diff --git a/APP_PROFILER/Dockerfile b/APP_PROFILER/Dockerfile index bcef513..11c97d0 100644 --- a/APP_PROFILER/Dockerfile +++ b/APP_PROFILER/Dockerfile @@ -1,7 +1,7 @@ FROM python:3.12-alpine # Install OpenVPN, OpenRC and other system deps -RUN apk add --no-cache openvpn openrc iproute2 bash +RUN apk add --no-cache openvpn openrc iproute2 bash iptables WORKDIR /app diff --git a/APP_PROFILER/entrypoint.sh b/APP_PROFILER/entrypoint.sh index efaf70e..8854db2 100644 --- a/APP_PROFILER/entrypoint.sh +++ b/APP_PROFILER/entrypoint.sh @@ -10,6 +10,14 @@ fi # Enable IP forwarding sysctl -w net.ipv4.ip_forward=1 +# NAT MASQUERADE +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + +# MSS Clamping (Path MTU Tuning) +# Works for both directions in one rule on the FORWARD chain +iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + + # Start OpenRC (needed for rc-service if we use it, but better to start openvpn directly or via rc) # Since we are in Alpine, we can try to start the service if configured, # but Container 4 main.py might expect rc-service to work. diff --git a/APP_PROFILER/templates/server.conf.j2 b/APP_PROFILER/templates/server.conf.j2 index 1e9bc9e..e06c6fa 100644 --- a/APP_PROFILER/templates/server.conf.j2 +++ b/APP_PROFILER/templates/server.conf.j2 @@ -28,13 +28,13 @@ server {{ vpn_network }} {{ vpn_netmask }} ifconfig-pool-persist /etc/openvpn/ipp.txt -log /etc/openvpn/openvpn.log -log-append /etc/openvpn/openvpn.log +log /var/log/openvpn/openvpn-status.log +log-append /var/log/openvpn/openvpn-status.log verb 3 # Use Extended Status Output -status /etc/openvpn/openvpn-status.log 5 +status /var/log/openvpn/openvpn-status.log 5 status-version 2 # Tunneling Mode diff --git a/APP_UI/Dockerfile b/APP_UI/Dockerfile index 91cf673..a52aedb 100644 --- a/APP_UI/Dockerfile +++ b/APP_UI/Dockerfile @@ -9,6 +9,7 @@ RUN npm run build # Stage 2: Serve FROM nginx:alpine COPY --from=build-stage /app/dist /usr/share/nginx/html -COPY nginx.conf /etc/nginx/conf.d/default.conf +COPY default.conf.template /etc/nginx/templates/default.conf.template EXPOSE 80 CMD ["nginx", "-g", "daemon off;"] + diff --git a/APP_UI/default.conf.template b/APP_UI/default.conf.template new file mode 100644 index 0000000..2a41dc3 --- /dev/null +++ b/APP_UI/default.conf.template @@ -0,0 +1,29 @@ +server { + listen 80; + server_name localhost; + + root /usr/share/nginx/html; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + + # Proxy API requests + location /api/v1/ { + proxy_pass http://${OVP_API_HOST}:${OVP_API_PORT}; + } + + location /api/auth { + proxy_pass http://${OVP_API_HOST}:${OVP_API_PORT}; + } + + location /api/ { + proxy_pass http://${OVP_PROFILER_HOST}:${OVP_PROFILER_PORT}; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/APP_UI/nginx.conf b/APP_UI/nginx.conf deleted file mode 100644 index 2f17b99..0000000 --- a/APP_UI/nginx.conf +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 80; - server_name localhost; - - root /usr/share/nginx/html; - index index.html; - - location / { - try_files $uri $uri/ /index.html; - } - - # Proxy API requests if needed or let the frontend handle URLs - # location /api/v1/ { - # proxy_pass http://app-api:5001; - # } - - # location /api/ { - # proxy_pass http://app-profiler:8000; - # } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } -} diff --git a/docker-compose.yml b/docker-compose.yml index 4bd1fd7..05454b1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,12 @@ services: - app-profiler networks: - ovp-net + environment: + - OVP_API_HOST=ovp-api + - OVP_API_PORT=5001 + - OVP_PROFILER_HOST=ovp-profiler + - OVP_PROFILER_PORT=8000 + app-gatherer: build: