Adding some docker work. Looks like we don't need all port forwarding…

… stuff.

README.md

@@ -78,6 +78,8 @@ as a container/Dockerfile/docker in the near future, so that you won't have to d
    you would need add an exception entry for `127.0.0.1` to your DNS Server settings: "Exceptions to DNS Rebind
    Protection" (Advanced - Network Settings - DNS Server)
 
+   TODO: Why not just add an /etc/host entry, or run a dns server in a co-deployed container?
+
 5. Create a self-signed certificate for the platform web server. For example:
 
 ```

docker-compose.yaml

@@ -0,0 +1,45 @@
+#
+# Platform independent Docker compose configuration that syncs out a git branch
+# (master is default) and/or a tag, and produced distribution installers for it.
+# This is equivalent to ./gradlew installDist, where all platform archives,
+# including Windows exe files, are built in the container.
+#
+# The build volume persists, and is rebuilt whenever it is detected that we
+# want to build a branch at a change that doesn't correspond to the last build
+# state. The cache volume also persiscat ~ts, so significant info is reused.
+# 
+
+version: '3.8'
+
+#
+# Set up secrets from the default locations, so that we can do things like
+# publications, artifact signing or other Gradle operations, where sensitive
+# information is stored outside the repository.
+#
+#secrets:
+#  gradle_properties:
+#    file: ~/.gradle/gradle.properties
+
+#volumes:
+#  cache:
+#  source:
+
+services:
+  platform:
+    image: ghcr.io/xtclang/xdk-platform:latest
+    build:
+      context: docker
+      dockerfile: Dockerfile.platform
+      args:
+        DOCKER_BUILDKIT: 1
+        PLATFORM_PASSWORD: ${PLATFORM_PASSWORD:-password}
+    env_file:
+      - docker/.env
+      - docker/.env.local
+    extra_hosts:
+      - "xtc-platform.localhost.xqiz.it:127.0.0.1"
+      - "xtc-platform.xqiz.it:127.0.0.10"
+    ports:
+        - "8080:8080"
+        - "8090:8090"
+    entrypoint: ['entrypoint-xtc-platform.sh']

docker/.env

@@ -0,0 +1,4 @@
+COMPOSE_PROJECT_NAME=platform
+
+GITHUB_BRANCH=${GITHUB_BRANCH:-master}
+XTC_VERSION=0.4.3

docker/.env.local

@@ -0,0 +1,4 @@
+
+# TODO: This should be exclude from source control.
+
+PLATFORM_PASSWORD=${PLATFORM_PASSWORD:-password}

docker/Dockerfile.platform

@@ -0,0 +1,81 @@
+#FROM openjdk:21
+FROM ubuntu:24.04
+
+ARG DOCKER_BUILDKIT=$DOCKER_BUILDKIT
+ENV DOCKER_BUILD_KIT=$DOCKER_BUILDKIT
+
+#ARG TARGETARCH
+#ARG BUILDARCH
+#ENV TARGETARCH=$TARGETARCH
+#ENV BUILDARCH=$BUILDARCH
+
+# Linux
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV DEBIAN_FRONTEND=noninteractive
+
+ARG XTC_USER=xtc
+ARG XTC_USER_HOME=/home/$XTC_USER
+
+ENV XTC_USER=$XTC_USER
+ENV XTC_USER_HOME=$XTC_USER_HOME
+ENV XQIZIT_HOME=$XTC_USER_HOME/xqiz.it
+ENV PLATFORM_HOME=$XQIZIT_HOME/platform
+
+ARG NPM_SAFE_VERSION='[email protected]'
+
+USER root
+
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    iputils-ping jq sudo wget curl openjdk-21-jdk
+
+RUN curl --silent --location https://deb.nodesource.com/setup_21.x | sudo bash -
+RUN apt-get -y --no-install-recommends install \
+    nodejs # && npm -g install npm@${NPM_SAFE_VERSION} # && npm -g install yarn
+
+COPY entrypoint-xtc-platform.sh /usr/local/bin
+#RUN echo >>/etc/hosts "127.0.0.1  xtc-platform.localhost.xqiz.it"
+#RUN echo >>/etc/hosts "127.0.0.10 xtc-platform.xqiz.it"
+
+RUN useradd -ms /bin/bash $XTC_USER \
+    && passwd -d $XTC_USER \
+    && passwd -d root \
+    && usermod -aG sudo $XTC_USER \
+    && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
+    && chown -R $XTC_USER:$XTC_USER $XTC_USER_HOME
+
+USER $XTC_USER
+
+# 1. Create xqiz.it subdirectory and config
+RUN mkdir -p $PLATFORM_HOME && mkdir -p $XQIZIT_HOME/config
+
+# 2. Create port forwarding config.
+COPY config/port-forwarding.conf $PLATFORM_HOME
+
+# 5. Create a self-signed certificate for the platform web server. For example:
+ARG PLATFORM_PASSWORD
+ENV PLATFORM_PASSWORD=$PLATFORM_PASSWORD
+
+RUN keytool \
+    -genkeypair \
+    -alias platform \
+    -keyalg RSA \
+    -keysize 2048 \
+    -validity 365 \
+    -dname "OU=Platform, O=${XTC_USER}, C=US" \
+    -keystore ${PLATFORM_HOME}/certs.p12 \
+    -storetype PKCS12 \
+    -storepass $PLATFORM_PASSWORD
+
+# 6. Add a symmetric key to encode the cookies:
+RUN keytool \
+    -genseckey \
+    -alias cookies \
+    -keyalg AES \
+    -keysize 256 \
+    -keystore ${PLATFORM_HOME}/certs.p12 \
+    -storetype PKCS12 \
+    -storepass $PLATFORM_PASSWORD
+
+WORKDIR $XTC_USER_HOME
+ENTRYPOINT ["/usr/local/bin/entrypoint-xtc-platform.sh"]

docker/config/port-forwarding.conf

@@ -0,0 +1,5 @@
+#!bin/sh
+
+rdr pass on lo0 inet proto tcp from any to self port 80  -> 127.0.0.1 port 8080
+rdr pass on lo0 inet proto tcp from any to self port 443 -> 127.0.0.1 port 8090
+

docker/entrypoint-xtc-platform.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+echo "Entrypoint for Platform..."
+
+# XTC user should be sudoer
+# Port forwaring should just be in the container???
+#echo "User $USER executing pfctl under sudo privileges..."
+#sudo pfctl -evf ~$XQIZIT_HOME/platform/port-forwarding.conf
+#echo "Done."
+
+#
+# TODO: This is insane. We should just be setting up a localhost network.
+# If we want xtc-platform.localhost.xqiz.it to pingback from the host, put it /etc/hosts
+#
+#   The domain name `xtc-platform.localhost.xqiz.it` should resolve to `127.0.0.1`. This allows the same xqiz.it
+#   cloud-hosted platform to be self-hosted on the `localhost` loop-back address, enabling local and disconnected
+#   development.
+#
+#   If that address fails to resolve you may need to change the rules on you DNS server. For example, for Verizon routers
+#   you would need add an exception entry for `127.0.0.1` to your DNS Server settings: "Exceptions to DNS Rebind
+#   Protection" (Advanced - Network Settings - DNS Server)
+
+ping -c 1 xtc-platform.localhost.xqiz.it
+if [ $? != 0 ]; then
+  echo "Ping to localhost failed using xtc-platform.localhost.xqiz.it"
+  exit 1
+fi
+
+if [ -z "${@}" ]; then
+    echo "No extra entrypoint arguments. Container exiting from $0."
+else
+    echo "Handing over entrypoint arguments to exec: ${@}"
+    exec "${@}"
+fi