diff --git a/deploy/stackhub.service b/deploy/websoft9.service similarity index 55% rename from deploy/stackhub.service rename to deploy/websoft9.service index 4a14df4c..9cb79f41 100644 --- a/deploy/stackhub.service +++ b/deploy/websoft9.service @@ -14,3 +14,9 @@ StandardError=syslog [Install] WantedBy=multi-user.target + + + +internal_ip=$(ip addr show eth0 | awk '/inet /{split($2, a, "/"); print a[1]}') +nsenter -m -u -i -n -p -t 1 sh -c "sed -i '/websoft9-apphub/d' /etc/hosts" +nsenter -m -u -i -n -p -t 1 sh -c "echo $internal_ip websoft9-apphub>> /etc/hosts" diff --git a/docker/w9apphub/.env b/docker/w9apphub/.env index 0c3e999a..b5ae75de 100644 --- a/docker/w9apphub/.env +++ b/docker/w9apphub/.env @@ -1,4 +1,3 @@ -APP_NAME=websoft9-appmanage +APP_NAME=websoft9-apphub APP_VERSION=0.8.17 -APP_HTTP_PORT=5000 APP_NETWORK=websoft9 diff --git a/docker/w9apphub/Dockerfile b/docker/w9apphub/Dockerfile index fab17f47..fb5cba0f 100644 --- a/docker/w9apphub/Dockerfile +++ b/docker/w9apphub/Dockerfile @@ -2,24 +2,46 @@ FROM python:3.10-slim LABEL maintainer="Websoft9" LABEL version="0.0.1" -# Create API Directory -WORKDIR /usr +ENV LIBRARY_VERSION=v0.5.4 -# Copy source and install pip dpendencies -COPY ../../appmanage_new/src /usr -COPY ../../appmanage_new/requirements.txt /usr + +# RUN mkdir /usr/src/app/config +WORKDIR /usr/websoft9 RUN apt update +RUN apt install -y supervisor wget git zip -# Install supervisord -RUN apt install -y supervisor iproute2 +RUN wget https://github.com/Websoft9/docker-library/archive/refs/tags/$LIBRARY_VERSION.zip -O /usr/websoft9/library.zip +RUN unzip library.zip +RUN mkdir credentials +RUN echo "This folder stored the credentials of other services that apphub will connect" > credentials/readme + +# Contentful + + +# Copy source and install pip dpendencies +# Todo: add virtualenv for Python install +COPY ../../appmanage_new ./apphub +RUN pip install -r apphub/requirements.txt + + +# supervisor COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf -COPY config/cmd.sh /cmd.sh -RUN chmod +x /etc/supervisor/conf.d/supervisord.conf /cmd.sh -RUN pip install -r requirements.txt -RUN mkdir /data -RUN mkdir /usr/src/app/config -COPY config/settings.conf /usr/src/app/config/ +RUN chmod +r /etc/supervisor/conf.d/supervisord.conf + +# entrypoint +COPY config/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + + +VOLUME /usr/websoft9/apphub/logs +VOLUME /usr/websoft9/apphub/src/conf +VOLUME /usr/websoft9/media + +# Clean +RUN rm -rf apphub/docs apphub/tests library.zip # Expose the port in which the application will be deployed -EXPOSE 5000 +EXPOSE 8080 + +ENTRYPOINT [/entrypoint.sh] diff --git a/docker/w9apphub/config/cmd.sh b/docker/w9apphub/config/cmd.sh deleted file mode 100644 index 4da1fbeb..00000000 --- a/docker/w9apphub/config/cmd.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -# start by supervisord -internal_ip=$(ip addr show eth0 | awk '/inet /{split($2, a, "/"); print a[1]}') -nsenter -m -u -i -n -p -t 1 sh -c "sed -i '/websoft9-apphub/d' /etc/hosts" -nsenter -m -u -i -n -p -t 1 sh -c "echo $internal_ip websoft9-apphub>> /etc/hosts" -/usr/bin/supervisord -supervisorctl start all -tail -f /dev/null diff --git a/docker/w9apphub/config/entrypoint.sh b/docker/w9apphub/config/entrypoint.sh new file mode 100644 index 00000000..d3d43f9a --- /dev/null +++ b/docker/w9apphub/config/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# start by supervisord + +/usr/bin/supervisord +supervisorctl start all +tail -f /dev/null diff --git a/docker/w9apphub/config/supervisord.conf b/docker/w9apphub/config/supervisord.conf index 509f3594..da821239 100644 --- a/docker/w9apphub/config/supervisord.conf +++ b/docker/w9apphub/config/supervisord.conf @@ -1,12 +1,10 @@ [supervisord] + nodaemon=false uvicorn app.main:app --reload --port 8080 -[program:appmanage] + +[program:apphub] + command=uvicorn main:get_app --host 0.0.0.0 --port 5000 --log-level info autostart=true -directory=/usr/src/app - -[program:job] -command=rq worker --url redis://websoft9-redis:6379/0 -autostart=true -directory=/usr/src/app +directory=/usr/websoft9/apphub \ No newline at end of file diff --git a/docker/w9apphub/credential.json b/docker/w9apphub/credential.json new file mode 100644 index 00000000..00f3a761 --- /dev/null +++ b/docker/w9apphub/credential.json @@ -0,0 +1,2 @@ +# filename=container_name +{"username":"appuser","password":"apppassword"} \ No newline at end of file diff --git a/docker/w9apphub/docker-compose.yml b/docker/w9apphub/docker-compose.yml index f68f1ae9..3c1edf69 100644 --- a/docker/w9apphub/docker-compose.yml +++ b/docker/w9apphub/docker-compose.yml @@ -6,7 +6,7 @@ services: container_name: ${APP_NAME} pid: host privileged: true - restart: unless-stopped + restart: always volumes: - apphub-logs:/usr/src/app/logs - apphub-db:/usr/src/app/db diff --git a/docker/w9deploy/Dockerfile b/docker/w9deployment/Dockerfile similarity index 100% rename from docker/w9deploy/Dockerfile rename to docker/w9deployment/Dockerfile diff --git a/docker/w9deploy/README.md b/docker/w9deployment/README.md similarity index 100% rename from docker/w9deploy/README.md rename to docker/w9deployment/README.md diff --git a/docker/w9deploy/docker-compose.yml b/docker/w9deployment/docker-compose.yml similarity index 62% rename from docker/w9deploy/docker-compose.yml rename to docker/w9deployment/docker-compose.yml index 62de78d5..463e3ff0 100644 --- a/docker/w9deploy/docker-compose.yml +++ b/docker/w9deployment/docker-compose.yml @@ -4,13 +4,17 @@ version: "3.8" services: portainer: - container_name: websoft9-deploy - image: websoft9dev/deploy:2.19.0 + container_name: websoft9-deployment + image: websoft9dev/deployment:2.19.0 entrypoint: ["/init_portainer"] - restart: unless-stopped + restart: always + ports: + - 9001-9999:9000 volumes: - portainer:/data - /var/run/docker.sock:/var/run/docker.sock + labels: + com.docker.compose.w9_http.port: 9000 networks: default: diff --git a/docker/w9deploy/init_portainer.go b/docker/w9deployment/init_portainer.go similarity index 100% rename from docker/w9deploy/init_portainer.go rename to docker/w9deployment/init_portainer.go diff --git a/docker/w9git/.env b/docker/w9git/.env index 15290e99..a921f346 100644 --- a/docker/w9git/.env +++ b/docker/w9git/.env @@ -5,6 +5,7 @@ APP_NETWORK=websoft9 INSTALL_LOCK=true DISABLE_SSH=true RUN_MODE=prod +# container inner port HTTP_PORT=3000 DISABLE_REGISTRATION=false REQUIRE_SIGNIN_VIEW=false diff --git a/docker/w9git/Dockerfile b/docker/w9git/Dockerfile index b0281ed5..b0b4e596 100644 --- a/docker/w9git/Dockerfile +++ b/docker/w9git/Dockerfile @@ -3,6 +3,5 @@ FROM gitea/gitea:1.20.4 LABEL maintainer="Websoft9" LABEL version="1.20.4" -COPY init.sh /usr/local/bin/init.sh -COPY ./init /etc/s6/init -RUN chmod -R 755 /etc/s6/init /usr/local/bin/init.sh +COPY ./src/s6/user /etc/s6/user +RUN chmod -R 755 /etc/s6/user \ No newline at end of file diff --git a/docker/w9git/README.md b/docker/w9git/README.md index 607afbe0..e40eb493 100644 --- a/docker/w9git/README.md +++ b/docker/w9git/README.md @@ -4,7 +4,4 @@ From official Gitea image, and: - Complete install wizard automaticlly by enviroment INSTALL_LOCK - Use default URL localhost for Host/Root_URL settings -- Create admin credential by admin cli -- Disable user register -- Disable Gravatar diff --git a/docker/w9git/docker-compose.yml b/docker/w9git/docker-compose.yml index 992f6ee9..f02531a3 100644 --- a/docker/w9git/docker-compose.yml +++ b/docker/w9git/docker-compose.yml @@ -8,13 +8,17 @@ services: gitea: container_name: $APP_NAME image: websoft9dev/gitea:$APP_VERSION - restart: unless-stopped + restart: always env_file: - .env volumes: - gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro + ports: + - 9001-9999:3000 + labels: + com.docker.compose.w9_http.port: 3000 networks: default: diff --git a/docker/w9git/init/run b/docker/w9git/init/run deleted file mode 100644 index 8ccdda85..00000000 --- a/docker/w9git/init/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -s6-svwait -u /etc/s6/gitea - -pushd /root >/dev/null -exec /usr/local/bin/init.sh -popd diff --git a/docker/w9git/src/s6/README.md b/docker/w9git/src/s6/README.md new file mode 100644 index 00000000..2eb63e55 --- /dev/null +++ b/docker/w9git/src/s6/README.md @@ -0,0 +1,5 @@ +## Readme + +- Create admin credential by admin cli +- to do: Disable user register +- to do: Disable Gravatar diff --git a/docker/w9git/src/s6/user/run b/docker/w9git/src/s6/user/run new file mode 100644 index 00000000..8a568558 --- /dev/null +++ b/docker/w9git/src/s6/user/run @@ -0,0 +1,6 @@ +#!/bin/bash + +[[ -f ./setup ]] && source ./setup +pushd /root >/dev/null +exec su-exec root /bin/echo "" +popd \ No newline at end of file diff --git a/docker/w9git/init.sh b/docker/w9git/src/s6/user/setup similarity index 90% rename from docker/w9git/init.sh rename to docker/w9git/src/s6/user/setup index c71133aa..19e7fa16 100644 --- a/docker/w9git/init.sh +++ b/docker/w9git/src/s6/user/setup @@ -1,5 +1,7 @@ #!/bin/bash +echo "start create user shell" + set -e cred_path="/var/websoft9/credential" @@ -16,6 +18,7 @@ mkdir -p "$(dirname "$cred_path")" # TODO IF admin is exists, echo it to cred_path +# TODO wait culr localhost:3000 echo "Create admin credential by admin cli" su -c " @@ -31,4 +34,4 @@ password=$(grep -o "generated random password is '[^']*" /tmp/credential | sed " echo "Save to credential" json="{\"username\":\"$username\",\"password\":\"$password\"}" -echo "$json" > "$cred_path" +echo "$json" > "$cred_path" \ No newline at end of file diff --git a/docker/w9proxy/.env b/docker/w9proxy/.env index 633cc371..ffe846f9 100644 --- a/docker/w9proxy/.env +++ b/docker/w9proxy/.env @@ -1,7 +1,3 @@ -POWER_PASSWORD=changeme APP_NAME=websoft9-proxy APP_VERSION=2.10.3 -APP_HTTP_PORT=9092 -APP_USER=admin@example.com -APP_PASSWORD=$POWER_PASSWORD -APP_NETWORK=websoft9 \ No newline at end of file +APP_NETWORK=websoft9 diff --git a/docker/w9proxy/docker-compose.yml b/docker/w9proxy/docker-compose.yml index 55705c5c..3b1ce9b2 100644 --- a/docker/w9proxy/docker-compose.yml +++ b/docker/w9proxy/docker-compose.yml @@ -6,14 +6,19 @@ version: "3.8" services: app: image: jc21/nginx-proxy-manager:${APP_VERSION} - restart: unless-stopped + restart: always container_name: ${APP_NAME} ports: - "80:80" - "443:443" + - "9001-9999:81" volumes: - nginx_data:/data - nginx_letsencrypt:/etc/letsencrypt + labels: + com.docker.compose.w9_http.port: 80 + com.docker.compose.w9_https.port: 443 + com.docker.compose.w9_console.port: 81 networks: default: @@ -22,4 +27,4 @@ networks: volumes: nginx_data: - nginx_letsencrypt: + nginx_letsencrypt: \ No newline at end of file diff --git a/docker/w9proxy/get_ip.sh b/docker/w9proxy/get_ip.sh deleted file mode 100644 index c508a60d..00000000 --- a/docker/w9proxy/get_ip.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -url_list=( - api.ipify.org - bot.whatismyipaddress.com - icanhazip.com - ifconfig.co - ident.me - ifconfig.me - icanhazip.com - ipecho.net/plain - ipinfo.io/ip - ip.sb - whatismyip.akamai.com - inet-ip.info -) - -curl_ip(){ - curl --connect-timeout 1 -m 2 $1 2>/dev/null - return $? -} - -debug(){ - for x in ${url_list[*]} - do - curl_ip $x - done -} - -print_ip(){ - for n in ${url_list[*]} - do - public_ip=`curl_ip $n` - check_ip=`echo $public_ip | awk -F"." '{print NF}'` - if [ ! -z "$public_ip" -a $check_ip -eq "4" ]; then - echo $public_ip - exit 0 - fi - done -} -#debug -print_ip diff --git a/docker/w9proxy/initproxy.conf b/docker/w9proxy/initproxy.conf index e7d21a62..245e7b05 100644 --- a/docker/w9proxy/initproxy.conf +++ b/docker/w9proxy/initproxy.conf @@ -17,73 +17,110 @@ server { rewrite ^/locales/(.*) /portainer/locales/$1 break; } -location /portainer/ { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Accept-Encoding \"\"; - proxy_pass http://websoft9-portainer:9000/; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_http_version 1.1; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; - if ($request_method = OPTIONS) { - return 204; - } - set $quot_tmp "\""; - # set $portainer_jwt "${quot_tmp}${arg_portainer_jwt}${quot_tmp}"; - set $portainer_jwt "${quot_tmp}${cookie_portainerJWT}${quot_tmp}"; - sub_filter '' ""; - sub_filter_once on; - sub_filter_types *; - } - - location /nginxproxymanager/ { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_pass http://websoft9-nginxproxymanager:81; - rewrite ^/nginxproxymanager/?(.*)$ /$1 break; - proxy_http_version 1.1; - proxy_redirect off; - proxy_set_header Upgrade $http_upgrade; - proxy_cache_bypass $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_cache_bypass $http_secret_header; - proxy_set_header Accept-Encoding \"\"; - add_header Pragma "no-cache"; - add_header Cache-Control "no-cache"; - if ($request_method = OPTIONS) { - return 204; - } - sub_filter '' ""; - # source changes - sub_filter 'href="/' 'href="/nginxproxymanager/'; - sub_filter 'src="/' 'src="/nginxproxymanager/'; - sub_filter '/api' '/nginxproxymanager/api'; - sub_filter '/assets' '/nginxproxymanager/assets'; - sub_filter '/js/' '/nginxproxymanager/js/'; - # script changes - sub_filter 'r.p="/' 'r.p="/nginxproxymanager/'; - sub_filter '"/login' '"/nginxproxymanager/login'; - sub_filter 'case"/logout"' 'case"/nginxproxymanager/logout"'; - sub_filter 'window.location="/"' 'window.location="/nginxproxymanager/"'; - sub_filter 'history.start({pushState:!0})' 'history.start({pushState:!0,root: "/nginxproxymanager/"})'; - sub_filter 'i.history.navigate(e.' 'i.history.navigate(e.replace("/nginxproxymanager","").'; - sub_filter_types *; - sub_filter_once off; - } - location / { - # Proxy! - include conf.d/include/proxy.conf; - } + # Proxy! + include conf.d/include/proxy.conf; + } + + + # proxy for portainer + location /w9deployment/ { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Scheme $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Accept-Encoding \"\"; + proxy_pass http://websoft9-deployment:9000/; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_http_version 1.1; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; + if ($request_method = OPTIONS) { + return 204; + } + set $quot_tmp "\""; + # set $portainer_jwt "${quot_tmp}${arg_portainer_jwt}${quot_tmp}"; + set $portainer_jwt "${quot_tmp}${cookie_portainerJWT}${quot_tmp}"; + sub_filter '' ""; + sub_filter_once on; + sub_filter_types *; + } + + + # proxy for Nginx proxy Manager + location /w9proxy/ { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Scheme $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://websoft9-proxy:81; + rewrite ^/w9proxy/?(.*)$ /$1 break; + proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_cache_bypass $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_cache_bypass $http_secret_header; + proxy_set_header Accept-Encoding \"\"; + add_header Pragma "no-cache"; + add_header Cache-Control "no-cache"; + if ($request_method = OPTIONS) { + return 204; + } + sub_filter '' ""; + # source changes + sub_filter 'href="/' 'href="/w9proxy/'; + sub_filter 'src="/' 'src="/w9proxy/'; + sub_filter '/api' '/w9proxy/api'; + sub_filter '/assets' '/w9proxy/assets'; + sub_filter '/js/' '/w9proxy/js/'; + # script changes + sub_filter 'r.p="/' 'r.p="/w9proxy/'; + sub_filter '"/login' '"/w9proxy/login'; + sub_filter 'case"/logout"' 'case"/w9proxy/logout"'; + sub_filter 'window.location="/"' 'window.location="/w9proxy/"'; + sub_filter 'history.start({pushState:!0})' 'history.start({pushState:!0,root: "/w9proxy/"})'; + sub_filter 'i.history.navigate(e.' 'i.history.navigate(e.replace("/w9proxy","").'; + sub_filter_types *; + sub_filter_once off; + } + + + # proxy for Gitea + location /w9git/ { + proxy_pass http://websoft9-git:3000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_hide_header X-Frame-Options; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; + if ($request_method = OPTIONS) { + return 204; + } + } + + + location /apidocs/static { + proxy_pass http://websoft9-apphub:8080/static; + } + + location /apidocs/openapi.json { + proxy_pass http://websoft9-apphub:8080/; + } + + location /apidocs/ { + proxy_pass http://websoft9-apphub:8080/redoc; + sub_filter 'src="/static' 'src="/apidocs/static'; + sub_filter 'spec-url="/' 'spec-url="/apidocs/openapi.json'; + } + # Custom include /data/nginx/custom/server_proxy[.]conf;