Mercurial > hg > soundsoftware-site

changeset 1570:ae2f71010562 dockerise

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More poking around with Docker
author Chris Cannam
date Thu, 03 Aug 2017 13:42:55 +0100
parents 26a4f99ec679
children 4c2b25b7e85f
files extra/soundsoftware/dockertest/Dockerfile extra/soundsoftware/dockertest/code.conf extra/soundsoftware/dockertest/database.yml
diffstat 3 files changed, 180 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/extra/soundsoftware/dockertest/Dockerfile	Wed Aug 02 18:59:22 2017 +0100
+++ b/extra/soundsoftware/dockertest/Dockerfile	Thu Aug 03 13:42:55 2017 +0100
@@ -1,37 +1,93 @@
+
+# For documentation and experimental purposes only. As a
+# reconstruction of the machine image that runs this application,
+# there are lots of things missing here; meanwhile as a good Docker
+# configuration, it fails in mixing together rather a lot of concerns.
+
 FROM ubuntu:16.04
 MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
+
 RUN apt-get update && \
     apt-get install -y \
+    apache2 \
+    apache2-dev \
+    apt-utils \
     build-essential \
-    git mercurial \
-    curl wget rsync libcurl4-openssl-dev \
-    logrotate cron \
-    apache2 apache2-dev libapr1-dev libaprutil1-dev \
-    ruby ruby-dev \
-    postgresql libpq-dev \
+    cron \
+    curl \
+    doxygen \
+    exim4 \
+    git \
+    graphviz \
+    imagemagick \
+    libapache-dbi-perl \
+    libapache2-mod-perl2 \
+    libapr1-dev \
+    libaprutil1-dev \
+    libauthen-simple-ldap-perl \
+    libcurl4-openssl-dev \
+    libdbd-pg-perl \
+    libpq-dev \
+    libmagickwand-dev \
+    libio-socket-ssl-perl \
+    logrotate \
+    mercurial \
     openjdk-9-jdk-headless \
-    libapache2-mod-perl2 \
-    imagemagick libmagickwand-dev graphviz \
-    doxygen \
-    exim4
+    postgresql \
+    rsync \
+    ruby \
+    ruby-dev \
+    sudo \
+    supervisor
+
+
+# Passenger gets installed through gem, not apt
+
+RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri
+RUN passenger-install-apache2-module --languages=ruby
+
+
+# Copy across webapp, set up ownership
+
+COPY . /var/www/code
+
 RUN groupadd code
 RUN useradd -g code -G www-data code
-RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri
-RUN passenger-install-apache2-module --languages=ruby
-COPY . /var/www/code
 RUN chown -R code.www-data /var/www/code
-RUN find /var/www/code -type d -exec chmod g+x \{\} \;
+RUN find /var/www/code -type d -exec chmod g+s \{\} \;
+
+
+# We're based in the code webapp directory from here on
+
 WORKDIR /var/www/code
-RUN echo \
-'production:\n\
-  adapter: postgresql\n\
-  database: code\n\
-  host: localhost\n\
-  username: code\n\
-  password: "example"\n' | sed 's/\\n/\n/g' > config/database.yml
+
+
+# Set up Apache config and webapp database config (todo: insert variables)
+
+RUN cp extra/soundsoftware/dockertest/code.conf /etc/apache2/sites-available/
+RUN cp extra/soundsoftware/dockertest/database.yml config/database.yml
+
+
+# Install Rails dependencies (database.yml must be populated before this)
+
 RUN gem install bundler
 RUN bundle install
-RUN ps auxw|grep postgres
-RUN apt-get install sudo
+
+
+# Import Postgres database from postgres-dumpall file
+
 RUN chown postgres postgres-dumpall
-RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres
+RUN /etc/init.d/postgresql start && \
+  sudo -u postgres psql -f postgres-dumpall postgres
+
+
+# Install Perl auth module for Hg access
+
+RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/
+RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
+
+
+# Enable site for Apache
+
+RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
+RUN apache2ctl configtest
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extra/soundsoftware/dockertest/code.conf	Thu Aug 03 13:42:55 2017 +0100
@@ -0,0 +1,93 @@
+
+# A test Apache config. Lacks SSL, lacks a desirable extra layer of
+# authentication for admin interface paths. Do not deploy this.
+
+PerlLoadModule Apache::Authn::SoundSoftware
+
+<VirtualHost *:80>
+        ServerName code.soundsoftware.ac.uk
+        ServerAdmin chris.cannam@soundsoftware.ac.uk
+
+        DocumentRoot /var/www/code/public
+        PassengerRestartDir restart_files
+        PassengerHighPerformance on
+        PassengerMaxRequests 50000
+        PassengerStatThrottleRate 5
+	PassengerStartTimeout 60
+	PassengerFriendlyErrorPages off
+        RailsSpawnMethod smart
+        ExpiresDefault "access plus 1 minute"
+
+        <DirectoryMatch "^/.*/\.svn/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <DirectoryMatch "^/.*/\.hg/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <DirectoryMatch "^/.*/\.git/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <Directory /var/www/code/public>
+                Options -MultiViews
+	</Directory>
+
+        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
+		# Avoid other sites embedding our fonts
+		RewriteEngine on
+		RewriteCond %{HTTP_REFERER} !^$
+		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
+		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
+	</Directory>
+
+	ScriptAlias /hg "/var/hg/index.cgi"
+
+	<Location /hg>
+               	AuthName "Mercurial"
+                AuthType Basic
+                Require valid-user
+		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
+      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
+		PerlSetVar HTTPS "on"
+		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
+    		SoundSoftwareDbUser "code"
+     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"
+		SoundSoftwareRepoPrefix "/var/hg/"
+		SoundSoftwareSslRequired "on"
+		Options +ExecCGI
+		AddHandler cgi-script .cgi
+		ExpiresDefault now
+        </Location>
+
+	Alias /git "/var/files/git-mirror"	
+
+	<Directory "/var/files/git-mirror">
+		Options -Indexes +FollowSymLinks
+                Order allow,deny
+                Allow from all
+	</Directory>
+	<Directory ~ "/var/files/git-mirror/.*\.workdir">
+		Order allow,deny
+		Deny from all
+	</Directory>
+	<Directory ~ "/var/files/git-mirror/__.*">
+                Order allow,deny
+                Deny from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/code-error.log
+	CustomLog /var/log/apache2/code-access.log vhost_combined
+
+        LogLevel warn
+        ServerSignature Off
+        
+</VirtualHost>
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/extra/soundsoftware/dockertest/database.yml	Thu Aug 03 13:42:55 2017 +0100
@@ -0,0 +1,7 @@
+production:
+  adapter: postgresql
+  database: code
+  host: localhost
+  username: code
+  password: "INSERT_POSTGRES_PASSWORD_HERE"
+