Add files for aws deploy

Author: bokuan

DockerDeploy.md

@@ -0,0 +1,57 @@
+# Pushing to docker hub
+
+## FE
+
+From root dir:
+
+`docker build -t bokuan/peerprep-frontend:latest . -f .\frontend\Dockerfile`
+
+`docker push bokuan/peerprep-frontend:latest`
+
+## Gateway
+
+`docker build -t bokuan/peerprep-gateway:latest . -f .\gateway\Dockerfile`
+
+`docker push bokuan/peerprep-gateway:latest`
+
+## User service
+
+`docker build -t bokuan/peerprep-user-service:latest . -f .\backend\user-service\Dockerfile`
+
+`docker push bokuan/peerprep-user-service:latest`
+
+## qns service
+
+`docker build -t bokuan/peerprep-question-service:latest . -f .\backend\mongodb-database\Dockerfile`
+
+`docker push bokuan/peerprep-question-service:latest`
+
+## matching svc
+
+`docker build -t bokuan/peerprep-matching-service:latest . -f .\backend\matching-service\Dockerfile`
+
+`docker push bokuan/peerprep-matching-service:latest`
+
+## collab svc
+
+`docker build -t bokuan/peerprep-collaboration-service:latest . -f .\backend\collaboration-service\Dockerfile`
+
+`docker push bokuan/peerprep-collaboration-service:latest`
+
+## compiler svc
+
+`docker build -t bokuan/peerprep-compiler-service:latest . -f .\backend\compiler-service\Dockerfile`
+
+`docker push bokuan/peerprep-compiler-service:latest`
+
+## email svc
+
+`docker build -t bokuan/peerprep-email-service:latest . -f .\backend\email-service\Dockerfile`
+
+`docker push bokuan/peerprep-email-service:latest`
+
+## AI svc
+
+`docker build -t bokuan/peerprep-ai-service:latest . -f .\backend\ai-service\Dockerfile`
+
+`docker push bokuan/peerprep-ai-service:latest`

docker-compose-full-deploy.yml

@@ -0,0 +1,201 @@
+version: '3.8'
+
+x-logging:
+  &default-logging
+  logging:
+    driver: json-file
+    options:
+      max-size: 100m
+
+services:
+    frontend:
+        depends_on:
+            - gateway
+        container_name: frontend
+        image: bokuan/peerprep-frontend:latest
+        ports:
+            - "3000:3000"
+        env_file:
+            - ./frontend/.env
+        environment: # Running locally has different url than running on docker (not localhost)
+            - NEXT_PUBLIC_MATCHING_SERVER_URL=http://matching:3004
+            - NEXT_PUBLIC_COLLAB_SERVER_URL=http://collaboration:3005
+            - GATEWAY_SERVER_URL=http://gateway:8080
+
+    nginx-web-app:
+        build: ./nginx
+        restart: always
+        volumes:
+            - ./nginx/default.conf:/tmp/default.conf/:ro
+            - ./certbot/www:/var/www/certbot/:ro
+            - ./certbot/conf/:/etc/nginx/ssl/:ro
+        environment: 
+            - WEB_APP_ADDR=frontend:3000
+        ports:
+            - "80:80"
+            - "443:443"
+        depends_on:
+            - frontend
+        healthcheck:
+            test: ["CMD-SHELL", "curl --silent --fail localhost:80/health-check || exit 1"]
+            interval: 1000s
+            timeout: 10s
+            retries: 3
+        command: /app/start.sh
+
+    certbot:
+        image: certbot/certbot:latest
+        volumes:
+            - ./certbot/www:/var/www/certbot/:rw
+            - ./certbot/conf/:/etc/letsencrypt/:rw
+
+    gateway:
+        depends_on:
+            - users
+            - questions
+            - matching
+            - collaboration
+            - compiler
+            - ai
+            - email
+        container_name: gateway
+        image: bokuan/peerprep-gateway:latest
+        ports:
+            - "8080:8080"
+        environment:
+            - USER_SERVICE_URL=http://users:3001
+            - QUESTION_SERVICE_URL=http://questions:3002
+            - RABBITMQ_URL=amqp://user:password@rabbitmq:5672
+    users:
+        depends_on:
+            - email
+        container_name: user-service
+        image: bokuan/peerprep-user-service:latest
+        ports:
+            - "3001:3001"
+        env_file:
+            - ./backend/user-service/.env
+        environment:
+            - EMAIL_SERVICE_URL=http://email:3007/email
+
+    questions:
+        container_name: question-service
+        image: bokuan/peerprep-question-service:latest
+        ports:
+            - "3002:3002"
+        env_file:
+            - ./backend/mongodb-database/.env
+
+    matching:
+        container_name: matching-service
+        image: bokuan/peerprep-matching-service:latest
+        ports:
+            - "3004:3004"
+        env_file:
+            - ./backend/matching-service/.env
+        environment:
+            - GATEWAY_SERVER_URL=http://gateway:8080
+            - USER_SERVICE_URL=http://users:3001/api/session
+
+    collaboration:
+        container_name: collaboration-service
+        image: bokuan/peerprep-collaboration-service:latest
+        ports:
+            - "3005:3005"
+
+    compiler:
+        depends_on:
+            - server
+            - workers
+            - db
+            - redis
+            - rabbitmq
+        container_name: compiler-service
+        image: bokuan/peerprep-compiler-service:latest
+        ports:
+            - "3006:3006"
+        environment: # Running locally has different url than running on docker (not localhost)
+            - RABBITMQ_URL=amqp://user:password@rabbitmq:5672
+            - JUDGE0_URL=http://server:2358/
+    
+    email:
+        container_name: email-service
+        image: bokuan/peerprep-email-service:latest
+        ports:
+            - "3007:3007"
+        env_file:
+            - ./backend/email-service/.env
+
+    ai:
+        container_name: ai-service
+        depends_on:
+            - rabbitmq
+        image: bokuan/peerprep-ai-service:latest
+        ports:
+            - "3008:3008"
+        env_file:
+            - ./backend/ai-service/.env
+        environment: # Running locally has different url than running on docker (not localhost)
+            - RABBITMQ_URL=amqp://user:password@rabbitmq:5672
+
+    server: # Judge0
+        image: judge0/judge0:1.13.0
+        volumes:
+            - ./backend/judge0/judge0.conf:/judge0.conf:ro
+        ports:
+            - "2358:2358"
+        privileged: true
+        <<: *default-logging
+        restart: always
+
+    workers: # Judge0
+        image: judge0/judge0:1.13.0
+        command: ["./scripts/workers"]
+        volumes:
+            - ./backend/judge0/judge0.conf:/judge0.conf:ro
+        privileged: true
+        <<: *default-logging
+        restart: always
+
+    db: # Judge0
+        image: postgres:13.0
+        env_file: ./backend/judge0/judge0.conf
+        volumes:
+            - postgres-data:/var/lib/postgresql/data/
+        <<: *default-logging
+        restart: always
+
+    redis: # Judge0
+        image: redis:6.0
+        command: [
+            "bash", "-c",
+            'docker-entrypoint.sh --appendonly yes --requirepass "$$REDIS_PASSWORD"'
+        ]
+        env_file: ./backend/judge0/judge0.conf
+        volumes:
+            - redis-data:/data
+        <<: *default-logging
+        restart: always
+
+    rabbitmq:
+        image: rabbitmq:management
+        hostname: rabbitmq
+        ports:
+            - "5672:5672"      # AMQP protocol
+            - "15672:15672"    # Management UI
+        expose:
+            - 5672
+            - 15672
+        environment:
+            RABBITMQ_DEFAULT_USER: user
+            RABBITMQ_DEFAULT_PASS: password
+        volumes:
+            - rabbitmq_data:/var/lib/rabbitmq
+            - rabbitmq_log:/var/log/rabbitmq
+
+volumes:
+    postgres-data:
+    redis-data:
+    rabbitmq_data:
+    rabbitmq_log:
+    

nginx/Dockerfile

@@ -0,0 +1,32 @@
+FROM nginx:1.19.7-alpine
+
+# Add bash for boot cmd
+RUN apk add bash
+
+# Add nginx.conf to container
+COPY --chown=nginx:nginx nginx.conf /etc/nginx/nginx.conf
+COPY --chown=nginx:nginx start.sh /app/start.sh
+
+# set workdir
+WORKDIR /app
+
+# permissions and nginx user for tightened security
+RUN chown -R nginx:nginx /app && chmod -R 755 /app && \
+        chown -R nginx:nginx /var/cache/nginx && \
+        chown -R nginx:nginx /var/log/nginx && \
+        chmod -R 755 /var/log/nginx; \
+        chown -R nginx:nginx /etc/nginx/conf.d
+RUN touch /var/run/nginx.pid && chown -R nginx:nginx /var/run/nginx.pid
+
+# # Uncomment to keep the nginx logs inside the container - Leave commented for logging to stdout and stderr
+# RUN mkdir -p /var/log/nginx
+# RUN unlink /var/log/nginx/access.log \
+#     && unlink /var/log/nginx/error.log \
+#     && touch /var/log/nginx/access.log \
+#     && touch /var/log/nginx/error.log \
+#     && chown nginx /var/log/nginx/*log \
+#     && chmod 644 /var/log/nginx/*log
+
+USER nginx
+
+CMD ["nginx", "-g", "'daemon off;'"]

nginx/default.conf

@@ -0,0 +1,46 @@
+proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache:10m max_size=500m inactive=60m use_temp_path=off;
+
+server {
+  listen 443 ssl;
+  server_name peerprep.mooo.com;
+  ssl_certificate /etc/nginx/ssl/live/peerprep.mooo.com/fullchain.pem;
+  ssl_certificate_key /etc/nginx/ssl/live/peerprep.mooo.com/privkey.pem;
+
+  location / {
+    proxy_pass http://$WEB_APP_ADDR;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+
+  location /cache-me {
+    proxy_pass http://$WEB_APP_ADDR;
+    proxy_cache cache;
+    proxy_cache_lock on;
+    proxy_cache_valid 200 30s;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    proxy_cache_revalidate on;
+    proxy_cache_background_update on;
+    expires 20s;
+  }
+
+  location /health-check {
+    add_header Content-Type text/plain;
+    return 200 "success";
+  }
+
+  error_page 497 https://$host$request_uri;
+}
+
+server {
+  listen 80;
+  server_name peerprep.mooo.com;
+  server_tokens off;
+
+  location /.well-known/acme-challenge/ {
+    root /var/www/certbot;
+  }
+  location / {
+    return 301 https://peerprep.mooo.com$request_uri;
+  }
+}

nginx/nginx.conf

@@ -0,0 +1,50 @@
+worker_processes auto;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # Define the format of log messages.
+    log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      '"$host" sn="$server_name" '
+                      'rt=$request_time '
+                      'ua="$upstream_addr" us="$upstream_status" '
+                      'ut="$upstream_response_time" ul="$upstream_response_length" '
+                      'cs=$upstream_cache_status' ;
+
+    access_log  /var/log/nginx/access.log main_ext;
+    error_log  /var/log/nginx/error.log warn;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    # Enable Compression
+    gzip  on;
+
+    # Disable Display of NGINX Version
+    server_tokens off;
+
+    # Size Limits
+    client_body_buffer_size 10K;
+    client_header_buffer_size 1k;
+    client_max_body_size 8m;
+    large_client_header_buffers 2 1k;
+
+    # # SSL / TLS Settings - Suggested for Security
+    # ssl_protocols TLSv1.2 TLSv1.3;
+	# ssl_session_timeout 15m;
+	# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
+	# ssl_prefer_server_ciphers on;
+	# ssl_session_tickets off;
+
+    include /etc/nginx/conf.d/*.conf;
+
+}

nginx/start.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+envsubst '$WEB_APP_ADDR' < /tmp/default.conf > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'