Mervin Hemaraju's questions

I have two servers, let's call them ServerA and ServerB.

I bought a domain on NameCheap let's call it example.com

Each server has docker containers (Flask Web Apps) running on it on different ports.

Example:

WebApp1 running on port 8080
WebApp2 running on port 8081
.
.

The configuration is the same across both servers.

I then use nginx for a reverse proxy on port 443 each with their own sub domain.

Example:

WebApp1 running on port 8080 will be accessible via test1.example.com
WebApp2 running on port 8081 will be accessible via test2.example.com
.
.

I am using CertBot for the SSL certificates.

My two servers are hosted on OCI (Oracle Cloud) and I build a network load balancer on OCI to balance traffic across my servers.

Below are my configs:

nginx.conf

user nginx;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 800;
}

http {

    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # General Logging Settings
    ##
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##
    # gzip on;
    # gzip_vary on;
    # gzip_min_length 10240;
    # gzip_proxied expired no-cache no-store private auth;
    # gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    # gzip_disable "MSIE [1-6]\.";

    ##
    # Web Apps configurations
    ##
    include /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-enabled/test1.example.com

server {
  server_name   test1.example.com;

  location / {
    access_log  /var/log/nginx/test1/access.log;
    error_log  /var/log/nginx/test1/error.log;
    proxy_pass  http://localhost:8080;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/test1.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test1.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = test1.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  server_name   test1.example.com;
    listen 80;
    return 404; # managed by Certbot
}

Currently, the domain name test1.example.com has an A record to ServerA which is working fine and i can access my WebApp.

But I want the domain to point to my Load Balancer so that i can balance the traffic on both servers. But i can't do that unless i issue SSL certificates on both servers which i can't. Because after issuing test1.example.com on ServerA, doing so on ServerB results in an error by certbot saying that the certificate has already been assigned to ServerA.

Can someone help me out on how i can do that ?

I am using an amazon linux 2023 box and i joined the instance to domain using realmd.

The issue is that when i try to login with my AD credentials, the user directory is being created as /home/username@domain instead of /home/username.

Here is my /etc/sssd/sssd.conf file:

[sssd]
domains = avengers.local
config_file_version = 2
services = nss, pam
default_domain_suffix = AVENGERS.local

[domain/avengers.local]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AVENGERS.LOCAL
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = avengers.local
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = disabled

Can someone please help me ?

I have an EC2 instance that I am deploying on AWS.

I am using an Amazon Linux 2, and I am passing a user data to it as such:

userdata_file.write(
        f'''
        #!/bin/bash\n
        export PAGERDUTYAPIKEY='mykey'\n
        sudo yum install git -y\n
        chmod +x ./basic_test.sh \n
        echo $PAGERDUTYAPIKEY> /home/ec2-user/pagerdutyapikey1.txt\n
        sudo ./basic_test.sh
        '''.strip()
    )

basic_test.sh

#!/bin/bash

echo "s/enterpagerdutyapikey/${PAGERDUTYAPIKEY}/g" > path.txt

However, when i run it, in the path.txt it is echoing as such:

s/enterpagerdutyapikey//g

But when i ssh in the server and run the same bash script, it echos as such:

s/enterpagerdutyapikey/mykey/g

Any idea why the environment variable $PAGERDUTYAPIKEY is rendering empty when i run through the userdata ?

I have a PGP public key and I need to get the fingerprint for it.

My Public key is as such:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQlDBF4w............................
.
.
.
=uYgH
-----END PGP PUBLIC KEY BLOCK-----

I tried using the command gpg --with-fingerprint key.txt but it gives me the following output and there is no fingerprint in it:

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2020-01-28 [SC]
uid           cko_key <[email protected]>
sub   rsa4096 2020-01-28 [E]

Can someone please help me?

I am trying to load balance 2 Python apps using Docker and Nginx.

App 1 is run using UWSGI and App 2 is run using default Python Server (I used default server for App 2 just for testing purposes. At the end of the day both should use UWSGI)

The hierarchy is as follows:

-app1
---app.py
---Dockerfile
---app.ini

-app2
---app.py
---Dockerfile

-nginx
---Dockerfile
---nginx.conf

-docker-compose.yml

app.py (for both app1 and app2 is the same)

from flask import request, Flask
import json

app1 = Flask(__name__)

@app1.route('/')
def hello_world():
    return 'Salam alikom, this is App1 (App2 for app2) :)'

if __name__ == '__main__':
    app1.run(host='0.0.0.0')

app1/Dockerfile

FROM python:3
COPY ./requirements.txt /requirements.txt
WORKDIR /
RUN pip install -r requirements.txt
COPY . /
ENTRYPOINT ["uwsgi", "app.ini"]

app1/app.ini

[uwsgi]
wsgi-file = app.py
callable = app
socket = :5000
processes = 4
threads = 2
master = true
chmod-socket = 660
vacuum = true
die-on-term = true

app2/Dockerfile

FROM python:3
COPY ./requirements.txt /requirements.txt
WORKDIR /
RUN pip install -r requirements.txt
COPY . /
ENTRYPOINT [ "python3" ]
CMD [ "app.py" ]

nginx/nginx.conf

upstream loadbalancer {
    least_conn;
    server 192.168.100.2:9001;
    server 192.168.100.2:9002;
}
server {
    location / {
        proxy_pass http://loadbalancer;
    }
}

docker-compose.yml

version: '3'
services:
  app1:
    build: ./app1
    ports:
      - "9001:5000"
  app2:
    build: ./app2
    ports:
      - "9002:5000"
  nginx:
    build: ./nginx
    ports:
      - "9003:80"
    depends_on:
      - app1
      - app2

When i run my docker compose file, containers for app 1, app 2 and the nginx server are created. When i access the load balancer on port 9003, only app 2 shows. When i manually go to port 9001, i get the error message invalid request block size: 21573 (max 4096)...skip for app 1.

If i use default Python server for app 1 too then the load balancing works fine but i don't want to use that since the default python server is only for development environment.

Can someone please help ?

I have several domains configured for my websites on my VPS.

What I want to achieve is: If a user enters the IP address of my VPS directly on his/her browser, like this: https://X.X.X.X, I want it to redirect to one of my websites.

I was able to make it work for HTTP (http://X.X.X.X) like this:

server {
    listen       80;
    server_name  IP_OF_MY_VPS;

    return       301 https://example.com$request_uri;
}

However, if the user enters https://X.X.X.X, it doesn't work. Can someone please help out ?

Forgive me if I am asking a stupid question, but I am building a server where I will host multiple Flask websites Docker Container using Nginx Docker. My question now is: is it better to have one main nginx docker container and then host all my Websites Docker containers on it or have an Nginx docker container for each application with docker compose?

I want to know in terms of resource handling and efficiency which one is better to go for ?

@Jacob Following your answer, i am trying to setup something like this

docker-compose.yml:

version: "3.8"

services:
  portfolix:
    container_name: portfolix
    image: mervin16/portfolix:dev
    env_file:
      - config_local.env
    expose:
      - 8086
    restart: always
    networks:
      - sky_net

  mes:
    container_name: mes
    image: mervin16/mes:dev
    networks:
      - sky_net
    expose:
      - 8085
    restart: always

  nginx:
    build: ./nginx
    container_name: nginx
    ports:
      - "8085:85"
      - "8086:86"
    restart: always
    networks:
      - sky_net

networks:
  sky_net:
    name: sky_network
    driver: bridge

Now each website is available on localhost:8085 and localhost:8086

I am then using a reverse proxy on Nginx (not docker but the one installed on my server) to redirect traffic to my domain name:

server {

server_name   mes.th3pl4gu3.com;

  location / {
    access_log  /var/log/nginx/mes/access_mes.log;
    error_log  /var/log/nginx/mes/error_mes.log;
    proxy_pass  http://localhost:8081;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mes.th3pl4gu3.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mes.th3pl4gu3.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = mes.th3pl4gu3.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


 listen        80;
  server_name   mes.th3pl4gu3.com;
    return 404; # managed by Certbot


}

I have a server on Digital Ocean, and I am using this to deploy multiple docker containers and using reverse proxies to host them on Nginx.

I have 2 domains linked to my server (Single Public IP). Let's name them domain1.com and domain2.com

Now I have 2 service running on docker, Postgres (port 5432) and MySQL (port 3306)

I set up reverse proxies to translate domain1.com to localhost:5432 and domain2.com to localhost:3306:

server {
  listen        80;
  server_name   domain1.com;

  location / {
    proxy_pass  http://localhost:5432;
  }
}

server {
  listen        80;
  server_name   domain2.com;

  location / {
    proxy_pass  http://localhost:3306;
  }
}

The thing that is bothering me here is that if I try to access domain1.com:3306, the connection works which i don't want. I want each domain to be accessible by the service assigned to them only.

For example a telnet to domain1.com:5432 from the outside should work but a telnet to domain2.com:3306 should not.

Can someone please help ?

I have a weird case where i have a secret.env file where i set all my environment variables as such:

secret.env

export TWITTER_CONSUMER_KEY="something"
export TWITTER_CONSUMER_SECRET="something"

Then i built a docker file to export all the variables and run the app as such:

FROM python:3.8-slim-buster

# Set the working directory to /app
WORKDIR /app

# Copy the current directory contents into the container at /app
ADD . /app

# Install the dependencies
RUN pip install -r requirements.txt

RUN find . -name \*.pyc -delete

# Export all variables
RUN /bin/bash -c "source secret.env";

# tell the port number the container should expose
EXPOSE 8083

# run the command
ENTRYPOINT ["python", "run.py"]

However, this is throwing a key error:

$ docker run --name fortweet --rm -i -t fortweet:latest bash
Traceback (most recent call last):
  File "run.py", line 1, in <module>
    from app import socketio, app
  File "/app/app/__init__.py", line 65, in <module>
    app = create_app()
  File "/app/app/__init__.py", line 38, in create_app
    my_settings = settings.TwitterSettings.get_instance()
  File "/app/app/setup/settings.py", line 47, in get_instance
    TwitterSettings()
  File "/app/app/setup/settings.py", line 14, in __init__
    self.consumer_key = os.environ["TWITTER_CONSUMER_KEY"]
  File "/usr/local/lib/python3.8/os.py", line 675, in __getitem__
    raise KeyError(key) from None
KeyError: 'TWITTER_CONSUMER_KEY'

When i run this on my windows, it works fine!

Can someone please help me on this ?