EventHub/EventHubBack
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Переделать связь нод в кластере на автоматическое обнаружение #9

Browse Source
This commit is contained in:
Алексей Сабилин
2026-05-01 22:30:40 +03:00
parent 1787b0f8a3
commit f36dd3bbc1
25 changed files with 870 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
docker/traefik/dynamic_conf.yml
View File

@@ -9,50 +9,58 @@ tls:
keyFile: /etc/traefik/certs/traefik.key
http:
serversTransports:
http1-ws-transport:
disableHTTP2: true
insecureSkipVerify: true
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: true
strip-api-prefix:
stripPrefix:
prefixes:
- "/api"
waf:
plugin:
coraza:
directives:
# - "SecRuleEngine DetectionOnly" # можно раскомментировать для тестирования
- "SecRuleEngine On"
- "SecDebugLog /dev/stdout"
- "SecDebugLogLevel 2"
# - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
- "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""
api-ratelimit:
rateLimit:
average: 100
average: 5000
period: 1m
burst: 50
burst: 500
admin-ratelimit:
rateLimit:
average: 20
average: 5000
period: 1m
burst: 5
burst: 500
routers:
# --- REST API пользователей ---
# Пользовательский REST API
api:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https", "api-ratelimit", "waf"]
middlewares: ["redirect-to-https", "strip-api-prefix", "api-ratelimit", "waf"]
service: "api"
api-secure:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["api-ratelimit", "waf"]
middlewares: ["strip-api-prefix", "api-ratelimit", "waf"]
service: "api"
# --- WebSocket пользователей (без WAF) ---
# Пользовательский WebSocket
ws:
rule: "Host(`ws.eventhub.local`)"
entryPoints: ["web"]
@@ -64,45 +72,56 @@ http:
tls: true
service: "ws"
# --- Админ-панель (SPA) ---
# Админский REST API
admin-api:
rule: "Host(`admin-api.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https", "strip-api-prefix", "admin-ratelimit", "waf"]
service: "admin-api"
admin-api-secure:
rule: "Host(`admin-api.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["strip-api-prefix", "admin-ratelimit", "waf"]
service: "admin-api"
# Админский WebSocket
admin-ws:
rule: "Host(`admin-ws.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "admin-ws"
admin-ws-secure:
rule: "Host(`admin-ws.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
service: "admin-ws"
# Админский UI
admin-ui:
rule: "Host(`admin.eventhub.local`) && !PathPrefix(`/api/`) && !PathPrefix(`/ws/`)"
rule: "Host(`admin-ui.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "admin-ui-service"
admin-ui-secure:
rule: "Host(`admin.eventhub.local`) && !PathPrefix(`/api/`) && !PathPrefix(`/ws/`)"
rule: "Host(`admin-ui.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
service: "admin-ui-service"
# --- Проксирование /api/ на админский REST ---
admin-api-proxy:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/api/`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https", "admin-ratelimit", "waf"]
service: "admin-api"
admin-api-proxy-secure:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/api/`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["admin-ratelimit", "waf"]
service: "admin-api"
# --- Проксирование /ws/ на админский WebSocket ---
admin-ws-proxy:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/ws/`)"
# Клиентский UI
client-ui:
rule: "Host(`ui.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "admin-ws"
admin-ws-proxy-secure:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/ws/`)"
service: "client-ui-service"
client-ui-secure:
rule: "Host(`ui.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
service: "admin-ws"
service: "client-ui-service"
services:
# --- Пользовательский REST API (failover) ---
api:
failover:
service: api-live
@@ -110,9 +129,7 @@ http:
api-live:
loadbalancer:
servers:
- url: "http://eventhub-node1:8080"
- url: "http://eventhub-node2:8080"
- url: "http://eventhub-node3:8080"
- url: "http://eventhub:8080"
healthCheck:
path: "/health"
interval: "10s"
@@ -122,15 +139,12 @@ http:
servers:
- url: "http://fallback:80"
# --- Пользовательский WebSocket ---
ws:
loadbalancer:
servers:
- url: "http://eventhub-node1:8081"
- url: "http://eventhub-node2:8081"
- url: "http://eventhub-node3:8081"
- url: "http://eventhub:8081"
serversTransport: http1-ws-transport
# --- Админский REST (failover) ---
admin-api:
failover:
service: admin-api-live
@@ -138,11 +152,9 @@ http:
admin-api-live:
loadbalancer:
servers:
- url: "http://eventhub-node1:8445"
- url: "http://eventhub-node2:8445"
- url: "http://eventhub-node3:8445"
- url: "http://eventhub:8445"
healthCheck:
path: "/health"
path: "/v1/admin/health"
interval: "10s"
timeout: "3s"
admin-api-fallback:
@@ -150,16 +162,18 @@ http:
servers:
- url: "http://fallback:80"
# --- Админский WebSocket ---
admin-ws:
loadbalancer:
servers:
- url: "http://eventhub-node1:8446"
- url: "http://eventhub-node2:8446"
- url: "http://eventhub-node3:8446"
- url: "http://eventhub:8446"
serversTransport: http1-ws-transport
# --- SPA (админ‑панель) ---
admin-ui-service:
loadbalancer:
servers:
- url: "http://admin-ui:80"
- url: "http://admin-ui:80"
client-ui-service:
loadbalancer:
servers:
- url: "http://client-ui:80"