updated Docker, cleaned it up a bit, changed the README.md to document it a...

updated Docker, cleaned it up a bit, changed the README.md to document it a bit, changed what versions of software was used, to reflect that we are now using Ubuntu 20.04, Python 3.8 and Postgresql 12.

updated Docker, cleaned it up a bit, changed the README.md to document it a...
ffe1a9db · Jørgen Langgåt · 40a9b02c · ffe1a9db · ffe1a9db · ffe1a9db
Commit ffe1a9db authored 2 years ago by Jørgen Langgåt
--- a/Docker/README.md
+++ b/Docker/README.md
+# RAVEN docker
+
+Build and install Raven using *docker*, *Ubuntu 20.04*, *Python 3.8*, *Nodejs 14*, *Postgresql 12* and *Postgis 3.2*.
+
+You'll need to have `docker` and `docker-compose` installed already before continuing.
+
+## Docker build
+
+Run the following two build-commands from the directory where the dockerfiles are located.
+
+```bash
+docker build -t raven/ravendb . -f ravendb.dockerfile
+docker build -t raven/ravenapp . -f ravenapp.dockerfile
+```
+
+## Docker run
+
+To make sure the containers are able to communicate with each other it's best to use `docker-compose` to get it all set up.
+
+Docker-compose is configured to make a network called `ravennet`, and a volume, `ravendata`. Ravenapp and will use `ravennet` to communicate with the databse, and ravendb will use `ravendata` to store the Postgresql database, under `/pgdata`.
+
+```bash
+docker-compose up -d
+```
+
+### HTTP vs HTTPS
+
+As it is set up, per 2022, this docker example is just exposing HTTP. There is a line in `ravenapp.dockerfile` where we copy `apache2-raven.conf` into `/etc/apache2/sites-available/raven.conf`. After runing `docker-compose up -d` you should be able to visit *localhost:80* and have a running Raven installation.
+
+It is stronly recommended using **HTTPS** and not **HTTP**, but to be able to use **HTTPS** you'll have to use TLS certificates, witch is not provided here. There is an example of an apache2 config for ssl, see `apache2-raven-ssl.conf`. Replace the `SSLCertificateFile`, `SSLCertificateKeyFile` and `SSLCertificateChainFile` as fits.
+
+Change the line in `ravenapp.dockerfile` for `COPY apache2-raven.conf`, to use `apache2-raven-ssl.conf` instead, and add lines to copy the certificate files.
+
+```dockerfile
+COPY --chown=root:root apache2-raven-ssl.conf /etc/apache2/sites-available/raven.conf
+COPY --chown=root:root raven.pem /etc/apache2/ssl/raven.pem
+COPY --chown=root:root raven.key /etc/apache2/ssl/raven.key
+```
+
+Change the line `EXPOSE 80` to `EXPOSE 443`.
+
+It's also possible to use a reverse-proxy, load-balancing proxy or others, in front of the containers, to provide services such at `HTTPS`.
--- a/Docker/TODO.md
+++ b/Docker/TODO.md
+# ubuntu 16.04
+apt-get -y install postgresql-9.5 postgresql-9.5-postgis-2.2
+apt-get -y install libpq-dev postgresql-client-9.5
+
+# /usr/lib/postgresql/9.5/bin/postgres -D /var/lib/postgresql/9.5/main -c config_file=/etc/postgresql/9.5/main/postgresql.conf
+
+# should not have to be superuser, but schemasql sets owner to postgres on everythin
+CREATE USER ravendb WITH SUPERUSER PASSWORD 'ravendb';
+CREATE DATABASE ravendb WITH owner=ravendb;
+
+# localhost if done from the database server, or use hostname if from client
+# localhost if database server and webserver is same host.
+# postgis extentions must be installed as postgres-user, or superuser
+psql -h localhost -U ravendb -d ravendb -W -f /var/tmp/schema.sql
+#psql -U ravendb -h ravendb -d ravendb -f update_schema_v1.sql
+#psql -U ravendb -h ravendb -d ravendb -f Update_schema_v2.sql
+
+apt-get -y install wget curl python3 apt-transport-https
+
+# apache2.4, flask modul, python3-flask
+apt-get -y install python3-virtualenv virtualenv
+apt-get -y install apache2 libapache2-mod-wsgi-py3 python3-dev python3-pip
+
+a2enmod wsgi
+a2enmod headers
+a2enmod rewrite
+
+# newest stable version of Node.js and Yarn
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
+curl -sL https://deb.nodesource.com/setup_12.x | bash -
+apt-get -y install nodejs yarn
+
+ENV RAVENHOME /var/www/html/raven
+
+# Copy the src code from Raven. have to do git pull in front of a build
+COPY --chown=www-data:www-data raven $RAVENHOME
+COPY --chown=www-data:www-data raven.wsgi $RAVENHOME/
+COPY --chown=www-data:www-data config.ini $RAVENHOME/web/
+COPY --chown=root:root apache2-raven.conf /etc/apache2/sites-available/
+
+# Raven setup
+USER www-data
+RUN virtualenv --python=/usr/bin/python3 --system-site-packages $RAVENHOME/.virtualenv
+RUN cp $RAVENHOME/requirements.txt $RAVENHOME/.virtualenv/
+RUN cd $RAVENHOME/.virtualenv
+RUN source bin/activate
+RUN pip install -r requirements.txt
+RUN cd $RAVENHOME/web/client
+RUN yarn install --network-timeout 1000000
+RUN yarn build
+RUN touch $RAVENHOME/raven.wsgi
+
+USER root
+
+RAVENROOT=/var/www/html/raven
+
+a2dissite 000-default && a2ensite raven
+
+# Code snippet for dockerfile
+
+if $(psql -h ravendb -U ravendb -d ravendb -c 'SELECT count(*) from users;' 2>1 >/dev/null); 
+then
+        # db already initialiazed
+        echo "Database already initialized";
+else
+        psql -h ravendb -U postgres -d postgres -c "CREATE USER ravendb WITH SUPERUSER PASSWORD 'ravendb';";
+        psql -h ravendb -U postgres -d postgres -c "CREATE DATABASE ravendb WITH owner=ravendb;";
+        psql -h ravendb -U ravendb -d ravendb -f $RAVENROOT/db_scritps/schema.sql; 
+fi
+/usr/sbin/apache2ctl -D FOREGROUND
--- a/Docker/apache2-raven-ssl.conf
+++ b/Docker/apache2-raven-ssl.conf
+<VirtualHost *:80>
+        ServerName raven.nilu.no
+        RewriteEngine on
+        RewriteCond %{SERVER_PORT} !^443$
+        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+        ServerName raven.nilu.no
+
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
+        Header always set X-Frame-Options: sameorigin
+        Header always set X-Content-Type-Options "nosniff"
+        Header always set X-XSS-Protection: "1; mode=block"
+
+        ServerAdmin webmaster@nilu.no
+
+        SSLEngine on
+        SSLCertificateFile /etc/apache2/ssl/raven.pem
+        SSLCertificateKeyFile /etc/apache2/ssl/raven.key
+        #SSLCertificateChainFile /etc/apache2/ssl/DigiCertCA.crt
+
+        SSLProtocol             all -SSLv2 -SSLv3
+
+        SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+        SSLHonorCipherOrder     on
+
+        #SSLOpenSSLConfCmd DHParameters "/etc/apache2/ssl/dhparams.pem"
+
+        DocumentRoot /var/www/html/raven
+
+        WSGIDaemonProcess raven user=www-data group=www-data threads=5 python-home=/var/www/html/raven/.virtualenv python-path=/var/www/html/raven
+        WSGIScriptAlias / /var/www/html/raven/raven.wsgi
+
+        LogLevel info
+
+        ErrorLog ${APACHE_LOG_DIR}/raven.nilu.no-error.log
+        CustomLog ${APACHE_LOG_DIR}/raven.nilu.no-access.log combined
+
+
+        <Directory /var/www/html/raven>
+                Options Indexes FollowSymLinks MultiViews
+
+                WSGIProcessGroup raven
+                WSGIApplicationGroup %{GLOBAL}
+                WSGIScriptReloading On
+                WSGIPassAuthorization On
+
+                RewriteEngine On
+                RewriteBase /
+                RewriteRule ^index\.html$ - [L]
+                RewriteCond %{REQUEST_FILENAME} !-f
+                RewriteCond %{REQUEST_FILENAME} !-d
+                RewriteRule . /index.html [L]
+
+
+                AllowOverride All
+                Order allow,deny
+                allow from all
+
+        </Directory>
+
+        # For most configuration files from conf-available/, which are
+        # enabled or disabled at a global level, it is possible to
+        # include a line for only one particular virtual host. For example the
+        # following line enables the CGI configuration for this host only
+        # after it has been globally disabled with "a2disconf".
+        # Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+
--- a/Docker/apache2-raven.conf
+++ b/Docker/apache2-raven.conf
+<VirtualHost *:80>
+        #ServerName raven.nilu.no
+
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
+        Header always set X-Frame-Options: sameorigin
+        Header always set X-Content-Type-Options "nosniff"
+        Header always set X-XSS-Protection: "1; mode=block"
+
+        DocumentRoot /var/www/html/raven
+
+        WSGIDaemonProcess raven user=www-data group=www-data threads=5 python-home=/var/www/html/raven/.virtualenv python-path=/var/www/html/raven
+        WSGIScriptAlias / /var/www/html/raven/raven.wsgi
+
+        LogLevel info
+
+        ErrorLog ${APACHE_LOG_DIR}/raven-error.log
+        CustomLog ${APACHE_LOG_DIR}/raven-access.log combined
+
+
+        <Directory /var/www/html/raven>
+                Options Indexes FollowSymLinks MultiViews
+
+                WSGIProcessGroup raven
+                WSGIApplicationGroup %{GLOBAL}
+                WSGIScriptReloading On
+                WSGIPassAuthorization On
+
+                RewriteEngine On
+                RewriteBase /
+                RewriteRule ^index\.html$ - [L]
+                RewriteCond %{REQUEST_FILENAME} !-f
+                RewriteCond %{REQUEST_FILENAME} !-d
+                RewriteRule . /index.html [L]
+
+
+                AllowOverride All
+                Order allow,deny
+                allow from all
+
+        </Directory>
+
+</VirtualHost>
+
--- a/Docker/config.ini
+++ b/Docker/config.ini
+[session]
+secret_key = "thisisasecretkey!hushhushhushhush!!!!!!"
+session_lifetime = 480
+
+[database]
+connectionstring = dbname='ravendb' user='ravendb' host='ravendb' password='ravendb'
--- a/Docker/docker-compose.yml
+++ b/Docker/docker-compose.yml
+version: '3.7'
+
+services:
+  ravendb:
+    image: raven/ravendb
+    volumes: 
+      - type: volume
+        source: ravendata
+        target: /pgdata
+    environment:
+      POSTGRES_PASSWORD: ravendb
+      PGDATA: /pgdata
+    networks:
+      - ravennet
+
+  ravenapp:
+    image: raven/ravenapp
+    ports:
+      - 8080:80
+    networks:
+      - ravennet
+    restart: on-failure
+
+networks:
+  ravennet:
+
+volumes:
+  ravendata:
+
--- a/Docker/entrypoint.sh
+++ b/Docker/entrypoint.sh
+#!/bin/bash
+set -e
+
+
+exec 3>&1 4>&2
+trap 'exec 2>&4 1>&3' 0 1 2 3
+exec 1>/var/tmp/entrypoint_log.out 2>&1
+
+RAVENROOT=/var/www/html/raven
+
+until psql -h ravendb -U postgres -d postgres -c '\q'; do
+  >&2 echo "Postgres is unavailable - sleeping"
+  sleep 1
+done
+
+if $(psql -h ravendb -U ravendb -d ravendb -c 'SELECT count(*) from users;' 2>1 >/dev/null); 
+then 
+	# db already initialiazed
+	echo "Database already initialized";
+	>/var/tmp/.ravendb_ok;
+else 
+	psql -h ravendb -U postgres -d postgres -c "CREATE USER ravendb WITH PASSWORD 'ravendb';";
+	psql -h ravendb -U postgres -d postgres -c "CREATE DATABASE ravendb WITH owner=ravendb;";
+	psql -h ravendb -U postgres -d ravendb -f $RAVENROOT/db_scripts/postgis_extension.sql; 
+	psql -h ravendb -U ravendb -d ravendb -f $RAVENROOT/db_scripts/schema.sql; 
+	>/var/tmp/.ravendb_made-$(date +%F);
+
+fi
+
+/usr/sbin/apache2ctl -D FOREGROUND
+
+
--- a/Docker/pgpass.conf
+++ b/Docker/pgpass.conf
+ravendb:5432:postgres:postgres:ravendb
+ravendb:5432:ravendb:ravendb:ravendb
+ravendb:5432:ravendb:postgres:ravendb
--- a/Docker/raven.wsgi
+++ b/Docker/raven.wsgi
+import sys
+
+PROJECT_DIR = '/var/www/html/raven'
+sys.path.insert(0, PROJECT_DIR)
+
+from app import app as application
+
--- a/Docker/ravenapp.dockerfile
+++ b/Docker/ravenapp.dockerfile
+# Dockerfile, for raven
+
+FROM ubuntu:20.04
+
+ENV TZ=Europe/Oslo
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# make sure the base image is up to date
+RUN apt-get update && apt-get -y dist-upgrade \
+# install base system
+&& apt-get -y install apt-utils \
+&& apt-get -y install net-tools iputils-ping vim netcat-openbsd wget curl git lsb-release bash virtualenv \
+# Python dependencies
+&& apt-get -y install python3 apt-transport-https python3-venv python3-dev python3-pip \
+# Apache2.4 dependencies
+&& apt-get -y install apache2 libapache2-mod-wsgi-py3 \
+&& a2enmod wsgi \
+&& a2enmod headers \
+&& a2enmod rewrite \
+# Postgresql dependencies
+&& apt-get -y install libpq-dev postgresql-client-12 \
+# newest stable version of Node.js and Yarn
+&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
+&& curl -sL https://deb.nodesource.com/setup_14.x | bash - \
+&& apt-get -y install nodejs yarn \
+# Hosekeeping, shrink the image as much as posible
+&& apt-get -y autoremove && apt-get clean all \
+&& chown www-data:www-data /var/www /var/www/html
+
+#  pretty prompt for debug
+RUN echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:RAVEN:\[\033[01;34m\]\w\[\033[00m\]\n\$ '" >>/root/.bashrc \
+&& echo "root:root" | chpasswd
+
+ENV RAVENHOME /var/www/html/raven
+
+USER www-data
+# 1. fetch raven from git 
+# 2. Setting up the Python3 environment 
+# 3. install all the required packages with pip
+# 4. Install and build the nodejs dependencies and packages.
+# 5. touch raven.wsgi
+RUN cd /var/www/html && git clone https://git.nilu.no/eea-tools/raven.git \
+&& python3 -m venv $RAVENHOME/.virtualenv \
+&& cp $RAVENHOME/requirements.txt $RAVENHOME/.virtualenv/ \
+&& bash -c "source $RAVENHOME/.virtualenv/bin/activate && pip install --upgrade pip && pip install -r $RAVENHOME/.virtualenv/requirements.txt" \
+&& cd $RAVENHOME/web/client && yarn install --network-timeout 1000000 && yarn build \
+&& touch $RAVENHOME/raven.wsgi
+
+# Startupscript for apache is ran by root,but apache2 will run as www-data as acordance with
+# the apache2 configuration.
+USER root
+# Copy the src code from Raven. have to do git pull in front of a build
+#COPY --chown=www-data:www-data raven $RAVENHOME
+COPY --chown=www-data:www-data raven.wsgi $RAVENHOME/
+COPY --chown=www-data:www-data config.ini $RAVENHOME/web/
+COPY --chown=www-data:www-data pgpass.conf /var/www/.pgpass
+COPY --chown=root:root pgpass.conf /root/.pgpass
+COPY --chown=root:root apache2-raven.conf /etc/apache2/sites-available/raven.conf
+
+RUN a2dissite 000-default && a2ensite raven
+EXPOSE 80
+
+COPY --chown=root:root entrypoint.sh /
+CMD ["/bin/bash", "/entrypoint.sh" ]
--- a/Docker/ravendb.dockerfile
+++ b/Docker/ravendb.dockerfile
+# Dockerfile, for ravendb
+
+FROM postgis/postgis:12-3.2
+
+# make sure the base image is up to date
+RUN apt-get update && apt-get -y install curl
+