Setting up a Deputy Package Server
Create a deputy directory and copy the following configuration files into it.
There are lines marked with #change me, that require user input for Deputy to access their Active Directory and SSL Certificates.
deputy
├── docker-compose.yml
├── config.yml
└── nginx.conf
Deputy directory
Docker-compose.yml
The docker-compose.yml file defines the services and their configurations for Deputy. It directs the deployment of Deputy Package Server, Deputy Frontend, Nginx as a reverse proxy, and MariaDB as a database. Nginx serves as a reverse proxy to handle incoming requests and route them to the appropriate services. Deputy Package Server is responsible for managing and distributing packages and Deputy Frontend provides the user interface, while MariaDB serves as the backend database.
docker-compose.yml
version: "3"
services:
nginx-proxy:
image: nginx:latest
restart: always
ports:
- "443:443"
- "80:80"
links:
- deputy-package-server
- deputy-frontend
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- /etc/letsencrypt/:/etc/letsencrypt/
networks:
- deputy
deputy-package-server:
image: docker.opencyberrange.ee/deputy-package-server:latest
volumes:
- ./config.yml:/etc/opt/deputy/deputy-package-server/config.yml
- ./packages:/var/opt/deputy/deputy-package-server/packages
environment:
- RUST_LOG=debug
networks:
- deputy
restart: unless-stopped
deputy-frontend:
image: docker.opencyberrange.ee/deputy-frontend:latest
networks:
- deputy
restart: unless-stopped
deputy-mariadb:
image: mariadb:10.7
volumes:
- ./deputy-database:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: mysql_root
MYSQL_USER: mysql_user
MYSQL_PASSWORD: mysql_pass
MYSQL_DATABASE: deputy
networks:
- deputy
restart: unless-stopped
networks:
deputy: {}
- Image: specifies the Docker image to be used for the service
- Ports: defines the ports on which Nginx will listen for incoming traffic
- Links: establishes links to other services
- Network: specifies the custom network for communication between services
- Environment: sets environment variables that configure the behaviour of the services
- Restart: configures the restart behaviour
- Volumes: defines persistent storage locations for containerized applications
Nginx.conf
The nginx.conf file configures Nginx to act as a reverse proxy for Deputy.
nginx.conf
server {
listen 80;
listen [::]:80;
return 301 https://deputy_subdomain$request_uri; #change me
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /deputy_subdomain/fullchain.pem; #change me
ssl_certificate_key /deputy_subdomain/privkey.pem; #change me
client_max_body_size 0;
proxy_read_timeout 6000;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
rewrite ^/(.*)/$ /$1 permanent;
location /api/ {
proxy_pass http://deputy-package-server:8080/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://deputy-frontend:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
The file redirects HTTP requests to the specified Deputy subdomain over HTTPS, configures the server to listen on port 443 (HTTPS) and specifies the SSL certificate paths. Limits and timeouts for client request body size and proxy interactions are set and URLs are rewritten to remove trailing slashes, ensuring consistency. Nginx is configured to act as a reverse proxy both for the Deputy Package Server API and the Deputy frontend.
These configurations collectively enable Nginx to handle HTTPS traffic, rewrite URLs, and forward requests to the appropriate Deputy services. Users should replace placeholders like deputy_subdomain and update SSL certificate paths according to their specific setup.
Startup and shutdown
- To start the package server, go into the
deputydirectory and rundocker compose up -d - To check if the server is running run
docker ps - To turn the server off run
docker compose down