Added Docker Swarm files and command reference

swarm/commands

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+docker run --rm -it postgres psql "host=swarm1.titleproject.space sslmode=require port=30000 user=postgres"
+# create database unleash;
+# create user unleash with encrypted password 'titleproject';
+# grant all privileges on database unleash to unleash;
+
+# Unleash Admin: Configure -> API Access -> Create API token: user web-dev, type client, project default, environment development
+# Update token in stack, unleash-proxy
+
+# Unleash Admin: Create "Image", "Notification" and "Table" feature toggles
+
+npx degit sveltejs/template . --force
+npm install

swarm/nginx-unleash-clients-20211130.yaml

@@ -0,0 +1,44 @@
+user             nginx;
+worker_processes 1;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include      /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  gzip         on;
+  gzip_types   application/xml application/json application/x-javascript text/css text/plain;
+  gzip_proxied no-cache no-store private expired auth;
+
+  server_tokens off;
+
+  server {
+    listen 80;
+    listen [::]:80;
+
+    server_name _;
+
+    return 301 https://$host$request_uri;
+  }
+
+  server {
+    listen 443      ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name _;
+
+    ssl_certificate     /run/secrets/titleproject.space-20211130.crt;
+    ssl_certificate_key /run/secrets/titleproject.space-20211130.key;
+
+    add_header Strict-Transport-Security "max-age=15768000" always;
+    add_header X-Content-Type-Options    nosniff;
+    add_header X-XSS-Protection          "1; mode=block";
+
+    location / {
+        proxy_pass http://unleash-proxy:3000/;
+    }
+  }
+}

swarm/nginx-unleash-frontend-20211130.yaml

@@ -0,0 +1,44 @@
+user             nginx;
+worker_processes 1;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include      /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  gzip         on;
+  gzip_types   application/xml application/json application/x-javascript text/css text/plain;
+  gzip_proxied no-cache no-store private expired auth;
+
+  server_tokens off;
+
+  server {
+    listen 80;
+    listen [::]:80;
+
+    server_name _;
+
+    return 301 https://$host$request_uri;
+  }
+
+  server {
+    listen 443      ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name _;
+
+    ssl_certificate     /run/secrets/titleproject.space-20211130.crt;
+    ssl_certificate_key /run/secrets/titleproject.space-20211130.key;
+
+    add_header Strict-Transport-Security "max-age=15768000" always;
+    add_header X-Content-Type-Options    nosniff;
+    add_header X-XSS-Protection          "1; mode=block";
+
+    location / {
+        proxy_pass http://unleash:4242/;
+    }
+  }
+}

swarm/unleash-stack.yaml

@@ -0,0 +1,106 @@
+version: '3.8'
+
+services:
+
+  clients:
+    image: nginx:1.19-alpine
+    configs:
+      - source: nginx-unleash-clients-20211130
+        target: /etc/nginx/nginx.conf
+        uid: '0'
+        gid: '0'
+        mode: 0644
+    networks:
+      - unleash
+    ports:
+      - 13001:443
+    secrets:
+      - titleproject.space-20211130.crt
+      - titleproject.space-20211130.key
+
+  frontend:
+    image: nginx:1.19-alpine
+    configs:
+      - source: nginx-unleash-frontend-20211130
+        target: /etc/nginx/nginx.conf
+        uid: '0'
+        gid: '0'
+        mode: 0644
+    networks:
+      - unleash
+    ports:
+      - 13000:443
+    secrets:
+      - titleproject.space-20211130.crt
+      - titleproject.space-20211130.key
+
+  postgres:
+    image: postgres:14-alpine
+    deploy:
+      restart_policy:
+        condition: none
+    ports:
+      - 5432
+    environment:
+      POSTGRES_PASSWORD: titleproject
+    networks:
+      unleash:
+        aliases:
+          - swarm1.titleproject.space
+    secrets:
+      - source: titleproject.space-20211130.crt
+        target: titleproject.space-20211130.crt
+        uid: '70'
+        gid: '70'
+        mode: 0600
+      - source: titleproject.space-20211130.key
+        target: titleproject.space-20211130.key
+        uid: '70'
+        gid: '70'
+        mode: 0600
+    command: -c ssl=on -c ssl_cert_file=/run/secrets/titleproject.space-20211130.crt -c ssl_key_file=/run/secrets/titleproject.space-20211130.key
+
+  unleash:
+    image: unleashorg/unleash-server:4.7.2
+    deploy:
+      restart_policy:
+        condition: none
+    environment:
+      POSTGRES_PASSWORD: titleproject
+      DATABASE_HOST: swarm1.titleproject.space
+      DATABASE_NAME: unleash
+      DATABASE_USERNAME: unleash
+      DATABASE_PASSWORD: titleproject
+      DATABASE_PORT: 5432
+      DATABASE_SSL: "true" 
+      LOG_LEVEL: debug
+      UNLEASH_URL: https://swarm1.titleproject.space:13000
+    networks:
+      - unleash
+
+  unleash-proxy:
+    image: unleashorg/unleash-proxy:0.7
+    deploy:
+      restart_policy:
+        condition: none
+    environment:
+      UNLEASH_URL: http://unleash:4242/api/
+      UNLEASH_API_TOKEN: default:development.b1b90818f6281a3fe3cd558d611ad934be1ebef8ae84bca8c5a941d2
+      UNLEASH_PROXY_CLIENT_KEYS: titleprojectkey
+    networks:
+      - unleash
+
+configs:
+  nginx-unleash-clients-20211130:
+    external: true
+  nginx-unleash-frontend-20211130:
+    external: true
+
+networks:
+  unleash:
+
+secrets:
+  titleproject.space-20211130.crt:
+    external: true
+  titleproject.space-20211130.key:
+    external: true