From df4bcd9786b46b643d915191c0c47d19ca4c656b Mon Sep 17 00:00:00 2001 From: nemunaire Date: Thu, 10 May 2018 21:12:51 +0200 Subject: [PATCH] Add Dockerfiles and docker-compose --- Dockerfile-admin | 34 +++++ Dockerfile-backend | 21 +++ Dockerfile-frontend | 27 ++++ configs/nginx-fic.conf | 1 + configs/nginx-frontend-htpasswd.conf | 186 +++++++++++++++++++++++++++ docker-compose.yml | 89 +++++++++++++ 6 files changed, 358 insertions(+) create mode 100644 Dockerfile-admin create mode 100644 Dockerfile-backend create mode 100644 Dockerfile-frontend create mode 100644 configs/nginx-fic.conf create mode 100644 configs/nginx-frontend-htpasswd.conf create mode 100644 docker-compose.yml diff --git a/Dockerfile-admin b/Dockerfile-admin new file mode 100644 index 00000000..75b68ce8 --- /dev/null +++ b/Dockerfile-admin @@ -0,0 +1,34 @@ +FROM golang:alpine as gobuild + +RUN apk add --no-cache git + +WORKDIR /go/src/srs.epita.fr/fic-server/admin + +ADD settings ../settings/ +ADD frontend/time ../frontend/time/ +ADD libfic ../libfic/ +ADD admin/api ./api/ +ADD admin/pki ./pki/ +ADD admin/sync ./sync/ +ADD admin/*.go ./ + +RUN go get -d -v +RUN go build -v + + +FROM alpine + +RUN apk add --no-cache openssl + +EXPOSE 8081 + +WORKDIR /srv + +ENTRYPOINT ["/srv/admin", "-bind=:8081", "-baseurl=/admin/"] + +COPY --from=gobuild /go/src/srs.epita.fr/fic-server/admin/admin /srv/admin +COPY admin/static/css/bootstrap.min.css frontend/static/css/glyphicon.css /srv/htdocs-admin/css/ +COPY frontend/static/fonts /srv/htdocs-admin/fonts +COPY admin/static/img /srv/htdocs-admin/img +COPY admin/static/views /srv/htdocs-admin/views +COPY admin/static/js/app.js frontend/static/js/angular.min.js admin/static/js/angular-resource.min.js frontend/static/js/angular-route.min.js frontend/static/js/angular-sanitize.min.js frontend/static/js/bootstrap.min.js frontend/static/js/d3.v3.min.js frontend/static/js/i18n frontend/static/js/jquery.min.js frontend/static/js/popper.min.js /srv/htdocs-admin/js/ diff --git a/Dockerfile-backend b/Dockerfile-backend new file mode 100644 index 00000000..f8727a2e --- /dev/null +++ b/Dockerfile-backend @@ -0,0 +1,21 @@ +FROM golang:alpine as gobuild + +RUN apk add --no-cache git + +WORKDIR /go/src/srs.epita.fr/fic-server/backend + +ADD backend/*.go ./ +ADD libfic ../libfic/ +ADD settings ../settings/ + +RUN go get -d -v +RUN go build -v + + +FROM alpine + +WORKDIR /srv + +ENTRYPOINT ["/srv/backend"] + +COPY --from=gobuild /go/src/srs.epita.fr/fic-server/backend/backend /srv/backend diff --git a/Dockerfile-frontend b/Dockerfile-frontend new file mode 100644 index 00000000..7bb1ff6f --- /dev/null +++ b/Dockerfile-frontend @@ -0,0 +1,27 @@ +FROM golang:alpine as gobuild + +RUN apk add --no-cache git + +WORKDIR /go/src/srs.epita.fr/fic-server/frontend + +ADD frontend/*.go ./ +ADD frontend/time ./time/ +ADD libfic ../libfic/ +ADD settings ../settings/ + +RUN go get -d -v +RUN go build -v + + +FROM alpine + +EXPOSE 8080 + +WORKDIR /srv + +ENTRYPOINT ["/srv/frontend", "--bind=:8080"] + +VOLUME /srv/htdocs-frontend/ + +COPY --from=gobuild /go/src/srs.epita.fr/fic-server/frontend/frontend /srv/frontend +COPY frontend/static /srv/htdocs-frontend diff --git a/configs/nginx-fic.conf b/configs/nginx-fic.conf new file mode 100644 index 00000000..a8900e81 --- /dev/null +++ b/configs/nginx-fic.conf @@ -0,0 +1 @@ +set $team 1; \ No newline at end of file diff --git a/configs/nginx-frontend-htpasswd.conf b/configs/nginx-frontend-htpasswd.conf new file mode 100644 index 00000000..62cc4e24 --- /dev/null +++ b/configs/nginx-frontend-htpasswd.conf @@ -0,0 +1,186 @@ +server_tokens off; +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; +proxy_connect_timeout 1s; + +server { + listen 80 default; + listen [::]:80 default; + + root /srv/htdocs-frontend/; + + error_page 401 /welcome.html; + error_page 403 404 /e404.html; + error_page 413 404 /e413.html; + error_page 500 502 504 /e500.html; + + location = / { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + } + location = /index.html { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + } + + location /edit { + rewrite ^/.*$ /index.html; + } + location /rank { + rewrite ^/.*$ /index.html; + } + location /register { + rewrite ^/.*$ /index.html; + } + location ~ ^/[A-Z] { + rewrite ^/.*$ /index.html; + } + + location /files/ { + alias /srv/FILES/; + tcp_nodelay on; + } + + location /wait.json { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + include /etc/nginx/auth.conf; + + root /srv/TEAMS/$team/; + expires epoch; + add_header Cache-Control no-cache; + } + location /public.json { + root /srv/TEAMS/_public/; + expires epoch; + add_header Cache-Control no-cache; + } + location /stats.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location /my.json { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + include /etc/nginx/auth.conf; + + root /srv/TEAMS/$team/; + expires epoch; + add_header Cache-Control no-cache; + + #if (!-f $document_root/../started) { + # rewrite ^/ /wait.json; + #} + } + location /settings.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location /teams.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location /themes.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + + location /api/ { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + if ($remote_user !~ "^nemunaire|bombal_s$") { + return 403; + } + + proxy_pass http://localhost:8081/admin/api/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + } + + location /admin/ { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + if ($remote_user !~ "^nemunaire|bombal_s$") { + return 403; + } + + proxy_pass http://localhost:8081; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + } + + location /submit/ { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + include /etc/nginx/auth.conf; + + rewrite ^/submit/(.*)$ /submission/$team/$1 break; + + proxy_pass http://localhost:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + } + + location /submit/name { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + include /etc/nginx/auth.conf; + + rewrite ^/submit/.*$ /chname/$team break; + + proxy_pass http://localhost:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + } + + location /openhint/ { + #auth_basic "Secure Zone"; + #auth_basic_user_file ficpasswd; + + include /etc/nginx/auth.conf; + + rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; + + proxy_pass http://localhost:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + } + + location = /time.json { + proxy_pass http://localhost:8080/time.json; + proxy_method GET; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + proxy_cache STATIC; + proxy_cache_valid 1s; + } + + location = /events.json { + proxy_pass http://localhost:8081/api/events/; + proxy_method GET; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host localhost; + proxy_redirect off; + proxy_cache STATIC; + proxy_cache_valid 3s; + } +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..d9e60d82 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,89 @@ +version: '3' + +services: + mysql: + image: mariadb + volumes: + - mysql-data:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=toto + - MYSQL_DATABASE=fic + - MYSQL_USER=fic + - MYSQL_PASSWORD=fic + + fic-admin: + build: + context: . + dockerfile: Dockerfile-admin + image: nemunaire/fic-admin:latest + ports: + - "8081:8081" + links: + - mysql + volumes: + - /mnt/fic:/mnt/fic:ro + - files:/srv/FILES + - pki:/srv/PKI + - settings:/srv/SETTINGS + - teams:/srv/TEAMS + command: --baseurl /admin/ -localimport /mnt/fic -localimportsymlink + depends_on: + - mysql + environment: + - MYSQL_HOST=tcp(mysql:3306) + + fic-backend: + build: + context: . + dockerfile: Dockerfile-backend + image: nemunaire/fic-backend:latest + links: + - mysql + volumes: + - files:/srv/FILES + - teams:/srv/TEAMS + - settings:/srv/SETTINGS + - submissions:/srv/submissions + depends_on: + - mysql + environment: + - MYSQL_HOST=tcp(mysql:3306) + + fic-frontend: + build: + context: . + dockerfile: Dockerfile-frontend + image: nemunaire/fic-frontend:latest + ports: + - "8080:8080" + volumes: + - htdocs:/srv/htdocs-frontend + - files:/srv/FILES:ro + - teams:/srv/TEAMS:ro + - settings:/srv/SETTINGS + - submissions:/srv/submissions + depends_on: + - fic-backend + + front: + image: nginx:latest + ports: + - "8042:80" + volumes: + - ./configs/nginx-frontend-htpasswd.conf:/etc/nginx/conf.d/default.conf:ro + - ./configs/nginx-fic.conf:/etc/nginx/auth.conf:ro + - htdocs:/srv/htdocs-frontend:ro + - files:/srv/FILES:ro + - teams:/srv/TEAMS:ro + depends_on: + - fic-frontend + - fic-admin + +volumes: + mysql-data: + files: + htdocs: + pki: + settings: + submissions: + teams: