Last active
March 27, 2019 22:58
-
-
Save ryan-blunden/8b88b5ecd51c6e15ebeb2e0dc1402eb8 to your computer and use it in GitHub Desktop.
Sourcegraph with language servers behind SSL with basic auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Execute settings to insert lang server settings | |
docker container exec sourcegraph /bin/bash -c 'cat /var/opt/sourcegraph/settings_init.sql | psql -U postgres sourcegraph' | |
# Execute psql commands | |
docker container exec sourcegraph /bin/bash -c 'echo "SELECT * FROM settings;" | psql -U postgres sourcegraph' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '2.4' | |
services: | |
sourcegraph: | |
container_name: sourcegraph | |
image: sourcegraph/server:insiders | |
environment: | |
- SRC_LOG_LEVEL=dbug | |
ports: | |
- 443:7080 | |
- 2633:2633 | |
ulimits: | |
nofile: | |
soft: 262144 | |
hard: 262144 | |
volumes: | |
- ~/.sourcegraph/config:/etc/sourcegraph | |
- ~/.sourcegraph/data:/var/opt/sourcegraph | |
networks: | |
- sourcegraph | |
depends_on: | |
- lang-go | |
- lang-typescript | |
- lang-python | |
restart: unless-stopped | |
cpus: 2 | |
mem_limit: 2g | |
lang-go: | |
container_name: lang-go | |
image: sourcegraph/lang-go:latest | |
ports: | |
- '4389' | |
- '6060' | |
command: ['go-langserver', '-mode=websocket', '-addr=:4389', '-usebuildserver', '-usebinarypkgcache=false'] | |
networks: | |
- sourcegraph | |
restart: unless-stopped | |
cpus: 2 | |
mem_limit: 2g | |
lang-typescript: | |
container_name: lang-typescript | |
image: sourcegraph/lang-typescript:latest | |
ports: | |
- '8080' | |
- '6060' | |
networks: | |
- sourcegraph | |
restart: unless-stopped | |
cpus: 2 | |
mem_limit: 2g | |
lang-python: | |
container_name: lang-python | |
image: sourcegraph/lang-python:latest | |
ports: | |
- '4288' | |
networks: | |
- sourcegraph | |
restart: unless-stopped | |
cpus: 2 | |
mem_limit: 2g | |
networks: | |
sourcegraph: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This config was generated by Sourcegraph. | |
# You can adjust the configuration to add additional TLS or HTTP features. | |
# Read more at https://docs.sourcegraph.com/admin/nginx | |
error_log stderr; | |
pid /var/run/nginx.pid; | |
# Do not remove. The contents of sourcegraph_main.conf can change between | |
# versions and may include improvements to the configuration. | |
include nginx/sourcegraph_main.conf; | |
events { | |
} | |
http { | |
server_tokens off; | |
# Do not remove. The contents of sourcegraph_http.conf can change between | |
# versions and may include improvements to the configuration. | |
include nginx/sourcegraph_http.conf; | |
access_log off; | |
upstream backend { | |
# Do not remove. The contents of sourcegraph_backend.conf can change | |
# between versions and may include improvements to the configuration. | |
include nginx/sourcegraph_backend.conf; | |
} | |
server { | |
# Do not remove. The contents of sourcegraph_server.conf can change | |
# between versions and may include improvements to the configuration. | |
include nginx/sourcegraph_server.conf; | |
listen 7080 ssl; | |
ssl_certificate sourcegraph.crt; | |
ssl_certificate_key sourcegraph.key; | |
location / { | |
proxy_pass http://backend; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
location /lang-go { | |
proxy_pass http://lang-go:4389; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
auth_basic "Basic authentication required to access language server"; | |
auth_basic_user_file /etc/sourcegraph/.lang_sever_htpasswd; | |
} | |
location /lang-typescript { | |
proxy_pass http://lang-typescript:8080; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
} | |
location /lang-python { | |
proxy_pass http://lang-python:4288; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cat > ~/.sourcegraph/data/settings_init.sql <<EOL | |
INSERT INTO settings (contents) | |
VALUES('{ | |
"go.serverUrl": "${LANG_SERVER_HOST}/lang-go", | |
"go.sourcegraphUrl": "http://sourcegraph:8080", | |
"typescript.serverUrl": "${LANG_SERVER_HOST}/lang-typescript", | |
"typescript.sourcegraphUrl": "http://sourcegraph:8080", | |
"python.serverUrl": "${LANG_SERVER_HOST}/lang-python", | |
"python.sourcegraphUrl": "http://sourcegraph:8080" | |
}'); | |
EOL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
export SOURCEGRAPH_VERSION=3.2.0 | |
export USER_HOME=/home/ec2-user | |
export SOURCEGRAPH_CONFIG=/etc/sourcegraph | |
export SOURCEGRAPH_DATA=/var/opt/sourcegraph | |
export LANG_SERVER_USER=sourcegraph | |
export LANG_SERVER_PASS=$(date +%s | sha256sum | base64 | head -c 32 ; echo) | |
export PUBLIC_HOSTNAME=$(curl http://169.254.169.254/latest/meta-data/public-hostname) | |
export LANG_SERVER_HOST=wss://${LANG_SERVER_USER}:${LANG_SERVER_PASS}@${PUBLIC_HOSTNAME} | |
export LANG_SERVER_AUTH_MESSAGE="Basic authentication required to access language server"; | |
# Update system | |
yum clean all | |
yum update -y | |
yum upgrade -y | |
# Add docker to packages list | |
amazon-linux-extras install docker | |
yum install -y \ | |
docker \ | |
git \ | |
telnet \ | |
httpd-tools \ | |
nano \ | |
python3 | |
# Start docker service now and on boot | |
systemctl enable --now --no-block docker | |
# Create the required Sourcegraph directories | |
mkdir -p ${SOURCEGRAPH_CONFIG}/management | |
mkdir -p ${SOURCEGRAPH_DATA} | |
mkdir -p ${USER_HOME}/bin | |
# Install Docker Compose | |
wget "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose | |
chmod a+x /usr/local/bin/docker-compose | |
ln -s /usr/local/bin/docker-compose /usr/sbin/docker-compose | |
# Install mkcert and generate root CA, certificate and key | |
wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-amd64 -O /usr/local/bin/mkcert | |
chmod a+x /usr/local/bin/mkcert | |
ln -s /usr/local/bin/mkcert /usr/sbin/mkcert | |
# Generate self-signed certificate and key | |
mkcert -install | |
mkcert -cert-file ${SOURCEGRAPH_CONFIG}/sourcegraph.crt -key-file ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${PUBLIC_HOSTNAME} | |
# Generate basic auth credentials to protect lang servers | |
htpasswd -b -c ${SOURCEGRAPH_CONFIG}/.lang_sever_htpasswd ${LANG_SERVER_USER} ${LANG_SERVER_PASS} | |
# Configure the nginx.conf file for SSL and lang servers | |
# | |
# Download the nginx.conf for this version of Sourcegraph so we're starting with the same contents of the nginx.conf file | |
# embedded with this version of Sourcegraph. | |
# | |
wget https://raw.githubusercontent.com/sourcegraph/sourcegraph/v${SOURCEGRAPH_VERSION}/cmd/server/shared/assets/nginx.conf -O ${SOURCEGRAPH_CONFIG}/nginx.conf | |
cp ${NGINX_FILE_PATH} ${NGINX_FILE_PATH}.bak | |
python -u -c "import os; print(open(os.environ['NGINX_FILE_PATH'] + '.bak').read().replace('listen 7080;', '''listen 7080 ssl; | |
ssl_certificate sourcegraph.crt; | |
ssl_certificate_key sourcegraph.key; | |
location / { | |
proxy_pass http://backend; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
} | |
location /lang-go { | |
proxy_pass http://lang-go:4389; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
auth_basic "${LANG_SERVER_AUTH_MESSAGE}" | |
auth_basic_user_file /etc/sourcegraph/.htpasswd; | |
} | |
location /lang-typescript { | |
proxy_pass http://lang-typescript:8080; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
} | |
location /lang-python { | |
proxy_pass http://lang-python:4288; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "Upgrade"; | |
} | |
} | |
''' | |
))" > ${NGINX_FILE_PATH} | |
# Use the same certificate for the management console | |
cp ${SOURCEGRAPH_CONFIG}/sourcegraph.crt ${SOURCEGRAPH_CONFIG}/management/cert.pem | |
cp ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${SOURCEGRAPH_CONFIG}/management/key.pem | |
# Zip the CA Root key and certificate for easy downloading | |
sudo zip -j ${USER_HOME}/sourcegraph-root-ca.zip ${SOURCEGRAPH_CONFIG}/root* | |
sudo chown ec2-user ${USER_HOME}/sourcegraph-root-ca.zip | |
cat > ${USER_HOME}/docker-compose.yml <<EOL | |
${file("resources/docker-compose.yml")} | |
EOL | |
# Start Sourcegraph script | |
cat > ${USER_HOME}/sourcegraph-start <<EOL | |
#!/usr/bin/env bash | |
# To upgrade Sourcegraph, change the version below, | |
# run `./sourcegraph-stop`, then run `./sourcegraph-start`. | |
SOURCEGRAPH_VERSION=${SOURCEGRAPH_VERSION} | |
echo "[info]: Running Sourcegraph ${SOURCEGRAPH_VERSION}" | |
docker-compose up --quiet-pull | |
EOL | |
# Stop Sourcegraph script | |
cat > ${USER_HOME}/bin/sourcegraph-stop <<EOL | |
#!/usr/bin/env bash | |
echo "[info]: Stopping Sourcegraph" | |
docker-compose down | |
EOL | |
chmod +x ${USER_HOME}/sourcegraph-st* | |
${USER_HOME}/sourcegraph-start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment