postgres: setup.sql do łatwego zarządzania przygotowaniem bazy danych; nginx, etherpad: mamy etherpada, rejoice

2015-01-06 23:11:01 +01:00 · 2015-01-06 23:11:01 +01:00 · fa8d221235
parent 14879937f4
commit fa8d221235
9 changed files with 251 additions and 6 deletions
--- a/images/etherpad/Dockerfile
+++ b/images/etherpad/Dockerfile
@ -0,0 +1,42 @@
+FROM debian:jessie
+MAINTAINER Michał "rysiek" Woźniak <rysiek@hackerspace.pl>
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# install the required packages
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends nodejs git-core curl python libssl-dev pkg-config build-essential ca-certificates npm abiword
+
+# yeah, we need that because bin/installDeps.sh looks for node
+# and debian has nodejs
+RUN ln -s /usr/bin/nodejs /usr/bin/node
+
+# yay, clone the repo!
+RUN git clone -b release/1.5.0 --single-branch https://github.com/ether/etherpad-lite.git /opt/etherpad \
+ && rm -rf /opt/etherpad/.git
+
+# make it sane, security-wise
+RUN groupadd -r etherpad \
+ && useradd -d /opt/etherpad -r -g `getent group etherpad | cut -d: -f3` etherpad
+
+# config file
+ADD settings.json /opt/etherpad/settings.json
+
+# entrypoint script
+ADD start.sh /opt/etherpad/start
+
+# install the deps
+RUN cd /opt/etherpad/ \
+ && chown -R etherpad:etherpad ./ \
+ && chmod ug+x start \
+ && bin/installDeps.sh
+
+# expose, volume
+EXPOSE 9001
+VOLUME []
+
+# user, workdir
+WORKDIR "/opt/etherpad"
+
+# command
+CMD ["/opt/etherpad/start"]
--- a/images/etherpad/settings.json
+++ b/images/etherpad/settings.json
@ -0,0 +1,143 @@
+/*
+  This file must be valid JSON. But comments are allowed
+
+  Please edit settings.json, not settings.json.template
+*/
+{
+  // Name your instance!
+  "title": "PLUG :: Etherpad",
+
+  // favicon default name
+  // alternatively, set up a fully specified Url to your own favicon
+  "favicon": "favicon.ico",
+  
+  //IP and port which etherpad should bind at
+  "ip": "0.0.0.0",
+  "port" : 9001,
+
+  // Session Key, used for reconnecting user sessions
+  // Set this to a secure string at least 10 characters long.  Do not share this value.
+  "sessionKey" : "ies7ieWahPh0",
+
+  /*  
+  // Node native SSL support
+  // this is disabled by default
+  //
+  // make sure to have the minimum and correct file access permissions set
+  // so that the Etherpad server can access them
+
+  "ssl" : {
+            "key"  : "/path-to-your/epl-server.key",
+            "cert" : "/path-to-your/epl-server.crt"
+          },
+
+  */
+
+  //The Type of the database. You can choose between dirty, postgres, sqlite and mysql
+  //You shouldn't use "dirty" for for anything else than testing or development
+  "dbType" : "postgres",
+   "dbType" : "postgres",
+   "dbSettings" : {
+                    "user"    : "etherpad", 
+                    "host"    : "plug-postgres", 
+                    "password": "", 
+                    "database": "etherpad"
+                  },
+
+  
+  //the default text of a pad
+  "defaultPadText" : "Witamy na PLUGawym Etherpadzie,\n\nczyli notatniku w trybie multpiplayer.\n\nhttp:\/\/etherpad.org\n",
+  
+  /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
+  "requireSession" : false,
+
+  /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
+  "editOnly" : false,
+
+  /* Users, who have a valid session, automatically get granted access to password protected pads */
+  "sessionNoPassword" : false,
+  
+  /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, 
+     but makes it impossible to debug the javascript/css */
+  "minify" : true,
+
+  /* How long may clients use served javascript code (in seconds)? Without versioning this
+     may cause problems during deployment. Set to 0 to disable caching */
+  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours
+  
+  /* This is the path to the Abiword executable. Setting it to null, disables abiword.
+     Abiword is needed to advanced import/export features of pads*/  
+  "abiword" : "/usr/bin/abiword",
+
+  /* Allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */
+  "allowUnknownFileEnds" : true,
+ 
+  /* This setting is used if you require authentication of all users.
+     Note: /admin always requires authentication. */
+  "requireAuthentication" : false,
+
+  /* Require authorization by a module, or a user with is_admin set, see below. */
+  "requireAuthorization" : false,
+  
+  /*when you use NginX or another proxy/ load-balancer set this to true*/
+  "trustProxy" : true,
+  
+  /* Privacy: disable IP logging */
+  "disableIPlogging" : true,
+  
+  /* Users for basic authentication. is_admin = true gives access to /admin.
+     If you do not uncomment this, /admin will not be available! */
+  /*
+  "users": {
+    "admin": {
+      "password": "changeme1",
+      "is_admin": true
+    },
+    "user": {
+      "password": "changeme1",
+      "is_admin": false
+    }
+  },
+  */
+
+  // restrict socket.io transport methods
+  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+  
+  /* The toolbar buttons configuration.
+  "toolbar": {
+    "left": [
+      ["bold", "italic", "underline", "strikethrough"],
+      ["orderedlist", "unorderedlist", "indent", "outdent"],
+      ["undo", "redo"],
+      ["clearauthorship"]
+    ],
+    "right": [
+      ["importexport", "timeslider", "savedrevision"],
+      ["settings", "embed"],
+      ["showusers"]
+    ],
+    "timeslider": [
+      ["timeslider_export", "timeslider_returnToPad"]
+    ]
+  },
+  */
+
+  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
+  "loglevel": "INFO",
+  
+  //Logging configuration. See log4js documentation for further information
+  // https://github.com/nomiddlename/log4js-node
+  // You can add as many appenders as you want here:
+  "logconfig" :
+    { "appenders": [
+        { "type": "console"
+        //, "category": "access"// only logs pad access
+        }
+      , { "type": "file"
+        , "filename": "/var/log/etherpad/etherpad.log"
+        , "maxLogSize": 1024
+        , "backups": 3 // how many log files there're gonna be at max
+        }
+      ]
+    }
+}
--- a/images/etherpad/start.sh
+++ b/images/etherpad/start.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+#
+
+# make sure the logfile exists and has teh right permissions
+mkdir -p /var/log/etherpad/
+chown -R etherpad:etherpad /var/log/etherpad
+
+# run etherpad
+su -c "/opt/etherpad/bin/run.sh" etherpad
--- a/images/postgres/Dockerfile
+++ b/images/postgres/Dockerfile
@ -22,7 +22,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get upgrade &
 RUN rm -rf /var/lib/postgresql/9.3/

 # prep script -- will be run each time the container is started
-ADD start.sh /var/lib/start
+ADD start.sh  /var/lib/start
+ADD setup.sql /var/lib/setup.sql

 # Expose the PostgreSQL port
 EXPOSE 5432
--- a/images/postgres/setup.sql
+++ b/images/postgres/setup.sql
@ -0,0 +1,3 @@
+-- etherpad
+CREATE USER etherpad;
+CREATE DATABASE etherpad WITH OWNER etherpad TEMPLATE template0 ENCODING 'UTF8';
--- a/images/postgres/start.sh
+++ b/images/postgres/start.sh
@ -45,10 +45,15 @@ if [ ! -e /var/lib/postgresql/9.3/main ]; then
  # TODO: this needs to be much mroe specific for production!
  echo "host    all    all  `hostname -I | sed 's/ //g'`/16   trust" >> /var/lib/postgresql/9.3/main/pg_hba.conf

+  #
  # create the needed databases
+  #
  /etc/init.d/postgresql start
-  #su -c 'psql --command "CREATE USER some_user;"' postgres
-  #su -c "psql --command \"CREATE DATABASE some_db WITH OWNER some_user TEMPLATE template0 ENCODING 'UTF8';\"" postgres
+  
+  # run the SQL
+  su -c 'psql < /var/lib/setup.sql' postgres
+  
+  # we're done
  /etc/init.d/postgresql stop

 fi
--- a/setup.sh
+++ b/setup.sh
@ -52,7 +52,7 @@ if [[ "$mode" == "" || "$mode" == "--build" ]]; then

  # budujemy nowy dom...
  cd images/
-  for img in postgres php-fpm nginx pgadmin rest cron; do
+  for img in postgres etherpad php-fpm nginx pgadmin rest cron; do
    # informujemy
    echo -ne "\n\n - buduję: $prefix/$img\n"
    # budujemy
@ -84,6 +84,7 @@ if [[ "$mode" == "" || "$mode" == "--populate-static-data" ]]; then
  # logi
  sudo mkdir "$static_data_dir/logs/"
  sudo mkdir "$static_data_dir/logs/postgres"
+  sudo mkdir "$static_data_dir/logs/etherpad"
  sudo mkdir "$static_data_dir/logs/php-fpm"
  sudo mkdir "$static_data_dir/logs/openldap"
  sudo mkdir "$static_data_dir/logs/nginx-public"
@ -123,6 +124,7 @@ img_phpfpm="$prefix/php-fpm"
 img_pgadmin="$prefix/pgadmin"
 img_rest="$prefix/rest"
 img_cron="$prefix/cron"
+img_etherpad="$prefix/etherpad"

 #
 # kontenery
@ -140,9 +142,11 @@ cnt_pgadmin="$prefix-pgadmin"
 #cnt_phpfpm_ldapadmin="$prefix-ldapadmin"
 # cron
 cnt_cron="$prefix-cron"
+# cron
+cnt_etherpad="$prefix-etherpad"

 # wszystkie
-cnt_all="$cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_rest $cnt_pgadmin $cnt_phpfpm_ldapadmin $cnt_cron"
+cnt_all="$cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_rest $cnt_pgadmin $cnt_phpfpm_ldapadmin $cnt_cron $cnt_etherpad"

 #
 # stopujemy (w tym zawsze przy domyslnej akcji)
@ -181,6 +185,13 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then
  -v "$static_data_dir/logs/postgres":/var/log/postgresql/ \
  --name $cnt_postgres \
  $img_postgres
+  
+  # etherpad
+  docker run -d \
+  -v "$static_data_dir/logs/etherpad/":/var/log/etherpad \
+  --link $cnt_postgres:$cnt_postgres \
+  --name $cnt_etherpad \
+  $img_etherpad

  # a teraz php-fpmy!
  # - frontend
@ -227,6 +238,7 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then
  -v "$static_data_dir/logs/nginx-public/":/var/log/nginx/ \
  -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \
  -v "$static_data_dir/data/php-fpm/":/opt/php/ \
+  --link $cnt_etherpad:$cnt_etherpad \
  --name $cnt_nginx_public \
  $img_nginx

@ -242,7 +254,7 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then
  $img_nginx
  
  # - cron
-  # czy powinien mieć dostęp do db i ldapa?
+  # TODO: czy powinien mieć dostęp do db i ldapa?
  docker run -d \
  -v "$static_data_dir/data/cron/d/":/etc/cron.d/ \
  -v "$static_data_dir/data/cron/daily/":/etc/cron.daily/ \
--- a/static_data/configs/nginx-public/000-frontend.conf
+++ b/static_data/configs/nginx-public/000-frontend.conf
@ -23,4 +23,14 @@ server {
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
+  
+  # tymczasowo, do póki nie mamy wildcardów na domenie
+  location /pad {
+    rewrite                /pad/(.*) /$1 break;
+    rewrite                ^/pad$ /pad/ permanent;
+    proxy_pass             http://plug-etherpad:9001/;
+    proxy_redirect         / /pad/;
+    proxy_set_header       Host $host;
+    proxy_buffering off;
+  }
 }
--- a/static_data/configs/nginx-public/001-etherpad.conf
+++ b/static_data/configs/nginx-public/001-etherpad.conf
@ -0,0 +1,20 @@
+#
+# etherpad
+# TODO: czekamy na wildcarda na domenie, ażeby mieć pad.nazwa.domeny
+# tymczasem nieużywany
+#
+# 
+# server {
+# 
+#   listen 80;
+#   server_name pad.shire.linux.org.pl;
+#   root /usr/share/nginx/html;
+#   access_log /var/log/nginx/etherpad-access.log;
+#   error_log /var/log/nginx/etherpad-error.log;
+#   
+#   location / {
+#         proxy_pass             http://plug-etherpad:9001/;
+#         proxy_set_header       Host $host;
+#         proxy_buffering off;
+#   }
+# }