aurore/docker-ovh
12
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

[codimd] Use official image

Browse source
This commit is contained in:
Alexandre Iooss 2019-07-25 10:45:39 +02:00
parent bcfd8b4a17
commit e5fe3f8d41
No known key found for this signature in database
GPG key ID: 6C79278F3FCDCC02
8 changed files with 27 additions and 1555 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -8,3 +8,11 @@ En cours de test par erdnaxe.
Pour lancer un service, aller dans le dossier puis
`sudo docker-compose up --build -d`.
## Fichiers à protéger
Les fichiers suivant ne doivent être lisibles que par root :
* grafana/ldap.toml
* codimd/docker-compose.yml

82
codimd/Dockerfile
View file

@ -1,82 +0,0 @@
FROM node:8.16.0
# Build arguments to change source url, branch or tag
ARG CODIMD_REPOSITORY=https://github.com/codimd/server.git
ARG VERSION=master
ARG UID=10000
# Set some default config variables
ENV DEBIAN_FRONTEND noninteractive
ENV DOCKERIZE_VERSION v0.6.1
ENV NODE_ENV=production
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
ENV GOSU_VERSION 1.11
COPY resources/gosu-gpg.key /tmp/gosu.key
RUN set -ex; \
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
\
# verify the signature
export GNUPGHOME="$(mktemp -d)"; \
gpg --no-tty --import /tmp/gosu.key; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
\
chmod +x /usr/local/bin/gosu; \
# verify that the binary works
gosu nobody true
# Add configuraton files
COPY resources/config.json resources/.sequelizerc /files/
RUN apt-get update && \
apt-get install -y git build-essential jq && \
# Add fonts for PDF export
apt-get install -y fonts-noto && \
# Clone the source
git clone --depth 1 --branch "$VERSION" "$CODIMD_REPOSITORY" /codimd && \
# Print the cloned version and clean up git files
cd /codimd && \
git log --pretty=format:'%ad %h %d' --abbrev-commit --date=short -1 && echo && \
git rev-parse HEAD > /tmp/gitref && \
rm -rf /codimd/.git && \
# Mime the git repository for fullversion
mkdir /codimd/.git && \
mv /tmp/gitref /codimd/.git/HEAD && \
jq ".repository.url = \"${CODIMD_REPOSITORY}\"" /codimd/package.json > /codimd/package.new.json && \
mv /codimd/package.new.json /codimd/package.json && \
# Symlink configuration files
rm -f /codimd/config.json && ln -s /files/config.json /codimd/config.json && \
rm -f /codimd/.sequelizerc && ln -s /files/.sequelizerc /codimd/.sequelizerc && \
# Install NPM dependencies and build project
yarn install --pure-lockfile && \
yarn install --production=false --pure-lockfile && \
npm run build && \
# Clean up this layer
yarn install && \
yarn cache clean && \
apt-get remove -y --auto-remove build-essential git jq && \
apt-get clean && apt-get purge && rm -r /var/lib/apt/lists/* && \
# Create codimd user
adduser --uid $UID --home /codimd/ --disabled-password --system codimd && \
chown -R codimd /codimd/
WORKDIR /codimd
EXPOSE 3000
COPY resources/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["node", "app.js"]

41
codimd/docker-compose.yml
View file

@ -14,29 +14,26 @@ services:
restart: always
app:
build:
context: .
args:
- "VERSION=1.4.0"
- "CODIMD_REPOSITORY=https://github.com/codimd/server.git"
image: quay.io/codimd/server:1.4.0
environment:
DEBUG: false
CMD_DB_URL: postgres://codimd:codimdpass@database:5432/codimd
CMD_URL_ADDPORT: false
CMD_EMAIL: false
CMD_DOMAIN: codimd.auro.re
CMD_PROTOCOL_USESSL: true
CMD_USECDN: false
CMD_ALLOW_FREEURL: true
CMD_LDAP_URL: ldap://10.128.0.11
CMD_LDAP_BINDDN: cn=codimd,ou=service-users,dc=auro,dc=re
CMD_LDAP_BINDCREDENTIALS: CHANGE ME IN PRODUCTION, I WILL DIFFER !
CMD_LDAP_SEARCHBASE: cn=Utilisateurs,dc=auro,dc=re
CMD_LDAP_SEARCHFILTER: (uid={{username}})
CMD_LDAP_SEARCHATTRIBUTES: uid, givenName, mail
CMD_LDAP_USERIDFIELD: uid
CMD_LDAP_USERNAMEFIELD: uid
CMD_LDAP_PROVIDERNAME: Aurore
DEBUG: "false"
CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
CMD_URL_ADDPORT: "false"
CMD_EMAIL: "false"
CMD_DOMAIN: "codimd.auro.re"
CMD_PROTOCOL_USESSL: "true"
CMD_USECDN: "false"
CMD_ALLOW_FREEURL: "true"
CMD_IMAGE_UPLOAD_TYPE: "filesystem"
CMD_LDAP_URL: "ldap://10.128.0.11"
CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re"
CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !"
CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re"
CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid"
CMD_LDAP_PROVIDERNAME: "Aurore"
ports:
- "8081:3000"
volumes:

8
codimd/resources/.sequelizerc
View file

@ -1,8 +0,0 @@
var path = require('path');
module.exports = {
'config': path.resolve('config.json'),
'migrations-path': path.resolve('lib', 'migrations'),
'models-path': path.resolve('lib', 'models'),
'url': process.env.CMD_DB_URL
}

16
codimd/resources/config.json
View file

@ -1,16 +0,0 @@
{
"production": {
"urlAddPort": true,
"email": true,
"db": {
"username": "codimd",
"password": "codimdpass",
"database": "codimd",
"host": "database",
"port": "5432",
"dialect": "postgres"
},
"imageUploadType": "filesystem",
"useSSL": false
}
}

74
codimd/resources/docker-entrypoint.sh
View file

@ -1,74 +0,0 @@
#!/bin/sh
# Use gosu if the container started with root privileges
UID="$(id -u)"
[ "$UID" -eq 0 ] && GOSU="gosu codimd" || GOSU=""
if [ "$HMD_DB_URL" != "" ] && [ "$CMD_DB_URL" = "" ]; then
CMD_DB_URL="$HMD_DB_URL"
fi
if [ "$HMD_IMAGE_UPLOAD_TYPE" != "" ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "" ]; then
CMD_IMAGE_UPLOAD_TYPE="$HMD_IMAGE_UPLOAD_TYPE"
fi
if [ "$CMD_DB_URL" = "" ]; then
CMD_DB_URL="postgres://hackmd:hackmdpass@hackmdPostgres:5432/hackmd"
fi
export CMD_DB_URL
DB_SOCKET=$(echo ${CMD_DB_URL} | sed -e 's/.*:\/\//\/\//' -e 's/.*\/\/[^@]*@//' -e 's/\/.*$//')
if [ "$DB_SOCKET" != "" ]; then
dockerize -wait "tcp://${DB_SOCKET}" -timeout 30s
fi
$GOSU ./node_modules/.bin/sequelize db:migrate
# Print warning if local data storage is used but no volume is mounted
[ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ] && { mountpoint -q ./public/uploads || {
echo "
#################################################################
### ###
### !!!WARNING!!! ###
### ###
### Using local uploads without persistence is ###
### dangerous. You'll loose your data on ###
### container removal. Check out: ###
### https://docs.docker.com/engine/tutorials/dockervolumes/ ###
### ###
### !!!WARNING!!! ###
### ###
#################################################################
";
} ; }
# Change owner and permission if filesystem backend is used and user has root permissions
if [ "$UID" -eq 0 ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ]; then
if [ "$UID" -eq 0 ]; then
chown -R codimd ./public/uploads
chmod 700 ./public/uploads
else
echo "
#################################################################
### ###
### !!!WARNING!!! ###
### ###
### Container was started without root permissions ###
### and filesystem storage is being used. ###
### In case of filesystem errors these need to be ###
### changed manually ###
### ###
### !!!WARNING!!! ###
### ###
#################################################################
";
fi
fi
# Sleep to make sure everything is fine...
sleep 3
# run
exec $GOSU "$@"

1342
codimd/resources/gosu-gpg.key
View file

File diff suppressed because it is too large Load diff

11
codimd/resources/utf8.cnf
View file

@ -1,11 +0,0 @@
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
collation-server = utf8_unicode_ci
init-connect='SET NAMES utf8'
character-set-server = utf8