php-microservices · abdullah-abunada · Nov 23, 2016 · Dec 1, 2016 · Dec 17, 2016 · Jun 3, 2018
diff --git a/README.md b/README.md
@@ -0,0 +1,2 @@
+# Deprecated repo
+Please use https://github.com/php-microservices/docker-v2 instead of this repo. V2 has versions locked and uses branches instead of tags
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -45,6 +45,7 @@ services:
             - BACKEND=microservice-battle-fpm
             - CONSUL=autodiscovery
         ports:
+            - 8443:443
             - 8081:80
             - 9091:9090
 
@@ -128,6 +129,17 @@ services:
         ports:
             - 6666:3306
 
+    microservice_secret_database_mariadb:
+        build: ./microservices/secret/mariadb/
+        environment:
+            - CONSUL=autodiscovery
+            - MYSQL_ROOT_PASSWORD=mysecret
+            - MYSQL_DATABASE=finding_secrets
+            - MYSQL_USER=secret
+            - MYSQL_PASSWORD=mysecret
+        ports:
+            - 7777:3306
+
     ##
     # User Microservice
     ##
@@ -167,6 +179,77 @@ services:
             - 6379
         ports:
             - 6379:6379
+
+    ##
+    # Telemetry: prometheus
+    ##
+    telemetry:
+        build: ./telemetry/
+        links:
+            - autodiscovery
+        expose:
+            - 9090
+        ports:
+            - 9090:9090
+
+    ##
+    # Sentry
+    ##
+    sentry_redis:
+        image: redis
+        expose:
+            - 6379
+
+    sentry_postgres:
+        image: postgres
+        environment:
+            - POSTGRES_PASSWORD=sentry
+            - POSTGRES_USER=sentry
+        volumes:
+            - /var/lib/postgresql/data
+        expose:
+            - 5432
+
+    sentry:
+        image: sentry
+        links:
+            - sentry_redis
+            - sentry_postgres
+        ports:
+            - 9876:9000
+        environment:
+            SENTRY_SECRET_KEY: mymicrosecret
+            SENTRY_POSTGRES_HOST: sentry_postgres
+            SENTRY_REDIS_HOST: sentry_redis
+            SENTRY_DB_USER: sentry
+            SENTRY_DB_PASSWORD: sentry
+
+    sentry_celery-beat:
+        image: sentry
+        links:
+            - sentry_redis
+            - sentry_postgres
+        command: sentry celery beat
+        environment:
+            SENTRY_SECRET_KEY: mymicrosecret
+            SENTRY_POSTGRES_HOST: sentry_postgres
+            SENTRY_REDIS_HOST: sentry_redis
+            SENTRY_DB_USER: sentry
+            SENTRY_DB_PASSWORD: sentry
+
+    sentry_celery-worker:
+        image: sentry
+        links:
+            - sentry_redis
+            - sentry_postgres
+        command: sentry celery worker
+        environment:
+            SENTRY_SECRET_KEY: mymicrosecret
+            SENTRY_POSTGRES_HOST: sentry_postgres
+            SENTRY_REDIS_HOST: sentry_redis
+            SENTRY_DB_USER: sentry
+            SENTRY_DB_PASSWORD: sentry
+
     ##
     # Source containers
     ##
@@ -192,4 +275,4 @@ services:
         image: nginx:stable
         volumes:
             - ../source/user:/var/www/html
-        command: "true"
+        command: "true"
diff --git a/microservices/battle/nginx/Dockerfile b/microservices/battle/nginx/Dockerfile
@@ -32,6 +32,16 @@ COPY scripts/ /usr/local/bin
 RUN chmod +x /usr/local/bin/reload.sh
 RUN chmod +x /usr/local/bin/sensor.sh
 
+RUN echo 01 > ca.srl \
+    && openssl genrsa -out ca-key.pem 2048 \
+    && openssl req -new -x509 -days 365 -subj "/CN=*" -key ca-key.pem -out ca.pem \
+    && openssl genrsa -out server-key.pem 2048 \
+    && openssl req -subj "/CN=*" -new -key server-key.pem -out server.csr \
+    && openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem \
+    && openssl rsa -in server-key.pem -out server-key.pem \
+    && cp *.pem /etc/nginx/ \
+    && cp *.csr /etc/nginx/
+
 CMD [ "/usr/local/bin/containerpilot", \
     "nginx", \
         "-g", \

diff --git a/microservices/battle/nginx/config/nginx/nginx.conf.ctmpl b/microservices/battle/nginx/config/nginx/nginx.conf.ctmpl
@@ -81,4 +81,47 @@ http {
         }
         {{ end }}
     }
+
+    server {
+        listen 443 ssl;
+        server_name  _;
+        root /var/www/html/public;
+        index index.php index.html;
+
+        ssl on;
+        ssl_certificate /etc/nginx/server-cert.pem;
+        ssl_certificate_key /etc/nginx/server-key.pem;
+
+        location = /favicon.ico { access_log off; log_not_found off; }
+        location = /robots.txt  { access_log off; log_not_found off; }
+
+        access_log /var/log/nginx/access.log;
+        error_log  /var/log/nginx/error.log error;
+
+        sendfile off;
+
+        client_max_body_size 100m;
+
+        location / {
+            try_files $uri $uri/ /index.php?_url=$uri&$args;
+        }
+
+        location ~ /\.ht {
+            deny all;
+        }
+
+        {{ if service $backend }}
+        location ~ \.php$ {
+            try_files     $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass {{ $backend }};
+            fastcgi_index /index.php;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_intercept_errors off;
+            fastcgi_buffer_size 16k;
+            fastcgi_buffers 4 16k;
+        }
+        {{ end }}
+    }
 }
diff --git a/microservices/secret/database/Dockerfile b/microservices/secret/database/Dockerfile
@@ -1 +1,7 @@
 FROM percona:5.7
+
+RUN mkdir -p /mount/mysql-keyring/ \
+    && touch /mount/mysql-keyring/keyring \
+    && chown -R mysql:mysql /mount/mysql-keyring
+
+COPY etc/ /etc/mysql/conf.d/
diff --git a/microservices/secret/database/etc/encryption.cnf b/microservices/secret/database/etc/encryption.cnf
@@ -0,0 +1,3 @@
+[mysqld]
+early-plugin-load=keyring_file.so
+keyring_file_data=/mount/mysql-keyring/keyring
diff --git a/microservices/secret/mariadb/Dockerfile b/microservices/secret/mariadb/Dockerfile
@@ -0,0 +1,13 @@
+FROM mariadb:latest
+
+RUN apt-get update \
+    && apt-get autoremove && apt-get autoclean \
+    && rm -rf /var/lib/apt/lists/*
+
+#RUN openssl enc -aes-256-ctr -k [email protected] -P -md sha1
+RUN mkdir -p /volumes/keys/
+RUN echo "1;C472621BA1708682BEDC9816D677A4FDC51456B78659F183555A9A895EAC9218" > /volumes/keys/keys.txt
+
+RUN openssl enc -aes-256-cbc -md sha1 -k secret -in /volumes/keys/keys.txt -out /volumes/keys/keys.enc
+
+COPY etc/ /etc/mysql/conf.d/
diff --git a/microservices/secret/mariadb/etc/encryption.cnf b/microservices/secret/mariadb/etc/encryption.cnf
@@ -0,0 +1,12 @@
+[mysqld]
+datadir=/var/lib/mysql
+plugin-load-add=file_key_management.so
+file_key_management_encryption_algorithm=aes_cb
+file_key_management_filekey = secret
+file_key_management_filename = /volumes/keys/keys.enc
+innodb-encrypt-tables = 1
+innodb-encrypt-log = 1
+innodb-encryption-threads=1
+encrypt-tmp-disk-tables=1
+encrypt-tmp-files=0
+encrypt-binlog=1
diff --git a/telemetry/Dockerfile b/telemetry/Dockerfile
@@ -0,0 +1,2 @@
+FROM prom/prometheus:latest
+ADD ./etc/prometheus.yml /etc/prometheus/
diff --git a/telemetry/etc/prometheus.yml b/telemetry/etc/prometheus.yml
@@ -0,0 +1,12 @@
+global:
+  scrape_interval:     15s
+  evaluation_interval: 15s
+  external_labels:
+      monitor: 'codelab-monitor'
+
+scrape_configs:
+- job_name: 'containerpilot-telemetry'
+
+  consul_sd_configs:
+  - server:   'autodiscovery:8500'
+    services: ['containerpilot']
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Deprecated repo
		Please use https://github.com/php-microservices/docker-v2 instead of this repo. V2 has versions locked and uses branches instead of tags
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		FROM prom/prometheus:latest
		ADD ./etc/prometheus.yml /etc/prometheus/