From 93ac09ab2e514e2854fc4e038c2dacfcd48f3eb2 Mon Sep 17 00:00:00 2001 From: toras9000 Date: Sun, 14 Apr 2024 01:36:56 +0900 Subject: [PATCH] kallithea v0.7.0-patched-ed117efc9ae9 --- .github/workflows/docker-publish.yml | 1 + README.md | 10 +- build/Dockerfile | 105 ++---------------- build/assets/helper/exists-db-table.py | 22 ---- build/assets/helper/get-db-settings.py | 20 ---- build/assets/helper/upsert-db-settings.py | 26 ----- build/assets/helper/wait-db-connect.py | 17 --- build/assets/startup.sh | 12 ++ docker-bake.hcl | 7 +- sample/.env | 1 + sample/assets/certs/ca/ca.crt | 21 ++++ sample/assets/certs/server/server.crt | 22 ++++ sample/assets/certs/server/server.key | 28 +++++ sample/assets/configs/server/00-default.conf | 30 +++++ .../assets/configs/server/01-kallithea.conf | 33 ++++++ sample/compose.yml | 80 +++++++++++++ 16 files changed, 250 insertions(+), 185 deletions(-) delete mode 100644 build/assets/helper/exists-db-table.py delete mode 100644 build/assets/helper/get-db-settings.py delete mode 100644 build/assets/helper/upsert-db-settings.py delete mode 100644 build/assets/helper/wait-db-connect.py create mode 100644 sample/.env create mode 100644 sample/assets/certs/ca/ca.crt create mode 100644 sample/assets/certs/server/server.crt create mode 100644 sample/assets/certs/server/server.key create mode 100644 sample/assets/configs/server/00-default.conf create mode 100644 sample/assets/configs/server/01-kallithea.conf create mode 100644 sample/compose.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index bbaa487..820c460 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -10,6 +10,7 @@ on: branches: # - 'main' - 'v*.*.*' + - 'v*.*.*-patched*' workflow_dispatch: inputs: with_latest: diff --git a/README.md b/README.md index 6755b4b..9750acc 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ This image enables the SSH repository access function implemented in kallithea v - 0.7.0 - Version 0.7.0 of the pip package. +- 0.7.0-patched1 + - Version overwritten with [changesets from the official source](https://kallithea-scm.org/repos/kallithea/changelog/ed117efc9ae952bbab966a267bbd2297d31b05e2/). ## Data location @@ -50,6 +52,12 @@ SQLAlchemy connection string when using an external database.See [SQLAlchemy doc This image supports PostgreSQL (by psycopg2) and MySQL (by mysqlclient). (empty by default, SQLite is used.) +- `KALLITHEA_REMOTE_ADDR_VAR` +WSGI environment variable to get the IP address of the client. (default: `REMOTE_ADDR`) + +- `KALLITHEA_URL_SCHEME_VAR` +WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme) + - `KALLITHEA_DB_PRE_CREATED` If set to TRUE, use an existing database. (FALSE by default) This can be used when initialization is performed by a DB user who does not have DB creation privileges. @@ -117,7 +125,7 @@ The following is an example of a simple docker-compose.yml for Sqlite. ``` services: app: - image: toras9000/kallithea-mp:0.7.0 + image: toras9000/kallithea-mp:0.7.0-patched1 restart: unless-stopped ports: - "8010:5000" diff --git a/build/Dockerfile b/build/Dockerfile index ad174b1..aa605d9 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,105 +1,14 @@ -FROM ubuntu:20.04 +FROM toras9000/kallithea-mp:0.7.0 ARG DEBIAN_FRONTEND=noninteractive -# Pass the path in advance to the directory where kallithea is installed. -ENV PATH=$PATH:/home/kallithea/.local/bin - -# set locale -ENV LC_ALL=C.UTF-8 -ENV LANG=C.UTF-8 - -RUN <<-EOL - : This is what to keep installed in the image. - apt-get update - apt-get install -y --no-install-recommends \ - dumb-init ssh curl locales ca-certificates busybox-static \ - mercurial git python3 libpq5 libmysqlclient21 - apt-get clean - rm -rf /var/lib/apt/lists/* -EOL - -RUN <<-EOL - : Prepare kallithea execution user. - groupadd kallithea - useradd -m -c '' -g kallithea kallithea -EOL - -# Package version when installing by pip. ex.) 0.7.0 -ARG KALLITHEA_VER=x.x.x - -RUN <<-EOL - : Check version specify - if [ "$KALLITHEA_VER" = "x.x.x" ]; then false; fi - - : This is only needed for kallithea installation. - curl -sL https://deb.nodesource.com/setup_14.x | bash - - apt-get install -y --no-install-recommends \ - build-essential libffi-dev pkg-config \ - python3-dev libpq-dev libmysqlclient-dev \ - libldap2-dev libsasl2-dev slapd ldap-utils tox \ - nodejs - - : Build su-exec - git -C /tmp clone https://github.com/ncopa/su-exec.git su-exec - make -C /tmp/su-exec all - mv /tmp/su-exec/su-exec /usr/bin/ - rm -rf /tmp/su-exec - - : Install pip. - curl -sL https://bootstrap.pypa.io/get-pip.py | su-exec kallithea:kallithea python3 - "setuptools < 58.0" "pip < 24.1" --user - - : Install kallithea and optional packages. - su-exec kallithea:kallithea python3 -m pip install --no-cache-dir --user \ - kallithea${KALLITHEA_VER:+==$KALLITHEA_VER} \ - psycopg2 \ - mysqlclient \ - python-ldap - - : Preparing the front-end files. - su-exec kallithea:kallithea kallithea-cli front-end-build - - : Clean up installation materials. - apt-get purge -y \ - build-essential libffi-dev pkg-config \ - python3-dev libpq-dev libmysqlclient-dev \ - nodejs - apt-get autoremove -y - apt-get clean - rm -r /etc/apt/sources.list.d/nodesource.list - rm -rf /var/lib/apt/lists/* - rm -rf /home/kallithea/.npm -EOL - -# SSH setting -RUN <<-EOL - cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak - - sed -ri "s/^\\s*#?\\s*PubkeyAuthentication\\s+.+\$/PubkeyAuthentication yes/1" /etc/ssh/sshd_config - sed -ri "s/^\\s*#?\\s*PasswordAuthentication\\s+.+\$/PasswordAuthentication no/1" /etc/ssh/sshd_config - sed -ri "s/^\\s*#?\\s*ChallengeResponseAuthentication\\s+.+\$/ChallengeResponseAuthentication no/1" /etc/ssh/sshd_config - sed -ri "s/^\\s*#?\\s*PermitRootLogin\\s+.+\$/PermitRootLogin no/1" /etc/ssh/sshd_config - sed -ri "s/^\\s*#?\\s*X11Forwarding\\s+.+\$/X11Forwarding no/1" /etc/ssh/sshd_config - - echo '' >> /etc/ssh/sshd_config - echo 'AcceptEnv GIT_PROTOCOL' >> /etc/ssh/sshd_config -EOL - -# Copy assets. COPY ./assets/ /kallithea/ -# Prepare a directory for storing persistent data. +ARG KALLITHEA_REV=stable + RUN <<-EOL - mkdir -p /kallithea/config - mkdir -p /kallithea/repos - mkdir -p /home/kallithea/.ssh - chown kallithea:kallithea /kallithea/config - chown kallithea:kallithea /kallithea/repos - chown kallithea:kallithea /home/kallithea/.ssh + hg clone --rev "$KALLITHEA_REV" https://kallithea-scm.org/repos/kallithea /kallithea/src + cp -RT /kallithea/src/kallithea "$(su-exec kallithea:kallithea python3 -m site --user-site)/kallithea" + rm -rf /kallithea/src + sed -ri 's/^\s*VERSION\s*=\s*\(\s*([^,]+)\s*,\s*([^,]+)\s*,\s*([^,]+)\s*(.*)\)\s*$/VERSION = \(\1, \2, \3, '"'rev-${KALLITHEA_REV}'"'\)/' "$(su-exec kallithea:kallithea python3 -m site --user-site)/kallithea/__init__.py" EOL - -# Service port -EXPOSE 5000 22 - -# Startup command -CMD ["dumb-init", "bash", "/kallithea/startup.sh"] diff --git a/build/assets/helper/exists-db-table.py b/build/assets/helper/exists-db-table.py deleted file mode 100644 index 51a4781..0000000 --- a/build/assets/helper/exists-db-table.py +++ /dev/null @@ -1,22 +0,0 @@ -import sys -import time -import sqlalchemy - -try: - db_uri = sys.argv[1] - db_table = sys.argv[2] - - engine = sqlalchemy.engine.create_engine(db_uri) - with engine.connect() as db: - exists = engine.has_table(db_table) - - if exists: - sys.exit(0) - else: - sys.exit(1) - -except Exception: - print(traceback.format_exc()) - exit(2) - - diff --git a/build/assets/helper/get-db-settings.py b/build/assets/helper/get-db-settings.py deleted file mode 100644 index 1b5ed61..0000000 --- a/build/assets/helper/get-db-settings.py +++ /dev/null @@ -1,20 +0,0 @@ -import sys -import time -import sqlalchemy -from sqlalchemy import text as sql_text - -try: - db_uri = sys.argv[1] - setting_key = sys.argv[2] - - engine = sqlalchemy.engine.create_engine(db_uri) - with engine.connect() as db: - value = db.scalar(sql_text("select app_settings_value from settings where app_settings_name = :key"), { "key": setting_key, }) - if value is None: - print("((None))") - else: - print(value) - -except Exception: - print(traceback.format_exc()) - exit(1) diff --git a/build/assets/helper/upsert-db-settings.py b/build/assets/helper/upsert-db-settings.py deleted file mode 100644 index d462220..0000000 --- a/build/assets/helper/upsert-db-settings.py +++ /dev/null @@ -1,26 +0,0 @@ -import sys -import time -import sqlalchemy -from sqlalchemy import text as sql_text - -try: - db_uri = sys.argv[1] - setting_key = sys.argv[2] - setting_value = sys.argv[3] - setting_type = sys.argv[4] - - engine = sqlalchemy.engine.create_engine(db_uri) - with engine.connect() as db: - setting_id = db.scalar(sql_text("select app_settings_id from settings where app_settings_name = :key"), { "key": setting_key, }) - if setting_id is None: - sql = sql_text("insert into settings(app_settings_name, app_settings_value, app_settings_type) values (:key, :value, :type)") - params = { "key": setting_key, "value": setting_value, "type": setting_type, } - else: - sql = sql_text("update settings set app_settings_value = :value where app_settings_name = :key") - params = { "key": setting_key, "value": setting_value, } - db.execute(sql, params) - -except Exception: - print(traceback.format_exc()) - exit(1) - diff --git a/build/assets/helper/wait-db-connect.py b/build/assets/helper/wait-db-connect.py deleted file mode 100644 index 16c3668..0000000 --- a/build/assets/helper/wait-db-connect.py +++ /dev/null @@ -1,17 +0,0 @@ -import sys -import time -import sqlalchemy - -db_uri = sys.argv[1] - -print(f"Connect to '{db_uri}'") -engine = sqlalchemy.engine.create_engine(db_uri) -while True: - try: - with engine.connect() as db: - print("... success") - break - - except: - print("Retry the database connection after 5 seconds.") - time.sleep(5) diff --git a/build/assets/startup.sh b/build/assets/startup.sh index e163efb..e4a6f2e 100644 --- a/build/assets/startup.sh +++ b/build/assets/startup.sh @@ -94,6 +94,18 @@ function create_setup_ini_file() CONFIG_OPTIONS+=("ssh_locale=$KALLITHEA_SSH_LOCALE") fi + # Setting: Remote address variable + if [ -n "$KALLITHEA_REMOTE_ADDR_VAR" ]; then + echo "Setting client address variable" + CONFIG_OPTIONS+=("remote_addr_variable=$KALLITHEA_REMOTE_ADDR_VAR") + fi + + # Setting: URL scheme variable + if [ -n "$KALLITHEA_URL_SCHEME_VAR" ]; then + echo "Setting URL scheme variable" + CONFIG_OPTIONS+=("url_scheme_variable=$KALLITHEA_URL_SCHEME_VAR") + fi + # Generate a configuration file. su-exec kallithea:kallithea kallithea-cli config-create "$INI_FILE_PATH" "${CONFIG_OPTIONS[@]}" } diff --git a/docker-bake.hcl b/docker-bake.hcl index cafbb17..5d98fbd 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -6,8 +6,12 @@ variable "KALLITHEA_IMAGE_VER" { default = "0.7.0" } +variable "KALLITHEA_PATCH_REV" { + default = "ed117efc9ae9" +} + variable "KALLITHEA_FLAVOR" { - default = [""] + default = ["patched-${KALLITHEA_PATCH_REV}", "patched1"] } group "default" { @@ -22,6 +26,7 @@ target "kallithea" { context = "./build" args = { KALLITHEA_VER = "${KALLITHEA_IMAGE_VER}" + KALLITHEA_REV = "${KALLITHEA_PATCH_REV}" } platforms = [ "linux/amd64", diff --git a/sample/.env b/sample/.env new file mode 100644 index 0000000..ca7c0d1 --- /dev/null +++ b/sample/.env @@ -0,0 +1 @@ +COMPOSE_PROJECT_NAME=docker-kallithea-sample diff --git a/sample/assets/certs/ca/ca.crt b/sample/assets/certs/ca/ca.crt new file mode 100644 index 0000000..2498c89 --- /dev/null +++ b/sample/assets/certs/ca/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIUdEh8zyMBBXRSoS92iyBn5zoRcEIwDQYJKoZIhvcNAQEL +BQAwTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBsZVN0YXRlMQ8wDQYDVQQK +DAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21lMB4XDTIzMDMxMzE1MDEw +OVoXDTMzMDMxMDE1MDEwOVowTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBs +ZVN0YXRlMQ8wDQYDVQQKDAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21l +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uYRuV/d5iXZAS5QzR2f +4cTcpmv6FS9ZhEAtDTBQq3XLr2xXilWfI9947bqVPLlP7iYQemHCjCLZwhvDhqyf +63Y72EUEAu/gpdmJfH9k8+wpyWj8rUIOC2RyTyhM2YpcxIDNCBjbBzTeJUzyDzrs +b3lGaUC6uQcY8ZvsS7aGJfoJcW3ZdjoM6QX+7d/wECM58Q7+UzY/ZnRt37JY3B1H +13vLWC85cU1het0Teb43X0v5Z0s5wDYrQOiX81M8fyyGjue1zBNaOtlPYa7DqT8Y +oFcybTf+m9UkRR0KaP6+ZHL8cQv1PbJ9fBtCBLm3iUgu/QBEi/zSa3y/XpS4RiiX +GQIDAQABo2AwXjAdBgNVHQ4EFgQU9nIVK5QlDzcx5b4LU8528D8lcEEwHwYDVR0j +BBgwFoAU9nIVK5QlDzcx5b4LU8528D8lcEEwDwYDVR0TAQH/BAUwAwEB/zALBgNV +HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAFBqUxAwQ4JX12CRrJ7GzvnvrA2L +aCvIe1Kbuo/oX8Z39GgVH12XBRjUERNpb9xXNictreYeNTfAEWGmgiut1u/0FlRB +RP1oyYB8cEEFlaaBnoGYblv6UY7GXb3a2sNMyiz8X8fxMx9FDHYj36bsAIfRJ/LU +Z8bICy85ymrEgrddSTlf8FOLryTX0xNw1AIuehOqbLgvwLzf+OnvOdvSilO6zpkY +HXiB2GBeeCq3OX3prEZBWwn0t1hgvFs+0l5P3arTKrxN6KLcYhjglmgGFnuO9j4Z +o+oERjHdTorODyIIwwj5Kb16iPrLX5IB+gSRpVQiI9DZzH/TawhlX3LSCnU= +-----END CERTIFICATE----- diff --git a/sample/assets/certs/server/server.crt b/sample/assets/certs/server/server.crt new file mode 100644 index 0000000..6b0ba7e --- /dev/null +++ b/sample/assets/certs/server/server.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIUMnZBstFQF1tmY1iRnJMVJVRBLqkwDQYJKoZIhvcNAQEL +BQAwTTELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBsZVN0YXRlMQ8wDQYDVQQK +DAZTYW1wbGUxFzAVBgNVBAMMDnNhbXBsZS1jYS5ob21lMB4XDTIzMDMxMzE1MDU1 +OVoXDTMzMDMxMDE1MDU1OVowTDELMAkGA1UEBhMCSlAxFDASBgNVBAgMC1NhbXBs +ZVN0YXRlMQ8wDQYDVQQKDAZTYW1wbGUxFjAUBgNVBAMMDW15c2VydmVyLmhvbWUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhqH/Xgl8Obf3Z79XcAT/ +qUkQ/8iNquZLZgl1Koez4/nuZBcWd/eWMFLOJbMaT+0JyaAkeb6BXHWz/x9HTCAS +10wulb8k+cq1YmBb9gH1soqrDp4kelt5IkE4xXZskw1XaOhaeZaNaLvB/zrk0dW+ +LOb6GuCmPdY3Y95DpqyI3hl2wevX5tOVKkKaUY7P/5SBXttSe6jZDCy6Vo7a1P5N +hZYD6oiEgn8rmD4miLC5m4cWz1uLhfAji1C+FA+x2kjrSQzEgebmMVXbWeXOKLB3 +thraUVjL2XCZOWYEiYPtpdyOK31ap+9o1pABvfDRlHw8dgZE9RBDCV32o5at/iUv +AgMBAAGjeDB2MAkGA1UdEwQCMAAwHQYDVR0OBBYEFMvEnKF053YKtGB0CuEMaxj8 +esApMB8GA1UdIwQYMBaAFPZyFSuUJQ83MeW+C1POdvA/JXBBMCkGA1UdEQQiMCCC +DW15c2VydmVyLmhvbWWCDyoubXlzZXJ2ZXIuaG9tZTANBgkqhkiG9w0BAQsFAAOC +AQEAtY01jZR81yY2WMKFOvQptLS4rZSmNBmlkQhE6YVhMrGoBXw8uDF/H/pdVp8i +p0OjsPBjuV2CVss4ifuw7pG0GIS247rumlEE1VL+YmlC5n5l9C3Bd93+MO+Bak8h +G7vNq9YGZqjvl1sJBhujN0XVSLlVKdDHjmt+IKcaC1VGM5Wayhk3i5E9eQXOY88N +9iwxUgi2ijQQBvR+UwzUiZ7AjThSn1KdYGkhb6RQrIiSCsmno/K7WmdLpeSZcwet +ToHKBBxrcFixT1IVxkiSErEf604qVElRylJveW3n8+oNJzn7go9pifg7rqIMmxTE +5vIJUpbiQvCtyIFeuCQ78opr2A== +-----END CERTIFICATE----- diff --git a/sample/assets/certs/server/server.key b/sample/assets/certs/server/server.key new file mode 100644 index 0000000..d20f892 --- /dev/null +++ b/sample/assets/certs/server/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDzhqH/Xgl8Obf3 +Z79XcAT/qUkQ/8iNquZLZgl1Koez4/nuZBcWd/eWMFLOJbMaT+0JyaAkeb6BXHWz +/x9HTCAS10wulb8k+cq1YmBb9gH1soqrDp4kelt5IkE4xXZskw1XaOhaeZaNaLvB +/zrk0dW+LOb6GuCmPdY3Y95DpqyI3hl2wevX5tOVKkKaUY7P/5SBXttSe6jZDCy6 +Vo7a1P5NhZYD6oiEgn8rmD4miLC5m4cWz1uLhfAji1C+FA+x2kjrSQzEgebmMVXb +WeXOKLB3thraUVjL2XCZOWYEiYPtpdyOK31ap+9o1pABvfDRlHw8dgZE9RBDCV32 +o5at/iUvAgMBAAECggEAAd2wumpdNpNMpREpnAES5hCagOOs2jpf1wkPnn22b3rv +jH4+LQu7R8PUBpoEWXnDo7UPTJLq55vZQl6nPd5yn80AMO/bI0Hkuzy8kfJ8c7EB +XgEtK14NUGF3pXiMiUAb3zpsZAZq0GeSihCAwjBswQR1ZUo1GXZU1gomXFdXxW6x +Eyyj2eWdJbWzlEjmAYGnrSlI5q2FnwcgGZ9QRXPpD2zYElxLgL0mhmQ9fySQLQIK +iH9ghm4tsNYTmVCrCgsA1U1QGdBXvKWm0K6Ojvy6WGNKI7XUsNQ4+GyYmyyyjBI0 +Mjgm4B2V7MaZxADIF0xN4cunNLYgaHC3hEEZROY9VQKBgQD+rAC2X88eUWDPG3k+ +Cg0qpZsWnRPtvRxnHE+8tNpuXPuERR9T9L5Vg7f3Gg07P1O/hzGsCfbLkVMlSChP +fv2PFhhoTxHDMg+eCiS96ftLywFCcqSW5LUglTtI9fYfzIEbGeNZkDb57Jkt9mZw +/+sNOfCO0MvPv66ANW5HxuqEmwKBgQD0y7/r3tVT5lE/gPsAyNa05DIw+SliS4+y +NDQ/G5r4RpKnAn53aXQpNaH4WH7dcFBXDCK6vBTQ9TzKfFO8xwUQAHKf+devpX1U +aG0Gej/qhUx+gwx6iSEvp26BxcaY10QOeMcHh+7xDYRkilcySkfjBXoqX9rab5RT +GzZmm+DI/QKBgGHOCuP/fZqmJCjF41U5JP9Y5GvV3X5zH0JWNCVDy5OQ8CNHLJXg +q2xKDs++WJCFbJNkx2XL2dUqNaVexeRp39Ug5jTBERBG3IqUWLH690CPcSdkweMV +aJ5f0YnetCxYLMkMsyyFXyeyfs2REJybHFlTBBjFBVD+y3R/kJ/OO+i7AoGACqr2 +aikD0uwujj3oslgOQ0POjCPPkeEJGhL8U+O4FSm+KlkJedq2nTUhIdl5bdz/I0v8 +F3cq0RBe3dQdMhTaO6BJXn9czuK/W3ZRif652laExt6fJJflQlZhknYz+WUoKhlJ +UyKxXv/fzSHaOu7Rwyrx7/bNaseCBz0gWchhO2ECgYEA9jsUsIr4Dx9JRY05swe5 +9nV6scLqwTqmyU0GOHY1eVa1Efq+I+0SRDWJfAk6gGDsWxR9fKAZ0mexyCpHUpku +wblNrYI4C5I2ugrUci4eT6BacETWqDLVc3/t6bcU0JlnItOr5V9V4pUScqfZhtq7 +OHknv5wxoI+6kijqGBLxJfQ= +-----END PRIVATE KEY----- diff --git a/sample/assets/configs/server/00-default.conf b/sample/assets/configs/server/00-default.conf new file mode 100644 index 0000000..ab8a763 --- /dev/null +++ b/sample/assets/configs/server/00-default.conf @@ -0,0 +1,30 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +log_format proxy '$remote_addr - $remote_user [$time_local] $scheme $http_host "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + +server { + listen 80 default_server; + listen [::]:80 ipv6only=on default_server; + listen 443 ssl default_server; + listen [::]:443 ssl ipv6only=on default_server; + + access_log /var/log/nginx/access.log proxy; + ssl_certificate /work/certs/server/server.crt; + ssl_certificate_key /work/certs/server/server.key; + + location ^~ /certs + { + alias /work/certs/ca; + } + + location / + { + return 421; + } +} + diff --git a/sample/assets/configs/server/01-kallithea.conf b/sample/assets/configs/server/01-kallithea.conf new file mode 100644 index 0000000..28e300b --- /dev/null +++ b/sample/assets/configs/server/01-kallithea.conf @@ -0,0 +1,33 @@ + +upstream kallithea-server +{ + server kallithea-app-container:5000; + keepalive 8; +} +server { + server_name kallithea.myserver.home localhost; + + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /work/certs/server/server.crt; + ssl_certificate_key /work/certs/server/server.key; + + access_log /var/log/nginx/access.log proxy; + + proxy_set_header Host $http_host; + proxy_set_header X-Url-Scheme $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + + location / + { + proxy_pass http://kallithea-server/; + } +} diff --git a/sample/compose.yml b/sample/compose.yml new file mode 100644 index 0000000..a8fa15a --- /dev/null +++ b/sample/compose.yml @@ -0,0 +1,80 @@ +services: + db: + image: postgres:16 + restart: unless-stopped + networks: + default: + aliases: + - kallithea-db-container + healthcheck: + test: pg_isready --quiet --dbname=$${POSTGRES_DB} --username=$${POSTGRES_USER} || exit 1 + start_period: 5s + interval: 10s + timeout: 5s + retries: 12 + volumes: + - ./volumes/kallithea/db:/var/lib/postgresql/data + environment: + - PGDATA=/var/lib/postgresql/data/kallithea-data + - POSTGRES_USER=kallithea_user + - POSTGRES_PASSWORD=kallithea_secret + - POSTGRES_DB=kallithea_store + + app: + image: toras9000/kallithea-mp:0.7.0-patched1 + restart: unless-stopped + depends_on: + db: + condition: service_healthy + networks: + default: + frontend: + aliases: + - kallithea-app-container + healthcheck: + test: curl -f http://localhost:5000 || exit 1 + start_period: 5s + interval: 10s + timeout: 5s + retries: 12 + volumes: + - ./volumes/kallithea/app/config:/kallithea/config + - ./volumes/kallithea/app/repos:/kallithea/repos + - ./volumes/kallithea/app/host_keys:/kallithea/host_keys + - ./volumes/kallithea/app/ssh:/home/kallithea/.ssh + environment: + - KALLITHEA_DB_PRE_CREATED=FALSE + - KALLITHEA_EXTERNAL_DB=postgres://kallithea_user:kallithea_secret@kallithea-db-container/kallithea_store + - KALLITHEA_ADMIN_USER=admin + - KALLITHEA_ADMIN_PASS=admin123 + - KALLITHEA_ADMIN_MAIL=admin@example.com + - KALLITHEA_LOCALE=ja_JP.UTF-8 + - KALLITHEA_REMOTE_ADDR_VAR=HTTP_X_FORWARDED_FOR + - KALLITHEA_URL_SCHEME_VAR=HTTP_X_FORWARDED_PROTO + - KALLITHEA_REPOSORT_IDX=5 + - KALLITHEA_REPOSORT_ORDER=desc + - KALLITHEA_FIX_PERMISSION=TRUE + - KALLITHEA_FIX_REPOS_PERMISSION=FALSE + - KALLITHEA_DEFAULT_REPO_GIT=TRUE + - KALLITHEA_EXTRA_FIELD=TRUE + - KALLITHEA_EXTERNAL_SSH_PORT=2222 +# - KALLITHEA_DB_MIGRATION=TRUE + + proxy: + image: nginx:1.25 + restart: unless-stopped + command: sh -c "exec find /work/certs/ca -type f -print0 | xargs -0 chmod 444 && exec nginx -g 'daemon off;'" + depends_on: + app: + condition: service_started + networks: + frontend: + ports: + - "443:443" + - "80:80" + volumes: + - ./assets/configs/server:/etc/nginx/conf.d:ro + - ./assets/certs:/work/certs + +networks: + frontend: