Alpinize + Dockerize Sigmah
This commit is contained in:
parent
29b7e6a7a8
commit
f3ed426201
59
sigmah.sh
59
sigmah.sh
@ -1,36 +1,23 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
|
|
||||||
SOURCE_DIR=$(realpath $(dirname "${0}"))/sigmah
|
SOURCE_DIR=$(realpath $(dirname "${0}"))/sigmah
|
||||||
|
|
||||||
# Check prerequisites
|
# Check prerequisites
|
||||||
docker image ls | grep -q postgres || $(realpath $(dirname "${0}"))/postgres.sh
|
docker image ls | grep -q postgres || $(realpath $(dirname "${0}"))/postgres.sh
|
||||||
|
|
||||||
# Install dependencies
|
# Build Docker container
|
||||||
apt-get -y --no-install-recommends install python-bcrypt
|
docker build -t sigmah ${SOURCE_DIR}
|
||||||
|
|
||||||
# Download Sigmah
|
|
||||||
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war
|
|
||||||
unzip /tmp/sigmah.war -d /srv/sigmah
|
|
||||||
rm -f /tmp/sigmah.war
|
|
||||||
|
|
||||||
# Update Postgres JDBC driver
|
|
||||||
rm -f /srv/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar
|
|
||||||
wget https://jdbc.postgresql.org/download/postgresql-42.1.4.jar -O /srv/sigmah/WEB-INF/lib/postgresql-42.1.4.jar
|
|
||||||
|
|
||||||
# Create database
|
# Create database
|
||||||
export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64)
|
export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64)
|
||||||
envsubst <${SOURCE_DIR}/tmp/sigmah-createdb.sql >/tmp/sigmah-createdb.sql
|
envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
|
||||||
sudo -u postgres psql -f /tmp/sigmah-createdb.sql
|
|
||||||
rm -f /tmp/sigmah-createdb.sql
|
|
||||||
|
|
||||||
# Configure Sigmah
|
# Configure Sigmah
|
||||||
mkdir -p /srv/sigmah/{files,archives}
|
mkdir -p /srv/sigmah/conf /srv/sigmah/data/files /srv/sigmah/data/archives
|
||||||
chown -R tomcat8:tomcat8 /srv/sigmah
|
chown -R 8015:8015 /srv/sigmah/data
|
||||||
ln -s /srv/sigmah /var/lib/tomcat8/webapps/sigmah
|
envsubst <${SOURCE_DIR}/srv/sigmah/conf/persistence.xml >/srv/sigmah/conf/persistence.xml
|
||||||
envsubst <${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml >/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml
|
cp ${SOURCE_DIR}/srv/sigmah/conf/sigmah.properties /srv/sigmah/conf/sigmah.properties
|
||||||
cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/logback.xml /srv/sigmah/WEB-INF/classes/logback.xml
|
docker run --rm -v /srv/sigmah/data:/srv/sigmah/data sigmah cp /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/data/files/logo.png
|
||||||
cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/sigmah.properties /srv/sigmah/WEB-INF/classes/sigmah.properties
|
|
||||||
cp /srv/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/files/logo.png
|
|
||||||
|
|
||||||
# Populate database
|
# Populate database
|
||||||
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /tmp/sigmah-MinimumDataKit.sql
|
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /tmp/sigmah-MinimumDataKit.sql
|
||||||
@ -38,7 +25,9 @@ wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-newOrg
|
|||||||
export SIGMAH_ADMIN_USER=Admin
|
export SIGMAH_ADMIN_USER=Admin
|
||||||
export SIGMAH_ADMIN_EMAIL=admin@example.com
|
export SIGMAH_ADMIN_EMAIL=admin@example.com
|
||||||
export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
|
export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
|
||||||
export SIGMAH_ADMIN_HASH=$(python -c "import bcrypt; print bcrypt.hashpw('${SIGMAH_ADMIN_PWD}', bcrypt.gensalt(10, prefix=b'2a'))")
|
apk --no-cache add apache2-utils
|
||||||
|
export SIGMAH_ADMIN_HASH=$(htpasswd -bnBC 10 "" ${SIGMAH_ADMIN_PWD} | tr -d ':\n' | tr '$2y' '$2a')
|
||||||
|
apk del apache2-utils
|
||||||
sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
@ -47,20 +36,18 @@ sed -i "s|§UserName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunch
|
|||||||
sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql
|
sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
export PGPASSWORD=${SIGMAH_PWD}
|
cat /tmp/sigmah-MinimumDataKit.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
|
||||||
psql -f /tmp/sigmah-MinimumDataKit.sql -U sigmah sigmah
|
cat /tmp/sigmah-newOrganizationLaunchScript.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
|
||||||
psql -f /tmp/sigmah-newOrganizationLaunchScript.sql -U sigmah sigmah
|
rm -f /tmp/sigmah-MinimumDataKit.sql /tmp/sigmah-newOrganizationLaunchScript.sql
|
||||||
unset PGPASSWORD
|
|
||||||
rm -f /tmp/sigmah-MinimumDataKit.sql
|
# Create Sigmah service
|
||||||
rm -f /tmp/sigmah-newOrganizationLaunchScript.sql
|
cp ${SOURCE_DIR}/etc/init.d/sigmah /etc/init.d/sigmah
|
||||||
|
rc-update add sigmah boot
|
||||||
|
service sigmah start
|
||||||
|
|
||||||
# Create nginx app definition
|
# Create nginx app definition
|
||||||
cp ${SOURCE_DIR}/etc/nginx/apps-available/sigmah /etc/nginx/apps-available/sigmah
|
cp ${SOURCE_DIR}/etc/nginx/conf.d/sigmah.conf /etc/nginx/conf.d/sigmah.conf
|
||||||
ln -s /etc/nginx/apps-available/sigmah /etc/nginx/apps-enabled/sigmah
|
service nginx reload
|
||||||
|
|
||||||
# Restart services
|
|
||||||
systemctl restart tomcat8
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
# Add portal application definition
|
# Add portal application definition
|
||||||
portal-app-manager sigmah "/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"
|
portal-app-manager sigmah "https://{host}:8415/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"
|
||||||
|
48
sigmah/Dockerfile
Normal file
48
sigmah/Dockerfile
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
FROM alpine:3.7
|
||||||
|
MAINTAINER Disassembler <disassembler@dasm.cz>
|
||||||
|
|
||||||
|
RUN \
|
||||||
|
# Install Java 1.8 JRE
|
||||||
|
apk --no-cache add openjdk8-jre-base paxctl \
|
||||||
|
# Fix grsec attributes to loosen memory protection restrictions
|
||||||
|
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
|
||||||
|
&& paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
|
||||||
|
# Cleanup
|
||||||
|
&& apk del paxctl
|
||||||
|
|
||||||
|
RUN \
|
||||||
|
# Install Tomcat 8
|
||||||
|
wget http://mirror.dkm.cz/apache/tomcat/tomcat-8/v8.0.49/bin/apache-tomcat-8.0.49.tar.gz -O /tmp/apache-tomcat-8.tgz \
|
||||||
|
&& tar xf /tmp/apache-tomcat-8.tgz -C /srv \
|
||||||
|
&& mv /srv/apache-tomcat-8.0.49 /srv/tomcat \
|
||||||
|
# Make catalina.sh available globally
|
||||||
|
&& ln -s /srv/tomcat/bin/catalina.sh /usr/bin/catalina.sh \
|
||||||
|
# Cleanup
|
||||||
|
&& rm -rf /srv/tomcat/webapps/ROOT /srv/tomcat/webapps/docs /srv/tomcat/webapps/examples /srv/tomcat/webapps/host-manager /srv/tomcat/webapps/manager \
|
||||||
|
&& rm -f /tmp/apache-tomcat-8.tgz
|
||||||
|
|
||||||
|
RUN \
|
||||||
|
# Download Sigmah
|
||||||
|
wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war \
|
||||||
|
&& mkdir /srv/tomcat/webapps/sigmah \
|
||||||
|
&& unzip /tmp/sigmah.war -d /srv/tomcat/webapps/sigmah \
|
||||||
|
# Update Postgres JDBC driver
|
||||||
|
&& rm /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar \
|
||||||
|
&& wget https://jdbc.postgresql.org/download/postgresql-42.2.0.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.0.jar \
|
||||||
|
# Remove logging config
|
||||||
|
&& rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml \
|
||||||
|
# Configure Tomcat port
|
||||||
|
&& sed -i 's/port="8080"/port="8015"/g' /srv/tomcat/conf/server.xml \
|
||||||
|
# Create OS user
|
||||||
|
&& addgroup -S -g 8015 sigmah \
|
||||||
|
&& adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah \
|
||||||
|
&& chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work \
|
||||||
|
# Cleanup
|
||||||
|
&& rm /tmp/sigmah.war
|
||||||
|
|
||||||
|
VOLUME ["/srv/sigmah/data"]
|
||||||
|
EXPOSE 8015
|
||||||
|
|
||||||
|
USER sigmah
|
||||||
|
WORKDIR /srv/tomcat
|
||||||
|
CMD ["catalina.sh", "run"]
|
25
sigmah/etc/init.d/sigmah
Executable file
25
sigmah/etc/init.d/sigmah
Executable file
@ -0,0 +1,25 @@
|
|||||||
|
#!/sbin/openrc-run
|
||||||
|
|
||||||
|
description="Sigmah docker container"
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
need docker net
|
||||||
|
use dns logger netmount
|
||||||
|
after activemq postgres
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
/usr/bin/docker run -d --rm \
|
||||||
|
--name sigmah \
|
||||||
|
-h sigmah \
|
||||||
|
--link postgres \
|
||||||
|
-p 127.0.0.1:9015:8015 \
|
||||||
|
-v /srv/sigmah/data:/srv/sigmah/data \
|
||||||
|
-v /srv/sigmah/conf/persistence.xml:/srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml \
|
||||||
|
-v /srv/sigmah/conf/sigmah.properties:/srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties \
|
||||||
|
sigmah
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
/usr/bin/docker stop sigmah
|
||||||
|
}
|
@ -1,11 +0,0 @@
|
|||||||
location /sigmah {
|
|
||||||
alias /srv/sigmah;
|
|
||||||
try_files $uri @sigmah;
|
|
||||||
}
|
|
||||||
|
|
||||||
location @sigmah {
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_pass http://127.0.0.1:9080;
|
|
||||||
}
|
|
14
sigmah/etc/nginx/conf.d/sigmah.conf
Normal file
14
sigmah/etc/nginx/conf.d/sigmah.conf
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
server {
|
||||||
|
listen [::]:8015 ipv6only=off;
|
||||||
|
listen [::]:8415 ssl http2 ipv6only=off;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/sigmah.access.log;
|
||||||
|
error_log /var/log/nginx/sigmah.error.log;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_pass http://127.0.0.1:9015;
|
||||||
|
}
|
||||||
|
}
|
@ -1,5 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8" ?>
|
|
||||||
|
|
||||||
<configuration scan="true" scanPeriod="60 seconds">
|
|
||||||
<logger name="org.sigmah" level="ERROR" />
|
|
||||||
</configuration>
|
|
@ -13,7 +13,7 @@
|
|||||||
<property name="hibernate.connection.driver_class" value="org.postgresql.Driver" />
|
<property name="hibernate.connection.driver_class" value="org.postgresql.Driver" />
|
||||||
<property name="hibernate.connection.username" value="sigmah" />
|
<property name="hibernate.connection.username" value="sigmah" />
|
||||||
<property name="hibernate.connection.password" value="${SIGMAH_PWD}" />
|
<property name="hibernate.connection.password" value="${SIGMAH_PWD}" />
|
||||||
<property name="hibernate.connection.url" value="jdbc:postgresql://localhost:5432/sigmah" />
|
<property name="hibernate.connection.url" value="jdbc:postgresql://postgres:5432/sigmah" />
|
||||||
<property name="hibernate.show_sql" value="false" />
|
<property name="hibernate.show_sql" value="false" />
|
||||||
<property name="hibernate.format_sql" value="false" />
|
<property name="hibernate.format_sql" value="false" />
|
||||||
|
|
||||||
@ -36,4 +36,4 @@
|
|||||||
</properties>
|
</properties>
|
||||||
</persistence-unit>
|
</persistence-unit>
|
||||||
|
|
||||||
</persistence>
|
</persistence>
|
@ -10,10 +10,10 @@
|
|||||||
# --
|
# --
|
||||||
|
|
||||||
# Root directory name where files are stored.
|
# Root directory name where files are stored.
|
||||||
files.repository.name=/srv/sigmah/files
|
files.repository.name=/srv/sigmah/data/files
|
||||||
|
|
||||||
# Root directory name where backup archives are stored.
|
# Root directory name where backup archives are stored.
|
||||||
archives.repository.name=/srv/sigmah/archives/
|
archives.repository.name=/srv/sigmah/data/archives/
|
||||||
|
|
||||||
#Maximum size of the uploaded files (bytes)
|
#Maximum size of the uploaded files (bytes)
|
||||||
files.upload.maxSize=20971520
|
files.upload.maxSize=20971520
|
||||||
@ -22,8 +22,8 @@ files.upload.maxSize=20971520
|
|||||||
# MAILS
|
# MAILS
|
||||||
# --
|
# --
|
||||||
|
|
||||||
mail.hostname=localhost
|
mail.hostname=postfix
|
||||||
mail.port=25
|
mail.port=587
|
||||||
mail.from.address=sigmah@spotter.ngo
|
mail.from.address=sigmah@spotter.ngo
|
||||||
mail.from.name=Sigmah
|
mail.from.name=Sigmah
|
||||||
# Authentication (leave empty if no authentication is required).
|
# Authentication (leave empty if no authentication is required).
|
Loading…
Reference in New Issue
Block a user