SoundSoftware Code Site

# For documentation and experimental purposes only. As a

# reconstruction of the machine image that runs this application,

# there are lots of things missing here; but as a good Docker

# configuration, it fails by mixing together rather a lot of concerns.

FROM ubuntu:16.04

MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>

RUN apt-get update && \

    apt-get install -y \

    apache2 \

    apache2-dev \

    apt-utils \

    build-essential \

    cron \

    curl \

    doxygen \

    exim4 \

    git \

    graphviz \

    imagemagick \

    libapache-dbi-perl \

    libapache2-mod-perl2 \

    libapr1-dev \

    libaprutil1-dev \

    libauthen-simple-ldap-perl \

    libcurl4-openssl-dev \

    libdbd-pg-perl \

    libpq-dev \

    libmagickwand-dev \

    libio-socket-ssl-perl \

    logrotate \

    mercurial \

    postgresql \

    rsync \

    ruby \

    ruby-dev \

    sudo

# Also used on the live site, for javadoc extraction, but this is

# would be by far the biggest package here: let's omit it while we're

# not making use of it

#   openjdk-9-jdk-headless

RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Passenger gets installed through gem, not apt

RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri

RUN passenger-install-apache2-module --languages=ruby

# Copy across webapp, set up ownership

COPY . /var/www/code

RUN groupadd code

RUN useradd -g code -G www-data code

RUN chown -R code.www-data /var/www/code

RUN find /var/www/code -type d -exec chmod g+s \{\} \;

# We're based in the code webapp directory from here on

WORKDIR /var/www/code

# Set up database config etc

RUN cp extra/soundsoftware/dockertest/database.yml.interpolated config/database.yml

# Install Rails and dependencies (database.yml must be populated before this)

RUN gem install bundler

RUN bundle install

# Initialise Redmine token (bundler must be installed before this)

RUN bundle exec rake generate_secret_token

# Import Postgres database from postgres-dumpall file

RUN chown postgres postgres-dumpall

RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres

# Install Perl auth module for Hg access

RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/

RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/

# Set up Apache config (todo: insert variables)

RUN rm -f /etc/apache2/sites-enabled/000-default.conf

RUN cp extra/soundsoftware/dockertest/passenger.conf /etc/apache2/mods-available/

RUN cp extra/soundsoftware/dockertest/passenger.load /etc/apache2/mods-available/

RUN cp extra/soundsoftware/dockertest/perl.conf      /etc/apache2/mods-available/

RUN ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/

RUN cp extra/soundsoftware/dockertest/code.conf.interpolated /etc/apache2/sites-available/code.conf

RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf

RUN apache2ctl configtest

# Start Postgres and foregrounded Apache

RUN echo "#!/bin/bash"                      > container-run.sh

RUN echo "/etc/init.d/postgresql start"    >> container-run.sh

RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh

RUN chmod +x container-run.sh

EXPOSE 80

CMD ./container-run.sh

# A test Apache config. Lacks SSL, lacks a desirable extra layer of

# authentication for admin interface paths. Do not deploy this.

PerlLoadModule Apache::Authn::SoundSoftware

<VirtualHost *:80>

        ServerName code.soundsoftware.ac.uk

        ServerAdmin chris.cannam@soundsoftware.ac.uk

        DocumentRoot /var/www/code/public

        PassengerRestartDir restart_files

        PassengerHighPerformance on

        PassengerMaxRequests 50000

        PassengerStatThrottleRate 5

	PassengerStartTimeout 60

	PassengerFriendlyErrorPages on

        RailsSpawnMethod smart

        ExpiresDefault "access plus 1 minute"

        <DirectoryMatch "^/.*/\.svn/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.hg/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.git/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <Directory /var/www/code/public>

                Options -MultiViews

	</Directory>

        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>

		# Avoid other sites embedding our fonts

		RewriteEngine on

		RewriteCond %{HTTP_REFERER} !^$

		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]

		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]

	</Directory>

	ScriptAlias /hg "/var/hg/index.cgi"

	<Location /hg>

               	AuthName "Mercurial"

                AuthType Basic

                Require valid-user

		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler

      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler

		PerlSetVar HTTPS "on"

		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"

    		SoundSoftwareDbUser "code"

     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"

		SoundSoftwareRepoPrefix "/var/hg/"

		SoundSoftwareSslRequired "on"

		Options +ExecCGI

		AddHandler cgi-script .cgi

		ExpiresDefault now

        </Location>

	Alias /git "/var/files/git-mirror"

	<Directory "/var/files/git-mirror">

		Options -Indexes +FollowSymLinks

                Order allow,deny

                Allow from all

	</Directory>

	<Directory ~ "/var/files/git-mirror/.*\.workdir">

		Order allow,deny

		Deny from all

	</Directory>

	<Directory ~ "/var/files/git-mirror/__.*">

                Order allow,deny

                Deny from all

	</Directory>

	ErrorLog /var/log/apache2/code-error.log

	CustomLog /var/log/apache2/code-access.log vhost_combined

        LogLevel warn

        ServerSignature Off

</VirtualHost>

production:

  adapter: postgresql

  database: code

  host: localhost

  username: code

  password: "INSERT_POSTGRES_PASSWORD_HERE"

PassengerMaxPoolSize 60

LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so

PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60

PassengerDefaultRuby /usr/bin/ruby2.3

# Apache::DBI is supposed to be a transparent replacement for Perl DBI with

# better performance when multiple connections are made with common DSN, user

# and password

PerlModule Apache::DBI

#!/bin/bash

dbpwd="$1"

if [ -z "$dbpwd" ]; then

    echo "Usage: $0 <database-password>" 1>&2

    exit 2

fi

set -eu

dockerdir=./extra/soundsoftware/dockertest

if [ ! -d "$dockerdir" ]; then

    echo "Run this script from the root of a working copy of soundsoftware-site"

    exit 2

fi

for f in database.yml code.conf ; do

    cat "$dockerdir/$f" |

        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \

            "$dockerdir/$f.interpolated"

done

dockertag="cannam/soundsoftware-site"

sudo docker build -t "$dockertag" -f "$dockerdir/Dockerfile" .

sudo docker run -p 8080:80 -d "$dockertag"