Commit 0be2638c authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

ready for testing

parent 519103f0
...@@ -9,20 +9,18 @@ RUN apt-get update && apt-get install -y \ ...@@ -9,20 +9,18 @@ RUN apt-get update && apt-get install -y \
git \ git \
git-core \ git-core \
--no-install-recommends && rm -rf /var/lib/apt/lists/* --no-install-recommends && rm -rf /var/lib/apt/lists/*
# get and install schleuder-conf
RUN git clone https://git.codecoop.org/schleuder/schleuder-conf.git /opt/schleuder-conf && \
cd /opt/schleuder-conf && \
bundle install --without development
RUN git clone https://git.codecoop.org/schleuder/webschleuder3.git /opt/webschleuder3 && \ RUN git clone https://git.codecoop.org/schleuder/webschleuder3.git /opt/webschleuder3 && \
cd /opt/schleuder-conf && \
cd /opt/webschleuder3 && \ cd /opt/webschleuder3 && \
bin/setup bin/setup
# && cp -R /webschleuder/config /webschleuder/config.tmpl
# remove the default config files
RUN rm /opt/webschleuder3/config/webschleuder.yml /opt/webschleuder3/config/secrets.yml /opt/webschleuder3/config/database.yml
COPY webschleuder.yml /opt/webschleuder3/config/webschleuder.yml COPY entrypoint.sh /sbin/entrypoint.sh
RUN chmod a+x /sbin/entrypoint.sh
WORKDIR /opt/webschleuder3 WORKDIR /opt/webschleuder3
EXPOSE 3000 EXPOSE 3000
CMD export SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )" && bundle exec rake db:setup RAILS_ENV=production && bundle exec rails server -b 0.0.0.0 -e production ENTRYPOINT ["/sbin/entrypoint.sh"]
\ No newline at end of file CMD ["bundle", "exec", "rails", "server", "-b", "$$WEBSCHLOCKER_BIND_ADDRESS", "-p", "$$WEBSCHLOCKER_BIND_PORT", "-e", "production"]
\ No newline at end of file
...@@ -21,6 +21,11 @@ This image requires a `schleuderd` running somewhere and accessible via `TCP/IP` ...@@ -21,6 +21,11 @@ This image requires a `schleuderd` running somewhere and accessible via `TCP/IP`
The hostname `webschleuder3` will run under, used among others in confirmation links sent to users. The hostname `webschleuder3` will run under, used among others in confirmation links sent to users.
- `WEBSCHLOCKER_BIND_ADDRESS` (default: `0.0.0.0`)
- `WEBSCHLOCKER_BIND_PORT` (default: `3000`)
Hostname (or IP address) and port to bind to.
- `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` (default: `http://localhost:4567/`) - `WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI` (default: `http://localhost:4567/`)
URI the `schleuderd` daemon can be reached at. URI the `schleuderd` daemon can be reached at.
...@@ -46,6 +51,39 @@ SMTP server address and port to be used when `WEBSCHLOCKER_CONFIG_DELIVERY_METHO ...@@ -46,6 +51,39 @@ SMTP server address and port to be used when `WEBSCHLOCKER_CONFIG_DELIVERY_METHO
How should the server cert be verified, if at all, when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. Currently not used at all. How should the server cert be verified, if at all, when `WEBSCHLOCKER_CONFIG_DELIVERY_METHOD` is set to `smtp`. Currently not used at all.
- `WEBSCHLOCKER_SECRET_KEY_BASE` (default: generated random string)
Secret used to verify encrypted cookies; can be changed at any time (change causes cookies to become invalid; users are then required to re-login).
### Database settings
Separate databases are used by `schleuder3` and `webschleuder3`; these settings should thus be different from the ones used for [`schlocker3`](https://git.occrp.org/libre/schlocker3/).
- `WEBSCHLOCKER_DB_ADAPTER` (default: `sqlite3`)
Database adapter.
- `WEBSCHLOCKER_DB_DATABASE` (default: `/var/webschleuder/db.sqlite`)
Database name (or database file path when using `sqlite3` adapter).
- `WEBSCHLOCKER_DB_ENCODING`
Database encoding (not used for `sqlite3`).
- `WEBSCHLOCKER_DB_USERNAME`
Database user (not used for `sqlite3`).
- `WEBSCHLOCKER_DB_PASSWORD`
Database user password (not used for `sqlite3`).
- `WEBSCHLOCKER_DB_HOST`
Database host (not used for `sqlite3`).
## TODO ## TODO
- handle more [`ActionMailer` config options](http://api.rubyonrails.org/classes/ActionMailer/Base.html) - handle more [`ActionMailer` config options](http://api.rubyonrails.org/classes/ActionMailer/Base.html)
\ No newline at end of file
...@@ -17,6 +17,10 @@ function abort { ...@@ -17,6 +17,10 @@ function abort {
[ -z ${WEBSCHLOCKER_USER+x} ] && WEBSCHLOCKER_USER="webschlocker" [ -z ${WEBSCHLOCKER_USER+x} ] && WEBSCHLOCKER_USER="webschlocker"
[ -z ${WEBSCHLOCKER_GROUP+x} ] && WEBSCHLOCKER_GROUP="webschlocker" [ -z ${WEBSCHLOCKER_GROUP+x} ] && WEBSCHLOCKER_GROUP="webschlocker"
# bind IP and port
[ -z ${WEBSCHLOCKER_BIND_ADDRESS+x} ] && WEBSCHLOCKER_BIND_ADDRESS="0.0.0.0"
[ -z ${WEBSCHLOCKER_BIND_PORT+x} ] && WEBSCHLOCKER_BIND_PORT="3000"
# webschleuder config # webschleuder config
[ -z ${WEBSCHLOCKER_CONFIG_HOSTNAME+x} ] && WEBSCHLOCKER_CONFIG_HOSTNAME=$( hostname ) [ -z ${WEBSCHLOCKER_CONFIG_HOSTNAME+x} ] && WEBSCHLOCKER_CONFIG_HOSTNAME=$( hostname )
[ -z ${WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI+x} ] && WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI="http://localhost:4567/" [ -z ${WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI+x} ] && WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI="http://localhost:4567/"
...@@ -27,14 +31,28 @@ function abort { ...@@ -27,14 +31,28 @@ function abort {
[ -z ${WEBSCHLOCKER_CONFIG_SMTP_PORT+x} ] && WEBSCHLOCKER_CONFIG_SMTP_PORT="25" [ -z ${WEBSCHLOCKER_CONFIG_SMTP_PORT+x} ] && WEBSCHLOCKER_CONFIG_SMTP_PORT="25"
[ -z ${WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE+x} ] && WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE="none" [ -z ${WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE+x} ] && WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE="none"
# db settings
[ -z ${WEBSCHLOCKER_DB_ADAPTER+x} ] && WEBSCHLOCKER_DB_ADAPTER="sqlite3"
[ -z ${WEBSCHLOCKER_DB_DATABASE+x} ] && WEBSCHLOCKER_DB_DATABASE="/var/webschleuder/db.sqlite3"
# these are unused by default, only useful with mysql/postgresql/etc
[ -z ${WEBSCHLOCKER_DB_ENCODING+x} ] && WEBSCHLOCKER_DB_ENCODING=""
[ -z ${WEBSCHLOCKER_DB_USERNAME+x} ] && WEBSCHLOCKER_DB_USERNAME=""
[ -z ${WEBSCHLOCKER_DB_PASSWORD+x} ] && WEBSCHLOCKER_DB_PASSWORD=""
[ -z ${WEBSCHLOCKER_DB_HOST+x} ] && WEBSCHLOCKER_DB_HOST=""
# secret key base # secret key base
[ -z ${WEBSCHLOCKER_SECRET_KEY_BASE+x} ] && WEBSCHLOCKER_SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )" [ -z ${WEBSCHLOCKER_SECRET_KEY_BASE+x} ] && WEBSCHLOCKER_SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )"
# only internal use for the time being
WEBSCHLOCKER_CONFIG_DIR="/opt/webschlocker3/config/"
# #
# inform # inform
echo "+-- working with:" echo "+-- working with:"
echo " +-- WEBSCHLOCKER_USER : $WEBSCHLOCKER_USER" echo " +-- WEBSCHLOCKER_USER : $WEBSCHLOCKER_USER"
echo " +-- WEBSCHLOCKER_GROUP : $WEBSCHLOCKER_GROUP" echo " +-- WEBSCHLOCKER_GROUP : $WEBSCHLOCKER_GROUP"
echo " +-- WEBSCHLOCKER_BIND_ADDRESS : $WEBSCHLOCKER_BIND_ADDRESS"
echo " +-- WEBSCHLOCKER_BIND_PORT : $WEBSCHLOCKER_BIND_PORT"
# #
# root is not what we want as the user to run as # root is not what we want as the user to run as
...@@ -118,10 +136,16 @@ fi ...@@ -118,10 +136,16 @@ fi
# config # config
# #
# hopefully the unneeded settings will be ignored ;) #
# For delivery_method, sendmail_settings and smtp_settings see # create the webschlocker config file, if it doesn't exist
# <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>. # see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/webschleuder.yml
WEBSCHLOCKER_CONFIG=" if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml" ]; then
echo "+-- no config file found in '$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml', creating one..."
# hopefully the unneeded settings will be ignored ;)
# For delivery_method, sendmail_settings and smtp_settings see
# <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>.
WEBSCHLOCKER_CONFIG="
production: production:
web_hostname: $WEBSCHLOCKER_CONFIG_HOSTNAME web_hostname: $WEBSCHLOCKER_CONFIG_HOSTNAME
schleuderd_uri: $WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI schleuderd_uri: $WEBSCHLOCKER_CONFIG_SCHLEUDERD_URI
...@@ -134,7 +158,58 @@ production: ...@@ -134,7 +158,58 @@ production:
port: $WEBSCHLOCKER_CONFIG_SMTP_PORT port: $WEBSCHLOCKER_CONFIG_SMTP_PORT
#openssl_verify_mode: $WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE #openssl_verify_mode: $WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE
" "
echo -e "$WEBSCHLOCKER_CONFIG" > "$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml"
else
echo "+-- config file found in '$WEBSCHLOCKER_CONFIG_DIR/webschleuder.yml', ignoring \$WEBSCHLOCKER_CONFIG_* envvars"
fi
#
# create the database config file, if it doesn't exist
# see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/database.yml
if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/database.yml" ]; then
echo "+-- no database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', creating one..."
# let's hope the unneeded settings get ignored
WEBSCHLOCKER_DATABASE="
production:
pool: 5
timeout: 5000
adapter: $WEBSCHLOCKER_DB_ADAPTER
database: $WEBSCHLOCKER_DB_DATABASE
encoding: $WEBSCHLOCKER_DB_ENCODING
username: $WEBSCHLOCKER_DB_USERNAME
password: $WEBSCHLOCKER_DB_PASSWORD
host: $WEBSCHLOCKER_DB_HOST
"
echo -e "$WEBSCHLOCKER_DATABASE" > "$WEBSCHLOCKER_CONFIG_DIR/database.yml"
# when using sqlite, let's make sure the database directory is accessible/writable for the user
if [ $WEBSCHLOCKER_DB_ADAPTER == 'sqlite3' ]; then
chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$( basename "$WEBSCHLOCKER_DB_DATABASE" )"
fi
else
echo "+-- database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', ignoring \$WEBSCHLOCKER_DB_* envvars"
fi
#
# secrets file
# see: https://git.codecoop.org/schleuder/webschleuder3/blob/master/config/secrets.yml
if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml" ]; then
echo "+-- no secrets file found in $WEBSCHLOCKER_CONFIG_DIR/secrets.yml, creating one..."
WESCHLOCKER_SECRETS="
production:
secret_key_base: $WEBSCHLOCKER_SECRET_KEY_BASE
"
echo -e "$WEBSCHLOCKER_SECRETS" > "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml"
else
echo "+-- secrets file found in '$WEBSCHLOCKER_CONFIG_DIR/secrets.yml', ignoring \$WEBSCHLOCKER_SECRET_KEY_BASE* envvar"
fi
# prep the database (as the correct user)
exec su -p -c "env PATH=\"$PATH\" bundle exec rake db:setup RAILS_ENV=production" "$WEBSCHLOCKER_USER"
bundle exec rake db:setup RAILS_ENV=production echo "+-- executing:"
exec bundle exec rails server -b 0.0.0.0 -e production echo " $*"
\ No newline at end of file exec su -p -c "env PATH=\"$PATH\" $*" "$WEBSCHLOCKER_USER"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment