Compare commits
No commits in common. "2aae669515717031cd74a09ffde1704025728ce5" and "c2a16c28027648406bf4eb7e3485c285a5df4226" have entirely different histories.
2aae669515
...
c2a16c2802
62
README.md
62
README.md
|
@ -1,71 +1,13 @@
|
|||
# akashop
|
||||
https://origin-akashop.akamai-lab.com
|
||||
|
||||
- akashop was built on [woocommerce](https://woo.com/).
|
||||
- akashop is deployed to **tee-origins** kubernetes cluster.
|
||||
|
||||
## How to deploy
|
||||
1. git clone https://gitea-ptl.akamai-lab.com/akamai/akashop.git
|
||||
2. cd akashop/traefik
|
||||
3. kubectl create namespace traefik
|
||||
4. kubectl apply -f kubernetes-crd-definition-v1.yml -f kubernetes-crd-rbac.yml -f traefik-deployment.yml -f traefik-services.yml -n traefik
|
||||
5. kubectl get pods -n traefik
|
||||
```
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
traefik-deployment-6dbb5f6667-wslph 1/1 Running 0 9m2s
|
||||
```
|
||||
6. kubectl get services -n traefik
|
||||
```
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
traefik-dashboard-service LoadBalancer 10.128.46.205 172.233.169.40 8080:32174/TCP 18h
|
||||
traefik-web LoadBalancer 10.128.2.58 172.233.168.36 80:31310/TCP,443:32696/TCP 18h
|
||||
```
|
||||
7. Vefiry traefik dashboard.
|
||||
```
|
||||
http://{traefik-dashboard-service-external-ip}:8080
|
||||
```
|
||||
8. cd ../akashop
|
||||
9. kubectl create namespace akashop
|
||||
10. kubectl apply -f pv.yml -f pvc.yml -f deployment.yml -f service.yml -f traefik-ingressR.yml -n akashop
|
||||
11. DNS spoofing test
|
||||
```
|
||||
http http://{traefik-web-external-ip} Host:origin-akashop.akamai-lab.com
|
||||
HTTP/1.1 301 Moved Permanently
|
||||
Content-Length: 0
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Date: Mon, 08 Apr 2024 00:38:47 GMT
|
||||
Location: https://origin-akashop.akamai-lab.com/
|
||||
Server: Apache/2.4.57 (Debian)
|
||||
X-Powered-By: PHP/8.2.17
|
||||
X-Redirect-By: WordPress
|
||||
```
|
||||
12. Update DNS record
|
||||
```
|
||||
origin-akashop.akamai-lab.com. 600 IN A {traefik-web-external-ip}
|
||||
```
|
||||
13. HTTPS test
|
||||
```
|
||||
http https://origin-akashop.akamai-lab.com -ph
|
||||
HTTP/1.1 200 OK
|
||||
Content-Encoding: gzip
|
||||
Content-Length: 18525
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
Date: Mon, 08 Apr 2024 00:41:25 GMT
|
||||
Link: <https://origin-akashop.akamai-lab.com/wp-json/>; rel="https://api.w.org/", <https://origin-akashop.akamai-lab.com/wp-json/wp/v2/pages/265>; rel="alternate"; type="application/json", <https://origin-akashop.akamai-lab.com/>; rel=shortlink
|
||||
Server: Apache/2.4.57 (Debian)
|
||||
Set-Cookie: _37c01=d5cf5ba194c98167; Path=/; HttpOnly
|
||||
Vary: Accept-Encoding
|
||||
X-Powered-By: PHP/8.2.17
|
||||
```
|
||||
|
||||
## How to use HTTPS ##
|
||||
- traefik/traefik-deployment.yml
|
||||
- traefik/02-traefik.yml
|
||||
```yml
|
||||
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
||||
- --certificatesresolvers.le.acme.storage=acme.json
|
||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
||||
```
|
||||
- akashop/traefik-ingressR.yml
|
||||
|
@ -108,7 +50,7 @@ metadata:
|
|||
```
|
||||
|
||||
## How to maintain Session Stickyness ##
|
||||
- akashop/traefik-ingressR.yml
|
||||
- akashop/ingress.yml
|
||||
```yml
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
|
|
|
@ -13,7 +13,7 @@ spec:
|
|||
storageClassName: ""
|
||||
nfs:
|
||||
path: /nfs/share/akashop/volumes/wp
|
||||
server: 10.0.0.2
|
||||
server: 10.0.0.5
|
||||
|
||||
---
|
||||
|
||||
|
@ -32,4 +32,4 @@ spec:
|
|||
storageClassName: ""
|
||||
nfs:
|
||||
path: /nfs/share/akashop/volumes/db
|
||||
server: 10.0.0.2
|
||||
server: 10.0.0.5
|
||||
|
|
|
@ -21,14 +21,14 @@ spec:
|
|||
- web
|
||||
|
||||
routes:
|
||||
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
|
||||
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: wp
|
||||
port: 80
|
||||
|
||||
# middlewares:
|
||||
# - name: akashop-redir
|
||||
middlewares:
|
||||
- name: akashop-redir
|
||||
|
||||
---
|
||||
|
||||
|
@ -46,7 +46,7 @@ spec:
|
|||
certResolver: le
|
||||
|
||||
routes:
|
||||
- match: Host(`origin-akashop.akamai-lab.com`) && PathPrefix(`/`)
|
||||
- match: Host(`whoami.172.233.169.31.nip.io`) && PathPrefix(`/`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: wp
|
||||
|
|
|
@ -33,8 +33,7 @@ spec:
|
|||
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
||||
- --certificatesresolvers.le.acme.storage=acme.json
|
||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||
# - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
- --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
||||
ports:
|
||||
- name: web
|
|
@ -64,7 +64,7 @@ roleRef:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: traefik-ingress-controller
|
||||
namespace: traefik
|
||||
namespace: default
|
||||
|
||||
---
|
||||
|
||||
|
@ -72,4 +72,4 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
namespace: traefik
|
||||
namespace: default
|
||||
|
|
Loading…
Reference in New Issue