diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml index b9deb5e..872f4ce 100644 --- a/.gitea/workflows/build-and-deploy.yml +++ b/.gitea/workflows/build-and-deploy.yml @@ -5,11 +5,12 @@ on: branches: [ main ] jobs: - #───────────────── build & push ───────────────── - build: + build-and-deploy: runs-on: docker env: REG: gitea.nucleoriofrio.com/nucleo000 + RADIUS_CLIENTS_CIDR: 192.168.87.0/24 + RADIUS_SHARED_SECRET: tamosbien steps: - uses: actions/checkout@v3 - uses: docker/setup-buildx-action@v2 @@ -31,23 +32,10 @@ jobs: docker push $REG/radiusnucleo-freeradius:${{ github.sha }} docker push $REG/radiusnucleo-freeradius:latest - #───────────────── deploy ───────────────── - deploy: - needs: build - runs-on: docker - env: - REG: gitea.nucleoriofrio.com/nucleo000 - RADIUS_CLIENTS_CIDR: 192.168.87.0/24 - RADIUS_SHARED_SECRET: tamosbien - steps: - - uses: actions/checkout@v3 - - - name: Login to registry - run: docker login gitea.nucleoriofrio.com -u nucleo000 -p 7bc7b2fcd283bd6a251bef3ede368b7f897c919d - - - name: Ensure external docker network exists + - name: Ensure external docker networks exist run: | docker network inspect principal >/dev/null 2>&1 || docker network create principal + docker network inspect radiusnucleo_radius_net >/dev/null 2>&1 || docker network create radiusnucleo_radius_net - name: Pull fresh images used in compose run: docker compose -f docker-compose.yml pull @@ -60,19 +48,3 @@ jobs: - name: Show service status run: docker compose -f docker-compose.yml --project-name radiusnucleo ps - - - name: Tail freeradius logs (last 2m) - run: docker compose -f docker-compose.yml --project-name radiusnucleo logs --since=2m freeradius || true - - - name: Inspect freeradius published ports - run: | - CID=$(docker compose -f docker-compose.yml --project-name radiusnucleo ps -q freeradius) - echo "Container: $CID" - docker inspect "$CID" --format '{{json .NetworkSettings.Ports}}' - echo "docker port output:" || true - docker port "$CID" || true - - - name: Check sockets inside freeradius container - run: | - CID=$(docker compose -f docker-compose.yml --project-name radiusnucleo ps -q freeradius) - docker exec "$CID" sh -lc 'ss -ulpen | egrep ":(1812|1813|3799)\\b" || netstat -ulpen | egrep ":(1812|1813|3799)\\b" || true' diff --git a/docker-compose.yml b/docker-compose.yml index 67a4ad1..e031332 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,12 @@ version: "3.9" services: - node: + radiusnucleo-node: build: context: . dockerfile: node-api/Dockerfile image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest + container_name: radiusnucleo-node-1 environment: - VLAN_ID=2 - MAX_UP=10000000 @@ -19,16 +20,42 @@ services: - PGUSER=radius - PGPASSWORD=radius networks: - radius_net: - principal: - aliases: - - radiusnucleo-node + - principal + - radiusnucleo_radius_net + labels: + # Habilitar Traefik + - "traefik.enable=true" + - "traefik.docker.network=principal" + + # Router principal + - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" + - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" + - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" + - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" + - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" + + # Service - Puerto y configuraciones SSE + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" + - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@docker" + + # Middleware: wifi-headers + - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" + + # ServersTransport para SSE/WebSocket + - "traefik.http.serverstransports.wifi-transport.servername=radiusnucleo-node-1" + - "traefik.http.serverstransports.wifi-transport.insecureskipverify=false" + - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.dialtimeout=30s" + - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.responseheadertimeout=0s" + - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.idleconntimeout=90s" freeradius: build: ./freeradius image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest depends_on: - - node + - radiusnucleo-node - postgres restart: unless-stopped ports: @@ -39,7 +66,7 @@ services: - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24} - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} networks: - - radius_net + - radiusnucleo_radius_net - principal postgres: @@ -52,14 +79,14 @@ services: - postgres_data:/var/lib/postgresql/data - ./postgres/init:/docker-entrypoint-initdb.d:ro networks: - - radius_net + - radiusnucleo_radius_net - principal networks: - radius_net: - driver: bridge principal: external: true + radiusnucleo_radius_net: + external: true volumes: postgres_data: