From 3a0e966fdf32557c2f574d092e75327ab2a5e6f3 Mon Sep 17 00:00:00 2001
From: Ivo Hanak <hanak@ipp.cas.cz>
Date: Thu, 7 Mar 2024 12:33:23 +0100
Subject: [PATCH] Replaced the network mode host with an internal network

---
 docker-compose-dev.yml     | 126 +++++++++++++++++++++----------------
 docker/pvserver/Dockerfile |   1 -
 nginx/nginx.dev.conf       |  11 ++--
 3 files changed, 76 insertions(+), 62 deletions(-)

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 1f2523ac..af913303 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -4,11 +4,17 @@ services:
     build:
       context: ./
       dockerfile: docker/epicsBase/Dockerfile
+    networks:
+      - internal
+
   node_cache:
     image: node_cache
     build:
       context: ./
       dockerfile: docker/node_cache/Dockerfile
+    networks:
+      - internal
+
   frontendserverdev:
     env_file: .env
     build:
@@ -21,8 +27,8 @@ services:
       - ./ReactApp/vite.config.js:/ReactApp/vite.config.js
       - ./ReactApp/public:/ReactApp/public
     restart: always
-    ports:
-      - "3001:3000"
+    networks:
+      - internal
     depends_on:
       - node_cache
 
@@ -31,20 +37,22 @@ services:
       context: ./
       dockerfile: docker/pvserver/Dockerfile
     restart: always
-    network_mode: host
+    networks:
+      - internal
     tty: true
     stdin_open: true
     env_file: .env
     environment:
-      - ALARM_DATABASE=localhost
+      - ALARM_DATABASE=mongo1
       - ALARM_DATABASE_REPLICA_SET_NAME=devrs
-      - LOADSAVE_DATABASE=localhost
+      - LOADSAVE_DATABASE=mongo1
       - LOADSAVE_DATABASE_REPLICA_SET_NAME=devrs
-      - ADMIN_DATABASE=localhost
+      - ADMIN_DATABASE=mongo1
       - ADMIN_DATABASE_REPLICA_SET_NAME=devrs
-      - WATCH_DEBUG_DATABASE=localhost
+      - WATCH_DEBUG_DATABASE=mongo1
       - WATCH_DEBUG_DATABASE_REPLICA_SET_NAME=devrs
       - DEMO_ARCHIVER=http://localhost:17668
+      - EPICS_CA_SERVER_PORT=8001      
       - pvServerLogLevel=INFO
       - pvServerLogFile=/pvServer/log/pvServerLogFile
       - pvServerPort=9001
@@ -54,39 +62,45 @@ services:
       - ./build:/pvServer/build
     depends_on:
       - epicsbase
+
   nginx:
     image: nginx:1.25.3
     restart: always
-    network_mode: host
+    networks:
+      - internal
     depends_on:
       - pvserver1
-    entrypoint:
-      - /custom/setupNginx.dev.sh
+    entrypoint: 
+      - "/bin/bash"
+      - "-c"
+      - "source <(cat /custom/setupNginx.dev.sh | tr -d '\\r')"
+      - "--"
       - /docker-entrypoint.sh
-    command: ["nginx", "-g", "daemon off;"] 
+    command: ["nginx", "-g", "daemon off;"]
     volumes:
-      - ./nginx/setupNginx.dev.sh:/custom/setupNginx.dev.sh
-      - ./nginx/nginx.dev.conf:/custom/nginx.dev.conf
-      - ./nginx/nginx.httpredirect.conf:/custom/nginx.httpredirect.conf
+      - ./nginx:/custom
       - ./build/styleguide:/var/www/styleguide
       - ./certificates:/etc/nginx/certificates
+    ports:
+      - "3000:3000"
     env_file: .env
+
   unsecurestylguidepvserver:
     build:
-      context: ./
- 
+      context: ./ 
       dockerfile: docker/pvserver/Dockerfile
     restart: always
-    network_mode: host
+    networks:
+      - internal
     env_file: .env
     environment:
-          - ALARM_DATABASE=localhost
+          - ALARM_DATABASE=mongo1
           - ALARM_DATABASE_REPLICA_SET_NAME=devrs
-          - LOADSAVE_DATABASE=localhost
+          - LOADSAVE_DATABASE=mongo1
           - LOADSAVE_DATABASE_REPLICA_SET_NAME=devrs
-          - ADMIN_DATABASE=localhost
+          - ADMIN_DATABASE=mongo1
           - ADMIN_DATABASE_REPLICA_SET_NAME=devrs
-          - WATCH_DEBUG_DATABASE=localhost
+          - WATCH_DEBUG_DATABASE=mongo1
           - WATCH_DEBUG_DATABASE_REPLICA_SET_NAME=devrs
           - DEMO_ARCHIVER=http://localhost:17668
           - pvServerURL=http://127.0.0.1
@@ -99,15 +113,16 @@ services:
 
   demoioc:
     build:
-      context: ./
-     
+      context: ./     
       dockerfile: docker/demoioc/Dockerfile
     tty: true
     stdin_open: true
     restart: always
-    network_mode: host
+    networks:
+      - internal
     depends_on:
       - epicsbase
+
   storybook:
     build:
       context: ./
@@ -121,15 +136,14 @@ services:
     depends_on:
       - node_cache
   
-
-
   signalcli:
     build:
       context: ./
       dockerfile: docker/signalcli/Dockerfile
     hostname: signalcli
     restart: always
-    network_mode: "host"
+    networks:
+      - internal
     stdin_open: true
     tty: true
     env_file: .env
@@ -142,7 +156,8 @@ services:
       dockerfile: docker/alarmHandlerDbInit/Dockerfile
     hostname: initializealarmhandlerdb
     restart: on-failure
-    network_mode: "host"
+    networks:
+      - internal
     depends_on:
       - mongosetup
     stdin_open: true
@@ -158,7 +173,8 @@ services:
     depends_on:
       - epicsbase
       - initializealarmhandlerdb
-    network_mode: "host"
+    networks:
+      - internal
     stdin_open: true
     tty: true
     env_file: .env
@@ -176,11 +192,9 @@ services:
     image: mongo:${RAS_MONGODB_VERSION-7.0.5}
     hostname: mongo1
     restart: always
-    network_mode: "host"
+    networks:
+      - internal
     env_file: .env
-    # environment:
-    #   MONGO_INITDB_ROOT_USERNAME: ${MONGO_ROOT_USERNAME-admin}
-    #   MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD-password}
     logging:
       driver: "none"
     volumes:
@@ -192,11 +206,9 @@ services:
     image: mongo:${RAS_MONGODB_VERSION-7.0.5}
     hostname: mongo2
     restart: always
-    network_mode: "host"
+    networks:
+      - internal
     env_file: .env
-    # environment:
-    #   MONGO_INITDB_ROOT_USERNAME: ${MONGO_ROOT_USERNAME-admin}
-    #   MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD-password}
     logging:
       driver: "none"
     volumes:
@@ -208,11 +220,9 @@ services:
     image: mongo:${RAS_MONGODB_VERSION-7.0.5}
     hostname: mongo3
     restart: always
-    network_mode: "host"
+    networks:
+      - internal
     env_file: .env
-    # environment:
-    #   MONGO_INITDB_ROOT_USERNAME: ${MONGO_ROOT_USERNAME-admin}
-    #   MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD-password}
     logging:
       driver: "none"
     volumes:
@@ -226,7 +236,8 @@ services:
       dockerfile: docker/mongoSetup/Dockerfile
     hostname: mongosetup
     restart: on-failure
-    network_mode: "host"
+    networks:
+      - internal
     depends_on:
       - mongo1
       - mongo2
@@ -238,41 +249,41 @@ services:
   initializeloadsavedb:
     env_file: .env
     environment:
-      - LOADSAVE_DATABASE=localhost
+      - LOADSAVE_DATABASE=mongo1
       - LOADSAVE_DATABASE_REPLICA_SET_NAME=devrs
     build:
       context: ./
-
-     
       dockerfile: docker/loadSaveDbInit/Dockerfile
-    network_mode: "host"
+    networks:
+      - internal
     tty: true
     stdin_open: true
     depends_on:
       - mongosetup
+
   initializeadmindb:
     env_file: .env
     environment:
-      - ADMIN_DATABASE=localhost
+      - ADMIN_DATABASE=mongo1
       - ADMIN_DATABASE_REPLICA_SET_NAME=devrs
     build:
-      context: ./
-
-     
+      context: ./     
       dockerfile: docker/adminDbInit/Dockerfile
-    network_mode: "host"
+    networks:
+      - internal
     tty: true
     stdin_open: true
     depends_on:
       - mongosetup
+
   areadetectorsim:
     image: prjemian/synapps
-    ports:
-      - "8005:8005/tcp" #areaDetector IOC is served on port 8005 so as not to conflict with other instances on the network, use the port number to access the IOC from other GUIS
-      - "8005:8005/udp"
+    hostname: areadetectorsim
+    networks:
+      - internal
     environment:
       - PREFIX="ras:adsim:" # OPI macro: P = ras:adsim: , R = cam1:
-      - EPICS_CA_SERVER_PORT=8005
+      - EPICS_CA_SERVER_PORT=8001
     command: bash -c "/root/bin/adsim.sh start && tail -f /dev/null"
 
 # As of RAS V5.0.0 MongoDB volumes are now defined by the compose project name and mongodb version
@@ -293,3 +304,8 @@ volumes:
     name: ${COMPOSE_PROJECT_NAME}-mongo-db-data3-mongo-${RAS_MONGODB_VERSION-7.0.5}
   mongo-db-configdb3:
     name: ${COMPOSE_PROJECT_NAME}-mongo-db-configdb3-mongo-${RAS_MONGODB_VERSION-7.0.5}
+
+networks:
+  internal:
+    name: ${COMPOSE_PROJECT_NAME}_internal
+    driver: bridge
diff --git a/docker/pvserver/Dockerfile b/docker/pvserver/Dockerfile
index c7be1dc3..3b489904 100644
--- a/docker/pvserver/Dockerfile
+++ b/docker/pvserver/Dockerfile
@@ -29,7 +29,6 @@ ENV VITE_EnableLogin=false
 ENV VITE_DisableStandardLogin=false
 ENV VITE_EnableActiveDirectoryLogin=false
 ENV VITE_EnableGoogleLogin=false
-ENV EPICS_CA_ADDR_LIST="0.0.0.0:8001 0.0.0.0:8004 0.0.0.0:8005"
 ENV PYEPICS_LIBCA=/epics/base/lib/linux-x86_64/libca.so
 
 ENV PATH="/epics/base/bin/linux-x86_64/:${PATH}"
diff --git a/nginx/nginx.dev.conf b/nginx/nginx.dev.conf
index cde5d612..1632f614 100644
--- a/nginx/nginx.dev.conf
+++ b/nginx/nginx.dev.conf
@@ -1,6 +1,6 @@
 
 upstream servers {
-    server 127.0.0.1:9001;
+    server pvserver1:9001;
 }
 
 server {
@@ -8,7 +8,7 @@ server {
     #insert ssl_certificate def here;
     #insert ssl_certificate_key def here;
     location / {
-        proxy_pass http://127.0.0.1:3001;
+        proxy_pass http://frontendserverdev:3000;
         proxy_connect_timeout       300;
         proxy_send_timeout          300;
         proxy_read_timeout          300;
@@ -22,7 +22,7 @@ server {
         proxy_buffering off;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
-        proxy_pass http://127.0.0.1:3001;
+        proxy_pass http://frontendserverdev:3000;
      }
     location /socket.io {
         proxy_http_version 1.1;
@@ -36,15 +36,14 @@ server {
         proxy_buffering off;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
-        proxy_pass http://127.0.0.1:3001;
+        proxy_pass http://frontendserverdev:3000;
      }
     error_page  497 https://$host:3000$request_uri;
     
 }
 
 upstream styleguideservers {
-    server 127.0.0.1:5001;
-
+    server unsecurestylguidepvserver:5001;
 }
 
 server {