[codimd] Use official image

5 years ago · e5fe3f8d41
parent bcfd8b4a17
commit e5fe3f8d41
8 changed files with 27 additions and 1555 deletions
--- a/README.md
+++ b/README.md
@ -8,3 +8,11 @@ En cours de test par erdnaxe.

 Pour lancer un service, aller dans le dossier puis
 `sudo docker-compose up --build -d`.
+
+## Fichiers à protéger
+
+Les fichiers suivant ne doivent être lisibles que par root :
+
+  * grafana/ldap.toml
+  * codimd/docker-compose.yml
+
--- a/codimd/Dockerfile
+++ b/codimd/Dockerfile
@ -1,82 +0,0 @@
-FROM node:8.16.0
-
-# Build arguments to change source url, branch or tag
-ARG CODIMD_REPOSITORY=https://github.com/codimd/server.git
-ARG VERSION=master
-ARG UID=10000
-
-# Set some default config variables
-ENV DEBIAN_FRONTEND noninteractive
-ENV DOCKERIZE_VERSION v0.6.1
-ENV NODE_ENV=production
-
-RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
-    tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
-    rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
-
-ENV GOSU_VERSION 1.11
-COPY resources/gosu-gpg.key /tmp/gosu.key
-RUN set -ex; \
-    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
-    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
-    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
-    \
-# verify the signature
-    export GNUPGHOME="$(mktemp -d)"; \
-    gpg --no-tty --import /tmp/gosu.key; \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
-    \
-    chmod +x /usr/local/bin/gosu; \
-# verify that the binary works
-    gosu nobody true
-
-# Add configuraton files
-COPY resources/config.json resources/.sequelizerc /files/
-
-RUN apt-get update && \
-    apt-get install -y git build-essential jq && \
-    # Add fonts for PDF export
-    apt-get install -y fonts-noto && \
-
-    # Clone the source
-    git clone --depth 1 --branch "$VERSION" "$CODIMD_REPOSITORY" /codimd && \
-    # Print the cloned version and clean up git files
-    cd /codimd && \
-    git log --pretty=format:'%ad %h %d' --abbrev-commit --date=short -1 && echo && \
-    git rev-parse HEAD > /tmp/gitref && \
-    rm -rf /codimd/.git && \
-
-    # Mime the git repository for fullversion
-    mkdir /codimd/.git && \
-    mv /tmp/gitref /codimd/.git/HEAD && \
-    jq ".repository.url = \"${CODIMD_REPOSITORY}\"" /codimd/package.json > /codimd/package.new.json && \
-    mv /codimd/package.new.json /codimd/package.json && \
-
-    # Symlink configuration files
-    rm -f /codimd/config.json && ln -s /files/config.json /codimd/config.json && \
-    rm -f /codimd/.sequelizerc && ln -s /files/.sequelizerc /codimd/.sequelizerc && \
-
-    # Install NPM dependencies and build project
-    yarn install --pure-lockfile && \
-    yarn install --production=false --pure-lockfile && \
-    npm run build && \
-
-    # Clean up this layer
-    yarn install && \
-    yarn cache clean && \
-    apt-get remove -y --auto-remove build-essential git jq && \
-    apt-get clean && apt-get purge && rm -r /var/lib/apt/lists/* && \
-    # Create codimd user
-    adduser --uid $UID --home /codimd/ --disabled-password --system codimd && \
-    chown -R codimd /codimd/
-
-WORKDIR /codimd
-EXPOSE 3000
-
-COPY resources/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
-
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
-
-CMD ["node", "app.js"]
-
--- a/codimd/docker-compose.yml
+++ b/codimd/docker-compose.yml
@ -14,29 +14,26 @@ services:
    restart: always

  app:
-    build:
-      context: .
-      args:
-        - "VERSION=1.4.0"
-        - "CODIMD_REPOSITORY=https://github.com/codimd/server.git"
+    image: quay.io/codimd/server:1.4.0
    environment:
-      DEBUG: false
-      CMD_DB_URL: postgres://codimd:codimdpass@database:5432/codimd
-      CMD_URL_ADDPORT: false
-      CMD_EMAIL: false
-      CMD_DOMAIN: codimd.auro.re
-      CMD_PROTOCOL_USESSL: true
-      CMD_USECDN: false
-      CMD_ALLOW_FREEURL: true
-      CMD_LDAP_URL: ldap://10.128.0.11
-      CMD_LDAP_BINDDN: cn=codimd,ou=service-users,dc=auro,dc=re
-      CMD_LDAP_BINDCREDENTIALS: CHANGE ME IN PRODUCTION, I WILL DIFFER !
-      CMD_LDAP_SEARCHBASE: cn=Utilisateurs,dc=auro,dc=re
-      CMD_LDAP_SEARCHFILTER: (uid={{username}})
-      CMD_LDAP_SEARCHATTRIBUTES: uid, givenName, mail
-      CMD_LDAP_USERIDFIELD: uid
-      CMD_LDAP_USERNAMEFIELD: uid
-      CMD_LDAP_PROVIDERNAME: Aurore
+      DEBUG: "false"
+      CMD_DB_URL: "postgres://codimd:codimdpass@database:5432/codimd"
+      CMD_URL_ADDPORT: "false"
+      CMD_EMAIL: "false"
+      CMD_DOMAIN: "codimd.auro.re"
+      CMD_PROTOCOL_USESSL: "true"
+      CMD_USECDN: "false"
+      CMD_ALLOW_FREEURL: "true"
+      CMD_IMAGE_UPLOAD_TYPE: "filesystem"
+      CMD_LDAP_URL: "ldap://10.128.0.11"
+      CMD_LDAP_BINDDN: "cn=codimd,ou=service-users,dc=auro,dc=re"
+      CMD_LDAP_BINDCREDENTIALS: "CHANGE ME IN PRODUCTION, I WILL DIFFER !"
+      CMD_LDAP_SEARCHBASE: "cn=Utilisateurs,dc=auro,dc=re"
+      CMD_LDAP_SEARCHFILTER: "(uid={{username}})"
+      CMD_LDAP_SEARCHATTRIBUTES: "uid, givenName, mail"
+      CMD_LDAP_USERIDFIELD: "uid"
+      CMD_LDAP_USERNAMEFIELD: "uid"
+      CMD_LDAP_PROVIDERNAME: "Aurore"
    ports:
      - "8081:3000"
    volumes:
--- a/codimd/resources/.sequelizerc
+++ b/codimd/resources/.sequelizerc
@ -1,8 +0,0 @@
-var path = require('path');
-
-module.exports = {
-    'config':          path.resolve('config.json'),
-    'migrations-path': path.resolve('lib', 'migrations'),
-    'models-path':     path.resolve('lib', 'models'),
-    'url':             process.env.CMD_DB_URL
-}
--- a/codimd/resources/config.json
+++ b/codimd/resources/config.json
@ -1,16 +0,0 @@
-{
-    "production": {
-        "urlAddPort": true,
-        "email": true,
-        "db": {
-            "username": "codimd",
-            "password": "codimdpass",
-            "database": "codimd",
-            "host": "database",
-            "port": "5432",
-            "dialect": "postgres"
-        },
-        "imageUploadType": "filesystem",
-        "useSSL": false
-    }
-}
--- a/codimd/resources/docker-entrypoint.sh
+++ b/codimd/resources/docker-entrypoint.sh
@ -1,74 +0,0 @@
-#!/bin/sh
-
-# Use gosu if the container started with root privileges
-UID="$(id -u)"
-[ "$UID" -eq 0 ] && GOSU="gosu codimd" || GOSU=""
-
-if [ "$HMD_DB_URL" != "" ] && [ "$CMD_DB_URL" = "" ]; then
-    CMD_DB_URL="$HMD_DB_URL"
-fi
-
-if [ "$HMD_IMAGE_UPLOAD_TYPE" != "" ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "" ]; then
-    CMD_IMAGE_UPLOAD_TYPE="$HMD_IMAGE_UPLOAD_TYPE"
-fi
-
-if [ "$CMD_DB_URL" = "" ]; then
-    CMD_DB_URL="postgres://hackmd:hackmdpass@hackmdPostgres:5432/hackmd"
-fi
-
-export CMD_DB_URL
-
-DB_SOCKET=$(echo ${CMD_DB_URL} | sed -e 's/.*:\/\//\/\//' -e 's/.*\/\/[^@]*@//' -e 's/\/.*$//')
-
-if [ "$DB_SOCKET" != "" ]; then
-    dockerize -wait "tcp://${DB_SOCKET}" -timeout 30s
-fi
-
-$GOSU ./node_modules/.bin/sequelize db:migrate
-
-# Print warning if local data storage is used but no volume is mounted
-[ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ] && { mountpoint -q ./public/uploads || {
-    echo "
-        #################################################################
-        ###                                                           ###
-        ###                        !!!WARNING!!!                      ###
-        ###                                                           ###
-        ###        Using local uploads without persistence is         ###
-        ###            dangerous. You'll loose your data on           ###
-        ###              container removal. Check out:                ###
-        ###  https://docs.docker.com/engine/tutorials/dockervolumes/  ###
-        ###                                                           ###
-        ###                       !!!WARNING!!!                       ###
-        ###                                                           ###
-        #################################################################
-    ";
-} ; }
-
-# Change owner and permission if filesystem backend is used and user has root permissions
-if [ "$UID" -eq 0 ] && [ "$CMD_IMAGE_UPLOAD_TYPE" = "filesystem" ]; then
-    if [ "$UID" -eq 0 ]; then
-        chown -R codimd ./public/uploads
-        chmod 700 ./public/uploads
-    else
-        echo "
-            #################################################################
-            ###                                                           ###
-            ###                        !!!WARNING!!!                      ###
-            ###                                                           ###
-            ###        Container was started without root permissions     ###
-            ###           and filesystem storage is being used.           ###
-            ###        In case of filesystem errors these need to be      ###
-            ###                      changed manually                     ###
-            ###                                                           ###
-            ###                       !!!WARNING!!!                       ###
-            ###                                                           ###
-            #################################################################
-        ";
-    fi
-fi
-
-# Sleep to make sure everything is fine...
-sleep 3
-
-# run
-exec $GOSU "$@"
--- a/codimd/resources/gosu-gpg.key
+++ b/codimd/resources/gosu-gpg.key
--- a/codimd/resources/utf8.cnf
+++ b/codimd/resources/utf8.cnf
@ -1,11 +0,0 @@
-[client]
-default-character-set=utf8
-
-[mysql]
-default-character-set=utf8
-
-
-[mysqld]
-collation-server = utf8_unicode_ci
-init-connect='SET NAMES utf8'
-character-set-server = utf8