diff --git a/Dockerfile b/Dockerfile index 1fa78e4f..71ab7916 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,108 +1,113 @@ # The first instruction is what image we want to base our container on # We Use an official Python runtime as a parent image FROM python:3.9 # The enviroment variable ensures that the python output is set straight # to the terminal with out buffering it first ENV PYTHONUNBUFFERED 1 # Not forcing anybody's hand here, just a bunch of packages that could become useful soon RUN apt-get update && \ apt-get upgrade -y && \ apt-get install -y nginx supervisor sqlite3 mariadb-client rsync && \ pip3 install -U pip setuptools && \ rm -rf /var/lib/apt/lists/* - # Set the working directory to /OACCT_checker WORKDIR /oacct_checker #RUN chown 1001 /oacct_checker # Copy the current directory contents into the container at /OACCT_checker ADD . /oacct_checker/ # Install any needed packages specified in requirements.txt RUN pip install -r requirements.txt # install Node.JS ansd NPM RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - RUN apt-get install -y nodejs # frontend with node js RUN npm install # COPY . /oacct_checker/ #RUN chown -R 1001 /oacct_checker #RUN find /oacct_checker -path "*/node_modules/*" ! -path "*/node_modules" -exec chown 1001:0 {} \; RUN chown 1001:0 /oacct_checker RUN chown -R 1001:0 /oacct_checker/static/ /oacct_checker/reactDoc/styleguide # Permissions as per https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines #RUN chgrp -R 0 /oacct_checker && \ # chmod -R g=u /oacct_checker #RUN find /oacct_checker ! -path "*/node_modules/*" ! -path "*/node_modules" -exec chmod g=u {} \; RUN chmod g=u /oacct_checker RUN chmod -R g=u /oacct_checker/static/ /oacct_checker/reactDoc/styleguide # install uwsgi now because it takes a little while RUN pip3 install uwsgi # setup all the configfiles COPY conf/supervisord.conf /etc/supervisor/supervisord.conf RUN echo "daemon off;" >> /etc/nginx/nginx.conf COPY conf/nginx-app.conf /etc/nginx/sites-available/default COPY conf/supervisor-app.conf /etc/supervisor/conf.d/ # not really necessary on OpenShift but doesn't hurt COPY conf/ssl/nginx-selfsigned.key /etc/ssl/private/ COPY conf/ssl/nginx-selfsigned.crt /etc/ssl/certs/ COPY conf/ssl/dhparam.pem /etc/ssl/certs/ COPY conf/ssl/self-signed.conf /etc/nginx/snippets COPY conf/ssl/ssl-params.conf /etc/nginx/snippets # Adjust permissions to allow supervisord & nginx logs on Openshift RUN chmod -R a+w /var/log/ RUN chmod -R a+w /var/run/ RUN chmod a+w /var/lib/nginx/ RUN chmod a+rx /etc/ssl/private/ # comment user directive as master process is run as user in OpenShift anyhow RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf # Redirect nginx logs to stdout and stderr to make them accessible on OpenShift #RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log RUN touch /var/log/nginx/access.log /var/log/nginx/error.log RUN chmod a+r /var/log/nginx/access.log /var/log/nginx/error.log RUN touch /var/log/wsgi.log /var/log/wsgi2.log RUN chmod a+rw /var/log/wsgi.log /var/log/wsgi2.log # build app for production RUN npm run build # build styleguide documentation -# RUN npm run styleguide:build +RUN npm run styleguide:build + +# build Sphinx documentation (just in case...) +WORKDIR /oacct_checker/sphinx +RUN make html +WORKDIR /oacct_checker + # Collect static files RUN python manage.py collectstatic --no-input #User at the end to avoid access error during building process USER 1001 #CMD /bin/bash -c 'python3 manage.py runserver 0.0.0.0:8080' CMD supervisord -n -c /etc/supervisor/supervisord.conf # CMD /bin/bash -c 'python3 manage.py collectstatic --noinput && python3 manage.py runserver 0.0.0.0:8080' # test with static files # PermissionError: [Errno 13] Permission denied: '/oacct_checker/staticfiles' # 15.03.2021 new error PermissionError: [Errno 1] Operation not permitted # CMD /bin/bash -c 'python3 manage.py collectstatic --noinput && python3 manage.py runserver 0.0.0.0:8080' #test with npm run build --> npm not found diff --git a/conf/nginx-app.conf b/conf/nginx-app.conf index 2769be72..0eab2284 100644 --- a/conf/nginx-app.conf +++ b/conf/nginx-app.conf @@ -1,142 +1,176 @@ # nginx-app.conf # Enable CORS for selected origins # map instead of many if's map $http_origin $cors { default "null"; "https://www.test-cors.org" $http_origin; "https://www.epfl.ch" $http_origin; "http://127.0.0.1" $http_origin; "https://localhost" $http_origin; } # the upstream component nginx needs to connect to upstream django { server unix:/oacct_checker/app.sock; # for a file socket # server 127.0.0.1:8001; # for a web port socket (we'll use this first) } server { listen 8080 default_server; #listen [::]:80 ; server_name 127.0.0.1; ## Redirige le HTTP vers le HTTPS ## #return 301 https://$server_name$request_uri; # default max body size of 1M not sufficient for 1000 journals client_max_body_size 100M; add_header "Content-Security-Policy" "default-src 'self' https://web2018.epfl.ch https://cdn.datatables.net"; add_header "Strict-Transport-Security" "max-age=31536000"; # Django media; not needed in this project location /media { alias /oacct_checker; # your Django project's media files - amend as required } location /static { alias /oacct_checker/staticfiles; # your Django project's static files - amend as required # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } + location /sphinx { + alias /oacct_checker/sphinx/_build/html; # Sphinx documentation served separately + + # Simple requests (standard, probably overkill) + if ($request_method ~* "(GET|POST)") { + add_header "Access-Control-Allow-Origin" "$cors"; + } + + # Preflighted requests + if ($request_method = OPTIONS ) { + add_header "Access-Control-Allow-Origin" "$cors"; + add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; + add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + return 200; + } + } + + location /styleguide { + alias /oacct_checker/reactDoc/styleguide; # Sphinx documentation served separately + + # Simple requests + if ($request_method ~* "(GET|POST)") { + add_header "Access-Control-Allow-Origin" "$cors"; + } + + # Preflighted requests + if ($request_method = OPTIONS ) { + add_header "Access-Control-Allow-Origin" "$cors"; + add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; + add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + return 200; + } + } + # Finally, send all non-media requests to the Django server. location / { uwsgi_pass django; include /oacct_checker/conf/uwsgi_params; # the uwsgi_params file you installed # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } } # configuration of the server server { # the port your site will be served on, default_server indicates that this server block # is the block to use if no blocks match the server_name # SSL configuration listen 4443 ssl http2 default_server; listen [::]:4443 ssl http2 ; include snippets/self-signed.conf; include snippets/ssl-params.conf; # the domain name it will serve for server_name 127.0.0.1; # substitute your machine's IP address or FQDN charset utf-8; # max upload size client_max_body_size 75M; # adjust to taste add_header "Content-Security-Policy" "default-src 'self' https://web2018.epfl.ch https://cdn.datatables.net"; add_header "Strict-Transport-Security" "max-age=31536000"; # Django media location /media { alias /oacct_checker; # your Django project's media files - amend as required } location /static { alias /oacct_checker/staticfiles; # your Django project's static files - amend as required # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } # Finally, send all non-media requests to the Django server. location / { uwsgi_pass django; include /oacct_checker/conf/uwsgi_params; # the uwsgi_params file you installed # default timout of 60s too short for significant JSON uploads? uwsgi_read_timeout 300s; uwsgi_send_timeout 300s; # Simple requests if ($request_method ~* "(GET|POST)") { add_header "Access-Control-Allow-Origin" "$cors"; } # Preflighted requests if ($request_method = OPTIONS ) { add_header "Access-Control-Allow-Origin" "$cors"; add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; return 200; } } }