From df5e880f0e2ae3cd0d14af8fb778197614df87ef Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 13:12:24 -0500 Subject: [PATCH 1/8] based on https://github.com/iiab/iiab/issues/2154#issue-550541163 --- roles/nodered/templates/nodered-nginx.conf.j2 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 7d4728b16..0c678a375 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,3 +1,11 @@ location /nodered/ { - proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/; + proxy_pass http://127.0.0.1:1880/nodered/; +} + +location /nodered/debug/ws/ { + proxy_pass http://127.0.0.1:1880/nodered/debug/ws; +} + +location /nodered/comms/ { + proxy_pass http://127.0.0.1:1880/nodered/comms; } From 8adcd85310a105a78e86bad38c2f4d99a44967d3 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 13:22:43 -0500 Subject: [PATCH 2/8] drop apache --- roles/nodered/tasks/install.yml | 32 ++++++++++++++++---------------- roles/nodered/tasks/main.yml | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 2b40ff5d6..75d341142 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,11 +1,11 @@ -- name: "Set 'apache_install: True' and 'apache_enabled: True'" - set_fact: - apache_install: True - apache_enabled: True +#- name: "Set 'apache_install: True' and 'apache_enabled: True'" +# set_fact: +# apache_install: True +# apache_enabled: True -- name: APACHE - run 'httpd' role - include_role: - name: httpd +#- name: APACHE - run 'httpd' role +# include_role: +# name: httpd # 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & @@ -112,18 +112,18 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/nodered.conf" +#- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template +# template: +# backup: yes +# src: nodered.conf.j2 +# dest: "/etc/{{ apache_conf_dir }}/nodered.conf" # mode: '0666' # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml -- name: Enable proxy_wstunnel apache2 module - apache2_module: - state: present - name: proxy_wstunnel +#- name: Enable proxy_wstunnel apache2 module +# apache2_module: +# state: present +# name: proxy_wstunnel # RECORD Node-RED AS INSTALLED diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 1edf2f34b..770b53eb4 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -42,7 +42,7 @@ #- name: Enable/Disable/Restart Apache if primary - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache include_tasks: apache.yml - #when: not nginx_enabled + when: not nginx_enabled - name: Enable/Disable/Restart NGINX if primary include_tasks: nginx.yml From b2c070fd04398acd33d1b8f4355ce62f1e3cb995 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 14:00:44 -0500 Subject: [PATCH 3/8] not quite gone yet --- roles/nodered/tasks/install.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index 75d341142..cdd71f7ee 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -112,11 +112,11 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -#- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template -# template: -# backup: yes -# src: nodered.conf.j2 -# dest: "/etc/{{ apache_conf_dir }}/nodered.conf" +- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template + template: + backup: yes + src: nodered.conf.j2 + dest: "/etc/{{ apache_conf_dir }}/nodered.conf" # mode: '0666' # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml From 2580b21281034e7dc5e9e1110e81b4c7b2344686 Mon Sep 17 00:00:00 2001 From: Jerry Vonau Date: Thu, 1 Jul 2021 14:06:36 -0500 Subject: [PATCH 4/8] update nginx README --- roles/nginx/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 61177ba63..732c9c5e6 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -5,7 +5,7 @@ Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. And potentially later moving it up to *Section i.* if its Apache support is dropped! - + (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. @@ -33,11 +33,11 @@ * nextcloud * sugarizer * wordpress + * nodered 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. * elgg * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)] - * nodered 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) * bluetooth From ede56d3197f7267c1a42c14c1f39dacfd980f0bd Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 00:36:15 -0400 Subject: [PATCH 5/8] Refine Node-RED on NGINX w/o Apache --- roles/nginx/README.md | 12 ++++++---- roles/nodered/tasks/install.yml | 23 +++---------------- roles/nodered/tasks/main.yml | 8 +------ roles/nodered/templates/nodered-nginx.conf.j2 | 9 +++++--- roles/nodered/templates/nodered.conf.j2 | 6 ----- 5 files changed, 18 insertions(+), 40 deletions(-) delete mode 100644 roles/nodered/templates/nodered.conf.j2 diff --git a/roles/nginx/README.md b/roles/nginx/README.md index 732c9c5e6..c85dc0eac 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -10,9 +10,10 @@ 2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX. -3. Current state of IIAB App/Service migrations as of 2021-05-21: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* +3. Current state of IIAB App/Service migrations as of 2021-07-06: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))* 1. These support "Native" NGINX but ***NOT*** Apache + * Admin Console * captiveportal * IIAB documentation (http://box/info) @@ -22,6 +23,7 @@ * usb_lib 2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!) Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service: + * awstats * calibre-web * gitea @@ -29,17 +31,19 @@ * kolibri * lokole * mediawiki + * moodle * munin * nextcloud + * nodered * sugarizer * wordpress - * nodered 3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache. + * elgg - * moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)] 4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite) + * bluetooth * calibre (menu goes directly to port 8080) * cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)] @@ -55,4 +59,4 @@ * transmission * vnstat -[*] The 5 above starred roles could use improvement, as of 2021-05-21. +[*] The 4 above starred roles could use improvement, as of 2021-07-06. diff --git a/roles/nodered/tasks/install.yml b/roles/nodered/tasks/install.yml index cdd71f7ee..8d75cb6e9 100644 --- a/roles/nodered/tasks/install.yml +++ b/roles/nodered/tasks/install.yml @@ -1,15 +1,5 @@ -#- name: "Set 'apache_install: True' and 'apache_enabled: True'" -# set_fact: -# apache_install: True -# apache_enabled: True - -#- name: APACHE - run 'httpd' role -# include_role: -# name: httpd - - -# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js (8.x for now) & -# npm to roles/nodejs/tasks/main.yml +# 2019-01-16: @jvonau's PR #1403 moved installation of Node.js [8.x at the time] +# and npm to roles/nodejs/tasks/main.yml - name: "Set 'nodejs_install: True' and 'nodejs_enabled: True'" set_fact: @@ -48,7 +38,7 @@ state: absent when: nodered_install -# 2012-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED +# 2019-02-13: the 6 RPi stanzas below recreate Raspbian Desktop's Node-RED # environment, inspired by: # https://nodered.org/docs/hardware/raspberrypi # https://github.com/node-red/raspbian-deb-package/blob/master/resources/update-nodejs-and-nodered @@ -112,13 +102,6 @@ dest: /etc/systemd/system/nodered.service # mode: '0666' -- name: Install /etc/{{ apache_conf_dir }}/nodered.conf from template - template: - backup: yes - src: nodered.conf.j2 - dest: "/etc/{{ apache_conf_dir }}/nodered.conf" - # mode: '0666' - # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml #- name: Enable proxy_wstunnel apache2 module # apache2_module: diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml index 770b53eb4..2add807b2 100644 --- a/roles/nodered/tasks/main.yml +++ b/roles/nodered/tasks/main.yml @@ -39,14 +39,8 @@ state: stopped when: not nodered_enabled -#- name: Enable/Disable/Restart Apache if primary -- name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache - include_tasks: apache.yml - when: not nginx_enabled - -- name: Enable/Disable/Restart NGINX if primary +- name: Enable/Disable/Restart NGINX include_tasks: nginx.yml - when: nginx_enabled - name: Add 'nodered' variable values to {{ iiab_ini_file }} diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index 0c678a375..abf1c15fb 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -1,11 +1,14 @@ +# 'nodered_port: 1880' is set in /opt/iiab/iiab/vars/default_vars.yml +# https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services + location /nodered/ { - proxy_pass http://127.0.0.1:1880/nodered/; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/; } location /nodered/debug/ws/ { - proxy_pass http://127.0.0.1:1880/nodered/debug/ws; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; } location /nodered/comms/ { - proxy_pass http://127.0.0.1:1880/nodered/comms; + proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; } diff --git a/roles/nodered/templates/nodered.conf.j2 b/roles/nodered/templates/nodered.conf.j2 deleted file mode 100644 index 916e1eed2..000000000 --- a/roles/nodered/templates/nodered.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ -ProxyPreserveHost On -ProxyRequests Off -ProxyPass /{{ nodered_web_path }}/debug/ws ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/debug/ws -ProxyPass /{{ nodered_web_path }}/comms ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/comms -ProxyPass /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} -ProxyPassReverse /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} From c4c0586bb1cacc3c6290a7e36482ebf1b4600d9b Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 00:43:32 -0400 Subject: [PATCH 6/8] Residual nodered/templates/nodered.conf.j2.unused --- roles/nodered/templates/nodered.conf.j2.unused | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 roles/nodered/templates/nodered.conf.j2.unused diff --git a/roles/nodered/templates/nodered.conf.j2.unused b/roles/nodered/templates/nodered.conf.j2.unused new file mode 100644 index 000000000..916e1eed2 --- /dev/null +++ b/roles/nodered/templates/nodered.conf.j2.unused @@ -0,0 +1,6 @@ +ProxyPreserveHost On +ProxyRequests Off +ProxyPass /{{ nodered_web_path }}/debug/ws ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/debug/ws +ProxyPass /{{ nodered_web_path }}/comms ws://localhost:{{ nodered_port }}/{{ nodered_web_path }}/comms +ProxyPass /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} +ProxyPassReverse /{{ nodered_web_path }} http://localhost:{{ nodered_port }}/{{ nodered_web_path }} From a2778e155ca5895c35f6b7c31c5cd1f2fbcd2fb6 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 6 Jul 2021 01:53:57 -0400 Subject: [PATCH 7/8] nodered-nginx.conf.j2: Single stanza avoids WebSocket errors?! ("Lost connection to server, reconnecting...") --- roles/nodered/templates/nodered-nginx.conf.j2 | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nodered/templates/nodered-nginx.conf.j2 index abf1c15fb..c9271959b 100644 --- a/roles/nodered/templates/nodered-nginx.conf.j2 +++ b/roles/nodered/templates/nodered-nginx.conf.j2 @@ -3,12 +3,24 @@ location /nodered/ { proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } -location /nodered/debug/ws/ { - proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; -} +#location /nodered/debug/ws/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/debug/ws; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} -location /nodered/comms/ { - proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; -} +#location /nodered/comms/ { +# proxy_pass http://127.0.0.1:{{ nodered_port }}/nodered/comms; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +#} From 2f644da6a31a6d981a0545e7c325fa40b5c6638e Mon Sep 17 00:00:00 2001 From: A Holt Date: Tue, 6 Jul 2021 02:23:52 -0400 Subject: [PATCH 8/8] Update roles/nginx/README.md --- roles/nginx/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/nginx/README.md b/roles/nginx/README.md index c85dc0eac..785d8eba0 100644 --- a/roles/nginx/README.md +++ b/roles/nginx/README.md @@ -1,10 +1,10 @@ ### Transition to NGINX -1. Initial testing strategy (December 2019 - February 2020) is to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. +1. Initial testing strategy (December 2019 - February 2020) was to move NGINX to [port 80](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services), and proxy everything to Apache on [port 8090](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) — creating "Shims" for each IIAB App/Service in *Section iii.* below. - Until "Native" NGINX is later implemented for that IIAB App/Service — allowing it to move up to *Section ii.* below. + Until "Native" NGINX is later implemented for each such IIAB App/Service — allowing each to move up to *Section ii.* below. - And potentially later moving it up to *Section i.* if its Apache support is dropped! + And potentially later moving each up to *Section i.* if its Apache support is dropped! (Background: IIAB Apps/Services are generally [Ansible roles](https://github.com/iiab/iiab/wiki/IIAB-Contributors-Guide#ansible) that live in [/opt/iiab/iiab/roles](https://github.com/iiab/iiab/tree/master/roles)) @@ -18,6 +18,8 @@ * captiveportal * IIAB documentation (http://box/info) * jupyterhub + * moodle + * nodered * osm-vector-maps * OER2Go/RACHEL modules * usb_lib @@ -31,10 +33,8 @@ * kolibri * lokole * mediawiki - * moodle * munin * nextcloud - * nodered * sugarizer * wordpress