From 29f6f6e852b55d593aa818121235a5113af9ebfc Mon Sep 17 00:00:00 2001 From: acetousk Date: Wed, 31 Jul 2024 15:42:26 -0600 Subject: [PATCH 1/2] Add acme example with postgres, fix Dockerfile generation, and add lines to .gitignore --- .gitignore | 11 ++ docker/moqui-acme-postgres.yml | 187 +++++++++++++++++++++++++++++++++ docker/simple/Dockerfile | 4 +- 3 files changed, 200 insertions(+), 2 deletions(-) create mode 100644 docker/moqui-acme-postgres.yml diff --git a/.gitignore b/.gitignore index 0df5130c9..c5a7289d2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ + # gradle/build files build .gradle @@ -14,6 +15,16 @@ build /docker/db /docker/elasticsearch/data/nodes /docker/opensearch/data/nodes +/docker/acme.sh +/docker/nginx/conf.d +/docker/nginx/vhost.d +/docker/nginx/html +## Do not want to accidentally commit production certificates https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/ +/docker/certs +!/docker/certs/moqui1.local.* +!/docker/certs/moqui2.local.* +!/docker/certs/moqui.local.* +!/docker/certs/README # IntelliJ IDEA files .idea diff --git a/docker/moqui-acme-postgres.yml b/docker/moqui-acme-postgres.yml new file mode 100644 index 000000000..c63b941db --- /dev/null +++ b/docker/moqui-acme-postgres.yml @@ -0,0 +1,187 @@ +# A Docker Compose application with Moqui, Postgres, OpenSearch, OpenSearch Dashboards, and virtual hosting through +# nginx-proxy supporting multiple moqui instances on different hostnames. + +# Run with something like this for detached mode: +# $ docker compose -f moqui-postgres-compose.yml -p moqui up -d +# Or to copy runtime directories for mounted volumes, set default settings, etc use something like this: +# $ ./compose-run.sh moqui-postgres-compose.yml +# This sets the project/app name to 'moqui' and the network will be 'moqui_default', to be used by external moqui containers + +# Test locally by adding the virtual host to /etc/hosts or with something like: +# $ curl -H "Host: moqui.local" localhost/Login + +# To run an additional instance of moqui run something like this (but with +# many more arguments for volume mapping, db setup, etc): +# $ docker run -e VIRTUAL_HOST=moqui2.local --name moqui2_local --network moqui_default moqui + +# To import data from the docker host using port 5432 mapped for 127.0.0.1 only use something like this: +# $ psql -h 127.0.0.1 -p 5432 -U moqui -W moqui < pg-dump.sql + +version: "2" +services: + nginx-proxy: + # For documentation on SSL and other settings see: + # https://github.com/nginxproxy/nginx-proxy + image: nginxproxy/nginx-proxy + container_name: nginx-proxy + restart: always + ports: + - 80:80 + - 443:443 + labels: + com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - /etc/localtime:/etc/localtime:ro + # note: .crt, .key, and .dhparam.pem files start with the domain name in VIRTUAL_HOST (ie 'acetousk.com.*') or use CERT_NAME env var + - ./certs:/etc/nginx/certs + - ./nginx/conf.d:/etc/nginx/conf.d + - ./nginx/vhost.d:/etc/nginx/vhost.d + - ./nginx/html:/usr/share/nginx/html + environment: + # change this for the default host to use when accessing directly by IP, etc + - DEFAULT_HOST=moqui.local + # use SSL_POLICY to disable TLSv1.0, etc in nginx-proxy + - SSL_POLICY=AWS-TLS-1-1-2017-01 + networks: + - proxy-tier + + acme-companion: + image: nginxproxy/acme-companion + container_name: acme-companion + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /etc/localtime:/etc/localtime:ro + - ./certs:/etc/nginx/certs + - ./nginx/conf.d:/etc/nginx/conf.d + - ./nginx/vhost.d:/etc/nginx/vhost.d + - ./nginx/html:/usr/share/nginx/html + - ./acme.sh:/etc/acme.sh + networks: + - proxy-tier + environment: + # TODO: For production change this to your email + - DEFAULT_EMAIL=mail@yourdomain.tld + # TODO: For production change this to false + - LETSENCRYPT_TEST=true + depends_on: + - nginx-proxy + + moqui-server: + image: moqui + container_name: moqui-server + command: conf=conf/MoquiProductionConf.xml no-run-es + restart: always + links: + - moqui-database + - moqui-search + volumes: + - /etc/localtime:/etc/localtime:ro + - ./runtime/conf:/opt/moqui/runtime/conf + - ./runtime/lib:/opt/moqui/runtime/lib + - ./runtime/classes:/opt/moqui/runtime/classes + - ./runtime/ecomponent:/opt/moqui/runtime/ecomponent + - ./runtime/log:/opt/moqui/runtime/log + - ./runtime/txlog:/opt/moqui/runtime/txlog + - ./runtime/sessions:/opt/moqui/runtime/sessions + # this one isn't needed when not using H2/etc:- ./runtime/db:/opt/moqui/runtime/db + environment: + - "JAVA_TOOL_OPTIONS=-Xms1024m -Xmx1024m" + - instance_purpose=production + - entity_ds_db_conf=postgres + - entity_ds_host=moqui-database + - entity_ds_port=5432 + - entity_ds_database=moqui + - entity_ds_schema=public + - entity_ds_user=moqui + - entity_ds_password='MOQUI_CHANGE_ME!!!' + - entity_ds_crypt_pass='DEFAULT_CHANGE_ME!!!' + # configuration for ElasticFacade.ElasticClient, make sure the old moqui-elasticsearch component is NOT included in the Moqui build + - elasticsearch_url=https://moqui-search:9200 + # prefix for index names, use something distinct and not 'moqui_' or 'mantle_' which match the beginning of OOTB index names + - elasticsearch_index_prefix=default_ + - elasticsearch_user=admin + - elasticsearch_password=admin + # CHANGE ME - note that VIRTUAL_HOST is for nginx-proxy so it picks up this container as one it should reverse proxy + # this can be a comma separate list of hosts like 'example.com,www.example.com' + - VIRTUAL_HOST=moqui.local + - LETSENCRYPT_HOST=moqui.local + # moqui will accept traffic from other hosts but these are the values used for URL writing when specified: + # - webapp_http_host=moqui.local + - webapp_http_port=80 + - webapp_https_port=443 + - webapp_https_enabled=true + # nginx-proxy populates X-Real-IP with remote_addr by default, better option for outer proxy than X-Forwarded-For which defaults to proxy_add_x_forwarded_for + - webapp_client_ip_header=X-Real-IP + - default_locale=en_US + - default_time_zone=US/Pacific + networks: + - proxy-tier + - default + + moqui-database: + image: postgres:14.5 + container_name: moqui-database + restart: always + ports: + # change this as needed to bind to any address or even comment to not expose port outside containers + - 127.0.0.1:5432:5432 + volumes: + - /etc/localtime:/etc/localtime:ro + # edit these as needed to map configuration and data storage + - ./db/postgres/data:/var/lib/postgresql/data + environment: + - POSTGRES_DB=moqui + - POSTGRES_DB_SCHEMA=public + - POSTGRES_USER=moqui + - POSTGRES_PASSWORD='MOQUI_CHANGE_ME!!!' + # PGDATA, POSTGRES_INITDB_ARGS + networks: + default: + + moqui-search: + image: opensearchproject/opensearch:2.4.0 + container_name: moqui-search + restart: always + ports: + # change this as needed to bind to any address or even comment to not expose port outside containers + - 127.0.0.1:9200:9200 + - 127.0.0.1:9300:9300 + volumes: + - /etc/localtime:/etc/localtime:ro + # edit these as needed to map configuration and data storage + - ./opensearch/data/nodes:/usr/share/opensearch/data/nodes + # - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml + # - ./opensearch/logs:/usr/share/opensearch/logs + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - discovery.type=single-node + - network.host=_site_ + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + networks: + proxy-tier: + + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:2.4.0 + container_name: opensearch-dashboards + volumes: + - /etc/localtime:/etc/localtime:ro + links: + - moqui-search + ports: + - 127.0.0.1:5601:5601 + environment: + OPENSEARCH_HOSTS: '["https://moqui-search:9200"]' + networks: + default: + proxy-tier: + +networks: + proxy-tier: diff --git a/docker/simple/Dockerfile b/docker/simple/Dockerfile index 377f29858..54131450a 100644 --- a/docker/simple/Dockerfile +++ b/docker/simple/Dockerfile @@ -22,8 +22,8 @@ ARG search_name=opensearch RUN if [ -d runtime/opensearch/bin ]; then echo "Installing OpenSearch User"; \ search_name=opensearch; \ - groupadd -g 1000 opensearch && \ - useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch && \ + groupadd -g 1000 opensearch 2>/dev/null || echo "group 1000 already exists" && \ + useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch 2>/dev/null || echo "user 1000 already exists" && \ chmod 0775 /opt/moqui/runtime/opensearch && \ chown -R 1000:0 /opt/moqui/runtime/opensearch; \ elif [ -d runtime/elasticsearch/bin ]; then echo "Installing ElasticSearch User"; \ From 803f2aec3e8e491bf3d341da78a00442ab4978e6 Mon Sep 17 00:00:00 2001 From: acetousk Date: Wed, 31 Jul 2024 16:10:02 -0600 Subject: [PATCH 2/2] Add opensearch README file --- .gitignore | 3 ++- docker/opensearch/data/nodes/README | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 docker/opensearch/data/nodes/README diff --git a/.gitignore b/.gitignore index c5a7289d2..19035c59b 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,8 @@ build /docker/runtime /docker/db /docker/elasticsearch/data/nodes -/docker/opensearch/data/nodes +/docker/opensearch/data/nodes/* +!/docker/opensearch/data/nodes/README /docker/acme.sh /docker/nginx/conf.d /docker/nginx/vhost.d diff --git a/docker/opensearch/data/nodes/README b/docker/opensearch/data/nodes/README new file mode 100644 index 000000000..952316788 --- /dev/null +++ b/docker/opensearch/data/nodes/README @@ -0,0 +1 @@ +This directory must exist for mapping otherwise created as root in container and opensearch cannot access it.