From f810a79f33631fa088bb8b139fbf1cd6e8df394a Mon Sep 17 00:00:00 2001 From: Pjotr Prins Date: Tue, 19 Mar 2024 04:44:26 -0500 Subject: fallback server --- ...ping-code-with-genenetwork-system-container.gmi | 3 + .../fire-up-genenetwork-system-container.gmi | 64 ++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 topics/systems/debug-and-developing-code-with-genenetwork-system-container.gmi (limited to 'topics/systems') diff --git a/topics/systems/debug-and-developing-code-with-genenetwork-system-container.gmi b/topics/systems/debug-and-developing-code-with-genenetwork-system-container.gmi new file mode 100644 index 0000000..e71c0c3 --- /dev/null +++ b/topics/systems/debug-and-developing-code-with-genenetwork-system-container.gmi @@ -0,0 +1,3 @@ +# Debugging and developing code + +Once we get to the stage of having a working system container it would be nice to develop code against it. diff --git a/topics/systems/fire-up-genenetwork-system-container.gmi b/topics/systems/fire-up-genenetwork-system-container.gmi index afba8c9..d751fa3 100644 --- a/topics/systems/fire-up-genenetwork-system-container.gmi +++ b/topics/systems/fire-up-genenetwork-system-container.gmi @@ -163,6 +163,15 @@ PONG Try also INFO memory and the size should be in GBs. +Note I got a `Failed opening the temp RDB file temp error` on the host redis. This turned out to be a systemd setting + +``` +[system] +ReadWritePaths=-/export2/redis + # recommended that you remove/comment this line: +ReadWriteDirectories=-/etc/redis +``` + ## Xapian index Search in GN3 uses xapian. To update the index there is a script in genenetwork3/scripts/index-genenetwork. @@ -179,8 +188,63 @@ and then move the .glass files from new into its parent. This is a directory containing bimbam files etc. +## Mapping nginx on host + +The host needs to be told that certain connections get mapped to the system container. On tux02 we have, for example + +``` +server { + server_name test1.genenetwork.org test1-auth.genenetwork.org; + listen 80; + location / { + proxy_pass http://localhost:8890; + proxy_set_header Host $host; + } +} +``` + +which maps two outside addresses into the container nginx setup. Note that the domains are handled inside the system container. + +Meanwhile nginx.conf on the host contains + +``` + # We forward several HTTPS connections into various Guix containers. + # We do not decrypt the traffic. TLS termination, certificates, + # etc. reside purely inside the Guix containers. +stream { + upstream genenetwork { + server 127.0.0.1:8891; + } + upstream host-https { + server 127.0.0.1:8443; + } + + map $ssl_preread_server_name $upstream { + test1.genenetwork.org genenetwork; + test1-auth.genenetwork.org genenetwork; + default host-https; + } + + server { + listen 443; + proxy_pass $upstream; + ssl_preread on; + } +} +``` + +So, the first forwards port 80 and the second 443. Certificates are (automagically) handled inside the system container (see acme above). + +In our case the ports are 8890 (http) and 8891 (https), reflected in fallback.scm. + # Troubleshooting ## Where are the logs? Inside the container you'll find the error logs in /var/log. + +## Debugging and developing code + +see + +=> debug-and-developing-code-with-genenetwork-system-container -- cgit v1.2.3