Fix #407: More deployment fixes for viz3d sirepo app (#408)

- Nginx needs to listen on public host (currently listens on backnet) - Add trailing / in nginx config so routes are proxied through - Add VIZ3D to index_fmt - Add all public ports that IndeX could be assigned to the list of allowed_origins
radiasoft · Nov 14, 2023 · ab8e26c · ab8e26c
1 parent fadfa8e
commit ab8e26c
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 41 deletions.
diff --git a/rsconf/component/rsiviz.py b/rsconf/component/rsiviz.py
@@ -1,37 +1,43 @@
 # -*- coding: utf-8 -*-
 """rsiviz (nginx + IndeX)
 
-:copyright: Copyright (c) 2019 RadiaSoft LLC.  All Rights Reserved.
+:copyright: Copyright (c) 2019-2023 RadiaSoft LLC.  All Rights Reserved.
 :license: http://www.apache.org/licenses/LICENSE-2.0.html
 """
+from pykern import pkconfig
 from pykern.pkcollections import PKDict
 from pykern.pkdebug import pkdp
 from rsconf import component
 from rsconf import db
-from rsconf import systemd
 
 
 class T(component.T):
     def internal_build_compile(self):
         self.buildt.require_component("nginx")
         jc, z = self.j2_ctx_init()
-        self.__host = self.hdb.rsconf_db.host
-        if "index_uri_secret" not in z:
-            z.index_uri_secret = db.random_string()
-        z.global_resources.index_uri_fmt = (
-            f"https://{self.__host}:{{}}/{z.index_uri_secret}/"
+        z.global_resources.viz3d.index_uri_fmt = (
+            f"https://{z.index_vhost}:{{}}/{z.index_uri_secret}/"
+        )
+        z.global_resources.viz3d.index_allowed_origins = f" ".join(
+            [
+                f"{z.index_vhost}:{p}"
+                for p in range(
+                    jc.sirepo.global_resources.public_ports_min,
+                    jc.sirepo.global_resources.public_ports_max,
+                )
+            ]
         )
 
     def internal_build_write(self):
         from rsconf.component import nginx
 
         nginx.install_vhost(
             self,
-            vhost=self.__host,
+            vhost=self.j2_ctx.rsiviz.index_vhost,
             j2_ctx=self.j2_ctx,
         )
 
     def sirepo_config(self, sirepo):
-        sirepo.j2_ctx.rsiviz.global_resources.index_uri_fmt = (
-            self.j2_ctx.rsiviz.global_resources.index_uri_fmt
+        sirepo.j2_ctx.rsiviz.global_resources.viz3d = (
+            self.j2_ctx.rsiviz.global_resources.viz3d
         )
diff --git a/rsconf/package_data/rsiviz/nginx.conf.jinja b/rsconf/package_data/rsiviz/nginx.conf.jinja
@@ -6,7 +6,7 @@ server {
     ssl_certificate {{ nginx.tls_crt }};
     ssl_certificate_key {{ nginx.tls_key }};
 
-    location /{{ rsiviz.index_uri_secret }} {
+    location /{{ rsiviz.index_uri_secret }}/ {
         proxy_pass http://127.0.0.1:{{ port }}/;
 
     }

diff --git a/tests/pkcli/build_data/1.in/db/000.yml b/tests/pkcli/build_data/1.in/db/000.yml
@@ -545,6 +545,8 @@ host:
           - sirepo_job_supervisor
           - sirepo_jupyterhub
           - sirepo_test_http
+      rsiviz:
+        index_vhost: rsiviz.v9.radia.run
       sirepo:
         activait_redirect: false
         auth:

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/etc/nginx/conf.d/rsiviz.v9.radia.run.conf b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/etc/nginx/conf.d/rsiviz.v9.radia.run.conf
@@ -0,0 +1,26 @@
+server {
+    listen rsiviz.v9.radia.run:12000;
+    server_name rsiviz.v9.radia.run;
+    root /usr/share/nginx/html;
+    ssl_certificate /etc/nginx/conf.d/rsiviz.v9.radia.run.crt;
+    ssl_certificate_key /etc/nginx/conf.d/rsiviz.v9.radia.run.key;
+
+    location /a_secret_uri/ {
+        proxy_pass http://127.0.0.1:12000/;
+
+    }
+
+}
+server {
+    listen rsiviz.v9.radia.run:12001;
+    server_name rsiviz.v9.radia.run;
+    root /usr/share/nginx/html;
+    ssl_certificate /etc/nginx/conf.d/rsiviz.v9.radia.run.crt;
+    ssl_certificate_key /etc/nginx/conf.d/rsiviz.v9.radia.run.key;
+
+    location /a_secret_uri/ {
+        proxy_pass http://127.0.0.1:12001/;
+
+    }
+
+}
diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/etc/nginx/conf.d/v9.radia.run.conf b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/etc/nginx/conf.d/v9.radia.run.conf
diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/sirepo.sh b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/sirepo.sh
@@ -15,7 +15,7 @@ rsconf_install_access '700' 'vagrant' 'vagrant'
 rsconf_install_directory '/srv/sirepo'
 rsconf_install_access '500' 'vagrant' 'vagrant'
 rsconf_install_file '/srv/sirepo/cmd' 'd0c09ddf98c9bb50a06fc69b0ab2d942'
-rsconf_install_file '/srv/sirepo/env' 'ff911adf6dc9c40848330cb3f73aed48'
+rsconf_install_file '/srv/sirepo/env' '0ec8f30948895b837dbb26a4f2f0cd5c'
 rsconf_install_file '/srv/sirepo/remove' '5b82eb328ed13c904229277b03a1bea7'
 rsconf_install_file '/srv/sirepo/start' '6804e17572ec5993d31667e2f281bdb1'
 rsconf_install_file '/srv/sirepo/stop' 'b3da06740053f873ef5c73fae5dc3e0c'

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/sirepo_job_supervisor.sh b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/sirepo_job_supervisor.sh
@@ -5,7 +5,7 @@ rsconf_install_access '700' 'vagrant' 'vagrant'
 rsconf_install_directory '/srv/sirepo_job_supervisor'
 rsconf_install_access '500' 'vagrant' 'vagrant'
 rsconf_install_file '/srv/sirepo_job_supervisor/cmd' '56f5b740b841469890bc336dd52007f9'
-rsconf_install_file '/srv/sirepo_job_supervisor/env' '3b88eb7a2fdb9c1112a88edb33e82a58'
+rsconf_install_file '/srv/sirepo_job_supervisor/env' '4f090b9dbca4c1345d6ca0d7241bad1e'
 rsconf_install_file '/srv/sirepo_job_supervisor/remove' 'f69212ff96cee7286608d13de38cfb1a'
 rsconf_install_file '/srv/sirepo_job_supervisor/start' '653e41b6ea9f8ff5f8b2f5f092f400c1'
 rsconf_install_file '/srv/sirepo_job_supervisor/stop' 'e9c30ba96db25b8babf1c9c281087fbb'

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/sirepo/env b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/sirepo/env
@@ -3,10 +3,12 @@ export 'PYKERN_PKCONFIG_CHANNEL=dev'
 export 'PYKERN_PKDEBUG_REDIRECT_LOGGING=1'
 export 'PYKERN_PKDEBUG_WANT_PID_TIME='
 export 'PYTHONUNBUFFERED=1'
-export 'RSIVIZ_GLOBAL_RESOURCES_INDEX_URI_FMT=https://v9.radia.run:{}/a_secret_uri/'
 export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_DICE_SECRET_KEY=a dice secret key'
 export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_DICE_VENDOR_KEY=a dice vendor key'
+export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_INDEX_ALLOWED_ORIGINS=rsiviz.v9.radia.run:12000 rsiviz.v9.radia.run:12001'
+export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_INDEX_URI_FMT=https://rsiviz.v9.radia.run:{}/a_secret_uri/'
 export 'RSIVIZ_INDEX_URI_SECRET=a_secret_uri'
+export 'RSIVIZ_INDEX_VHOST=rsiviz.v9.radia.run'
 export 'SIREPO_ACTIVAIT_REDIRECT='
 export 'SIREPO_AUTH_DEPRECATED_METHODS=github'
 export 'SIREPO_AUTH_GITHUB_CALLBACK_URI=https://v9.radia.runoauth-authorized/github'

diff --git a/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/sirepo_job_supervisor/env b/tests/pkcli/build_data/1.out/srv/host/v9.radia.run/srv/sirepo_job_supervisor/env
@@ -3,10 +3,12 @@ export 'PYKERN_PKCONFIG_CHANNEL=dev'
 export 'PYKERN_PKDEBUG_REDIRECT_LOGGING=1'
 export 'PYKERN_PKDEBUG_WANT_PID_TIME='
 export 'PYTHONUNBUFFERED=1'
-export 'RSIVIZ_GLOBAL_RESOURCES_INDEX_URI_FMT=https://v9.radia.run:{}/a_secret_uri/'
 export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_DICE_SECRET_KEY=a dice secret key'
 export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_DICE_VENDOR_KEY=a dice vendor key'
+export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_INDEX_ALLOWED_ORIGINS=rsiviz.v9.radia.run:12000 rsiviz.v9.radia.run:12001'
+export 'RSIVIZ_GLOBAL_RESOURCES_VIZ3D_INDEX_URI_FMT=https://rsiviz.v9.radia.run:{}/a_secret_uri/'
 export 'RSIVIZ_INDEX_URI_SECRET=a_secret_uri'
+export 'RSIVIZ_INDEX_VHOST=rsiviz.v9.radia.run'
 export 'SIREPO_ACTIVAIT_REDIRECT='
 export 'SIREPO_AUTH_DEPRECATED_METHODS=github'
 export 'SIREPO_AUTH_GITHUB_CALLBACK_URI=https://v9.radia.runoauth-authorized/github'