Upgrade OpenDataKit Aggregate to 2.0 + switch to Tomcat 8.5

This commit is contained in:
Disassembler 2019-03-01 12:23:22 +01:00
parent 3e51996286
commit 4f81baf02f
No known key found for this signature in database
GPG Key ID: 524BD33A0EE29499
4 changed files with 46 additions and 64 deletions

View File

@ -1,45 +1,10 @@
# Either basic or digest security.server.deviceAuthentication=digest
security.server.deviceAuthentication=basic
# Choose whether to secure everything with https or allow http access.
#
# NOTE: changes also needed to:
# -- server.xml (Tomcat configuration file) to set up the secure channel
#
# issue 648 - REQUIRES_INSECURE_CHANNEL is now the default instead of ANY_CHANNEL
# there are various edge cases that have not been tested in the UI for
# allowing arbitrary accesses, as the session cookie and authentication
# do get set for a specific http: or https: scheme and are not transferrable.
#
# should be REQUIRES_SECURE_CHANNEL but can't unless SSL is available.
security.server.secureChannelType=REQUIRES_SECURE_CHANNEL security.server.secureChannelType=REQUIRES_SECURE_CHANNEL
# either REQUIRES_INSECURE_CHANNEL to secure nothing
# or REQUIRES_SECURE_CHANNEL to secure everything
# or perhaps ANY_CHANNEL when running through a proxy server
security.server.channelType=ANY_CHANNEL security.server.channelType=ANY_CHANNEL
security.server.forceHttpsLinks=false
# When running under Tomcat, you need to set the hostname and port for
# the server so that the background tasks can generate properly-constructed
# links in their documents and in their publications to the
# external services.
#
# This is configured during install. If blank, discovers an IP address
security.server.hostname= security.server.hostname=
security.server.port=80 security.server.port=80
security.server.securePort=443 security.server.securePort=443
wink.handlersFactoryClass=org.opendatakit.aggregate.odktables.impl.api.wink.AppEngineHandlersFactory
# e-mail of designated superuser. This must be a user that has an OAuth2
# login hosted by a remote server (i.e., this must be a gmail account).
# this should be of the form: 'mailto:user@gmail.com'
security.server.superUser=
# Define a superUserUsername to insert an OPENDATAKIT Aggregate username that can
# access the server. The initial password for this username is 'aggregate'
security.server.superUserUsername=${OPENDATAKIT_ADMIN_USER} security.server.superUserUsername=${OPENDATAKIT_ADMIN_USER}
# realm definition
# realmString -- what should be sent to users when BasicAuth or DigestAuth is done
security.server.realm.realmString=${OPENDATAKIT_ADMIN_REALM} security.server.realm.realmString=${OPENDATAKIT_ADMIN_REALM}
security.server.checkHostnames=false

View File

@ -1,4 +1,4 @@
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
Licensed to the Apache Software Foundation (ASF) under one or more Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with contributor license agreements. See the NOTICE file distributed with
@ -61,7 +61,7 @@
<!-- A "Connector" represents an endpoint by which requests are received <!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at : and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
@ -80,14 +80,39 @@
redirectPort="8443" /> redirectPort="8443" />
--> -->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE This connector uses the NIO implementation. The default
style configuration. When using the APR/native implementation, the SSLImplementation will depend on the presence of the APR/native
OpenSSL style configuration is required as described in the APR/native library and the useOpenSSL attribute of the
documentation --> AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!-- <!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true" maxThreads="150" SSLEnabled="true">
clientAuth="false" sslProtocol="TLS" /> <SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
--> -->
<!-- Define an AJP 1.3 Connector on port 8009 --> <!-- Define an AJP 1.3 Connector on port 8009 -->

View File

@ -1,25 +1,18 @@
IMAGE opendatakit IMAGE opendatakit
LAYER shared/alpine3.9 LAYER shared/alpine3.9
LAYER shared/alpine3.9-java8 LAYER shared/alpine3.9-java8
LAYER shared/alpine3.9-tomcat8 LAYER shared/alpine3.9-tomcat8.5
LAYER opendatakit/opendatakit LAYER opendatakit/opendatakit
RUN EOF RUN EOF
# Install build dependencies # Download OpenDataKit
apk --no-cache add --virtual .deps git git-lfs openjdk8 wget https://github.com/opendatakit/aggregate/releases/download/v2.0.0/ODK-Aggregate-v2.0.0.war -O /tmp/odk.war
# Clone ODK aggregate
git clone --depth 1000 https://github.com/opendatakit/aggregate.git /srv/opendatakit
git -C /srv/opendatakit checkout c285f1c
# Compile Java web archive
cd /srv/opendatakit
cp gradle.properties.example gradle.properties
./gradlew war
# Deploy web archive
mkdir /srv/tomcat/webapps/ROOT mkdir /srv/tomcat/webapps/ROOT
unzip build/libs/aggregate-*.war -d /srv/tomcat/webapps/ROOT unzip /tmp/odk.war -d /srv/tomcat/webapps/ROOT
# Update Postgres JDBC driver
rm /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.1.4.jre7.jar
wget https://jdbc.postgresql.org/download/postgresql-42.2.5.jar -O /srv/tomcat/webapps/ROOT/WEB-INF/lib/postgresql-42.2.5.jar
# Create OS user # Create OS user
addgroup -S -g 8015 odk addgroup -S -g 8015 odk
@ -27,8 +20,7 @@ RUN EOF
chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work chown -R odk:odk /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work
# Cleanup # Cleanup
apk --no-cache del .deps rm /tmp/odk.war
rm -rf /root/.gradle /root/.java /srv/opendatakit
EOF EOF
MOUNT FILE /srv/opendatakit/conf/server.xml srv/tomcat/conf/server.xml MOUNT FILE /srv/opendatakit/conf/server.xml srv/tomcat/conf/server.xml

View File

@ -6,5 +6,5 @@
"version": "0.0.1", "version": "0.0.1",
"release": "0", "release": "0",
"license": "GPL", "license": "GPL",
"depends": ["alpine3.9-tomcat8", "postgres"] "depends": ["alpine3.9-tomcat8.5", "postgres"]
} }