Skip to content
This repository was archived by the owner on Nov 22, 2024. It is now read-only.

Use unprivileged nginx base image #2

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
/node_modules
/.git
/.github
/.idea
/.vscode
/docker/postgresql
52 changes: 52 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Build the source
FROM node:12 as builder

WORKDIR /code

# First install dependencies. This part will be cached as long as
# the package(-lock).json files remain identical.
COPY package*.json /code/
RUN npm install

# Load code to be built
COPY ./build /code/build
COPY ./js /code/js

RUN npm run build:docker

# Production Nginx image
FROM nginxinc/nginx-unprivileged:1.17-alpine
USER root

# Directory where atlas files will be stored
ENV ATLAS_HOME=/usr/share/nginx/html/atlas
# URL where WebAPI can be queried by the client
ENV WEBAPI_URL=http://localhost:8080/WebAPI/
# Hostname for nginx configuration
ENV ATLAS_HOSTNAME=localhost

# Configure webserver
COPY ./docker/nginx.conf /etc/nginx/nginx.conf
# this is required so the sed command run by the enginx user in entrypoint.sh
# has permission to create a temp file in the /etc/nginx dir.
RUN chown -R nginx:nginx /etc/nginx

COPY ./docker/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Load code
WORKDIR $ATLAS_HOME
RUN chown nginx:nginx ${ATLAS_HOME}
COPY ./images ./images
COPY ./index.html ./README.md ./LICENSE ./
COPY --from=builder /code/node_modules ./node_modules
COPY --from=builder --chown=nginx:nginx /code/js ./js

# Load Atlas configuration
COPY --chown=nginx:nginx ./docker/config-local.js ./js/config-local.js

USER nginx

ENTRYPOINT ["/entrypoint.sh"]

CMD ["nginx", "-g", "daemon off;"]
14 changes: 14 additions & 0 deletions docker/.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Set datasource variables
DATASOURCE_HOST=postgresql:5432
DATASOURCE_DB=ohdsi
DATASOURCE_USERNAME=ohdsi
DATASOURCE_PASSWORD=secret

# Configure how this server will be reached from a user's perspective
HOSTNAME=localhost
BASE_URL=http://localhost:8080
# For local development, set the above variables to localhost and https://localhost:8080 respectively.

# Set the paths to the Atlas and WebAPI source directories
ATLAS_PATH=..
WEBAPI_PATH=../../WebAPI
2 changes: 2 additions & 0 deletions docker/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
drivers/
postgresql/
15 changes: 15 additions & 0 deletions docker/config-local.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
define([], function () {
var configLocal = {};

// WebAPI
configLocal.api = {
name: 'OHDSI',
url: 'http://localhost:8080/WebAPI/'
};

configLocal.cohortComparisonResultsEnabled = false;
configLocal.userAuthenticationEnabled = false;
configLocal.plpResultsEnabled = false;

return configLocal;
});
66 changes: 66 additions & 0 deletions docker/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
version: '3'

services:
# Atlas service, running Nginx to serve the Javascript files.
atlas:
build: ${ATLAS_PATH}
image: ohdsi/atlas
environment:
WEBAPI_URL: ${BASE_URL}/WebAPI/
ATLAS_HOSTNAME: ${HOSTNAME}
labels:
- "traefik.http.routers.atlas.rule=PathPrefix(`/atlas`)"
- "traefik.http.services.atlas.loadbalancer.server.port=8080"

# WebAPI service, running Nginx to serve the Javascript files.
webapi:
build: ${WEBAPI_PATH}
image: ohdsi/webapi
labels:
- "traefik.http.routers.webapi.rule=PathPrefix(`/WebAPI`)"
- "traefik.http.services.webapi.loadbalancer.server.port=8080"
environment:
- JAVA_OPTS=-Xmx4g
- CLASSPATH=":/var/lib/ohdsi/webapi/drivers/*"
- WEBAPI_URL=${BASE_URL}
# Specify Spring settings. Any Spring setting that is set in `pom.xml` or your own
# settings.xml can be replaced with a variable in this list. Replace the periods (.)
# in the variable name with underscores (_)
- env=webapi-postgresql
- datasource_driverClassName=org.postgresql.Driver
- datasource_url=jdbc:postgresql://${DATASOURCE_HOST}/${DATASOURCE_DB}
- datasource_ohdsi_schema=ohdsi
- datasource_username=${DATASOURCE_USERNAME}
- datasource_password=${DATASOURCE_PASSWORD}
- spring_jpa_properties_hibernate_default__schema=ohdsi
- spring_jpa_properties_hibernate_dialect=org.hibernate.dialect.PostgreSQLDialect
- spring_batch_repository_tableprefix=ohdsi.BATCH_
- flyway_datasource_driverClassName=org.postgresql.Driver
- flyway_datasource_url=jdbc:postgresql://${DATASOURCE_HOST}/${DATASOURCE_DB}
- flyway_schemas=ohdsi
- flyway_placeholders_ohdsiSchema=ohdsi
- flyway_datasource_username=${DATASOURCE_USERNAME}
- flyway_datasource_password=${DATASOURCE_PASSWORD}
- flyway_locations=classpath:db/migration/postgresql

postgresql:
image: bitnami/postgresql:12.1.0
volumes:
- ./postgresql/data:/bitnami/postgresql
ports:
- "5432:5432"
environment:
- POSTGRESQL_USERNAME=${DATASOURCE_USERNAME}
- POSTGRESQL_PASSWORD=${DATASOURCE_PASSWORD}
- PGPASSWORD=${DATASOURCE_PASSWORD}
- POSTGRESQL_DATABASE=${DATASOURCE_DB}

# Host both Atlas and WebAPI from the same port: <hostname>:8080
traefik:
image: traefik:2.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --api.insecure=true --providers.docker
ports:
- "8080:80"

17 changes: 17 additions & 0 deletions docker/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/bin/sh

set -e

if [ -n "${WEBAPI_URL}" ]; then
if [ "${WEBAPI_URL: -1}" != "/" ]; then
WEBAPI_URL="$WEBAPI_URL/"
fi

sed -i "s|http://localhost:8080/WebAPI/|$WEBAPI_URL|g" "$ATLAS_HOME/js/config-local.js"
fi

if [ -n "${ATLAS_HOSTNAME}" ]; then
sed -i "s/server_name \$hostname;/server_name $ATLAS_HOSTNAME;/" /etc/nginx/nginx.conf
fi

exec "$@"
28 changes: 28 additions & 0 deletions docker/nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /tmp/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;

keepalive_timeout 65;

gzip on;

include /etc/nginx/conf.d/*.conf;
}
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"clean": "rimraf ./js/assets/bundle && rimraf ./js/assets/fonts && rimraf ./js/assets/images",
"build": "npm run prep && npm run build:dev",
"build:dev": "node build/optimize.js && npm run compress",
"build:docker": "npm run clean && npm run build:dev && npm prune --production",
"compress": "terser ./js/assets/bundle/bundle.js -o ./js/assets/bundle/bundle.js -c --source-map"
},
"repository": {
Expand Down