Skip to content

Feature: Deploy & SSL #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Jun 21, 2025
Merged

Feature: Deploy & SSL #18

merged 16 commits into from
Jun 21, 2025

Conversation

@benloh
Copy link
Collaborator

@benloh benloh commented Jun 21, 2025
edited
Loading

There's a new branch deploy.

  • The deploy branch is used in CI/CD workflows to automatically deploy/redeploy changes to DigitalOcean droplets.
  • The branch should always be runnable. Any active droplet may be redeployed at any point in time, so the branch needs to be stable and runnable. Thorough testing is required before merging into deploy.
  • It is used in concert with netcreate-itest and netcreate-deploy-do repos to manage deployments.
  • The deploy branch is protected and cannot be deleted.
  • See corresponding changes in netcreate-deploy-do in the v0.4 branch caf40d4

New Features

  • Custom nc-multiplex port
    • In previous versions, the nc-multiplex express server runs on port 80, redirecting traffic to other running graphs on ports 3000+ and 4000+. In order to support HTTPS, we need to add an NGINX reverse proxy that initially runs on port 80 to validate the LetsEncrypt certbot, then afterwards support redirecting port 443 to the nc-multiplex express server. This means the express server needs to run on a different port.
    • There is a new parameter --port=xxxx to define a custom port to use when starting nc-multplex, e.g. ./nc-multiplex.js --port=8080.
      • Any port can be used outside of the range 3000-4999, which are reserved for use by the express server.
      • If no port is specified, DEFAULT_PORT port 80 is used.
    • There's a new script start-nc-multiplex-ssl.sh that starts multiplex on port 8080. This is referenced by the NCPLEX_PORT variable in the netcreate-deploy-do create_droplet_ansible_docker.yml action. See NCPLEX_PORT:53
      • Ultimately that port is mapped to the nginx-ssl.conf.j2 file that routes port 443 traffic to the app running on the express server.
  • Secure Web Sockets
    • In order to support HTTPS on DigitalOcean droplets, web sockets needed to also be secure.
    • client-network.js now supports secure web sockets. If https is detected in the URL, then websocket traffic is now directed to wss://<url>/ws_port/<port> instead of ws://<url>:<port>.
    • See corresponding changes in netcreate-itest in the deploy branch #404

benloh added 15 commits June 4, 2025 11:12
@benloh
do-fixes: ./nc.js --dataset.. MUST be run before npm run package
7d79545
@benloh
do-fixes: Deprecate MakeTokens. Functionality is now in netcreate Adv…
b927d38 
…anced Panel. #15
@benloh
do-fixes: Remove obsolete Google Adwords parameters
f8aaa99
@benloh
do-fixes: Update README to point to .start-nc-multiplex.sh instead …
adf3186 
…of `node nc-multiplex.js`
@benloh
do-fixes: Add note to switch branches if necessary in README
62e3288
@benloh
do-fixes: Deprecate MakeToken function and /maketoken route
de26976 
Keep in case we need to restore this later
@benloh
download-zips: Add download logs, lokis, backups, and templates via zip
6cad521
@benloh
download-zips: Only allow downloads if user is authorized
aeac568
@benloh
download-zips: Show archive errors with a message and redirect
d4f03cd
@benloh
download-zips: Set SERVER_IP when app is launched.
a64c438
@benloh
download-zips: Support passing multiple file extensions to archiver
0461a60
@benloh
download-zips: Add Download "All Networks" (lokis and templates)
3a68f2c
@benloh
deploy-do: Add custom port override support for SSL reverse proxy ser…
67abb27 
…ver `--port=8080`
@benloh
deploy-do: Add start-nc-multiplex-ssl.sh script to use port 8080 fo…
326fec6 
…r reverse proxy SSL

Use with netcreate-deploy-do repo to provision droplets with ansible
@benloh
deploy-do: APP_PORT should be PORT_ROUTER
4b26921
@benloh benloh changed the title Feature: Deploy Feature: Deploy & SSL Jun 21, 2025
@benloh benloh mentioned this pull request Jun 21, 2025
Merged
@benloh
deploy-do: Lock out the full range of ports from 3000-4999 (rather th…
3ed7f0d 
…an just through 4030) in case PROCES_MAX changes.
@benloh benloh merged commit ee20fb7 into deploy Jun 21, 2025
@benloh benloh deleted the deploy-do branch July 9, 2025 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benloh