diff options
| -rw-r--r-- | .dockerignore | 1 | ||||
| -rw-r--r-- | Dockerfile | 29 | ||||
| -rw-r--r-- | bin/docker.preinit | 42 | ||||
| -rw-r--r-- | conf/general.yml-docker | 233 | ||||
| -rw-r--r-- | conf/nginx.conf-docker | 56 | ||||
| -rw-r--r-- | docker-compose.yml | 58 |
6 files changed, 419 insertions, 0 deletions
diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000..1d085cacc --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +** diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..1bf885238 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM jgoerzen/debian-base-standard:stretch +MAINTAINER sysadmin@mysociety.org + +ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get -qq update \ + && apt-get -qq -y install ca-certificates \ + && wget -O install-site.sh --no-verbose https://raw.githubusercontent.com/mysociety/commonlib/master/bin/install-site.sh \ + && chmod +x /install-site.sh + +RUN /install-site.sh --docker fixmystreet fms 127.0.0.1.xip.io \ + && apt-get purge -y --auto-remove \ + make \ + g++ \ + libexpat1-dev \ + libssl-dev \ + zlib1g-dev \ + postgresql-server-dev-all \ + exim4-daemon-light \ + && apt-get -y clean \ + && rm -fr /var/lib/apt/lists/* \ + && rm -fr /home/fms/.cpanm/* + +RUN cd /var/www/fixmystreet/fixmystreet \ + && git show master:bin/docker.preinit > /usr/local/preinit/99-fixmystreet \ + && chmod +x /usr/local/preinit/99-fixmystreet + +EXPOSE 9000 +CMD ["/usr/local/bin/boot-debian-base"] diff --git a/bin/docker.preinit b/bin/docker.preinit new file mode 100644 index 000000000..12881ef0b --- /dev/null +++ b/bin/docker.preinit @@ -0,0 +1,42 @@ +#!/bin/sh + +# Things to do before starting FixMyStreet in Docker + +# Make sure that the Postgres environment is up and running. +echo "Testing connection to ${FMS_DB_HOST}." +while ! pg_isready -h $FMS_DB_HOST >/dev/null 2>&1 ; do + echo "Still waiting for ${FMS_DB_HOST}..." + sleep 1 +done +echo "Done." + +# If there's a password for the postgres user, set it up for root and see if we need +# to create an FMS user. This is intended for use when using a dedicated local postgres +# container. If this variable doesn't exist, we're going to assume that the FMS user +# has been created already so the stuff below will work. +if [ -n "$POSTGRES_PASSWORD" ]; then + echo "${FMS_DB_HOST}:*:*:postgres:${POSTGRES_PASSWORD}" > /root/.pgpass + chmod 0600 /root/.pgpass + psql -h $FMS_DB_HOST -U postgres postgres -c "create user \"${FMS_DB_USER}\" with CREATEDB password '${FMS_DB_PASS}'" || true +fi + +# Set up a .pgpass for the FMS user. Note that we're assuming the same name for +# both the local shell account and the DB user. +su ${FMS_DB_USER} -c "echo \"${FMS_DB_HOST}:*:*:${FMS_DB_USER}:${FMS_DB_PASS}\" > /home/${FMS_DB_USER}/.pgpass" +chmod 0600 /home/${FMS_DB_USER}/.pgpass + +# If the FMS database doesn't exist, try to create it. +if ! su $FMS_DB_USER -c "psql -h $FMS_DB_HOST -U $FMS_DB_USER -l | egrep \"^ *${FMS_DB_NAME} *\|\" > /dev/null" ; then + su $FMS_DB_USER -c "createdb -h $FMS_DB_HOST -U $FMS_DB_USER --owner \"$FMS_DB_USER\" \"$FMS_DB_NAME\"" +fi + +# Ensure the schema is up-to-date. +su $FMS_DB_USER -c "${FMS_ROOT}/bin/update-schema --commit" + +# Update reports +su $FMS_DB_USER -c "${FMS_ROOT}/bin/update-all-reports" + +# If the right environment variables are present, set up a FMS superuser account. +if [ -n "$SUPERUSER_PASSWORD" ] && [ -n "$SUPERUSER_EMAIL" ]; then + su $FMS_DB_USER -c "${FMS_ROOT}/bin/createsuperuser $SUPERUSER_EMAIL $SUPERUSER_PASSWORD" +fi diff --git a/conf/general.yml-docker b/conf/general.yml-docker new file mode 100644 index 000000000..1e5cf0e4c --- /dev/null +++ b/conf/general.yml-docker @@ -0,0 +1,233 @@ +# general.yml-example: +# This file contains example values for the "general.yml" config file. It +# contains various configuration parameters, in YAML syntax. +# +# For more information about this file, and general documentation on setting up +# the FixMyStreet platform, please see https://fixmystreet.org/ +# +# Specific details about this file can be found at +# https://fixmystreet.org/customising/config/ +# +# To start, you can copy this file to one called "general.yml" in the same +# directory. Or have multiple config files and use a symlink to change between +# them. Using the install script or AMI will have created a general.yml file +# for you. + +# PostgreSQL database details for FixMyStreet +FMS_DB_HOST: 'postgres.svc' +FMS_DB_PORT: '5432' +FMS_DB_NAME: 'fixmystreet' +FMS_DB_USER: 'fms' +FMS_DB_PASS: 'fms' + +# The base URL of the install. +BASE_URL: 'http://localhost:8000' +# Use the below if you're using the Catalyst development server +# BASE_URL: 'http://localhost:3000' +SECURE_PROXY_SSL_HEADER: '' +# If you're behind a proxy, set this to a two-element list containing the +# trusted HTTP header and the required value. For example: +# SECURE_PROXY_SSL_HEADER: [ 'X-Forwarded-Proto', 'https' ] + +# This is so the fixmystreet container knows it is running +# behind an nginx container (not on the same host) +using_frontend_proxy: 1 + +# Email domain used for emails, and contact name/email for admin use. +EMAIL_DOMAIN: '127.0.0.1.xip.io' +CONTACT_EMAIL: 'help@127.0.0.1.xip.io' +CONTACT_NAME: 'FixMyStreet' +# Address used for emails you don't expect a reply to (e.g. confirmation +# emails); can be same as CONTACT_EMAIL above, of course, if you don't have a +# special address. +DO_NOT_REPLY_EMAIL: 'help@127.0.0.1.xip.io' + +# Whether this is a development site or not. It will mean e.g. templates/ +# CSS modified times aren't cached +STAGING_SITE: 1 +# Developers may want a staging site to act differently from a live site. +# Possible flags include: +# - send_reports: Normally, a staging site will route all reports to the +# reporter, to guard against sending fake reports to live places. Set +# this to 1 if you want a staging site to route reports as normal. +# - skip_checks: Manual testing of multiple cobrands can be made easier by +# skipping some checks they have in them, if this variable is set. +# - enable_appcache: Whether the appcache should be active. NB: Only affects +# superuser sessions. +STAGING_FLAGS: + send_reports: 0 + skip_checks: 0 + enable_appcache: 0 + +# What to use as front page/alert example places placeholder +# Defaults to High Street, Main Street +EXAMPLE_PLACES: [ 'High Street', 'Main Street' ] + +# An array of languages for the site, in the following format: +# <language code>,<pretty name>,<locale> +LANGUAGES: + - 'en-gb,English,en_GB' + +# If you're running an installation that is being used in a different time zone +# from the server, you can set the time zone here (standard time zone string) +TIME_ZONE: "" + +# File locations for uploaded photos and cached geocoding results. +# Absolute paths, or relative to the project's root directory +UPLOAD_DIR: '../upload/' +GEO_CACHE: '../cache/' + +# Location of MapIt, to map points to administrative areas, and what types of +# area from it you want to use. If left blank, a default area will be used +# everywhere (a URL needs to be given for non-web things, like sending of +# reports, to function). +# If using the Catalyst development server, set to +# MAPIT_URL: 'http://localhost:3000/fakemapit/' +# MAPIT_TYPES: [ 'ZZZ' ] +# In the UK, you probably want, to cover all councils: +# MAPIT_URL: 'http://mapit.mysociety.org/' +# MAPIT_TYPES: [ 'DIS', 'LBO', 'MTD', 'UTA', 'CTY', 'COI', 'LGD' ] +# But perhaps MAPIT_TYPES: [ 'WMC' ] if you want to report on a per-constituency basis? +# If our global MapIt (using OpenStreetMap data) contains boundaries you can use: +# MAPIT_URL: 'http://global.mapit.mysociety.org/' +# And then specify whichever type code have the boundaries you want: +# MAPIT_TYPES: [ 'O06' ] +MAPIT_URL: '' +MAPIT_TYPES: [ 'ZZZ' ] + +# If the MapIt you're using in MAPIT_URL requires an API key +# (as https://mapit.mysociety.org/ does, for example), specify it here. +# MAPIT_API_KEY: '' + +# If you are using global MapIt, you might want to restrict FixMyStreet usage +# to only one or more areas, rather than all O04, for example. Provide MapIt +# IDs here in a list that FixMyStreet should recognise, along with the MapIt +# generation those IDs are in. +# MAPIT_ID_WHITELIST: [ 240838, 246176, 246733 ] +# MAPIT_GENERATION: 2 +MAPIT_ID_WHITELIST: [] +MAPIT_GENERATION: 0 + +# If your MapIt has the concept of council wards (subareas of councils, where +# people can sign up for alerts, but not report things), then you can give the +# MapIt type codes for them here. +# You can probably leave this blank, but in the UK we use something like: +# MAPIT_TYPES_CHILDREN: [ 'DIW', 'LBW', 'MTW', 'UTE', 'UTW', 'CED', 'COP', 'LGW' ] +MAPIT_TYPES_CHILDREN: '' + +# Which service to use to look up results from e.g. front page searches. +# Possible choices are Google, Bing, or OSM (blank will use OSM by default). +GEOCODER: '' + +# If you wish to use Google Maps or Bing Maps Geocoding, get and put the +# relevant key here. +GOOGLE_MAPS_API_KEY: '' +BING_MAPS_API_KEY: '' + +# This provdes parameters that are included in geocoding requests, to hopefully +# return more useful results. The options vary depending which geocoder you use, +# or you can specify all for if you change geocoder. For the default OSM, you can use: +# GEOCODING_DISAMBIGUATION: +# bounds: [ <min lat>, <min lon>, <max lat>, <max lon> ] +# country: <country code to restrict results to> +# town: <string added to geocoding requests if not already there> +# +# If using Bing, you can use town and bounds, plus any of: +# centre: "<lat>,<lon>" +# bing_culture: <culture code, see http://msdn.microsoft.com/en-us/library/hh441729.aspx> +# bing_country: <country name, only accept results that match this> +# +# If using Google, you can use bounds, plus: +# google_country: <.ccTLD to restrict results to> +# lang: <language for results> +# +GEOCODING_DISAMBIGUATION: '' + +# The type of map you want to use. If left blank, the default is OpenStreetMap. +# Other options are currently pretty UK specific, including "FMS" for UK +# FixMyStreet. +MAP_TYPE: 'OSM' + +# FixMyStreet uses a templating cobrand system to provide different looks for +# different installations. In the common case, if your templates are in the +# templates/web/moon directory and CSS in web/cobrands/moon, you just specify: +# ALLOWED_COBRANDS: +# - moon +# If you wish to use multiple cobrands, specify them in a list, optionally with +# hostname-matching regular expressions if the name of the cobrand is not +# enough. For example: +# ALLOWED_COBRANDS: +# - moon +# - venus +# Any hostname with 'moon' in it will use the moon cobrand, any with 'venus' +# the venus cobrand (any other the Default cobrand). Whereas: +# ALLOWED_COBRANDS: +# - moon: 'orbital' +# - venus +# Any hostname with 'orbital' in it will use the moon cobrand. +# This also allows development servers to map to different cobrands if needed, +# using DNS subdomains for example. +ALLOWED_COBRANDS: + - cobrand1 + - cobrand2: 'hostname_substring2' + - cobrand3 + +# This is used in e.g. "offensive report" emails to provide a link directly to +# the admin interface. Defaults to BASE_URL with "/admin" on the end. +ADMIN_BASE_URL: '' + +# How many items are returned in the GeoRSS and Open311 feeds by default +RSS_LIMIT: '20' +OPEN311_LIMIT: 1000 +# How many reports to show per page on the All Reports pages +ALL_REPORTS_PER_PAGE: 100 + +# Social networking +FACEBOOK_APP_ID: '' +FACEBOOK_APP_SECRET: '' +TWITTER_KEY: '' +TWITTER_SECRET: '' + +# If you wish to send email through a SMTP server elsewhere, change these +# variables. SMTP_TYPE should be one of '', 'ssl' or 'tls'. SMTP_PORT will +# default to 587 (tls), 465 (ssl), or 25. +SMTP_SMARTHOST: 'localhost' +SMTP_TYPE: '' +SMTP_PORT: '' +SMTP_USERNAME: '' +SMTP_PASSWORD: '' + +# Gaze is a world-wide service for population density lookups. You can leave +# this as is. +GAZE_URL: 'https://gaze.mysociety.org/gaze' + +# Memcached host +# This can be safely left out and will default to '127.0.0.1' even if not present. +MEMCACHED_HOST: 'memcached.svc' + +# Should problem reports link to the council summary pages? +AREA_LINKS_FROM_PROBLEMS: '0' + +# used to override the STAGING SERVER safety mechanism in send-reports +TESTING_COUNCILS: '' + +# if you're using Message Manager, include the URL here (see https://github.com/mysociety/message-manager/) +MESSAGE_MANAGER_URL: '' + +# If you want to use SMS login or 'report as' with just a phone number, you'll +# need to set the site's two-digit ISO 3166 country code (e.g. GB) here. +PHONE_COUNTRY: '' + +# If you enable login via SMS authentication, you'll need a twilio account +SMS_AUTHENTICATION: 0 +TWILIO_ACCOUNT_SID: '' +TWILIO_AUTH_TOKEN: '' +TWILIO_FROM_PARAMETER: '' +TWILIO_MESSAGING_SERVICE_SID: '' + +# If you want to hide all pages from non-logged-in users, set this to 1. +LOGIN_REQUIRED: 0 + +# If you want to stop new users from registering, set this to 1. +# NB: This also disables all Facebook/Twitter logins. +SIGNUPS_DISABLED: 0 diff --git a/conf/nginx.conf-docker b/conf/nginx.conf-docker new file mode 100644 index 000000000..e50ce82d2 --- /dev/null +++ b/conf/nginx.conf-docker @@ -0,0 +1,56 @@ +# An example configuration for running FixMyStreet under nginx. You +# will also need to set up the FixMyStreet Catalyst FastCGI backend. +# An example sysvinit script to help with this is shown given in the file +# sysvinit-catalyst-fastcgi.example in this directory. +# +# See our installation help at https://fixmystreet.org/ + +server { + + listen 80 default_server; + root /var/www/fixmystreet/fixmystreet/web; + error_page 503 /down.html; + + # Make sure that Javascript and CSS are compressed. (HTML is + # already compressed under the default configuration of the nginx + # package.) + + gzip on; + gzip_disable "msie6"; + gzip_types application/javascript application/x-javascript text/css; + + client_max_body_size 10m; + + # These rewrite rules are ported from the Apache configuration in + # conf/httpd.conf + + rewrite ^/rss/council/([0-9]+)$ /rss/reports/$1 permanent; + rewrite ^/report$ /reports permanent; + rewrite '^/{/rss/(.*)}$' /rss/$1 permanent; + rewrite '^/reports/{/rss/(.*)}$' /rss/$1 permanent; + rewrite ^/alerts/?$ /alert permanent; + + location /mapit { + proxy_pass https://mapit.mysociety.org/; + proxy_set_header X-Real-IP $remote_addr; + } + + location / { + if (-f $document_root/down.html) { + return 503; + } + try_files $uri @catalyst; + } + + location /down.html { + internal; + } + + location @catalyst { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host:8000; + proxy_redirect off; + proxy_pass http://fixmystreet.svc:9000; + } +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 000000000..80f0b56f1 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,58 @@ +version: '3' + +services: + nginx: + image: nginx:1.15.3 + depends_on: + - fixmystreet + ports: + - "8000:80" + volumes: + - ./conf/nginx.conf-docker:/etc/nginx/conf.d/default.conf + networks: + default: + aliases: + - nginx.svc + fixmystreet: + image: fixmystreet/fixmystreet:stable + tty: true + depends_on: + - postgres + - memcached + volumes: + - ./conf/general.yml-docker:/var/www/fixmystreet/fixmystreet/conf/general.yml + environment: + POSTGRES_PASSWORD: 'password' + FMS_DB_HOST: 'postgres.svc' + FMS_DB_PASS: 'fms' + FMS_DB_NAME: 'fixmystreet' + FMS_DB_USER: 'fms' + FMS_ROOT: '/var/www/fixmystreet/fixmystreet' + SUPERUSER_EMAIL: 'superuser@example.org' + SUPERUSER_PASSWORD: '5up3r53cr3t' + networks: + default: + aliases: + - fixmystreet.svc + postgres: + image: fixmystreet/postgres:9.6-en_GB + restart: always + volumes: + - fixmystreet-pgdata:/var/lib/postgresql/data/pgdata + environment: + POSTGRES_PASSWORD: 'password' + PGDATA: '/var/lib/postgresql/data/pgdata' + networks: + default: + aliases: + - postgres.svc + memcached: + image: memcached:1.5.10 + restart: always + networks: + default: + aliases: + - memcached.svc + +volumes: + fixmystreet-pgdata: |