From 99a22266b83b139c5ec2a045c4454943f8f7a72c Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Mon, 29 Jul 2024 00:39:47 +0200 Subject: [PATCH 01/25] ci: added docker image for idp --- Dockerfile | 124 +++++++++++++++++++++++++++++++++++++++++++++ default.conf | 56 ++++++++++++++++++++ docker-compose.yml | 29 +++++++++++ startup.sh | 25 +++++++++ 4 files changed, 234 insertions(+) create mode 100644 Dockerfile create mode 100644 default.conf create mode 100644 docker-compose.yml create mode 100644 startup.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9f17fd5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,124 @@ +# Use the official PHP image with FPM as the base image +FROM php:8.2-fpm AS base + +# Install dependencies and PHP extensions +RUN apt-get update && apt-get install -y \ + unzip \ + libxml2-dev \ + libssl-dev \ + libzip-dev \ + libpng-dev \ + libfreetype6-dev \ + libjpeg62-turbo-dev \ + libonig-dev \ + libxslt1-dev \ + libmcrypt-dev \ + libsodium-dev \ + nginx \ + openssl \ + && docker-php-ext-configure gd --with-freetype --with-jpeg \ + && docker-php-ext-install -j$(nproc) \ + ctype \ + dom \ + filter \ + iconv \ + intl \ + mbstring \ + pdo_mysql \ + phar \ + simplexml \ + sodium \ + xml \ + xmlwriter \ + zip \ + gd \ + xsl \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Set memory limit for PHP +RUN echo "memory_limit=512M" > /usr/local/etc/php/conf.d/memory-limit.ini +ENV PHP_MEMORY_LIMIT=512M + +FROM base AS composer + +# Install Composer +COPY --from=composer:2 /usr/bin/composer /usr/bin/composer + +# Set COMPOSER_ALLOW_SUPERUSER environment variable +ENV COMPOSER_ALLOW_SUPERUSER=1 + +# Set working directory +WORKDIR /var/www/html + +# Copy the composer.json and composer.lock files into the container +COPY . . + +# Install PHP dependencies including symfony/runtime +RUN composer install --classmap-authoritative --no-scripts + +FROM base AS node + +# Set working directory +WORKDIR /var/www/html + +COPY --from=composer /var/www/html/vendor /var/www/html/vendor + +# Copy the package.json and package-lock.json files into the container +COPY . . + +# Install Node.js dependencies +RUN apt-get update && apt-get install -y \ + curl \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Install Node.js and npm +RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \ + && apt-get install -y nodejs \ + && npm install -g npm@latest + +# Install Node.js dependencies and build assets +RUN npm install \ + && npm run build \ + && php bin/console assets:install + +FROM base AS runner + +# Copy necessary files into the container +#COPY bin /var/www/html/bin +#COPY .env /var/www/html/.env +#COPY templates /var/www/html/templates +#COPY migrations /var/www/html/migrations +#COPY config /var/www/html/config +#COPY src /var/www/html/src +#COPY public /var/www/html/public +COPY . . + +# Copy build files from the previous stages +COPY --from=node /var/www/html/public /var/www/html/public +COPY --from=composer /var/www/html/vendor /var/www/html/vendor + +WORKDIR /var/www/html + +# Create SAML certificate +RUN php bin/console app:create-certificate --type saml --no-interaction + +# Copy the Nginx configuration file into the container +COPY default.conf /etc/nginx/sites-enabled/sso +# COPY default.conf /etc/nginx/conf.d/default.conf + +# Copy the startup script into the container +COPY startup.sh /usr/local/bin/startup.sh + +# Ensure the startup script is executable +RUN chmod +x /usr/local/bin/startup.sh + +# Set first run flag +ENV FIRST_RUN=1 + +# Expose port 80 +EXPOSE 80 + +# Use the startup script as the entrypoint +CMD ["/usr/local/bin/startup.sh"] diff --git a/default.conf b/default.conf new file mode 100644 index 0000000..60ea4e6 --- /dev/null +++ b/default.conf @@ -0,0 +1,56 @@ +server { + listen 80; + server_name localhost; + + root /var/www/html/public; + + location / { + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + # optionally disable falling back to PHP script for the asset directories; + # nginx will return a 404 error when files are not found instead of passing the + # request to Symfony (improves performance but Symfony's 404 page is not displayed) + # location /bundles { + # try_files $uri =404; + # } + + location ~ ^/index\.php(/|$) { + fastcgi_pass 127.0.0.1:9000; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + # Caveat: When PHP-FPM is hosted on a different machine from nginx + # $realpath_root may not resolve as you expect! In this case try using + # $document_root instead. + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/index.php/some-path + # Remove the internal directive to allow URIs like this + # internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + # Optional logging + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; +} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..53d7f52 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,29 @@ +version: '3.8' + +services: + web: + build: . + ports: + - "8080:80" + depends_on: + - db + env_file: + - .env.local + + db: + image: mariadb:10.4 + restart: always + environment: + MYSQL_ROOT_PASSWORD: rootpassword + MYSQL_DATABASE: idp + MYSQL_USER: idpuser + MYSQL_PASSWORD: idppassword + ports: + - "3306:3306" + volumes: + - db_data:/var/lib/mysql + +volumes: + db_data: + + diff --git a/startup.sh b/startup.sh new file mode 100644 index 0000000..d87c13b --- /dev/null +++ b/startup.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Check if the FIRST_RUN environment variable is 1 +if [ "$FIRST_RUN" = "1" ]; then + # Run database migrations + php bin/console doctrine:migrations:migrate --no-interaction + + # Perform initial setup + php bin/console app:setup + + # Register cron jobs + php bin/console shapecode:cron:scan + + # Update Browscap + php bin/console app:browscap:update + + # Set FIRST_RUN environment variable to 0 + export FIRST_RUN=0 +fi + +# Start PHP-FPM +php-fpm & + +# Start Nginx +nginx -g 'daemon off;' From 42edb497076bd44a27f3e750fbfab2868259f129 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 1 Aug 2024 23:53:40 +0200 Subject: [PATCH 02/25] Improvments for Docker Image - Removed unnecessary files - Added db ready check in docker compose --> WEB Container only starts after db with migrations etc. - Set Timezone for Docker Container - Integrated DB Env Vars in .env.local and .env - persist cert folder of web service --- .env | 9 ++++++++- Dockerfile | 22 ++++++++++++---------- docker-compose.yml | 19 +++++++++++++------ default.conf => nginx.conf | 0 4 files changed, 33 insertions(+), 17 deletions(-) rename default.conf => nginx.conf (100%) diff --git a/.env b/.env index beb9d16..98b66e0 100644 --- a/.env +++ b/.env @@ -27,6 +27,10 @@ CRON_PASSWORD= ###> doctrine/doctrine-bundle ### # Siehe https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url DATABASE_URL="mysql://db_user:db_password@localhost:3306/db_name" +MYSQL_ROOT_PASSWORD=changeThisToASecurePassword +MYSQL_DATABASE=db_name +MYSQL_USER=db_user +MYSQL_PASSWORD=db_password ###< doctrine/doctrine-bundle ### ###> symfony/messenger ### @@ -37,4 +41,7 @@ MESSENGER_TRANSPORT_DSN=doctrine://default MAILER_DSN=native://default ###< symfony/mailer ### -PHP_BINARY=/usr/bin/php \ No newline at end of file +PHP_BINARY=/usr/bin/php + +### Docker ### +TZ=Europe/Berlin diff --git a/Dockerfile b/Dockerfile index 9f17fd5..bf6e967 100644 --- a/Dockerfile +++ b/Dockerfile @@ -85,28 +85,30 @@ RUN npm install \ FROM base AS runner +WORKDIR /var/www/html + # Copy necessary files into the container -#COPY bin /var/www/html/bin -#COPY .env /var/www/html/.env -#COPY templates /var/www/html/templates -#COPY migrations /var/www/html/migrations -#COPY config /var/www/html/config -#COPY src /var/www/html/src -#COPY public /var/www/html/public COPY . . +# Remove unnecessary files +RUN rm -rf ./docs +RUN rm -rf ./.github +RUN rm -rf ./docker-compose.yml +RUN rm -rf ./Dockerfile +RUN rm -rf ./.gitignore + # Copy build files from the previous stages COPY --from=node /var/www/html/public /var/www/html/public COPY --from=composer /var/www/html/vendor /var/www/html/vendor -WORKDIR /var/www/html +# Remove the .htaccess file because we are using Nginx +RUN rm -rf ./public/.htaccess # Create SAML certificate RUN php bin/console app:create-certificate --type saml --no-interaction # Copy the Nginx configuration file into the container -COPY default.conf /etc/nginx/sites-enabled/sso -# COPY default.conf /etc/nginx/conf.d/default.conf +COPY nginx.conf /etc/nginx/sites-enabled/sso # Copy the startup script into the container COPY startup.sh /usr/local/bin/startup.sh diff --git a/docker-compose.yml b/docker-compose.yml index 53d7f52..5962462 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,24 +6,31 @@ services: ports: - "8080:80" depends_on: - - db + db: + condition: service_healthy env_file: - .env.local + volumes: + - certs:/var/www/html/certs + # nginx configuration file + - ./nginx.conf:/etc/nginx/sites-enabled/sso db: image: mariadb:10.4 restart: always - environment: - MYSQL_ROOT_PASSWORD: rootpassword - MYSQL_DATABASE: idp - MYSQL_USER: idpuser - MYSQL_PASSWORD: idppassword + env_file: + - .env.local ports: - "3306:3306" volumes: - db_data:/var/lib/mysql + healthcheck: + test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD + timeout: 20s + retries: 10 volumes: db_data: + certs: diff --git a/default.conf b/nginx.conf similarity index 100% rename from default.conf rename to nginx.conf From e925105abff3f8e746bcf7e71a770c75bbdf2de3 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:06:05 +0200 Subject: [PATCH 03/25] Set no-dev flag for composer install --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bf6e967..751d615 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ WORKDIR /var/www/html COPY . . # Install PHP dependencies including symfony/runtime -RUN composer install --classmap-authoritative --no-scripts +RUN composer install --no-dev --classmap-authoritative --no-scripts FROM base AS node From 3e4d08de2b02bcae200693a73d0f29d660c6449e Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:18:34 +0200 Subject: [PATCH 04/25] Create docker-image.yml Create Pipeline for auto publish on release --- .github/workflows/docker-image.yml | 56 ++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/docker-image.yml diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000..94d5570 --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,56 @@ +name: Docker Image CI + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + release: + types: [ published ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: simonfrank + # github.repository as / + IMAGE_NAME: schulit-idp + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image to latest + if: ${{ !github.event.release.prerelease && github.event_name != 'push' }} + id: build-and-push-latest + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + labels: ${{ steps.meta.outputs.labels }} + build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image to ${{ env.RELEASE_VERSION }} and unstable + if: ${{ github.event_name != 'push' && github.event_name != 'pull_request' }} + id: build-and-push-tag + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} , ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:unstable + labels: ${{ steps.meta.outputs.labels }} + build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) From d00535b3d6c5425f74a32601dfa6b5eeacc52ee0 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:26:09 +0200 Subject: [PATCH 05/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 94d5570..c096575 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -5,6 +5,7 @@ on: branches: [ "master" ] pull_request: branches: [ "master" ] + workflow_dispatch: release: types: [ published ] @@ -32,6 +33,15 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action + - name: Build and push Docker image to nightly + id: build-and-push-nightly + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly + labels: ${{ steps.meta.outputs.labels }} + build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) - name: Build and push Docker image to latest if: ${{ !github.event.release.prerelease && github.event_name != 'push' }} id: build-and-push-latest From 51cef3dbefc0e0d250c53a0bb19379e64d20776f Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:31:30 +0200 Subject: [PATCH 06/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index c096575..1a777d8 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -26,6 +26,15 @@ jobs: id-token: write steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Extract Docker metadata id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 @@ -61,6 +70,7 @@ jobs: uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: context: . + push: ${{ github.event_name != 'pull_request' }} tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} , ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:unstable labels: ${{ steps.meta.outputs.labels }} build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) From 6ccc5f9a1f61a49fbd94e35ff233757b18724af5 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:37:00 +0200 Subject: [PATCH 07/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 1a777d8..602d3b1 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,10 +1,6 @@ name: Docker Image CI on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] workflow_dispatch: release: types: [ published ] @@ -40,17 +36,9 @@ jobs: uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # Build and push Docker image with Buildx (don't push on PR) + + # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - - name: Build and push Docker image to nightly - id: build-and-push-nightly - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly - labels: ${{ steps.meta.outputs.labels }} - build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) - name: Build and push Docker image to latest if: ${{ !github.event.release.prerelease && github.event_name != 'push' }} id: build-and-push-latest From 46d0614bc839ae5d74d092443dc58cf2b5e55335 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 00:39:49 +0200 Subject: [PATCH 08/25] Added Github Action to automatically build image (#2) Create Pipeline for auto publish on release --- .github/workflows/docker-image.yml | 64 ++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/docker-image.yml diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000..602d3b1 --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,64 @@ +name: Docker Image CI + +on: + workflow_dispatch: + release: + types: [ published ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: simonfrank + # github.repository as / + IMAGE_NAME: schulit-idp + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image to latest + if: ${{ !github.event.release.prerelease && github.event_name != 'push' }} + id: build-and-push-latest + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + labels: ${{ steps.meta.outputs.labels }} + build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image to ${{ env.RELEASE_VERSION }} and unstable + if: ${{ github.event_name != 'push' && github.event_name != 'pull_request' }} + id: build-and-push-tag + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} , ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:unstable + labels: ${{ steps.meta.outputs.labels }} + build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) From 752f3cb11a88f5ac86b8d29321239628dd2b1404 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 01:34:02 +0200 Subject: [PATCH 09/25] Added restart prop to web container --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 5962462..d9b058f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,7 @@ version: '3.8' services: web: build: . + restart: always ports: - "8080:80" depends_on: From d3a0be92888ac471af8b2a05bea589b65191f2d5 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 01:47:42 +0200 Subject: [PATCH 10/25] boost startup of web container after db ready --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index d9b058f..62884ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,6 +27,7 @@ services: - db_data:/var/lib/mysql healthcheck: test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD + interval: 5s timeout: 20s retries: 10 From 66102ad2e23c2c0d7a3bc4813d5d94595abbebf5 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Fri, 2 Aug 2024 01:47:50 +0200 Subject: [PATCH 11/25] added docker installation docu --- docs/docs/install/docker_installation.md | 306 +++++++++++++++++++++++ 1 file changed, 306 insertions(+) create mode 100644 docs/docs/install/docker_installation.md diff --git a/docs/docs/install/docker_installation.md b/docs/docs/install/docker_installation.md new file mode 100644 index 0000000..c23e03a --- /dev/null +++ b/docs/docs/install/docker_installation.md @@ -0,0 +1,306 @@ +--- +sidebar_position: 6 +--- + +# Docker Installation + +Der IdP der SchulIT Software kann alternativ auch über Docker installiert werden. Diese Variante erfordert Wissen über `Docker` und `Docker Compose`, ist aber in der Regel weniger fehleranfällig und das berühmte Phänomen "Auf meiner Maschine läuft's aber" tritt nicht auf. + +## Voraussetzungen + +* Ein Server mit Docker und Docker Compose +* Terminal Zugriff (z.B. via SSH) auf diesen Server +* Server hat eine aktive Internetverbindung + +## Installation mit Docker Image aus Docker Hub (empfohlen) + +Stelle eine Verbindung mit dem Terminal des Servers her. + +### Dateistruktur + +Erstelle ein Verzeichnis in dem die Daten des Dienstes gespeichert werden sollen. Hier: `/home/docker/schulit/idp` + +```bash +mkdir /home/docker/schulit/idp +``` + +:::tip Backups +Bitte sichere dieses Verzeichnis in regelmäßigen Abständen für Backups der Datenbank und des Dienstes +::: + +Als nächstes erstellen wir zwei Ordner, wo die DB und der IdP ihre Daten ablegen: + +```bash +cd /home/docker/schulit/idp +mkdir ./certs +mkdir ./db_data +mkdir ./own_assets +``` + +### Docker Compose + +Erstelle nun die Docker Compose Datei. Diese Datei beschreibt die Konfiguration eines Dienstes in Docker. + +```bash +nano docker-compose.yml +``` + +Kopiere den Inhalt aus unserer Vorlage und passe ihn nach deinen belieben an. + +```yml title=docker-compose.yml +version: '3.8' + +services: + web: + image: simonfrank/schulit-idp:latest # use a fixed image tag like v1.0 in prod environments + restart: always + ports: + # change the first port to any port you like + - "8080:80" + depends_on: + db: + condition: service_healthy + env_file: + - .env + volumes: + - /home/docker/schulit/idp/certs:/var/www/html/certs + # if you want to modify the apperance of this app mount this folder + # - /home/docker/schulit/idp/own_assets:/var/www/html/public/own_assets + # nginx configuration file - uncomment below if you want to use an own nginx config + # - ./nginx.conf:/etc/nginx/sites-enabled/sso + + db: + image: mariadb:10.4 + restart: always + env_file: + - .env + volumes: + - /home/docker/schulit/idp/db_data:/var/lib/mysql + healthcheck: + test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD + interval: 5s + timeout: 20s + retries: 10 +``` + +Drücke zum Speicher `strg` + `o` und anschließend zum Verlassen des Text Editors `strg` + `x`. + +### Umgebungsvariablen anlegen + +Als nächstes legen wir die Umgebungsvariablen für den IdP an. + +Erstelle dazu eine neue Datei `.env` + +```bash +nano .env +``` + +Diese Datei sollte die folgenden Variablen aus dem Template benutzen. Hier sollten einige Anpassungen vorgenommen werden. Mehr Infos zu den Anpassungen findest du auf der Seite [Konfigurationsdatei](./configuration). + +```text title=.env +###> symfony/framework-bundle ### +APP_ENV=prod +APP_SECRET=ChangeThisToASecretString +###< symfony/framework-bundle ### + +###> schulit/adauth-bundle ### +ADAUTH_ENABLED=false +ADAUTH_URL="tls://dc01.ad.schulit.de:55117" +ADAUTH_PEERNAME="dc01.ad.schulit.de" +ADAUTH_PEERFINGERPRINT="" +###< schulit/adauth-bundle ### + +###> schulit/common-bundle ### +APP_URL="https://sso.schulit.de/" +APP_NAME="SchulIT Single Sign-On" +# Pfade relativ zum public/-Verzeichnis +APP_LOGO="" # Müssen in der Compose gemountet werden und Dateien dann in "own_asstes" abgelegt werden +APP_SMALLLOGO="" # Müssen in der Compose gemountet werden und Dateien dann in "own_asstes" abgelegt werden +###< schulit/common-bundle + +###> CUSTOM ### +SAML_ENTITY_ID="https://sso.schulit.de/" +MAILER_FROM="noreply@sso.schulit.de" +CRON_PASSWORD= +###< CUSTOM ### + +###> doctrine/doctrine-bundle ### +# Siehe https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url +DATABASE_URL="mysql://db_user:db_password@localhost:3306/db_name" +MYSQL_ROOT_PASSWORD=changeThisToASecurePassword +MYSQL_DATABASE=db_name +MYSQL_USER=db_user +MYSQL_PASSWORD=db_password +###< doctrine/doctrine-bundle ### + +###> symfony/messenger ### +MESSENGER_TRANSPORT_DSN=doctrine://default +###< symfony/messenger ### + +###> symfony/mailer ### +MAILER_DSN=native://default +###< symfony/mailer ### + +PHP_BINARY=/usr/bin/php + +### Docker ### +TZ=Europe/Berlin +``` + +Drücke zum Speicher `strg` + `o` und anschließend zum Verlassen des Text Editors `strg` + `x`. + +### Webserver konfigurieren (optional) + +Falls du die Config vom nginx Webserver anpassen möchtest, musst du das zweite Volume in der Compose einkommentieren. Anschließend kannst du die Config anpassen. + +Die Default Config, die wir im Container verwenden ist die folgende: + +```text title=nginx.conf +server { + listen 80; + server_name localhost; + + root /var/www/html/public; + + location / { + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + # optionally disable falling back to PHP script for the asset directories; + # nginx will return a 404 error when files are not found instead of passing the + # request to Symfony (improves performance but Symfony's 404 page is not displayed) + # location /bundles { + # try_files $uri =404; + # } + + location ~ ^/index\.php(/|$) { + fastcgi_pass 127.0.0.1:9000; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + # Caveat: When PHP-FPM is hosted on a different machine from nginx + # $realpath_root may not resolve as you expect! In this case try using + # $document_root instead. + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/index.php/some-path + # Remove the internal directive to allow URIs like this + # internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + # Optional logging + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; +} +``` + +### Dienst starten + +Als nächstes können wir den Dienst starten: + +```bash +docker compose up +``` + +Der Container startet jetzt. Dies kann 1-2 Minuten dauern. + +### IdP Konfigurieren + +Als letzten Schritt müssen wir jetzt noch einen Admin User anlegen. Das geht über die Konsole des Dienstes im Docker Container. + +```bash +docker exec -it sh +``` + +`` ist dabei entweder der Name oder die ID des Containers. Um diese herauszufinden führe folgenden Befehl aus und kopiere die ID oder den Namen + +```bash +$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +af38ee24c451 idp-web "docker-php-entrypoi…" 2 hours ago Up 3 minutes 9000/tcp, 0.0.0.0:8080->80/tcp idp-web-1 +``` + +In diesem Fall wäre der Name `idp-web-1` und die ID `af38ee24c451`. + +Wir würden also +```bash +docker exec -it af38ee24c451 sh +``` +ausführen. + +Wir legen jetzt einen Admin User an: + +:::caution Achtung +Der Benutzer muss als Administrator (Schritt 7) angelegt werden. +::: + +```bash +$ php bin/console app:add-user + Benutzername: + > admin@example.com + + Vorname: + > Erika + + Nachname: + > Mustermann + + E-Mail: + > admin@example.com + + Passwort: + > + + Passwort wiederholen: + > + + Ist der Benutzer ein Administrator? (yes/no) [yes]: + > yes + + Benutzertyp wählen [user]: + [0] user + > user + + [OK] Benutzer erfolgreich erstellt +``` + +Das war's! Logge dich unter [http://server_ip:8080](http://server_ip:8080) in den IdP ein. + +## Installation über Repository +Falls Anpassungen am Quellcode vorgenommen wurden, ist auch eine Installation über das Repository möglich. + +In dem Fall liegt eine leicht modifizierte docker-compose Datei im Repo. Diese setzt die Verfügbarkeit einer lokalen `.env` Datei voraus. Diese kann mit folgendem Befehl angelegt und modifiziert werden: + +```bash +cp .env .env.local +``` + +Wenn alle Einstellungen vorgenommen wurden, kann der Build des Containers und das Deployment über den Befehl + +```bash +docker compose up --build +``` + +gestartet werden. + +Anschließend muss auch ein Admin User angelegt werden (s.o.) \ No newline at end of file From 07d49cc9d3b7c7185bb1cec2556f249bc8d1fce0 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 4 Aug 2024 00:54:39 +0200 Subject: [PATCH 12/25] Docker image (#3) * Added Github Action to automatically build image (#2) Create Pipeline for auto publish on release * Added restart prop to web container * boost startup of web container after db ready * added docker installation docu --- docker-compose.yml | 2 + docs/docs/install/docker_installation.md | 306 +++++++++++++++++++++++ 2 files changed, 308 insertions(+) create mode 100644 docs/docs/install/docker_installation.md diff --git a/docker-compose.yml b/docker-compose.yml index 5962462..62884ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,7 @@ version: '3.8' services: web: build: . + restart: always ports: - "8080:80" depends_on: @@ -26,6 +27,7 @@ services: - db_data:/var/lib/mysql healthcheck: test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD + interval: 5s timeout: 20s retries: 10 diff --git a/docs/docs/install/docker_installation.md b/docs/docs/install/docker_installation.md new file mode 100644 index 0000000..c23e03a --- /dev/null +++ b/docs/docs/install/docker_installation.md @@ -0,0 +1,306 @@ +--- +sidebar_position: 6 +--- + +# Docker Installation + +Der IdP der SchulIT Software kann alternativ auch über Docker installiert werden. Diese Variante erfordert Wissen über `Docker` und `Docker Compose`, ist aber in der Regel weniger fehleranfällig und das berühmte Phänomen "Auf meiner Maschine läuft's aber" tritt nicht auf. + +## Voraussetzungen + +* Ein Server mit Docker und Docker Compose +* Terminal Zugriff (z.B. via SSH) auf diesen Server +* Server hat eine aktive Internetverbindung + +## Installation mit Docker Image aus Docker Hub (empfohlen) + +Stelle eine Verbindung mit dem Terminal des Servers her. + +### Dateistruktur + +Erstelle ein Verzeichnis in dem die Daten des Dienstes gespeichert werden sollen. Hier: `/home/docker/schulit/idp` + +```bash +mkdir /home/docker/schulit/idp +``` + +:::tip Backups +Bitte sichere dieses Verzeichnis in regelmäßigen Abständen für Backups der Datenbank und des Dienstes +::: + +Als nächstes erstellen wir zwei Ordner, wo die DB und der IdP ihre Daten ablegen: + +```bash +cd /home/docker/schulit/idp +mkdir ./certs +mkdir ./db_data +mkdir ./own_assets +``` + +### Docker Compose + +Erstelle nun die Docker Compose Datei. Diese Datei beschreibt die Konfiguration eines Dienstes in Docker. + +```bash +nano docker-compose.yml +``` + +Kopiere den Inhalt aus unserer Vorlage und passe ihn nach deinen belieben an. + +```yml title=docker-compose.yml +version: '3.8' + +services: + web: + image: simonfrank/schulit-idp:latest # use a fixed image tag like v1.0 in prod environments + restart: always + ports: + # change the first port to any port you like + - "8080:80" + depends_on: + db: + condition: service_healthy + env_file: + - .env + volumes: + - /home/docker/schulit/idp/certs:/var/www/html/certs + # if you want to modify the apperance of this app mount this folder + # - /home/docker/schulit/idp/own_assets:/var/www/html/public/own_assets + # nginx configuration file - uncomment below if you want to use an own nginx config + # - ./nginx.conf:/etc/nginx/sites-enabled/sso + + db: + image: mariadb:10.4 + restart: always + env_file: + - .env + volumes: + - /home/docker/schulit/idp/db_data:/var/lib/mysql + healthcheck: + test: mysqladmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD + interval: 5s + timeout: 20s + retries: 10 +``` + +Drücke zum Speicher `strg` + `o` und anschließend zum Verlassen des Text Editors `strg` + `x`. + +### Umgebungsvariablen anlegen + +Als nächstes legen wir die Umgebungsvariablen für den IdP an. + +Erstelle dazu eine neue Datei `.env` + +```bash +nano .env +``` + +Diese Datei sollte die folgenden Variablen aus dem Template benutzen. Hier sollten einige Anpassungen vorgenommen werden. Mehr Infos zu den Anpassungen findest du auf der Seite [Konfigurationsdatei](./configuration). + +```text title=.env +###> symfony/framework-bundle ### +APP_ENV=prod +APP_SECRET=ChangeThisToASecretString +###< symfony/framework-bundle ### + +###> schulit/adauth-bundle ### +ADAUTH_ENABLED=false +ADAUTH_URL="tls://dc01.ad.schulit.de:55117" +ADAUTH_PEERNAME="dc01.ad.schulit.de" +ADAUTH_PEERFINGERPRINT="" +###< schulit/adauth-bundle ### + +###> schulit/common-bundle ### +APP_URL="https://sso.schulit.de/" +APP_NAME="SchulIT Single Sign-On" +# Pfade relativ zum public/-Verzeichnis +APP_LOGO="" # Müssen in der Compose gemountet werden und Dateien dann in "own_asstes" abgelegt werden +APP_SMALLLOGO="" # Müssen in der Compose gemountet werden und Dateien dann in "own_asstes" abgelegt werden +###< schulit/common-bundle + +###> CUSTOM ### +SAML_ENTITY_ID="https://sso.schulit.de/" +MAILER_FROM="noreply@sso.schulit.de" +CRON_PASSWORD= +###< CUSTOM ### + +###> doctrine/doctrine-bundle ### +# Siehe https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url +DATABASE_URL="mysql://db_user:db_password@localhost:3306/db_name" +MYSQL_ROOT_PASSWORD=changeThisToASecurePassword +MYSQL_DATABASE=db_name +MYSQL_USER=db_user +MYSQL_PASSWORD=db_password +###< doctrine/doctrine-bundle ### + +###> symfony/messenger ### +MESSENGER_TRANSPORT_DSN=doctrine://default +###< symfony/messenger ### + +###> symfony/mailer ### +MAILER_DSN=native://default +###< symfony/mailer ### + +PHP_BINARY=/usr/bin/php + +### Docker ### +TZ=Europe/Berlin +``` + +Drücke zum Speicher `strg` + `o` und anschließend zum Verlassen des Text Editors `strg` + `x`. + +### Webserver konfigurieren (optional) + +Falls du die Config vom nginx Webserver anpassen möchtest, musst du das zweite Volume in der Compose einkommentieren. Anschließend kannst du die Config anpassen. + +Die Default Config, die wir im Container verwenden ist die folgende: + +```text title=nginx.conf +server { + listen 80; + server_name localhost; + + root /var/www/html/public; + + location / { + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + # optionally disable falling back to PHP script for the asset directories; + # nginx will return a 404 error when files are not found instead of passing the + # request to Symfony (improves performance but Symfony's 404 page is not displayed) + # location /bundles { + # try_files $uri =404; + # } + + location ~ ^/index\.php(/|$) { + fastcgi_pass 127.0.0.1:9000; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + # Caveat: When PHP-FPM is hosted on a different machine from nginx + # $realpath_root may not resolve as you expect! In this case try using + # $document_root instead. + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/index.php/some-path + # Remove the internal directive to allow URIs like this + # internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + # Optional logging + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; +} +``` + +### Dienst starten + +Als nächstes können wir den Dienst starten: + +```bash +docker compose up +``` + +Der Container startet jetzt. Dies kann 1-2 Minuten dauern. + +### IdP Konfigurieren + +Als letzten Schritt müssen wir jetzt noch einen Admin User anlegen. Das geht über die Konsole des Dienstes im Docker Container. + +```bash +docker exec -it sh +``` + +`` ist dabei entweder der Name oder die ID des Containers. Um diese herauszufinden führe folgenden Befehl aus und kopiere die ID oder den Namen + +```bash +$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +af38ee24c451 idp-web "docker-php-entrypoi…" 2 hours ago Up 3 minutes 9000/tcp, 0.0.0.0:8080->80/tcp idp-web-1 +``` + +In diesem Fall wäre der Name `idp-web-1` und die ID `af38ee24c451`. + +Wir würden also +```bash +docker exec -it af38ee24c451 sh +``` +ausführen. + +Wir legen jetzt einen Admin User an: + +:::caution Achtung +Der Benutzer muss als Administrator (Schritt 7) angelegt werden. +::: + +```bash +$ php bin/console app:add-user + Benutzername: + > admin@example.com + + Vorname: + > Erika + + Nachname: + > Mustermann + + E-Mail: + > admin@example.com + + Passwort: + > + + Passwort wiederholen: + > + + Ist der Benutzer ein Administrator? (yes/no) [yes]: + > yes + + Benutzertyp wählen [user]: + [0] user + > user + + [OK] Benutzer erfolgreich erstellt +``` + +Das war's! Logge dich unter [http://server_ip:8080](http://server_ip:8080) in den IdP ein. + +## Installation über Repository +Falls Anpassungen am Quellcode vorgenommen wurden, ist auch eine Installation über das Repository möglich. + +In dem Fall liegt eine leicht modifizierte docker-compose Datei im Repo. Diese setzt die Verfügbarkeit einer lokalen `.env` Datei voraus. Diese kann mit folgendem Befehl angelegt und modifiziert werden: + +```bash +cp .env .env.local +``` + +Wenn alle Einstellungen vorgenommen wurden, kann der Build des Containers und das Deployment über den Befehl + +```bash +docker compose up --build +``` + +gestartet werden. + +Anschließend muss auch ein Admin User angelegt werden (s.o.) \ No newline at end of file From 282c2532774a160b751bb72c269a3a96de8b65de Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 4 Aug 2024 01:41:22 +0200 Subject: [PATCH 13/25] nginx fix --- Dockerfile | 2 +- docker-compose.yml | 2 +- docs/docs/install/docker_installation.md | 4 ++-- startup.sh | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 751d615..e2596ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -108,7 +108,7 @@ RUN rm -rf ./public/.htaccess RUN php bin/console app:create-certificate --type saml --no-interaction # Copy the Nginx configuration file into the container -COPY nginx.conf /etc/nginx/sites-enabled/sso +COPY nginx.conf /etc/nginx/sites-enabled/default # Copy the startup script into the container COPY startup.sh /usr/local/bin/startup.sh diff --git a/docker-compose.yml b/docker-compose.yml index 62884ab..a72714e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: volumes: - certs:/var/www/html/certs # nginx configuration file - - ./nginx.conf:/etc/nginx/sites-enabled/sso + # - ./nginx.conf:/etc/nginx/sites-enabled/default db: image: mariadb:10.4 diff --git a/docs/docs/install/docker_installation.md b/docs/docs/install/docker_installation.md index c23e03a..d31219c 100644 --- a/docs/docs/install/docker_installation.md +++ b/docs/docs/install/docker_installation.md @@ -67,7 +67,7 @@ services: # if you want to modify the apperance of this app mount this folder # - /home/docker/schulit/idp/own_assets:/var/www/html/public/own_assets # nginx configuration file - uncomment below if you want to use an own nginx config - # - ./nginx.conf:/etc/nginx/sites-enabled/sso + # - ./nginx.conf:/etc/nginx/sites-enabled/default db: image: mariadb:10.4 @@ -303,4 +303,4 @@ docker compose up --build gestartet werden. -Anschließend muss auch ein Admin User angelegt werden (s.o.) \ No newline at end of file +Anschließend muss auch ein Admin User angelegt werden (s.o.) diff --git a/startup.sh b/startup.sh index d87c13b..b6ddcf0 100644 --- a/startup.sh +++ b/startup.sh @@ -22,4 +22,4 @@ fi php-fpm & # Start Nginx -nginx -g 'daemon off;' +nginx -g 'daemon off;' \ No newline at end of file From 4c4476f78dba2f6456906b7ff75e4ac61278ff95 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 4 Aug 2024 01:41:58 +0200 Subject: [PATCH 14/25] remove no dev flag temp --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 751d615..bf6e967 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ WORKDIR /var/www/html COPY . . # Install PHP dependencies including symfony/runtime -RUN composer install --no-dev --classmap-authoritative --no-scripts +RUN composer install --classmap-authoritative --no-scripts FROM base AS node From e6930f1c464a67743c90c2b15db00255cdf29aa0 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 4 Aug 2024 09:21:39 +0200 Subject: [PATCH 15/25] Docker image (#4) * Added Github Action to automatically build image (#2) Create Pipeline for auto publish on release * Added restart prop to web container * boost startup of web container after db ready * added docker installation docu * nginx fix --- Dockerfile | 2 +- docker-compose.yml | 2 +- docs/docs/install/docker_installation.md | 12 ++++++++++-- startup.sh | 2 +- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf6e967..cc38410 100644 --- a/Dockerfile +++ b/Dockerfile @@ -108,7 +108,7 @@ RUN rm -rf ./public/.htaccess RUN php bin/console app:create-certificate --type saml --no-interaction # Copy the Nginx configuration file into the container -COPY nginx.conf /etc/nginx/sites-enabled/sso +COPY nginx.conf /etc/nginx/sites-enabled/default # Copy the startup script into the container COPY startup.sh /usr/local/bin/startup.sh diff --git a/docker-compose.yml b/docker-compose.yml index 62884ab..a72714e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: volumes: - certs:/var/www/html/certs # nginx configuration file - - ./nginx.conf:/etc/nginx/sites-enabled/sso + # - ./nginx.conf:/etc/nginx/sites-enabled/default db: image: mariadb:10.4 diff --git a/docs/docs/install/docker_installation.md b/docs/docs/install/docker_installation.md index c23e03a..dee0eb6 100644 --- a/docs/docs/install/docker_installation.md +++ b/docs/docs/install/docker_installation.md @@ -67,7 +67,11 @@ services: # if you want to modify the apperance of this app mount this folder # - /home/docker/schulit/idp/own_assets:/var/www/html/public/own_assets # nginx configuration file - uncomment below if you want to use an own nginx config - # - ./nginx.conf:/etc/nginx/sites-enabled/sso + + # - ./nginx.conf:/etc/nginx/sites-enabled/default + + + db: image: mariadb:10.4 @@ -303,4 +307,8 @@ docker compose up --build gestartet werden. -Anschließend muss auch ein Admin User angelegt werden (s.o.) \ No newline at end of file + +Anschließend muss auch ein Admin User angelegt werden (s.o.) + + + diff --git a/startup.sh b/startup.sh index d87c13b..b6ddcf0 100644 --- a/startup.sh +++ b/startup.sh @@ -22,4 +22,4 @@ fi php-fpm & # Start Nginx -nginx -g 'daemon off;' +nginx -g 'daemon off;' \ No newline at end of file From 1ef6d47f67ecdc0c010dc51b097ac6d01dc2d233 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 17:43:51 +0200 Subject: [PATCH 16/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 602d3b1..74cc850 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -7,7 +7,7 @@ on: env: # Use docker.io for Docker Hub if empty - REGISTRY: simonfrank + REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: schulit-idp @@ -25,11 +25,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - - name: Login to Docker Hub - uses: docker/login-action@v2 + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Docker metadata id: meta From a24d4c1ee33d900f5f0eb1a5415e19cd39c8ba01 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 17:49:49 +0200 Subject: [PATCH 17/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 74cc850..014d298 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -9,7 +9,7 @@ env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / - IMAGE_NAME: schulit-idp + IMAGE_NAME: ${{ github.repository }} jobs: build: From 2b0ff799b3e2317df772553408f57fd47796e0b7 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 17:53:34 +0200 Subject: [PATCH 18/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 014d298..84d3add 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -9,7 +9,7 @@ env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / - IMAGE_NAME: ${{ github.repository }} + IMAGE_NAME: ${{ github.repository.toLowerCase() }} jobs: build: From 580d854b98ad60e058ba3a8d443459d4b72bf3eb Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 18:01:12 +0200 Subject: [PATCH 19/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 84d3add..0043f09 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -9,7 +9,7 @@ env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / - IMAGE_NAME: ${{ github.repository.toLowerCase() }} + IMAGE_NAME: ${{ github.repository }} jobs: build: @@ -31,12 +31,16 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: downcase REPO + run: | + echo "IMAGE_NAME_LOWER=${env.IMAGE_NAME,,}" >>${GITHUB_ENV} - name: Extract Docker metadata id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action @@ -47,7 +51,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}:latest labels: ${{ steps.meta.outputs.labels }} build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) @@ -60,6 +64,6 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} , ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:unstable + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}:${{ env.RELEASE_VERSION }} , ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}:unstable labels: ${{ steps.meta.outputs.labels }} build-args: version_info=${{ env.RELEASE_VERSION }} (${{ env.CURRENT_DATE }}) From 20e68f038ac0f52c7b0a4d29e52ad2848bee706a Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 18:03:46 +0200 Subject: [PATCH 20/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 0043f09..fe734e9 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -34,7 +34,7 @@ jobs: - name: downcase REPO run: | - echo "IMAGE_NAME_LOWER=${env.IMAGE_NAME,,}" >>${GITHUB_ENV} + echo "IMAGE_NAME_LOWER=${$IMAGE_NAME@L}" >> "${GITHUB_ENV}" - name: Extract Docker metadata id: meta From 4139d1c9c011a0da71c6d182795a26e55f866217 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 18:04:57 +0200 Subject: [PATCH 21/25] Update docker-image.yml --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index fe734e9..3ebae6f 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -34,7 +34,7 @@ jobs: - name: downcase REPO run: | - echo "IMAGE_NAME_LOWER=${$IMAGE_NAME@L}" >> "${GITHUB_ENV}" + echo "IMAGE_NAME_LOWER=${IMAGE_NAME@L}" >> "${GITHUB_ENV}" - name: Extract Docker metadata id: meta From d8c5208052c2764c2c847933ecdaab0dcf7bc308 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 18:13:48 +0200 Subject: [PATCH 22/25] some optimizations for the docker build image --- Dockerfile | 13 +++++++------ docker-compose.yml | 4 ---- docs/docs/install/docker_installation.md | 8 ++------ startup.sh | 21 +++++++++++++++------ 4 files changed, 24 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index cc38410..685174a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,10 +78,9 @@ RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \ && apt-get install -y nodejs \ && npm install -g npm@latest -# Install Node.js dependencies and build assets +# Install Node.js dependencies RUN npm install \ - && npm run build \ - && php bin/console assets:install + && npm run build FROM base AS runner @@ -101,12 +100,14 @@ RUN rm -rf ./.gitignore COPY --from=node /var/www/html/public /var/www/html/public COPY --from=composer /var/www/html/vendor /var/www/html/vendor +# Install assets +RUN php bin/console assets:install + +# Output of assets? --> Needs to be copied to the final image - maybe separate stage + # Remove the .htaccess file because we are using Nginx RUN rm -rf ./public/.htaccess -# Create SAML certificate -RUN php bin/console app:create-certificate --type saml --no-interaction - # Copy the Nginx configuration file into the container COPY nginx.conf /etc/nginx/sites-enabled/default diff --git a/docker-compose.yml b/docker-compose.yml index a72714e..c047c8f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - services: web: build: . @@ -21,8 +19,6 @@ services: restart: always env_file: - .env.local - ports: - - "3306:3306" volumes: - db_data:/var/lib/mysql healthcheck: diff --git a/docs/docs/install/docker_installation.md b/docs/docs/install/docker_installation.md index dee0eb6..da09e77 100644 --- a/docs/docs/install/docker_installation.md +++ b/docs/docs/install/docker_installation.md @@ -67,11 +67,7 @@ services: # if you want to modify the apperance of this app mount this folder # - /home/docker/schulit/idp/own_assets:/var/www/html/public/own_assets # nginx configuration file - uncomment below if you want to use an own nginx config - - # - ./nginx.conf:/etc/nginx/sites-enabled/default - - - + # - ./nginx.conf:/etc/nginx/sites-enabled/sso db: image: mariadb:10.4 @@ -307,8 +303,8 @@ docker compose up --build gestartet werden. - Anschließend muss auch ein Admin User angelegt werden (s.o.) + diff --git a/startup.sh b/startup.sh index b6ddcf0..99f6e0a 100644 --- a/startup.sh +++ b/startup.sh @@ -1,7 +1,19 @@ #!/bin/sh -# Check if the FIRST_RUN environment variable is 1 -if [ "$FIRST_RUN" = "1" ]; then +CONTAINER_ALREADY_STARTED="IDP_CONTAINER_ALREADY_STARTED" +# Check if the container has already been started +if [ ! -e $CONTAINER_ALREADY_STARTED ]; then + touch $CONTAINER_ALREADY_STARTED + echo "-- First container startup --" + + # Check if the SAML certificate does not exist + if [ ! -f /var/www/html/certs/idp.crt ] || [ ! -f /var/www/html/certs/idp.key ]; then + echo "Creating SAML certificate..." + + # Create SAML certificate + php bin/console app:create-certificate --type saml --no-interaction + fi + # Run database migrations php bin/console doctrine:migrations:migrate --no-interaction @@ -13,13 +25,10 @@ if [ "$FIRST_RUN" = "1" ]; then # Update Browscap php bin/console app:browscap:update - - # Set FIRST_RUN environment variable to 0 - export FIRST_RUN=0 fi # Start PHP-FPM php-fpm & # Start Nginx -nginx -g 'daemon off;' \ No newline at end of file +nginx -g 'daemon off;' From 336aab5e6544192144f6cf6cc680828e3c6f84c3 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Thu, 8 Aug 2024 18:20:22 +0200 Subject: [PATCH 23/25] Update docker-image.yml (#5) --- .github/workflows/docker-image.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 3ebae6f..a395ff2 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -35,6 +35,9 @@ jobs: - name: downcase REPO run: | echo "IMAGE_NAME_LOWER=${IMAGE_NAME@L}" >> "${GITHUB_ENV}" + + - name: Set env + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Extract Docker metadata id: meta From adc6b0ac597b3439d4de410d0d68f252abb35f4c Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 11 Aug 2024 17:12:13 +0200 Subject: [PATCH 24/25] fixed filesystem permission issue --- .github/workflows/docker-image.yml | 3 ++- Dockerfile | 13 ++++--------- startup.sh | 5 ++++- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index a395ff2..57632a4 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -32,7 +32,8 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: downcase REPO + # Set image name to lower case because ghcr.io complains about uppercase + - name: downcase image name run: | echo "IMAGE_NAME_LOWER=${IMAGE_NAME@L}" >> "${GITHUB_ENV}" diff --git a/Dockerfile b/Dockerfile index 685174a..fd41971 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ WORKDIR /var/www/html COPY . . # Install PHP dependencies including symfony/runtime -RUN composer install --classmap-authoritative --no-scripts +RUN composer install --no-dev --classmap-authoritative --no-scripts FROM base AS node @@ -78,9 +78,10 @@ RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \ && apt-get install -y nodejs \ && npm install -g npm@latest -# Install Node.js dependencies +# Install Node.js dependencies and build the assets RUN npm install \ - && npm run build + && npm run build \ + && php bin/console assets:install FROM base AS runner @@ -100,9 +101,6 @@ RUN rm -rf ./.gitignore COPY --from=node /var/www/html/public /var/www/html/public COPY --from=composer /var/www/html/vendor /var/www/html/vendor -# Install assets -RUN php bin/console assets:install - # Output of assets? --> Needs to be copied to the final image - maybe separate stage # Remove the .htaccess file because we are using Nginx @@ -117,9 +115,6 @@ COPY startup.sh /usr/local/bin/startup.sh # Ensure the startup script is executable RUN chmod +x /usr/local/bin/startup.sh -# Set first run flag -ENV FIRST_RUN=1 - # Expose port 80 EXPOSE 80 diff --git a/startup.sh b/startup.sh index 53918bc..d9312a8 100644 --- a/startup.sh +++ b/startup.sh @@ -25,10 +25,13 @@ if [ ! -e $CONTAINER_ALREADY_STARTED ]; then # Update Browscap php bin/console app:browscap:update + + # Grant write permissions to the storage directories + chown -R www-data:www-data /var/www/html/var fi # Start PHP-FPM php-fpm & # Start Nginx -nginx -g 'daemon off;' \ No newline at end of file +nginx -g 'daemon off;' From 05f1eadaaf51f00af2e253923826d75b649386a1 Mon Sep 17 00:00:00 2001 From: Simon Frank <71044587+SimonFrank14@users.noreply.github.com> Date: Sun, 11 Aug 2024 18:52:46 +0200 Subject: [PATCH 25/25] Cache was not included in chown --- Dockerfile | 2 +- startup.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd41971..bc8359e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -119,4 +119,4 @@ RUN chmod +x /usr/local/bin/startup.sh EXPOSE 80 # Use the startup script as the entrypoint -CMD ["/usr/local/bin/startup.sh"] +ENTRYPOINT ["/usr/local/bin/startup.sh"] diff --git a/startup.sh b/startup.sh index d9312a8..6c4edfc 100644 --- a/startup.sh +++ b/startup.sh @@ -25,13 +25,13 @@ if [ ! -e $CONTAINER_ALREADY_STARTED ]; then # Update Browscap php bin/console app:browscap:update - - # Grant write permissions to the storage directories - chown -R www-data:www-data /var/www/html/var fi # Start PHP-FPM php-fpm & +# Ensure the var directory is writable +chown -R www-data:www-data /var/www/html/var + # Start Nginx nginx -g 'daemon off;'