From ba08ccb4be296028c5edefcbc79a0e3efc096bf6 Mon Sep 17 00:00:00 2001 From: Marcus Lagergren <1062473+lagergren@users.noreply.github.com> Date: Sat, 9 Mar 2024 13:48:42 +0100 Subject: [PATCH] Adding some docker work. Looks like we don't need all port forwarding stuff. --- Dockerfile | 52 ------------------- README.md | 2 + docker-compose.yaml | 45 +++++++++++++++++ docker/.env | 4 ++ docker/.env.local | 4 ++ docker/Dockerfile.platform | 81 ++++++++++++++++++++++++++++++ docker/config/port-forwarding.conf | 5 ++ docker/entrypoint-xtc-platform.sh | 34 +++++++++++++ 8 files changed, 175 insertions(+), 52 deletions(-) delete mode 100644 Dockerfile create mode 100644 docker-compose.yaml create mode 100644 docker/.env create mode 100644 docker/.env.local create mode 100644 docker/Dockerfile.platform create mode 100644 docker/config/port-forwarding.conf create mode 100755 docker/entrypoint-xtc-platform.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 49aa712..0000000 --- a/Dockerfile +++ /dev/null @@ -1,52 +0,0 @@ -FROM homebrew/brew:4.1.4 - -# install essential tools and libraries -USER root -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y build-essential git - -# install xvm -RUN brew tap xtclang/xvm \ - && brew install xdk-latest - -# build the latest xvm from source and update the default -RUN git clone https://github.com/xtclang/xvm.git ~/xvm \ - && cd ~/xvm \ - && ./gradlew dist-local - -# install JS tools -ARG NODE_VERSION=18.17.1 -ARG NODE_PACKAGE=node-v$NODE_VERSION-linux-x64 -ARG NODE_HOME=/opt/$NODE_PACKAGE - -ENV NODE_PATH $NODE_HOME/lib/node_modules -ENV PATH $NODE_HOME/bin:$PATH - -RUN curl https://nodejs.org/dist/v$NODE_VERSION/$NODE_PACKAGE.tar.gz | tar -xzC /opt/ \ - && npm install --global yarn - -# build the platform -RUN mkdir -p ~/xqiz.it/platform \ - && keytool -genkeypair \ - -alias platform \ - -keyalg RSA \ - -keysize 2048 \ - -validity 365 \ - -dname "OU=Platform, O=[some.org], C=US" \ - -keystore ~/xqiz.it/platform/certs.p12 \ - -storetype PKCS12 -storepass qwerty \ - && keytool -genseckey \ - -alias cookies \ - -keyalg AES \ - -keysize 256 \ - -keystore ~/xqiz.it/platform/certs.p12 \ - -storetype PKCS12 \ - -storepass qwerty \ - && git clone https://github.com/azzazzel/xtc_platform.git ~/xtc_platform \ - && cd ~/xtc_platform && git checkout quasar_gui \ - && cd ~/xtc_platform/platformUI/gui && npm install \ - && cd ~/xtc_platform && ~/xvm/gradlew build - -WORKDIR /root/xtc_platform -CMD ["xec", "-L", "lib/", "lib/kernel.xtc", "qwerty"] diff --git a/README.md b/README.md index 5f11180..4c3ce4f 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,8 @@ as a container/Dockerfile/docker in the near future, so that you won't have to d you would need add an exception entry for `127.0.0.1` to your DNS Server settings: "Exceptions to DNS Rebind Protection" (Advanced - Network Settings - DNS Server) + TODO: Why not just add an /etc/host entry, or run a dns server in a co-deployed container? + 5. Create a self-signed certificate for the platform web server. For example: ``` diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..e623eef --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,45 @@ +# +# Platform independent Docker compose configuration that syncs out a git branch +# (master is default) and/or a tag, and produced distribution installers for it. +# This is equivalent to ./gradlew installDist, where all platform archives, +# including Windows exe files, are built in the container. +# +# The build volume persists, and is rebuilt whenever it is detected that we +# want to build a branch at a change that doesn't correspond to the last build +# state. The cache volume also persiscat ~ts, so significant info is reused. +# + +version: '3.8' + +# +# Set up secrets from the default locations, so that we can do things like +# publications, artifact signing or other Gradle operations, where sensitive +# information is stored outside the repository. +# +#secrets: +# gradle_properties: +# file: ~/.gradle/gradle.properties + +#volumes: +# cache: +# source: + +services: + platform: + image: ghcr.io/xtclang/xdk-platform:latest + build: + context: docker + dockerfile: Dockerfile.platform + args: + DOCKER_BUILDKIT: 1 + PLATFORM_PASSWORD: ${PLATFORM_PASSWORD:-password} + env_file: + - docker/.env + - docker/.env.local + extra_hosts: + - "xtc-platform.localhost.xqiz.it:127.0.0.1" + - "xtc-platform.xqiz.it:127.0.0.10" + ports: + - "8080:8080" + - "8090:8090" + entrypoint: ['entrypoint-xtc-platform.sh'] diff --git a/docker/.env b/docker/.env new file mode 100644 index 0000000..fd1bd5c --- /dev/null +++ b/docker/.env @@ -0,0 +1,4 @@ +COMPOSE_PROJECT_NAME=platform + +GITHUB_BRANCH=${GITHUB_BRANCH:-master} +XTC_VERSION=0.4.3 diff --git a/docker/.env.local b/docker/.env.local new file mode 100644 index 0000000..a899be7 --- /dev/null +++ b/docker/.env.local @@ -0,0 +1,4 @@ + +# TODO: This should be exclude from source control. + +PLATFORM_PASSWORD=${PLATFORM_PASSWORD:-password} diff --git a/docker/Dockerfile.platform b/docker/Dockerfile.platform new file mode 100644 index 0000000..6305e7b --- /dev/null +++ b/docker/Dockerfile.platform @@ -0,0 +1,81 @@ +#FROM openjdk:21 +FROM ubuntu:24.04 + +ARG DOCKER_BUILDKIT=$DOCKER_BUILDKIT +ENV DOCKER_BUILD_KIT=$DOCKER_BUILDKIT + +#ARG TARGETARCH +#ARG BUILDARCH +#ENV TARGETARCH=$TARGETARCH +#ENV BUILDARCH=$BUILDARCH + +# Linux +ENV LANG C.UTF-8 +ENV LC_ALL C.UTF-8 +ENV DEBIAN_FRONTEND=noninteractive + +ARG XTC_USER=xtc +ARG XTC_USER_HOME=/home/$XTC_USER + +ENV XTC_USER=$XTC_USER +ENV XTC_USER_HOME=$XTC_USER_HOME +ENV XQIZIT_HOME=$XTC_USER_HOME/xqiz.it +ENV PLATFORM_HOME=$XQIZIT_HOME/platform + +ARG NPM_SAFE_VERSION='npm@10.4.0' + +USER root + +RUN apt-get update && apt-get install --no-install-recommends -y \ + iputils-ping jq sudo wget curl openjdk-21-jdk + +RUN curl --silent --location https://deb.nodesource.com/setup_21.x | sudo bash - +RUN apt-get -y --no-install-recommends install \ + nodejs # && npm -g install npm@${NPM_SAFE_VERSION} # && npm -g install yarn + +COPY entrypoint-xtc-platform.sh /usr/local/bin +#RUN echo >>/etc/hosts "127.0.0.1 xtc-platform.localhost.xqiz.it" +#RUN echo >>/etc/hosts "127.0.0.10 xtc-platform.xqiz.it" + +RUN useradd -ms /bin/bash $XTC_USER \ + && passwd -d $XTC_USER \ + && passwd -d root \ + && usermod -aG sudo $XTC_USER \ + && echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \ + && chown -R $XTC_USER:$XTC_USER $XTC_USER_HOME + +USER $XTC_USER + +# 1. Create xqiz.it subdirectory and config +RUN mkdir -p $PLATFORM_HOME && mkdir -p $XQIZIT_HOME/config + +# 2. Create port forwarding config. +COPY config/port-forwarding.conf $PLATFORM_HOME + +# 5. Create a self-signed certificate for the platform web server. For example: +ARG PLATFORM_PASSWORD +ENV PLATFORM_PASSWORD=$PLATFORM_PASSWORD + +RUN keytool \ + -genkeypair \ + -alias platform \ + -keyalg RSA \ + -keysize 2048 \ + -validity 365 \ + -dname "OU=Platform, O=${XTC_USER}, C=US" \ + -keystore ${PLATFORM_HOME}/certs.p12 \ + -storetype PKCS12 \ + -storepass $PLATFORM_PASSWORD + +# 6. Add a symmetric key to encode the cookies: +RUN keytool \ + -genseckey \ + -alias cookies \ + -keyalg AES \ + -keysize 256 \ + -keystore ${PLATFORM_HOME}/certs.p12 \ + -storetype PKCS12 \ + -storepass $PLATFORM_PASSWORD + +WORKDIR $XTC_USER_HOME +ENTRYPOINT ["/usr/local/bin/entrypoint-xtc-platform.sh"] diff --git a/docker/config/port-forwarding.conf b/docker/config/port-forwarding.conf new file mode 100644 index 0000000..39530ef --- /dev/null +++ b/docker/config/port-forwarding.conf @@ -0,0 +1,5 @@ +#!bin/sh + +rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 8080 +rdr pass on lo0 inet proto tcp from any to self port 443 -> 127.0.0.1 port 8090 + \ No newline at end of file diff --git a/docker/entrypoint-xtc-platform.sh b/docker/entrypoint-xtc-platform.sh new file mode 100755 index 0000000..e5651ee --- /dev/null +++ b/docker/entrypoint-xtc-platform.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +echo "Entrypoint for Platform..." + +# XTC user should be sudoer +# Port forwaring should just be in the container??? +#echo "User $USER executing pfctl under sudo privileges..." +#sudo pfctl -evf ~$XQIZIT_HOME/platform/port-forwarding.conf +#echo "Done." + +# +# TODO: This is insane. We should just be setting up a localhost network. +# If we want xtc-platform.localhost.xqiz.it to pingback from the host, put it /etc/hosts +# +# The domain name `xtc-platform.localhost.xqiz.it` should resolve to `127.0.0.1`. This allows the same xqiz.it +# cloud-hosted platform to be self-hosted on the `localhost` loop-back address, enabling local and disconnected +# development. +# +# If that address fails to resolve you may need to change the rules on you DNS server. For example, for Verizon routers +# you would need add an exception entry for `127.0.0.1` to your DNS Server settings: "Exceptions to DNS Rebind +# Protection" (Advanced - Network Settings - DNS Server) + +ping -c 1 xtc-platform.localhost.xqiz.it +if [ $? != 0 ]; then + echo "Ping to localhost failed using xtc-platform.localhost.xqiz.it" + exit 1 +fi + +if [ -z "${@}" ]; then + echo "No extra entrypoint arguments. Container exiting from $0." +else + echo "Handing over entrypoint arguments to exec: ${@}" + exec "${@}" +fi