chore: start adding Docker support

[skip ci]

.docker/buildenv/Dockerfile

@@ -0,0 +1,32 @@
+FROM debian:stretch
+
+RUN apt-get update
+RUN apt-get install \
+  --no-install-recommends \
+  --assume-yes \
+  curl ca-certificates \
+  git \
+  build-essential \
+  cmake \
+  autoconf automake libtool \
+  libssl1.0-dev libssh-dev libz-dev clang \
+  libpq-dev \
+  pkg-config
+
+RUN git clone -b stable git://github.com/jedisct1/libsodium.git /libsodium
+
+WORKDIR /libsodium
+
+RUN ./autogen.sh
+RUN ./configure --prefix="$HOME/libsodium-build"
+RUN make install
+
+WORKDIR /
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly-2018-06-28
+
+RUN echo "source $HOME/.cargo/env" >> $HOME/.bashrc
+RUN echo "export PKG_CONFIG_PATH=$HOME/libsodium-build/lib/pkgconfig" >> $HOME/.bashrc
+RUN echo "export LD_LIBRARY_PATH=$HOME/libsodium-build/lib" >> $HOME/.bashrc
+
+WORKDIR /paste

.docker/docker-compose.yml

@@ -0,0 +1,37 @@
+version: '3'
+services:
+  backend:
+    build: run
+    command: /run.sh --release
+    volumes:
+      - "../:/paste"
+    depends_on:
+      - postgres
+      - redis
+      - sidekiq
+  redis:
+    image: redis
+  postgres:
+    image: postgres
+    environment:
+      - POSTGRES_USER=paste
+      - POSTGRES_PASSWORD=paste
+  sidekiq:
+    build: sidekiq
+    depends_on:
+      - redis
+    volumes:
+      - "../:/paste"
+  nginx:
+    image: nginx:alpine
+    restart: always
+    depends_on:
+      - backend
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./run/nginx/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "./run/nginx/sites:/etc/nginx/sites:ro"
+      - "./run/nginx/certs:/etc/nginx/certs:ro"
+      - "../webserver/web/static:/etc/nginx/web/static:ro"

.docker/run/Dockerfile

@@ -0,0 +1,9 @@
+FROM jkcclemens/paste
+
+RUN $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres
+
+RUN apt-get install --assume-yes netcat
+
+ADD run.sh /run.sh
+
+CMD /run.sh

.docker/run/nginx/nginx.example.conf

@@ -0,0 +1,58 @@
+# NOTE: change this based on your machine (equal to # CPU cores)
+worker_processes 2;
+# NOTE: change this based on your machine (ulimit -n)
+worker_connections 1024;
+
+error_log error.log;
+error_log info.log notice;
+error_log info.log info;
+
+pid nginx.pid;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include mime.types;
+  default_type application/octet-stream;
+
+  server_tokens off;
+
+  sendfile on;
+
+  keepalive_timeout 65;
+
+  gzip on;
+
+  # TODO: brotli by default somehow
+  # brotli on;
+  # brotli_comp_level 4;
+  # brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
+
+  # TODO: TLS security
+  # ssl_dhparam /etc/ssl/dhparam.pem;
+
+  # ssl_protocols TLSv1.3 TLSv1.2;
+  # ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA';
+  # ssl_prefer_server_ciphers on;
+
+  # ssl_session_timeout 1d;
+  # ssl_session_cache shared:SSL:50m;
+  # ssl_session_tickets off;
+  # ssl_ecdh_curve X25519:secp384r1;
+
+  # OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  resolver 1.1.1.1; # 1dot1dot1dot1.cloudflare-dns.com
+
+
+  # NOTE: change this to change the max upload size nginx will accept (Rocket must also be changed)
+  client_max_body_size 1m;
+  client_body_buffer_size 10K;
+  client_header_buffer_size 1k;
+  large_client_header_buffers 2 1k;
+
+  include sites/*.conf;
+}

.docker/run/nginx/sites/paste.http.example

@@ -0,0 +1,24 @@
+# This file should be called paste.conf when you are done with it
+
+server {
+  listen 80;
+  listen [::]:80;
+  # CHANGE: change this to your host
+  server_name change.me;
+
+  location /static/ {
+    alias /etc/nginx/web/static/;
+  }
+
+  location /favicon.ico {
+    return 308 /static/favicons/favicon.ico;
+  }
+
+  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP $remote_addr;
+    # CHANGE: change this to your host
+    proxy_set_header Host change.me;
+    proxy_pass https://backend:8000;
+  }
+}

.docker/run/nginx/sites/paste.https.example

@@ -0,0 +1,42 @@
+# This file should be called paste.conf when you are done with it
+
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  # CHANGE: change this to your host
+  server_name change.me;
+
+  # CHANGE: change fullchain.pem and privkey.pem to the files you've put in the certs directroy
+  #         place certs and keys in .docker/run/nginx/certs
+  ssl_certificate /etc/nginx/certs/fullchain.pem;
+  ssl_certificate_key /etc/nginx/certs/privkey.pem;
+
+  # NOTE: uncomment to enable HSTS
+  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
+  location /static/ {
+    alias /etc/nginx/web/static/;
+  }
+
+  location /favicon.ico {
+    return 308 /static/favicons/favicon.ico;
+  }
+
+  location / {
+    # CHANGE: change this to your host
+    proxy_set_header Host change.me;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_pass https://backend:8000;
+  }
+}
+
+# This redirects all http requests to https
+server {
+  listen 80;
+  listen [::]:80;
+  # CHANGE: change this to your host
+  server_name change.me;
+
+  return 301 https://$server_name$request_uri;
+}

.docker/run/run.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+source "$HOME/.bashrc"
+
+while ! nc -z postgres 5432; do
+  sleep 1
+done
+
+diesel migration --migration-dir=webserver/migrations run
+
+cargo build -p worker_email "$@"
+cargo build -p worker_delete_all_pastes "$@"
+
+cargo run "$@" -p webserver config.toml

.docker/sidekiq/Dockerfile

@@ -0,0 +1,11 @@
+# FROM ruby:alpine # can't use alpine because ffi shared libraries
+FROM ruby
+
+# RUN apk add --no-cache build-base
+RUN apt-get update && apt-get install --assume-yes --no-install-recommends build-essential
+
+RUN gem install sidekiq ffi
+
+WORKDIR /paste
+
+CMD ./sidekiq.sh

.gitignore

@@ -1,6 +1,12 @@
 /target
 **/*.rs.bk
+
 /Rocket.toml
 /config.toml
 /.env
 /sidekiq.yml
+/sidekiq.sh
+
+.docker/run/nginx/certs/*
+.docker/run/nginx/sites/*.conf
+.docker/run/nginx/nginx.conf