From a1926b8e80f418d555e6833af389dd4813d57494 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:07:01 -0400 Subject: [PATCH 1/7] Update readme Update the readme so we can get started on OkCandidate using Docker. Signed-off-by: Ryan Y --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 1b2231c..25b546b 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,24 @@ A comprehensive refactor of [OKCandidate](https://github.com/Code4HR/okcandidate # Setup +## Docker + +A few setup steps need to happen before you can run everything in Docker. +First, copy `.env-example` to `.env` to configure the application, then run +`./gen-dev-cert` to create a development certificate chain so you can test +everything over https. + +Then you can run `docker-compose up` and you just have to wait for everything to +get started. + +Summary: + + cp .env-example .env + ./gen-dev-cert + docker-compose up + +That will get you started with OkCandidate! + ## Database A local postgres database will need to be created to run okcandidate-platform. PgAdmin can be used to do this. From 924424bef862d5221acf752bc219ecee68f4d781 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:08:10 -0400 Subject: [PATCH 2/7] Ignore configuration artefacts Ignore the environment variable configuration and security certificates so we can see code changes here, not irrelevant artefacts. Signed-off-by: Ryan Y --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index 9d3c346..e949c51 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,8 @@ coverage .tmp .DS_STORE npm-debug.log + +# Docker stuff +.env +docker/*.crt +docker/*.key From 26877e2ee4c6cb44d2b97905fb2f65f50acb19db Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:09:34 -0400 Subject: [PATCH 3/7] Define a Node.js alpine gyp image Define an Alpine Linux Node.js + Python image so we can build packages which require node-gyp. Signed-off-by: Ryan Y --- Dockerfile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..288b8a5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +# Copyright (c) 2016 code4hr (http://code4hr.org/) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +FROM node:alpine + +RUN apk update && apk add python make g++ From 584b09e43aa98e7794015698de510d137dc64313 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:11:07 -0400 Subject: [PATCH 4/7] Include an environment variable file Include an environment variable example file so we can start using development settings, but also allow developers or admins to switch out the settings for production if they need to. Signed-off-by: Ryan Y --- .env-example | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .env-example diff --git a/.env-example b/.env-example new file mode 100644 index 0000000..0999d31 --- /dev/null +++ b/.env-example @@ -0,0 +1,6 @@ +NODE_ENV=development +OKC_DB_USER=blaine +OKC_DB_PASS='' +OKC_DB_NAME=okcandidate_platform_dev +OKC_DB_HOST=db +OKC_SESSION_SECRET_KEY=someGobbledygookThatIsAtLeast32CharactersLong From 048084ee6b133d308ad03ad5f97c80d7b774de63 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:16:29 -0400 Subject: [PATCH 5/7] Create certificate generation script Create a certificate generation script so we can have local development certificates to test OkCandidate over https with. Signed-off-by: Ryan Y --- .gitignore | 2 ++ gen-dev-cert | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 gen-dev-cert diff --git a/.gitignore b/.gitignore index e949c51..278cd71 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,5 @@ npm-debug.log .env docker/*.crt docker/*.key +docker/*.srl +docker/*.csr diff --git a/gen-dev-cert b/gen-dev-cert new file mode 100644 index 0000000..724307c --- /dev/null +++ b/gen-dev-cert @@ -0,0 +1,33 @@ +#!/usr/bin/env sh + +# Copyright (c) 2016 code4hr (http://code4hr.org/) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + +openssl genrsa -out docker/root.key 2048 +openssl req -x509 -new -nodes -key docker/root.key -sha256 -days 1024 -out docker/root.crt \ + -subj "/C=US/ST=Virginia/L=Norfolk/O=Code for Hampton Roads/OU=CWS/CN=Development Root CA" + +openssl genrsa -out docker/okcandidate.key 2048 +openssl req -new -key docker/okcandidate.key -out docker/okcandidate.csr \ + -subj "/C=US/ST=Virginia/L=Norfolk/O=Code for Hampton Roads/OU=CWS/CN=*.okcandidate.com" +openssl x509 -req -in docker/okcandidate.csr -CA docker/root.crt -CAkey docker/root.key \ + -CAcreateserial -out docker/okcandidate.original.crt -days 500 -sha256 +cat docker/okcandidate.original.crt docker/root.crt > docker/okcandidate.crt + From 019e46d3cdae66ee01699b32983d5d7e6d5992c2 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Tue, 28 Mar 2017 11:18:52 -0400 Subject: [PATCH 6/7] Dockerise OkCandidate Dockerise OkCandidate with a web server, application server and a database so we can get this system as close as we can to a production system. Signed-off-by: Ryan Y --- docker-compose.yml | 44 +++++++++++++++++++++++ docker/nginx.conf | 87 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 docker-compose.yml create mode 100644 docker/nginx.conf diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..f01bbb3 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,44 @@ +# Copyright (c) 2016 code4hr (http://code4hr.org/) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +version: '3' +services: + web: + image: nginx:alpine + volumes: + - ./docker/nginx.conf:/etc/nginx/nginx.conf + - ./docker/okcandidate.crt:/etc/nginx/okcandidate.crt + - ./docker/okcandidate.key:/etc/nginx/okcandidate.key + - /data/nginx/cache + ports: + - "80:80" + - "443:443" + + app: + image: rydente/node:alpine-gyp + env_file: .env + command: "ash -c 'npm i && npm start'" + working_dir: /usr/src/app + volumes: + - .:/usr/src/app + - /usr/src/app/node_modules + + db: + image: postgres:alpine + diff --git a/docker/nginx.conf b/docker/nginx.conf new file mode 100644 index 0000000..29c7617 --- /dev/null +++ b/docker/nginx.conf @@ -0,0 +1,87 @@ +# Copyright (c) 2016 code4hr (http://code4hr.org/) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 8196; + multi_accept on; + use epoll; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 15; + keepalive_requests 100000; + + open_file_cache max=200000 inactive=20s; + open_file_cache_valid 30s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + client_max_body_size 3m; + + gzip on; + gzip_types application/javascript text/css; + + proxy_cache_path /data/nginx/cache keys_zone=one:10m; + proxy_http_version 1.1; + proxy_set_header Connection ""; + + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1.2; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS; + expires modified +1w; + + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_cache one; + + server { + listen 80; + listen 443 ssl http2; + ssl_certificate okcandidate.crt; + ssl_certificate_key okcandidate.key; + add_header Strict-Transport-Security "max-age=31536000"; + + location / { + proxy_pass http://app:3000; + } + } +} + From ebe90205edd9730527cf43b1f9e6f3dab1f433e6 Mon Sep 17 00:00:00 2001 From: Ryan Y Date: Wed, 12 Apr 2017 19:16:15 -0400 Subject: [PATCH 7/7] Configure PostgreSQL with Docker Use the PostgreSQL environment variables in the Docker image so we can configure PostgreSQL and Trails to automatically create the database schema needed. Signed-off-by: Ryan Y --- .env-example | 12 +++++++++--- docker-compose.yml | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.env-example b/.env-example index 0999d31..993be9e 100644 --- a/.env-example +++ b/.env-example @@ -1,6 +1,12 @@ NODE_ENV=development -OKC_DB_USER=blaine -OKC_DB_PASS='' -OKC_DB_NAME=okcandidate_platform_dev + +POSTGRES_DB=okcandidate_platform_dev +POSTGRES_USER=blaine +POSTGRES_PASSWORD=complicatedPassword + OKC_DB_HOST=db +OKC_DB_NAME=okcandidate_platform_dev +OKC_DB_USER=blaine +OKC_DB_PASS=complicatedPassword + OKC_SESSION_SECRET_KEY=someGobbledygookThatIsAtLeast32CharactersLong diff --git a/docker-compose.yml b/docker-compose.yml index f01bbb3..7ca716e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,5 +40,6 @@ services: - /usr/src/app/node_modules db: + env_file: .env image: postgres:alpine