Docker

.env-example

@@ -0,0 +1,12 @@
+NODE_ENV=development
+
+POSTGRES_DB=okcandidate_platform_dev
+POSTGRES_USER=blaine
+POSTGRES_PASSWORD=complicatedPassword
+
+OKC_DB_HOST=db
+OKC_DB_NAME=okcandidate_platform_dev
+OKC_DB_USER=blaine
+OKC_DB_PASS=complicatedPassword
+
+OKC_SESSION_SECRET_KEY=someGobbledygookThatIsAtLeast32CharactersLong

.gitignore

@@ -5,4 +5,11 @@ coverage
 .tmp
 .DS_STORE
 npm-debug.log
+
+# Docker stuff
+.env
+docker/*.crt
+docker/*.key
+docker/*.srl
+docker/*.csr
 .vscode

Dockerfile

@@ -0,0 +1,22 @@
+# Copyright (c) 2016 code4hr <[email protected]> (http://code4hr.org/)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+FROM node:alpine
+
+RUN apk update && apk add python make g++

README.md

@@ -3,6 +3,24 @@ A comprehensive refactor of [OKCandidate](https://github.com/Code4HR/okcandidate
 
 # Setup
 
+## Docker
+
+A few setup steps need to happen before you can run everything in Docker.
+First, copy `.env-example` to `.env` to configure the application, then run
+`./gen-dev-cert` to create a development certificate chain so you can test
+everything over https.
+
+Then you can run `docker-compose up` and you just have to wait for everything to
+get started.
+
+Summary:
+
+    cp .env-example .env
+    ./gen-dev-cert
+    docker-compose up
+
+That will get you started with OkCandidate!
+
 ## Database
 A local postgres database will need to be created to run okcandidate-platform.  PgAdmin can be used to do this.
 

docker-compose.yml

@@ -0,0 +1,45 @@
+# Copyright (c) 2016 code4hr <[email protected]> (http://code4hr.org/)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+version: '3'
+services:
+  web:
+    image: nginx:alpine
+    volumes:
+      - ./docker/nginx.conf:/etc/nginx/nginx.conf
+      - ./docker/okcandidate.crt:/etc/nginx/okcandidate.crt
+      - ./docker/okcandidate.key:/etc/nginx/okcandidate.key
+      - /data/nginx/cache
+    ports:
+      - "80:80"
+      - "443:443"
+
+  app:
+    image: rydente/node:alpine-gyp
+    env_file: .env
+    command: "ash -c 'npm i && npm start'"
+    working_dir: /usr/src/app
+    volumes:
+      - .:/usr/src/app
+      - /usr/src/app/node_modules
+
+  db:
+    env_file: .env
+    image: postgres:alpine
+

docker/nginx.conf

@@ -0,0 +1,87 @@
+# Copyright (c) 2016 code4hr <[email protected]> (http://code4hr.org/)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  8196;
+    multi_accept on;
+    use epoll;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    tcp_nopush     on;
+    tcp_nodelay on;
+
+    keepalive_timeout  15;
+    keepalive_requests 100000;
+
+    open_file_cache max=200000 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    client_max_body_size 3m;
+
+    gzip  on;
+    gzip_types application/javascript text/css;
+
+    proxy_cache_path /data/nginx/cache keys_zone=one:10m;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "";
+
+    ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.2;
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
+    expires modified +1w;
+
+    proxy_redirect off;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_cache one;
+
+    server {
+        listen 80;
+        listen 443 ssl http2;
+        ssl_certificate okcandidate.crt;
+        ssl_certificate_key okcandidate.key;
+        add_header Strict-Transport-Security "max-age=31536000";
+
+        location / {
+            proxy_pass http://app:3000;
+        }
+    }
+}
+

gen-dev-cert

@@ -0,0 +1,33 @@
+#!/usr/bin/env sh
+
+# Copyright (c) 2016 code4hr <[email protected]> (http://code4hr.org/)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+openssl genrsa -out docker/root.key 2048
+openssl req -x509 -new -nodes -key docker/root.key -sha256 -days 1024 -out docker/root.crt \
+	-subj "/C=US/ST=Virginia/L=Norfolk/O=Code for Hampton Roads/OU=CWS/CN=Development Root CA"
+
+openssl genrsa -out docker/okcandidate.key 2048
+openssl req -new -key docker/okcandidate.key -out docker/okcandidate.csr \
+        -subj "/C=US/ST=Virginia/L=Norfolk/O=Code for Hampton Roads/OU=CWS/CN=*.okcandidate.com"
+openssl x509 -req -in docker/okcandidate.csr -CA docker/root.crt -CAkey docker/root.key \
+        -CAcreateserial -out docker/okcandidate.original.crt -days 500 -sha256
+cat docker/okcandidate.original.crt docker/root.crt > docker/okcandidate.crt
+