLE_OAUTH} @@ -93,4 +93,3 @@ networks: ozone-analytics: web: external: true - name: web diff --git a/docker/proxy/docker-compose-nginx.yaml b/docker/proxy/docker-compose-nginx.yaml new file mode 100644 index 0000000..8e24990 --- /dev/null +++ b/docker/proxy/docker-compose-nginx.yaml @@ -0,0 +1,23 @@ +services: + proxy: + image: nginx:1.25-alpine + healthcheck: + test: ["CMD", "curl", "-f", "http://proxy:80"] + networks: + - ozone-analytics + - web + ports: + - "8088:8088" + restart: unless-stopped + volumes: + - "${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" + - ./nginx.conf:/etc/nginx/nginx.conf + - ./superset.nginx.conf:/etc/nginx/conf.d/superset.nginx.conf + +networks: + ozone-analytics: + web: + external: true + +volumes: + proxy-tls-certs: ~ diff --git a/docker/proxy/nginx.conf b/docker/proxy/nginx.conf new file mode 100644 index 0000000..e557ef5 --- /dev/null +++ b/docker/proxy/nginx.conf @@ -0,0 +1,31 @@ +user nobody; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 65; + resolver 127.0.0.11; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker/proxy/superset.nginx.conf b/docker/proxy/superset.nginx.conf new file mode 100644 index 0000000..a7f722e --- /dev/null +++ b/docker/proxy/superset.nginx.conf @@ -0,0 +1,9 @@ +server { + listen 8088; + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + set $superset superset:8088; + proxy_pass http://$superset; + } +} diff --git a/scripts/destroy.sh b/scripts/destroy.sh index 8dbfc09..a6fc5a0 100755 --- a/scripts/destroy.sh +++ b/scripts/destroy.sh @@ -13,4 +13,4 @@ setTraefikIP setTraefikHostnames -docker compose -p ozone-analytics -f ../docker/docker-compose-db.yaml -f ../docker/docker-compose-migration.yaml -f ../docker/docker-compose-streaming-common.yaml -f ../docker/docker-compose-kowl.yaml -f ../docker/docker-compose-superset.yaml down -v +docker compose -p ozone-analytics down -v diff --git a/scripts/start.sh b/scripts/start.sh index fc02807..e0bd4a3 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -11,10 +11,37 @@ setDockerHost # Export the paths variables to point to distro artifacts exportEnvs -setTraefikIP - -setTraefikHostnames +# Export IP address of the host machine +if [ "$ENABLE_OAUTH" == "true" ]; then + exportHostIP +fi + +# Set the Traefik host names +if [ "$TRAEFIK" == "true" ]; then + echo "$INFO \$TRAEFIK=true, setting Traefik hostnames..." + setTraefikIP + setTraefikHostnames +else + echo "$INFO \$TRAEFIK!=true, setting Nginx hostnames..." + setNginxHostnames +fi echo "$CONNECT_ODOO_DB_NAME" -docker compose -p ozone-analytics -f ../docker/docker-compose-db.yaml -f ../docker/docker-compose-migration.yaml -f ../docker/docker-compose-streaming-common.yaml -f ../docker/docker-compose-kowl.yaml -f ../docker/docker-compose-superset.yaml -f ../docker/docker-compose-superset-ports.yaml up -d +# Run Ozone Analytics Services +dockerComposeCommand="docker compose -p ozone-analytics -f ../docker/docker-compose-db.yaml -f ../docker/docker-compose-migration.yaml -f ../docker/docker-compose-streaming-common.yaml -f ../docker/docker-compose-kowl.yaml -f ../docker/docker-compose-superset.yaml up -d" +echo "$INFO Running Ozone Analytics Services..." +echo "$dockerComposeCommand" +$dockerComposeCommand + +# Run the Nginx Proxy service, if $TRAEFIK!=true +if [ "$TRAEFIK" != "true" ]; then + dockerComposeProxyCommand="docker compose -p ozone-analytics -f ../docker/proxy/docker-compose-nginx.yaml up -d" + echo "$INFO Running Nginx proxy service (\$TRAEFIK!=true)..." + echo "" + echo "$dockerComposeProxyCommand" + echo "" + ($dockerComposeProxyCommand) +else + echo "$INFO Skipping running Nginx proxy... (\$TRAEFIK=true)" +fi diff --git a/scripts/utils.sh b/scripts/utils.sh index 086a0e6..dd19ced 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -52,6 +52,7 @@ function exportEnvs () { export SUPERSET_CONFIG_PATH=../docker/superset/config export SUPERSET_DASHBOARDS_PATH=$DISTRO_PATH/configs/superset/assets/ export JAVA_OPTS='-Xms2048m -Xmx8192m'; + export SCHEME=https echo "→ ANALYTICS_CONFIG_FILE_PATH=$ANALYTICS_CONFIG_FILE_PATH" echo "→ ANALYTICS_DB_PORT=$ANALYTICS_DB_PORT" @@ -116,11 +117,38 @@ function setTraefikIP { fi } +function exportHostIP() { + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + # Linux + export HOST_IP_ADDRESS=$(hostname -I | awk '{print $1}') + elif [[ "$OSTYPE" == "darwin"* ]]; then + # Mac OSX + export HOST_IP_ADDRESS=$(ipconfig getifaddr en0) + else + echo "$ERROR Unsupported OS type: $OSTYPE" + return 1 + fi + echo "$INFO IP address set to: $HOST_IP_ADDRESS" +} + function setTraefikHostnames { echo "$INFO Exporting Traefik hostnames..." export SUPERSET_HOSTNAME=analytics-"${IP_WITH_DASHES}.traefik.me" export KEYCLOAK_HOSTNAME=auth-"${IP_WITH_DASHES}.traefik.me" + + echo "→ SUPERSET_HOSTNAME=$SUPERSET_HOSTNAME" + echo "→ KEYCLOAK_HOSTNAME=$KEYCLOAK_HOSTNAME" +} + +function setNginxHostnames() { + echo "$INFO Exporting Nginx hostnames..." + + export SUPERSET_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8088" + export KEYCLOAK_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8084" + export SCHEME=http + echo "→ SUPERSET_HOSTNAME=$SUPERSET_HOSTNAME" echo "→ KEYCLOAK_HOSTNAME=$KEYCLOAK_HOSTNAME" + echo "→ SCHEME=$SCHEME" }