esdras/sistema-de-chamados
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(prod): ajustar stack convex/traefik e registrar alteracoes
All checks were successful
CI/CD Web + Desktop / Detect changes (push) Successful in 10s
Details
CI/CD Web + Desktop / Deploy (VPS Linux) (push) Successful in 3m37s
Details
CI/CD Web + Desktop / Deploy Convex functions (push) Has been skipped
Details
Quality Checks / Lint, Test and Build (push) Successful in 3m55s
Details

Browse source
This commit is contained in:
rever-tecnologia 2025-12-18 21:22:06 -03:00
parent c030a3ac09
commit 9c6e724128
2 changed files with 88 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

32
docs/alteracoes-producao-2025-12-19.md Normal file
View file

@ -0,0 +1,32 @@
# Alteracoes de producao - 2025-12-19
Registro das correcoes aplicadas na VPS para reduzir erros em logs e estabilizar certificados e Convex.
## Traefik / TLS
- ACME alterado de HTTP-01 para TLS-ALPN no servico `traefik_traefik`.
- Reinicio do servico Traefik para aplicar a nova configuracao.
## Certificados ACME
- Remocao de certificados obsoletos no `acme.json`:
- `pgadmin.rever.com.br`
- `supa.rever.com.br`
- `compressor.esdrasrenan.com.br`
- Backups gerados:
- `/var/lib/docker/volumes/certificados/_data/acme.json.backup-20251219011425`
- `/var/lib/docker/volumes/certificados/_data/acme.json.backup-` (gerado sem timestamp por comando anterior)
## Convex
- Adicionado `convex_proxy` (tinyproxy) e configurado `--convex-http-proxy` para remover warning de proxy ausente.
- Adicionado `convex_block` (http-echo) para bloquear `POST /api/*` com `Content-Type` nao JSON (415).
- Prioridades de roteamento ajustadas:
- `sistema_convex_api_json` (priority 100)
- `sistema_convex_api_block` (priority 50)
- `sistema_convex` (priority 1)
- `RUST_LOG` ajustado para `info,common::errors=error` a fim de reduzir ruido de warnings nao criticos.
## Stack / Rede
- Criada rede `convex_internal` (overlay, internal) para trafego interno do Convex com o proxy.
- Arquivo atualizado: `/srv/apps/sistema/stack.yml` (stack `sistema`).
## Observacoes
- A alteracao do ACME foi feita via `docker service update --args` no Traefik (nao ha stack file versionado).

57
stack.yml
View file

@ -95,10 +95,13 @@ services:
image: ghcr.io/get-convex/convex-backend:6690a911bced1e5e516eafc0409a7239fb6541bb image: ghcr.io/get-convex/convex-backend:6690a911bced1e5e516eafc0409a7239fb6541bb
stop_grace_period: 10s stop_grace_period: 10s
stop_signal: SIGINT stop_signal: SIGINT
command:
- --convex-http-proxy
- http://convex_proxy:8888
volumes: volumes:
- convex_data:/convex/data - convex_data:/convex/data
environment: environment:
- RUST_LOG=info - RUST_LOG=info,common::errors=error
- CONVEX_CLOUD_ORIGIN=https://convex.esdrasrenan.com.br - CONVEX_CLOUD_ORIGIN=https://convex.esdrasrenan.com.br
- CONVEX_SITE_ORIGIN=https://convex.esdrasrenan.com.br - CONVEX_SITE_ORIGIN=https://convex.esdrasrenan.com.br
# Provisionamento de máquinas (usado pelas functions do Convex) # Provisionamento de máquinas (usado pelas functions do Convex)
@ -136,9 +139,17 @@ services:
- traefik.http.routers.sistema_convex.entrypoints=websecure - traefik.http.routers.sistema_convex.entrypoints=websecure
- traefik.http.routers.sistema_convex.tls=true - traefik.http.routers.sistema_convex.tls=true
- traefik.http.routers.sistema_convex.tls.certresolver=le - traefik.http.routers.sistema_convex.tls.certresolver=le
- traefik.http.routers.sistema_convex.priority=1
- traefik.http.routers.sistema_convex_api_json.rule=Host(`convex.esdrasrenan.com.br`) && PathPrefix(`/api/`) && Method(`POST`) && HeadersRegexp(`Content-Type`, `(?i)^application/json(\\s*;.*)?$$`)
- traefik.http.routers.sistema_convex_api_json.entrypoints=websecure
- traefik.http.routers.sistema_convex_api_json.tls=true
- traefik.http.routers.sistema_convex_api_json.tls.certresolver=le
- traefik.http.routers.sistema_convex_api_json.priority=100
- traefik.http.routers.sistema_convex_api_json.service=sistema_convex
- traefik.http.services.sistema_convex.loadbalancer.server.port=3210 - traefik.http.services.sistema_convex.loadbalancer.server.port=3210
networks: networks:
- traefik_public - traefik_public
- convex_internal
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:3210/version >/dev/null || exit 1"] test: ["CMD-SHELL", "curl -sf http://localhost:3210/version >/dev/null || exit 1"]
interval: 15s interval: 15s
@ -146,6 +157,47 @@ services:
retries: 3 retries: 3
start_period: 60s start_period: 60s
convex_proxy:
image: monokal/tinyproxy:latest
command:
- ANY
deploy:
mode: replicated
replicas: 1
resources:
limits:
memory: "256M"
placement:
constraints:
- node.role == manager
networks:
- convex_internal
convex_block:
image: hashicorp/http-echo:1.0.0
command:
- -listen=:8080
- -status-code=415
- -text=unsupported content type
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.docker.network=traefik_public
- traefik.http.routers.sistema_convex_api_block.rule=Host(`convex.esdrasrenan.com.br`) && PathPrefix(`/api/`) && Method(`POST`)
- traefik.http.routers.sistema_convex_api_block.entrypoints=websecure
- traefik.http.routers.sistema_convex_api_block.tls=true
- traefik.http.routers.sistema_convex_api_block.tls.certresolver=le
- traefik.http.routers.sistema_convex_api_block.priority=50
- traefik.http.routers.sistema_convex_api_block.service=sistema_convex_block
- traefik.http.services.sistema_convex_block.loadbalancer.server.port=8080
networks:
- traefik_public
convex_dashboard: convex_dashboard:
image: ghcr.io/get-convex/convex-dashboard:latest image: ghcr.io/get-convex/convex-dashboard:latest
environment: environment:
@ -173,3 +225,6 @@ volumes:
networks: networks:
traefik_public: traefik_public:
external: true external: true
convex_internal:
driver: overlay
internal: true