From 2bb876904fc2ce99d2d51a17a013a56bd0ac9663 Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Wed, 31 Dec 2025 14:45:05 +0100 Subject: [PATCH] routing architecture diagram & setup commands --- README.md | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 88 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 854c781..5abb7c8 100644 --- a/README.md +++ b/README.md @@ -2,20 +2,100 @@ Defines code which describes a HA & cached scalable way of serving web applications. +## Architecture + +``` ++-----------------------------------------------------------+ +| REGION: EU | +| | +| +-------------- Floating IP ---------+ | +| | | | +| +----+---------+ +----+---------+ | +| | HAProxy #1 | | HAProxy #2 | | +| +----+---------+ +----+---------+ | +| \__________ active / standby _______/ | +| | | +| v | +| +------+--------+ | +| | haproxy (a) | | +| +----+----+--+--+ | +| | | A | +| direct | | | via cache | +| | v | | +| | +-+--+---------+ | +| | | varnish (n) | | +| | +------+-------+ | +| | | HIT / MISS | +| | | | +| +---------+ | +| | | +| v | +| +---------+-------+ | +| | web server (n) | | +| +-----------------+ | +| | ++-----------------------------------------------------------+ +``` + +Where varnish & web server is 2-n number of instances. Currently two regions, EU & US. + ## infrastructure Configured cloud resources in hezner with Pulumi. -Hetzner has two regions: -- us -- eu +```bash +# first time, init pulumi stack (name optional) +pulumi stack init kevinmidboe/hetzner -Each region has: -- haproxy x2 -- varnish x2 -- webservers +# required configuration values +pulumi config set sshPublicKey "$(cat ~/.ssh/id_ed25519.pub)" +pulumi config set --secret hcloud:token $HETZNER_API_KEY + +# up infrastructure +pulumi up + +# (optional w/ adding private IP) +# private ips struggle, need to run again to assign correctly +pulumi up +``` ## provision -Ansible is used to provision software and environments for different software needed. +Ansible is used to provision software and environments for software needed and services. + +get ansible configuration values from pulumi output: + +```bash +# generate inventory (manualy update inventory file) +./scripts/generate-inventory.sh | pbcopy + +# following updates config files in place +./scripts/update-config_certbot-domains.sh +./scripts/update-config_webserver-ips.sh +``` + +run playbooks: + +```bash +# install, configure & start haproxy +ansible-playbook plays/haproxy.yml -i hetzner.ini -l haproxy + +# install, configure & start varnish +ansible-playbook plays/varnish.yml -i hetzner.ini -l varnish + +# install web resources & dependencies, pull & starts docker containers +ansible-playbook plays/docker.yml -i hetzner.ini -l web +ansible-playbook plays/web.yml -i hetzner.ini -l web +``` + +# Manual steps + +- [x] floating ip DNS registration +- [x] extract variables from pulumi stack outputs +- [ ] add all cloudflare api keys + - `mkdir /root/.ssh/certbot/cloudflare_k9e-no.ini` +- [ ] generate certs for appropriate domains + - `certbot certonly --agree-tos --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/certbot/cloudflare_k9e-no.ini -d k9e.no` +- [ ] combine generated certs into a cert for traefik + - `cat /etc/letsencrypt/live/k9e.no/fullchain.pem /etc/letsencrypt/live/k9e.no/privkey.pem > /etc/haproxy/certs/ssl-k9e.no.pem`