diff --git a/Dockerfile.autobuild b/Dockerfile.autobuild index 625f867..3f32191 100644 --- a/Dockerfile.autobuild +++ b/Dockerfile.autobuild @@ -10,7 +10,6 @@ # Require: Docker (http://www.docker.io/) # ----------------------------------------------------------------------------- - # Base system is the LTS version of Ubuntu. FROM python:3.7-stretch @@ -20,47 +19,38 @@ RUN groupadd -g 2300 tmpgroup \ && groupadd -g 1000 www-data \ && usermod -g www-data www-data \ && usermod -u 1000 www-data \ - && groupdel tmpgroup \ -# - && mkdir -p /srv/www/pinry/logs \ -# - && mkdir /data \ - && chown -R www-data:www-data /data \ -# - && mkdir -p /var/log/gunicorn \ - && apt-get update \ - && apt-get -y install nginx nginx-extras pwgen \ - && rm -rf /var/lib/apt/lists/* + && groupdel tmpgroup +RUN mkdir /data +RUN chown -R www-data:www-data /data + +RUN apt-get update \ + && apt-get -y install nginx nginx-extras pwgen \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get autoclean + +# required for other database options RUN pip --no-cache-dir install pipenv gunicorn mysqlclient psycopg2 cx-Oracle -COPY Pipfile* /srv/www/pinry/ +# COPY and start installation +COPY . /pinry -RUN cd /srv/www/pinry \ +RUN cd /pinry \ && pipenv install --three --system --clear -COPY . /srv/www/pinry/ - -# config nodejs and build frontend +# config nodejs RUN curl -L https://raw.githubusercontent.com/tj/n/master/bin/n -o n || exit RUN bash n 10 RUN npm -g install yarn # build frontend -RUN cd /srv/www/pinry/pinry-spa/ && yarn install && yarn build - -# Fix permissions -RUN chown -R www-data:www-data /srv/www \ - && cd /srv/www/pinry \ - && python manage.py collectstatic --noinput --settings=pinry.settings.docker - +RUN cd /pinry/pinry-spa/ && yarn install && yarn build # Load in all of our config files. ADD docker/nginx/nginx.conf /etc/nginx/nginx.conf ADD docker/nginx/sites-enabled/default /etc/nginx/sites-enabled/default -ADD docker/scripts/* /scripts/ # 80 is for nginx web, /data contains static files and database /start runs it. EXPOSE 80 VOLUME ["/data"] -CMD ["/scripts/start.sh"] +CMD ["/pinry/docker/scripts/start.sh"] diff --git a/README.md b/README.md index dbb6032..043b83a 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ For more information visit [getpinry.com](https://getpinry.com). - Browser Extensions - Multi-user support - Both public and private boards +- Works well with docker ## Requirements diff --git a/docker/README.rst b/docker/README.rst deleted file mode 100644 index c1e44ac..0000000 --- a/docker/README.rst +++ /dev/null @@ -1,135 +0,0 @@ -Pinry Docker -============ - -.. image:: https://travis-ci.org/pinry/docker-pinry.svg?branch=master - :target: https://travis-ci.org/pinry/docker-pinry - -A nice and easy way to get a Pinry instance up and running using docker. For -help on getting started with docker see the `official getting started guide`_. -For more information on Pinry and a demo check out it's `website`_. - - -Getting Pinry Docker ---------------------- - -Running this will get the latest version of pinry itself:: - - git clone https://github.com/pinry/pinry - cd pinry - ./docker/bootstrap.sh - -Now you can start your container by command like this:: - - # this is where your database and pins localted - mkdir data - # use absolute path for docker to avoid using default data-volume (we use directory instead) - ./docker/start_docker.sh `readlink -f data` - -Please visit `http://your-ip` to visit your instance and register a new account, enjoy it. - - -Configuring docker-pinry ------------------------- -Enable signups for new users by editing ``pinry/local_settings.py``:: - - ALLOW_NEW_REGISTRATIONS = True - -`Additional pinry configuration settings`_ - -Building docker-pinry again ---------------------------- - -Running this will build you a docker image with the latest version of pinry:: - - ./docker/build_docker.sh - - -Running docker-pinry in manual way ----------------------------------- - -Running the start command for the first time will setup your production secret -key, database and static files. It is important that you decide what port you -want and what location on the host machine you wish to store your files. If this -is the only thing running on your system and you wish to make it public without -a proxy then you can set ``-p=80:80``. The setting ``-p=10000:80`` assumes you -are wanting to proxy to this instance using something like nginx. Also note that -you must have your host mount directory created first (``mkdir -p /mnt/pinry``) - -Then you have two choice to run docker-pinry - -Fist one, with automaticlly configured default arguments:: - - ./docker/start_docker.sh /mnt/pinry - - -Second one, start docker by hand with customized arguments:: - - SETTINGS_PATH=$(readlink -f docker/pinry/local_settings.py) \ - DATA_PATH=$(readlink -f /mnt/pinry) \ - sudo docker run -d=true -p=10000:80 \ - -v=${DATA_PATH}:/data \ - -v=${SETTINGS_PATH}:/srv/www/pinry/pinry/settings/local_settings.py \ - pinry/pinry /scripts/start.sh - -If it's the first run it'll take a few seconds but it will print out your -container ID which should be used to start and stop the container in the future -using the commands:: - - sudo docker start - sudo docker stop - - -Running docker-pinry with docker-compose ------------------------------------------ - - -Just config your ``docker-compose.yml`` and then run:: - - sudo pip install -U docker-compose - sudo docker-compose --project-directory docker up -d - - -Notes on the run commands -````````````````````````` - -* ``-v`` is the volume you are mounting ``-v=host_dir:docker_dir`` -* ``pinry/pinry`` is simply what I called my docker build of this image -* ``-d=true`` allows this to run cleanly as a daemon, remove for debugging -* ``-p`` is the port it connects to, ``-p=host_port:docker_port`` -* Follow comments in ``local_settings.py`` to understand how the site configured - -Using docker-pinry ------------------- -Open a browser to ``http://:10000`` and register. Replace YOUR-HOSTNAME with the name -of the machine docker is running on, likely localhost. - -You can map ``http://localhost:10000`` to your outer nginx for SSL or just change -the default port-mapping to ``80:80`` to serve your site directly, just enjoy! - - -Why include nginx and not just map to gunicorn directly? ------------------------------------------------------------ - -Because gunicorn/django can't serve static files very well and it is unwise to do -so for security reasons. I built this so that people can have a full hosted -solution in a container. If you have a host machine running nginx then of course -there is no point to run nginx in the container as well, you can simply disable -nginx, map gunicorn to a port and then set your host machine's nginx to display -your media and static files since that directory is shared between the container -and host. - - -Why use sqlite3? ----------------- - -Because it has a very low resource cost and most pinry websites are small -personal ones. Why have a full on database for that? If you need more power -than you can easily modify the `pinry/local_settings.py` to point to a -stronger database solution. - - -.. Links - -.. _official getting started guide: http://www.docker.io/gettingstarted/ -.. _website: http://getpinry.com/ -.. _additional pinry configuration settings: https://github.com/pinry/pinry/blob/master/docker/pinry/local_settings.example.py diff --git a/docker/bootstrap.sh b/docker/bootstrap.sh deleted file mode 100755 index 62d5c84..0000000 --- a/docker/bootstrap.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -script_dir="$( dirname "${0}" )" -# Force users to login before seeing any pins. -if [ "${ALLOW_NEW_REGISTRATIONS}" = "" ]; then - ALLOW_NEW_REGISTRATIONS=true -fi - -if [[ "$(docker images -q pinry/pinry 2> /dev/null)" == "" ]]; then - echo "No docker image found, building..." && "${script_dir}/build_docker.sh" -fi - -echo "==================================================================================" -echo "Note: Please copy this key and keep it in a secure place." -echo "Then you should manually edit your pinry/local_settings.py" -echo "and replace SECRET_KEY with new secret-key if you had previously generated a" -echo "pinry/local_settings.py." -echo "If no previous pinry/local_settings.py generated, you can have a look and edit it." -echo "If you want to use docker-compose, just edit docker-compose.yml and use 'docker-compose up'" - -SECRET_KEY=$(sudo docker run pinry/pinry /scripts/gen_key.sh) - -echo "" -echo "Your secret-key is(also saved/overwritten your docker's /data/production_secret_key.txt):" -echo "" -echo ${SECRET_KEY} -echo "==================================================================================" - -local_settings_file="${script_dir}/pinry/local_settings.py" -# Create local_settings.py -if [ ! -f "${local_settings_file}" ]; -then - cp "${script_dir}/pinry/local_settings.example.py" "${local_settings_file}" - sed -i "s/secret\_key\_place\_holder/${SECRET_KEY}/" "${local_settings_file}" - - # Force users to login before seeing any pins. - if [ "${PRIVATE}" = "true" ]; then - sed -i "s/PUBLIC = True/PUBLIC = False/" "${local_settings_file}" - fi - - # Enable people from creating new accounts. - if [ "${ALLOW_NEW_REGISTRATIONS}" = "true" ]; then - sed -i "s/ALLOW_NEW_REGISTRATIONS = False/ALLOW_NEW_REGISTRATIONS = True/" "${local_settings_file}" - fi -fi - -# Copy to docker-compose.yml -if [ ! -f "${script_dir}/docker-compose.yml" ]; -then - cp "${script_dir}/docker-compose.example.yml" "${script_dir}/docker-compose.yml" -fi diff --git a/docker/docker-compose.example.yml b/docker/docker-compose.example.yml deleted file mode 100644 index 61abd05..0000000 --- a/docker/docker-compose.example.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: '3' - -services: - web: - build: . - command: > - bash -c "/scripts/start.sh" - ports: -# if you use "127.0.0.1", no one except you can visit it from within -# - "127.0.0.1:10000:8000" - - "80:80" - volumes: - # overwrite local_settings, you can always modify your local_settings file - - ./pinry/local_settings.py:/srv/www/pinry/pinry/settings/local_settings.py - - ./data/:/data/ - restart: always diff --git a/docker/nginx/sites-enabled/default b/docker/nginx/sites-enabled/default index a098d16..e3d287e 100644 --- a/docker/nginx/sites-enabled/default +++ b/docker/nginx/sites-enabled/default @@ -2,14 +2,10 @@ server { listen 80 default; server_name _; - access_log /srv/www/pinry/logs/access.log; - error_log /srv/www/pinry/logs/error.log; + access_log /data/nginx-access.log; + error_log /data/nginx-error.log; - location /media { - alias /data/static/media; - expires max; - access_log off; - } + root /pinry/pinry-spa/dist/; location /static { alias /data/static; @@ -26,7 +22,7 @@ server { } location / { - root /srv/www/pinry/pinry-spa/dist/; + root /pinry/pinry-spa/dist/; access_log off; } } diff --git a/docker/pinry/.gitignore b/docker/pinry/.gitignore deleted file mode 100644 index 49ce140..0000000 --- a/docker/pinry/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -local_settings.py -production_secret_key.txt \ No newline at end of file diff --git a/docker/scripts/_start_gunicorn.sh b/docker/scripts/_start_gunicorn.sh index 00bd77e..092aba1 100755 --- a/docker/scripts/_start_gunicorn.sh +++ b/docker/scripts/_start_gunicorn.sh @@ -1,3 +1,5 @@ #!/bin/bash gunicorn pinry.wsgi -b 0.0.0.0:8000 -w 4 \ - --capture-output --timeout 30 --user www-data --group www-data \ No newline at end of file + --capture-output --timeout 30 \ + --user www-data --group www-data \ + --env DJANGO_SETTINGS_MODULE=pinry.settings.docker diff --git a/docker/scripts/bootstrap.sh b/docker/scripts/bootstrap.sh new file mode 100755 index 0000000..9c08299 --- /dev/null +++ b/docker/scripts/bootstrap.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +gen_key() { + echo "==================================================================================" + echo "Note: Please copy this key and keep it in a secure place." + echo "Then you should manually edit your pinry/local_settings.py" + echo "and replace SECRET_KEY with new secret-key if you had previously generated a" + echo "pinry/local_settings.py." + echo "If no previous pinry/local_settings.py generated, you can have a look and edit it." + echo "If you want to use docker-compose, just edit docker-compose.yml and use 'docker-compose up'" + + SECRET_KEY=$(bash /pinry/docker/scripts/gen_key.sh) + + echo "" + echo "Your secret-key is(also saved/overwritten your docker's /data/production_secret_key.txt):" + echo "" + echo ${SECRET_KEY} + echo "==================================================================================" +} + +local_settings_file="/data/local_settings.py" +# Create local_settings.py +if [ ! -f "${local_settings_file}" ]; +then + cp "/pinry/pinry/settings/local_settings.example.py" "${local_settings_file}" + gen_key + sed -i "s/secret\_key\_place\_holder/${SECRET_KEY}/" "${local_settings_file}" +fi + +ln -s "${local_settings_file}" "/pinry/pinry/settings/local_settings.py" \ No newline at end of file diff --git a/docker/scripts/gen_key.sh b/docker/scripts/gen_key.sh index ddc28e0..515fcb3 100755 --- a/docker/scripts/gen_key.sh +++ b/docker/scripts/gen_key.sh @@ -1,13 +1,16 @@ #!/bin/bash -# Check for secret key if one doesn't exist create. -if [ ! -f /data/production_secret_key.txt ] -then - cd /data - PRODUCTION_SECRET_KEY=`pwgen -c -n -1 65` - echo $PRODUCTION_SECRET_KEY > /data/production_secret_key.txt -else - PRODUCTION_SECRET_KEY=`cat /data/production_secret_key.txt` -fi +gen_key() { + # Check for secret key if one doesn't exist create. + if [ ! -f /data/production_secret_key.txt ] + then + cd /data + PRODUCTION_SECRET_KEY=`pwgen -c -n -1 65` + echo $PRODUCTION_SECRET_KEY > /data/production_secret_key.txt + else + PRODUCTION_SECRET_KEY=`cat /data/production_secret_key.txt` + fi -echo ${PRODUCTION_SECRET_KEY} + echo ${PRODUCTION_SECRET_KEY} +} +gen_key diff --git a/docker/scripts/start.sh b/docker/scripts/start.sh index 68251c9..f3f05fc 100755 --- a/docker/scripts/start.sh +++ b/docker/scripts/start.sh @@ -8,19 +8,18 @@ # Authors: Isaac Bythewood # Updated: Aug 19th, 2014 # ----------------------------------------------------------------------------- +PROJECT_ROOT="/pinry" +bash ${PROJECT_ROOT}/docker/scripts/bootstrap.sh # If static files don't exist collect them -if [ ! -d /data/static ] -then - cd /srv/www/pinry - python manage.py collectstatic --noinput -fi +cd ${PROJECT_ROOT} +python manage.py collectstatic --noinput --settings=pinry.settings.docker # If database doesn't exist yet create it if [ ! -f /data/production.db ] then - cd /srv/www/pinry + cd ${PROJECT_ROOT} python manage.py migrate --noinput --settings=pinry.settings.docker fi @@ -30,5 +29,5 @@ chown -R www-data:www-data /data # start all process /usr/sbin/nginx -cd /srv/www/pinry/ -/scripts/_start_gunicorn.sh +cd ${PROJECT_ROOT} +./docker/scripts/_start_gunicorn.sh diff --git a/docker/start_docker.sh b/docker/start_docker.sh index c6b1d93..8ed57d9 100755 --- a/docker/start_docker.sh +++ b/docker/start_docker.sh @@ -12,5 +12,4 @@ fi sudo docker run -d=true -p=80:80 \ -v=${DATA_PATH}:/data \ - -v=${SETTINGS_PATH}:/srv/www/pinry/pinry/settings/local_settings.py \ - pinry/pinry /scripts/start.sh + pinry/pinry diff --git a/docs/src/install-with-docker.md b/docs/src/install-with-docker.md new file mode 100644 index 0000000..a28c145 --- /dev/null +++ b/docs/src/install-with-docker.md @@ -0,0 +1,71 @@ +Pinry Docker +================ + +A nice and easy way to get a Pinry instance up and running using docker. For +help on getting started with docker see the official getting started guide at +the end of this page. + + +# Getting Pinry Docker + + +Running this will get the latest version of pinry itself +``` +git clone https://github.com/pinry/pinry +cd pinry/docker +./build_docker.sh +``` +Now you can start your container by command like this +``` +# this is where your database, local_settings and pins located +mkdir data +# use absolute path for docker to avoid using default data-volume (we use directory instead) +./start_docker.sh `readlink -f data` +``` +Please visit `http://your-ip` to visit your instance and register a new account, enjoy it. + + +Configuring docker-pinry +------------------------ +Enable signups for new users by editing `pinry/local_settings.py` +``` +ALLOW_NEW_REGISTRATIONS = True +``` + +# Building docker-pinry again (with latest version) + + +Running this will build you a docker image with the latest version of pinry +``` +git pull --rebase +cd ./docker/ +./build_docker.sh +``` + +# Backup +Just copy `data` folder's content to an safe place, enjoy :) + + +# Why include nginx and not just map to gunicorn directly? + +Because gunicorn/django can't serve static files very well and it is unwise to do +so for security reasons. I built this so that people can have a full hosted +solution in a container. If you have a host machine running nginx then of course +there is no point to run nginx in the container as well, you can simply disable +nginx, map gunicorn to a port and then set your host machine's nginx to display +your media and static files since that directory is shared between the container +and host. + + +# Why use sqlite3? + +Because it has a very low resource cost and most pinry websites are small +personal ones. Why have a full on database for that? If you need more power +than you can easily modify the `data/local_settings.py` to point to a +stronger database solution. + + +# Links + ++ [official getting started guide](http://www.docker.io/gettingstarted/) ++ [additional pinry configuration settings](https://github.com/pinry/pinry/blob/master/pinry/settings/local_settings.example.py) diff --git a/mkdocs.yml b/mkdocs.yml index 2ca43cc..22d296a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -17,6 +17,7 @@ nav: - Screenshots: 'screenshots.md' - Extensions: 'extensions.md' - Theories: 'theories.md' + - InstallWithDocker: 'install-with-docker.md' - Development: 'development.md' - Docs: 'docs.md' - Passwords: 'passwords.md' diff --git a/pinry/settings/docker.py b/pinry/settings/docker.py index 43c60b7..7b23cc1 100644 --- a/pinry/settings/docker.py +++ b/pinry/settings/docker.py @@ -6,7 +6,8 @@ from .base import * # SECURITY WARNING: keep the secret key used in production secret! if 'SECRET_KEY' not in os.environ: logging.warning( - "No SECRET_KEY given in environ, please have a check" + "No SECRET_KEY given in environ, please have a check." + "If you have a local_settings file, please ignore this warning." ) SECRET_KEY = os.environ.get('SECRET_KEY', "PLEASE_REPLACE_ME") @@ -35,7 +36,5 @@ REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = [ 'rest_framework.renderers.JSONRenderer', ] -try: - from .local_settings import * -except ImportError: - pass +# should not ignore import error in production, local_settings is required +from .local_settings import * diff --git a/docker/pinry/local_settings.example.py b/pinry/settings/local_settings.example.py similarity index 97% rename from docker/pinry/local_settings.example.py rename to pinry/settings/local_settings.example.py index d66ba5a..7c71f77 100644 --- a/docker/pinry/local_settings.example.py +++ b/pinry/settings/local_settings.example.py @@ -28,7 +28,7 @@ DATABASES = { } # Allow users to register by themselves -ALLOW_NEW_REGISTRATIONS = False +ALLOW_NEW_REGISTRATIONS = True # Delete image files once you remove your pin IMAGE_AUTO_DELETE = True diff --git a/pinry/wsgi.py b/pinry/wsgi.py index fdf910d..8afd24d 100644 --- a/pinry/wsgi.py +++ b/pinry/wsgi.py @@ -1,6 +1,4 @@ -import os from django.core.wsgi import get_wsgi_application -os.environ.setdefault("DJANGO_SETTINGS_MODULE", "pinry.settings.docker") application = get_wsgi_application()