SoundSoftware Code Site

# For documentation and experimental purposes only. As a

# reconstruction of the machine image that runs this application,

# there are lots of things missing here; meanwhile as a good Docker

# configuration, it fails in mixing together rather a lot of concerns.

FROM ubuntu:16.04

MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>

RUN apt-get update && \

    apt-get install -y \

    apache2 \

    apache2-dev \

    apt-utils \

    build-essential \

    cron \

    curl \

    doxygen \

    exim4 \

    git \

    graphviz \

    imagemagick \

    libapache-dbi-perl \

    libapache2-mod-perl2 \

    libapr1-dev \

    libaprutil1-dev \

    libauthen-simple-ldap-perl \

    libcurl4-openssl-dev \

    libdbd-pg-perl \

    libpq-dev \

    libmagickwand-dev \

    libio-socket-ssl-perl \

    logrotate \

    mercurial \

    openjdk-9-jdk-headless \

    postgresql \

    rsync \

    ruby \

    ruby-dev \

    sudo \

    supervisor

# Passenger gets installed through gem, not apt

RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri

RUN passenger-install-apache2-module --languages=ruby

# Copy across webapp, set up ownership

COPY . /var/www/code

RUN groupadd code

RUN useradd -g code -G www-data code

RUN chown -R code.www-data /var/www/code

RUN find /var/www/code -type d -exec chmod g+s \{\} \;

# We're based in the code webapp directory from here on

WORKDIR /var/www/code

# Set up Apache config and webapp database config (todo: insert variables)

RUN cp extra/soundsoftware/dockertest/code.conf /etc/apache2/sites-available/

RUN cp extra/soundsoftware/dockertest/database.yml config/database.yml

# Install Rails dependencies (database.yml must be populated before this)

RUN gem install bundler

RUN bundle install

# Import Postgres database from postgres-dumpall file

RUN chown postgres postgres-dumpall

RUN /etc/init.d/postgresql start && \

  sudo -u postgres psql -f postgres-dumpall postgres

# Install Perl auth module for Hg access

RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/

RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/

# Enable site for Apache

RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf

RUN apache2ctl configtest

# A test Apache config. Lacks SSL, lacks a desirable extra layer of

# authentication for admin interface paths. Do not deploy this.

PerlLoadModule Apache::Authn::SoundSoftware

<VirtualHost *:80>

        ServerName code.soundsoftware.ac.uk

        ServerAdmin chris.cannam@soundsoftware.ac.uk

        DocumentRoot /var/www/code/public

        PassengerRestartDir restart_files

        PassengerHighPerformance on

        PassengerMaxRequests 50000

        PassengerStatThrottleRate 5

	PassengerStartTimeout 60

	PassengerFriendlyErrorPages off

        RailsSpawnMethod smart

        ExpiresDefault "access plus 1 minute"

        <DirectoryMatch "^/.*/\.svn/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.hg/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.git/">

                Order allow,deny

                Deny from all

                Satisfy All

        </DirectoryMatch>

        <Directory /var/www/code/public>

                Options -MultiViews

	</Directory>

        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>

		# Avoid other sites embedding our fonts

		RewriteEngine on

		RewriteCond %{HTTP_REFERER} !^$

		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]

		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]

	</Directory>

	ScriptAlias /hg "/var/hg/index.cgi"

	<Location /hg>

               	AuthName "Mercurial"

                AuthType Basic

                Require valid-user

		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler

      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler

		PerlSetVar HTTPS "on"

		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"

    		SoundSoftwareDbUser "code"

     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"

		SoundSoftwareRepoPrefix "/var/hg/"

		SoundSoftwareSslRequired "on"

		Options +ExecCGI

		AddHandler cgi-script .cgi

		ExpiresDefault now

        </Location>

	Alias /git "/var/files/git-mirror"

	<Directory "/var/files/git-mirror">

		Options -Indexes +FollowSymLinks

                Order allow,deny

                Allow from all

	</Directory>

	<Directory ~ "/var/files/git-mirror/.*\.workdir">

		Order allow,deny

		Deny from all

	</Directory>

	<Directory ~ "/var/files/git-mirror/__.*">

                Order allow,deny

                Deny from all

	</Directory>

	ErrorLog /var/log/apache2/code-error.log

	CustomLog /var/log/apache2/code-access.log vhost_combined

        LogLevel warn

        ServerSignature Off

</VirtualHost>

production:

  adapter: postgresql

  database: code

  host: localhost

  username: code

  password: "INSERT_POSTGRES_PASSWORD_HERE"

#!/bin/bash

set -eu

dockerdir=./extra/soundsoftware/dockertest

if [ ! -d "$dockerdir" ]; then

    echo "Run this script from the root of a working copy of soundsoftware-site"

    exit 2

fi

dockertag="cannam/soundsoftware-site"

sudo docker build -t "$dockertag" -f "$dockerdir/Dockerfile" .