experimental service

README.md

@@ -72,3 +72,10 @@ Development mode
 * # requirement Codium IDE
 * sudo apt install y shellcheck shfmt
 
+Different Targets + experimental
+--------------------------------
+
+* BETA: the 'exp' mode stands for experimental and allow bypassing the SMTP dropped connection limitation
+* PROD: the 'exp' mode is not recommanded and triggers a warning issue
+* DEV: the 'exp' mode is not recommanded and triggers a warning issue
+

scripts/miaou

@@ -126,15 +126,35 @@ function expand_conf() {
     yqmi '.expanded.monitored.containers = ([ .services[] | to_entries | .[] | .value | select (.enabled == true  ) | .container ] | unique)'
 
     # add monitored.hosts section
-    yqmi '.expanded.monitored.hosts = [( .services[][] | select (.enabled == true  ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app })]'
+    # yqmi '.expanded.monitored.hosts = [( .services[][] | select (.enabled == true  ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app })]'
 
     # add services section
     if [[ ${#services_app_only[@]} -gt 0 ]]; then
-        yqmi '.expanded.services = [( .services[][] | select (.enabled == true  ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app, "name": .name // ""})]'
+        yqmi '.expanded.services = [( .services[][] | select (.enabled == true  ) | {"domain": ( parent | key ), "subdomain": key, "fqdn": key + (parent | parent | parent | .expanded.fqdn_middlepart) + ( parent | key ), "container":.container, "port":.port, "app":.app, "name": .name // "", "exp": .exp // false })]'
     else
         yqmi '.expanded.services = []'
     fi
 
+    # change fqdn when exp:true found
+    readarray -t services < <(yqmt '.expanded.services[] | [ .[] ]')
+    index=0
+    for i in "${services[@]}"; do
+        read -r -a item <<<"$i"
+        exp=${item[7]}
+        if [[ "$exp" == true ]]; then
+            domain=${item[0]}
+            subdomain=${item[1]}
+            fqdn=${item[2]}
+            if [[ $target != beta ]]; then
+                echowarn "experimental service <$subdomain.exp.$domain> not recommended for target <$target>"
+            else
+                echo "experimental service <$subdomain.exp.$domain> detected"
+            fi
+            yqmi ".expanded.services[$index].fqdn = \"$subdomain.exp.$domain\""
+        fi
+        index=$((index + 1))
+    done
+
     # add firewall section, bridge_subnet + mail_passthrough if any
     bridge_subnet=$(lxc network get lxdbr0 ipv4.address)
     yqmi ".firewall.bridge_subnet = \"$bridge_subnet\""
@@ -188,13 +208,14 @@ function monit_show() {
     PREFIX="monit:show"
     : $PREFIX
 
-    readarray -t hosts < <(yqmt '.expanded.monitored.hosts[] | [ .container, .port, .fqdn, .app ]')
-    echo "================="
-    echo "${#hosts[@]} available hosts"
-    echo "================="
+    readarray -t services < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn, .app ]')
+    echo "======================"
+    echo "${#services[@]} available services"
+    echo "======================"
+
+    for service in "${services[@]}"; do
+        read -r -a item <<<"$service"
 
-    for host in "${hosts[@]}"; do
-        read -r -a item <<<"$host"
         container=${item[0]}
         port=${item[1]}
         fqdn=${item[2]}
@@ -217,7 +238,7 @@ function build_monit() {
     # test whether monitored items actually run safely
     PREFIX="monit:build"
     echo -n "testing monitored hosts ..."
-    readarray -t hosts < <(yqmt '.expanded.monitored.hosts[] | [ .container, .port, .fqdn ]')
+    readarray -t hosts < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn ]')
     for host in "${hosts[@]}"; do
         read -r -a item <<<"$host"
         container=${item[0]}
@@ -225,18 +246,18 @@ function build_monit() {
         fqdn=${item[2]}
 
         if ! (lxc exec "$container" -- ss -tln | grep -q "\(0.0.0.0\|*\):$port"); then
-            echoerr
+            PREFIX='' echo
             echoerr "no HTTP server responds on <$container.lxd:$port>"
             echoerr "please review configuration <miaou.yaml> for fqdn: $fqdn"
             exit 2
         fi
 
         if ! curl_check_unsecure "https://$fqdn"; then
-            echoerr
+            PREFIX='' echo
             echoerr "DMZ does not seem to dispatch <https://$fqdn> please review DMZ Nginx proxy"
             exit 3
         elif [[ "$target" != 'dev' ]] && ! curl_check "https://$fqdn"; then
-            PREFIX="" echo
+            PREFIX='' echo
             echowarn "T=$target missing valid certificate for fqdn <https://$fqdn> please review DMZ certbot"
         fi
 
@@ -288,17 +309,17 @@ function build_nftables() {
     fi
 }
 
-# check whether http server responds 200 OK, required <url>, ie: http://example.com:8001, https://example.com
+# check whether http server responds something, required <url>, ie: http://example.com:8001, https://example.com
 function curl_check() {
     arg1_required "$@"
     # echo "curl $1"
-    curl -m $MAX_WAIT -sLI4 "$1" | grep -q "^HTTP.* 200"
+    curl -m $MAX_WAIT -sLI4 "$1" | grep -q "^HTTP.* [2|3|4].*"
 }
 
 # check whether https server responds 200 OK, even unsecured certificate (auto-signed in mode DEV)
 function curl_check_unsecure() {
     arg1_required "$@"
-    curl -m $MAX_WAIT -skLI4 "$1" | grep -q "^HTTP.* 200"
+    curl -m $MAX_WAIT -skLI4 "$1" | grep -q "^HTTP.* [2|3|4].*"
 }
 
 function get_dmz_ip() {
@@ -478,6 +499,5 @@ if check_expand_conf; then
     build_routes
     build_monit
 else
-    build_routes
     monit_show
 fi

templates/monit/hosts.j2

@@ -1,6 +1,6 @@
-{% for host in expanded.monitored.hosts -%}
-check host {{ host.container }}.{{ host.port }} with address {{ host.container }}.lxd
-        depends on {{ host.container }}.running
-        if failed port {{ host.port }} protocol http for 2 cycles then alert
+{% for service in expanded.services -%}
+check host {{ service.container }}.{{ service.port }} with address {{ service.container }}.lxd
+        depends on {{ service.container }}.running
+        if failed port {{ service.port }} protocol http for 2 cycles then alert
 
 {% endfor -%}

templates/nginx/snippets/banner_exp.conf

@@ -0,0 +1,65 @@
+proxy_set_header Accept-Encoding "";
+
+subs_filter '</body>' '
+<div class="betabanner_box">
+  <div class="betabanner_ribbon"><span>EXP</span></div>
+</div>
+
+<style>
+
+.betabanner_box {
+  height: 100%;
+  position: absolute;
+  bottom: 0;
+  pointer-events: none;
+  opacity: 0.7;          
+}
+
+.betabanner_ribbon {
+  position: fixed;
+  left: -5px; 
+    bottom : 0;
+  z-index: 9999;
+  overflow: hidden;
+  width: 75px; height: 75px;
+  text-align: right;
+}
+.betabanner_ribbon span {
+  font-size: 10px;
+  font-weight: bold;
+  color: #FFF;
+  text-transform: uppercase;
+  text-align: center;
+  line-height: 20px;
+  transform: rotate(45deg);
+  -webkit-transform: rotate(45deg);
+  width: 100px;
+  display: block;
+  background: linear-gradient(salmon 30%, orange 81%);
+  box-shadow: 5px 9px 27px -4px rgba(0, 0, 0, 1);
+
+  position: absolute;
+  bottom: 16px;
+  left: -21px;
+}
+.betabanner_ribbon span::before {
+  content: "";
+  position: absolute; left: 0px; top: 100%;
+  z-index: -1;
+  border-left: 3px solid #79A70A;
+  border-right: 3px solid transparent;
+  border-bottom: 3px solid transparent;
+  border-top: 3px solid #79A70A;
+}
+.betabanner_ribbon span::after {
+  content: "";
+  position: absolute; right: 0px; top: 100%;
+  z-index: -1;
+  border-left: 3px solid transparent;
+  border-right: 3px solid #79A70A;
+  border-bottom: 3px solid transparent;
+  border-top: 3px solid #79A70A;
+}
+</style>
+</body>
+';