Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
G
gracedb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
99
Issues
99
List
Boards
Labels
Service Desk
Milestones
Iterations
Merge Requests
1
Merge Requests
1
Requirements
Requirements
List
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Test Cases
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issue
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lscsoft
gracedb
Commits
dc9c6e70
Commit
dc9c6e70
authored
Dec 07, 2018
by
Thomas Downes
Committed by
GraceDB
Jan 09, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Initial commit of supervisord+apache approach for gracedb
parent
01d37e1c
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
126 additions
and
11 deletions
+126
-11
Dockerfile
Dockerfile
+6
-11
docker/apache-config
docker/apache-config
+81
-0
docker/supervisord-apache2.conf
docker/supervisord-apache2.conf
+5
-0
docker/supervisord.conf
docker/supervisord.conf
+34
-0
No files found.
Dockerfile
View file @
dc9c6e70
...
...
@@ -4,12 +4,9 @@ LABEL name="LIGO GraceDB Django application" \
date="20181206"
ARG
SETTINGS_MODULE="config.settings.container.dev"
COPY
docker/SWITCHaai-swdistrib.gpg /etc/apt/trusted.gpg.d
RUN
echo
'deb http://pkg.switch.ch/switchaai/debian stretch main'
>
/etc/apt/sources.list.d/shibboleth.list
RUN
curl
-sL
https://deb.nodesource.com/setup_8.x | bash -
# the previous command executes apt-get update; if it is removed
# one must add RUN apt-get update
RUN
apt-get
install
--install-recommends
--assume-yes
\
RUN
apt-get update
RUN
apt-get
install
--no-install-recommends
--assume-yes
\
apache2
\
gcc
\
git
\
...
...
@@ -36,11 +33,7 @@ RUN apt-get install --install-recommends --assume-yes \
COPY
docker/supervisord.conf /etc/supervisor/supervisord.conf
COPY
docker/supervisord-apache2.conf /etc/supervisor/conf.d/apache2.conf
COPY
docker/shibboleth-ds /etc/shibboleth-ds
COPY
docker/apache-config /etc/apache2/sites-available/gracedb.conf
COPY
docker/login.ligo.org.cert.LIGOCA.pem /etc/shibboleth/login.ligo.org.cert.LIGOCA.pem
COPY
docker/inc-md-cert.pem /etc/shibboleth/inc-md-cert.pem
RUN
a2dissite 000-default.conf
&&
\
a2ensite gracedb.conf
&&
\
a2enmod headers proxy proxy_http rewrite xsendfile
...
...
@@ -48,10 +41,12 @@ RUN a2dissite 000-default.conf && \
# this line is unfortunate because "." updates for nearly any change to the
# repository and therefore docker build rarely caches the steps below
ADD
. /app/gracedb_project
# install gracedb application itself
WORKDIR
/app/gracedb_project
# Set up bower components
RUN
bower
install
--allow-root
# Install Python packages
RUN
pip
install
--upgrade
setuptools wheel
&&
\
pip
install
-r
requirements.txt
...
...
docker/apache-config
0 → 100644
View file @
dc9c6e70
ServerName ${DJANGO_PRIMARY_FQDN}
<VirtualHost *:80>
ServerName ${DJANGO_PRIMARY_FQDN}
ServerSignature On
ErrorLog /dev/stderr
Transferlog /dev/stdout
ServerAdmin cgca-admins@uwm.edu
## Vhost docroot
DocumentRoot "/var/www/html"
## Directories, there should at least be a declaration for /var/www/html
<Directory "/var/www/html">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
## Custom fragment
# gUnicorn edits
Alias /shibboleth-ds/idpselect_config.js /etc/shibboleth-ds/idpselect_config.js
Alias /shibboleth-ds/idpselect.js /etc/shibboleth-ds/idpselect.js
Alias /shibboleth-ds/idpselect.css /etc/shibboleth-ds/idpselect.css
Alias /static/ "/home/gracedb/gracedb_project/static_root/"
# Aliases for docs and admin_docs
Alias /documentation/ "/home/gracedb/gracedb_project/docs/user_docs/build/"
Alias /admin_docs/ "/home/gracedb/gracedb_project/docs/admin_docs/build/"
ProxyPass "/robots.txt" "!"
ProxyPass "/shibboleth-ds" "!"
ProxyPass "/Shibboleth.sso" "!"
ProxyPass "/static" "!"
ProxyPass "/documentation" "!"
ProxyPass "/admin_docs" "!"
ProxyPass "/" "http://localhost:8080/"
# Unset certain headers to help prevent spoofing
RequestHeader unset REMOTE_USER
RequestHeader unset ISMEMBEROF
RequestHeader unset X_FORWARDED_FOR
RequestHeader unset REMOTE_ADDR
RequestHeader unset SSL_CLIENT_S_DN
RequestHeader unset SSL_CLIENT_I_DN
RequestHeader unset X_FORWARDED_PROTO
# Get a few of them from the environment
RequestHeader set X_FORWARDED_FOR "%{X_FORWARDED_FOR}e" env=X_FORWARDED_FOR
RequestHeader set REMOTE_ADDR "%{REMOTE_ADDR}e" env=REMOTE_ADDR
# Set X_FORWARDED_PROTO to https
RequestHeader set X_FORWARDED_PROTO "https"
# Set up mod_xsendfile for serving static event files as directed by Django
XSendFile On
XSendFilePath /opt/gracedb/data
Alias /shibboleth-ds/idpselect_config.js /etc/shibboleth-ds/idpselect_config.js
Alias /shibboleth-ds/idpselect.js /etc/shibboleth-ds/idpselect.js
Alias /shibboleth-ds/idpselect.css /etc/shibboleth-ds/idpselect.css
<Directory /etc/shibboleth-ds>
Require all granted
</Directory>
# Deny access to the DocumentRoot. This makes it possible to upload
# large files. See notes.
<Directory "/var/www/">
Require all denied
</Directory>
<Directory "/home/gracedb/gracedb_project/static_root/">
AllowOverride None
Options None
Require all granted
</Directory>
Alias /robots.txt /home/gracedb/gracedb_project/static_root/robots.txt
</VirtualHost>
docker/supervisord-apache2.conf
0 → 100644
View file @
dc9c6e70
[
program
:
apache2
]
command
=/
usr
/
sbin
/
apache2ctl
-
DFOREGROUND
stdout_logfile
=/
dev
/
fd
/
1
stdout_logfile_maxbytes
=
0
redirect_stderr
=
true
docker/supervisord.conf
0 → 100644
View file @
dc9c6e70
;
supervisor
config
file
[
unix_http_server
]
file
=/
var
/
run
/
supervisor
.
sock
; (
the
path
to
the
socket
file
)
chmod
=
0700
;
sockef
file
mode
(
default
0700
)
username
=
k7zsaqyt9vQZByiAXTpG4iyKUIKQxDQh
password
=
k7zsaqyt9vQZByiAXTpG4iyKUIKQxDQh
[
supervisord
]
nodaemon
=
true
user
=
root
pidfile
=/
var
/
run
/
supervisord
.
pid
; (
supervisord
pidfile
;
default
supervisord
.
pid
)
logfile
=/
dev
/
null
logfile_maxbytes
=
0
;
the
below
section
must
remain
in
the
config
file
for
RPC
; (
supervisorctl
/
web
interface
)
to
work
,
additional
interfaces
may
be
;
added
by
defining
them
in
separate
rpcinterface
:
sections
[
rpcinterface
:
supervisor
]
supervisor
.
rpcinterface_factory
=
supervisor
.
rpcinterface
:
make_main_rpcinterface
[
supervisorctl
]
serverurl
=
unix
:///
var
/
run
/
supervisor
.
sock
;
use
a
unix
://
URL
for
a
unix
socket
username
=
k7zsaqyt9vQZByiAXTpG4iyKUIKQxDQh
password
=
k7zsaqyt9vQZByiAXTpG4iyKUIKQxDQh
;
The
[
include
]
section
can
just
contain
the
"files"
setting
.
This
;
setting
can
list
multiple
files
(
separated
by
whitespace
or
;
newlines
).
It
can
also
contain
wildcards
.
The
filenames
are
;
interpreted
as
relative
to
this
file
.
Included
files
*
cannot
*
;
include
files
themselves
.
[
include
]
files
= /
etc
/
supervisor
/
conf
.
d
/*.
conf
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment