diff --git a/images/etherpad/Dockerfile b/images/etherpad/Dockerfile new file mode 100644 index 0000000..8e11d72 --- /dev/null +++ b/images/etherpad/Dockerfile @@ -0,0 +1,42 @@ +FROM debian:jessie +MAINTAINER Michał "rysiek" Woźniak + +ENV DEBIAN_FRONTEND noninteractive + +# install the required packages +RUN apt-get update \ + && apt-get install -y --no-install-recommends nodejs git-core curl python libssl-dev pkg-config build-essential ca-certificates npm abiword + +# yeah, we need that because bin/installDeps.sh looks for node +# and debian has nodejs +RUN ln -s /usr/bin/nodejs /usr/bin/node + +# yay, clone the repo! +RUN git clone -b release/1.5.0 --single-branch https://github.com/ether/etherpad-lite.git /opt/etherpad \ + && rm -rf /opt/etherpad/.git + +# make it sane, security-wise +RUN groupadd -r etherpad \ + && useradd -d /opt/etherpad -r -g `getent group etherpad | cut -d: -f3` etherpad + +# config file +ADD settings.json /opt/etherpad/settings.json + +# entrypoint script +ADD start.sh /opt/etherpad/start + +# install the deps +RUN cd /opt/etherpad/ \ + && chown -R etherpad:etherpad ./ \ + && chmod ug+x start \ + && bin/installDeps.sh + +# expose, volume +EXPOSE 9001 +VOLUME [] + +# user, workdir +WORKDIR "/opt/etherpad" + +# command +CMD ["/opt/etherpad/start"] \ No newline at end of file diff --git a/images/etherpad/settings.json b/images/etherpad/settings.json new file mode 100644 index 0000000..d5b4d98 --- /dev/null +++ b/images/etherpad/settings.json @@ -0,0 +1,143 @@ +/* + This file must be valid JSON. But comments are allowed + + Please edit settings.json, not settings.json.template +*/ +{ + // Name your instance! + "title": "PLUG :: Etherpad", + + // favicon default name + // alternatively, set up a fully specified Url to your own favicon + "favicon": "favicon.ico", + + //IP and port which etherpad should bind at + "ip": "0.0.0.0", + "port" : 9001, + + // Session Key, used for reconnecting user sessions + // Set this to a secure string at least 10 characters long. Do not share this value. + "sessionKey" : "ies7ieWahPh0", + + /* + // Node native SSL support + // this is disabled by default + // + // make sure to have the minimum and correct file access permissions set + // so that the Etherpad server can access them + + "ssl" : { + "key" : "/path-to-your/epl-server.key", + "cert" : "/path-to-your/epl-server.crt" + }, + + */ + + //The Type of the database. You can choose between dirty, postgres, sqlite and mysql + //You shouldn't use "dirty" for for anything else than testing or development + "dbType" : "postgres", + "dbType" : "postgres", + "dbSettings" : { + "user" : "etherpad", + "host" : "plug-postgres", + "password": "", + "database": "etherpad" + }, + + + //the default text of a pad + "defaultPadText" : "Witamy na PLUGawym Etherpadzie,\n\nczyli notatniku w trybie multpiplayer.\n\nhttp:\/\/etherpad.org\n", + + /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */ + "requireSession" : false, + + /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */ + "editOnly" : false, + + /* Users, who have a valid session, automatically get granted access to password protected pads */ + "sessionNoPassword" : false, + + /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, + but makes it impossible to debug the javascript/css */ + "minify" : true, + + /* How long may clients use served javascript code (in seconds)? Without versioning this + may cause problems during deployment. Set to 0 to disable caching */ + "maxAge" : 21600, // 60 * 60 * 6 = 6 hours + + /* This is the path to the Abiword executable. Setting it to null, disables abiword. + Abiword is needed to advanced import/export features of pads*/ + "abiword" : "/usr/bin/abiword", + + /* Allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ + "allowUnknownFileEnds" : true, + + /* This setting is used if you require authentication of all users. + Note: /admin always requires authentication. */ + "requireAuthentication" : false, + + /* Require authorization by a module, or a user with is_admin set, see below. */ + "requireAuthorization" : false, + + /*when you use NginX or another proxy/ load-balancer set this to true*/ + "trustProxy" : true, + + /* Privacy: disable IP logging */ + "disableIPlogging" : true, + + /* Users for basic authentication. is_admin = true gives access to /admin. + If you do not uncomment this, /admin will not be available! */ + /* + "users": { + "admin": { + "password": "changeme1", + "is_admin": true + }, + "user": { + "password": "changeme1", + "is_admin": false + } + }, + */ + + // restrict socket.io transport methods + "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + + /* The toolbar buttons configuration. + "toolbar": { + "left": [ + ["bold", "italic", "underline", "strikethrough"], + ["orderedlist", "unorderedlist", "indent", "outdent"], + ["undo", "redo"], + ["clearauthorship"] + ], + "right": [ + ["importexport", "timeslider", "savedrevision"], + ["settings", "embed"], + ["showusers"] + ], + "timeslider": [ + ["timeslider_export", "timeslider_returnToPad"] + ] + }, + */ + + /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ + "loglevel": "INFO", + + //Logging configuration. See log4js documentation for further information + // https://github.com/nomiddlename/log4js-node + // You can add as many appenders as you want here: + "logconfig" : + { "appenders": [ + { "type": "console" + //, "category": "access"// only logs pad access + } + , { "type": "file" + , "filename": "/var/log/etherpad/etherpad.log" + , "maxLogSize": 1024 + , "backups": 3 // how many log files there're gonna be at max + } + ] + } +} diff --git a/images/etherpad/start.sh b/images/etherpad/start.sh new file mode 100644 index 0000000..2fe72a8 --- /dev/null +++ b/images/etherpad/start.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# + +# make sure the logfile exists and has teh right permissions +mkdir -p /var/log/etherpad/ +chown -R etherpad:etherpad /var/log/etherpad + +# run etherpad +su -c "/opt/etherpad/bin/run.sh" etherpad \ No newline at end of file diff --git a/images/postgres/Dockerfile b/images/postgres/Dockerfile index c7d3e33..f260210 100644 --- a/images/postgres/Dockerfile +++ b/images/postgres/Dockerfile @@ -22,7 +22,8 @@ RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get upgrade & RUN rm -rf /var/lib/postgresql/9.3/ # prep script -- will be run each time the container is started -ADD start.sh /var/lib/start +ADD start.sh /var/lib/start +ADD setup.sql /var/lib/setup.sql # Expose the PostgreSQL port EXPOSE 5432 diff --git a/images/postgres/setup.sql b/images/postgres/setup.sql new file mode 100644 index 0000000..358641c --- /dev/null +++ b/images/postgres/setup.sql @@ -0,0 +1,3 @@ +-- etherpad +CREATE USER etherpad; +CREATE DATABASE etherpad WITH OWNER etherpad TEMPLATE template0 ENCODING 'UTF8'; \ No newline at end of file diff --git a/images/postgres/start.sh b/images/postgres/start.sh index af7b98e..79f3a6a 100755 --- a/images/postgres/start.sh +++ b/images/postgres/start.sh @@ -45,10 +45,15 @@ if [ ! -e /var/lib/postgresql/9.3/main ]; then # TODO: this needs to be much mroe specific for production! echo "host all all `hostname -I | sed 's/ //g'`/16 trust" >> /var/lib/postgresql/9.3/main/pg_hba.conf + # # create the needed databases + # /etc/init.d/postgresql start - #su -c 'psql --command "CREATE USER some_user;"' postgres - #su -c "psql --command \"CREATE DATABASE some_db WITH OWNER some_user TEMPLATE template0 ENCODING 'UTF8';\"" postgres + + # run the SQL + su -c 'psql < /var/lib/setup.sql' postgres + + # we're done /etc/init.d/postgresql stop fi diff --git a/setup.sh b/setup.sh index 132d0ca..eaaecd8 100755 --- a/setup.sh +++ b/setup.sh @@ -52,7 +52,7 @@ if [[ "$mode" == "" || "$mode" == "--build" ]]; then # budujemy nowy dom... cd images/ - for img in postgres php-fpm nginx pgadmin rest cron; do + for img in postgres etherpad php-fpm nginx pgadmin rest cron; do # informujemy echo -ne "\n\n - buduję: $prefix/$img\n" # budujemy @@ -84,6 +84,7 @@ if [[ "$mode" == "" || "$mode" == "--populate-static-data" ]]; then # logi sudo mkdir "$static_data_dir/logs/" sudo mkdir "$static_data_dir/logs/postgres" + sudo mkdir "$static_data_dir/logs/etherpad" sudo mkdir "$static_data_dir/logs/php-fpm" sudo mkdir "$static_data_dir/logs/openldap" sudo mkdir "$static_data_dir/logs/nginx-public" @@ -123,6 +124,7 @@ img_phpfpm="$prefix/php-fpm" img_pgadmin="$prefix/pgadmin" img_rest="$prefix/rest" img_cron="$prefix/cron" +img_etherpad="$prefix/etherpad" # # kontenery @@ -140,9 +142,11 @@ cnt_pgadmin="$prefix-pgadmin" #cnt_phpfpm_ldapadmin="$prefix-ldapadmin" # cron cnt_cron="$prefix-cron" +# cron +cnt_etherpad="$prefix-etherpad" # wszystkie -cnt_all="$cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_rest $cnt_pgadmin $cnt_phpfpm_ldapadmin $cnt_cron" +cnt_all="$cnt_postgres $cnt_nginx_public $cnt_nginx_internal $cnt_phpfpm_frontend $cnt_rest $cnt_pgadmin $cnt_phpfpm_ldapadmin $cnt_cron $cnt_etherpad" # # stopujemy (w tym zawsze przy domyslnej akcji) @@ -181,6 +185,13 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then -v "$static_data_dir/logs/postgres":/var/log/postgresql/ \ --name $cnt_postgres \ $img_postgres + + # etherpad + docker run -d \ + -v "$static_data_dir/logs/etherpad/":/var/log/etherpad \ + --link $cnt_postgres:$cnt_postgres \ + --name $cnt_etherpad \ + $img_etherpad # a teraz php-fpmy! # - frontend @@ -227,6 +238,7 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then -v "$static_data_dir/logs/nginx-public/":/var/log/nginx/ \ -v "$static_data_dir/run/php-fpm/":/var/run/php-fpm/ \ -v "$static_data_dir/data/php-fpm/":/opt/php/ \ + --link $cnt_etherpad:$cnt_etherpad \ --name $cnt_nginx_public \ $img_nginx @@ -242,7 +254,7 @@ if [[ "$mode" == "" || "$mode" == "--run" ]]; then $img_nginx # - cron - # czy powinien mieć dostęp do db i ldapa? + # TODO: czy powinien mieć dostęp do db i ldapa? docker run -d \ -v "$static_data_dir/data/cron/d/":/etc/cron.d/ \ -v "$static_data_dir/data/cron/daily/":/etc/cron.daily/ \ diff --git a/static_data/configs/nginx-public/000-frontend.conf b/static_data/configs/nginx-public/000-frontend.conf index 24c5f19..0fd07c2 100644 --- a/static_data/configs/nginx-public/000-frontend.conf +++ b/static_data/configs/nginx-public/000-frontend.conf @@ -23,4 +23,14 @@ server { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } + + # tymczasowo, do póki nie mamy wildcardów na domenie + location /pad { + rewrite /pad/(.*) /$1 break; + rewrite ^/pad$ /pad/ permanent; + proxy_pass http://plug-etherpad:9001/; + proxy_redirect / /pad/; + proxy_set_header Host $host; + proxy_buffering off; + } } \ No newline at end of file diff --git a/static_data/configs/nginx-public/001-etherpad.conf b/static_data/configs/nginx-public/001-etherpad.conf new file mode 100644 index 0000000..bbec54d --- /dev/null +++ b/static_data/configs/nginx-public/001-etherpad.conf @@ -0,0 +1,20 @@ +# +# etherpad +# TODO: czekamy na wildcarda na domenie, ażeby mieć pad.nazwa.domeny +# tymczasem nieużywany +# +# +# server { +# +# listen 80; +# server_name pad.shire.linux.org.pl; +# root /usr/share/nginx/html; +# access_log /var/log/nginx/etherpad-access.log; +# error_log /var/log/nginx/etherpad-error.log; +# +# location / { +# proxy_pass http://plug-etherpad:9001/; +# proxy_set_header Host $host; +# proxy_buffering off; +# } +# } \ No newline at end of file