Alpinize + Dockerize Sigmah

sigmah.sh

@@ -1,36 +1,23 @@
-#!/bin/bash
+#!/bin/sh
 
 SOURCE_DIR=$(realpath $(dirname "${0}"))/sigmah
 
 # Check prerequisites
 docker image ls | grep -q postgres || $(realpath $(dirname "${0}"))/postgres.sh
 
-# Install dependencies
-apt-get -y --no-install-recommends install python-bcrypt
-
-# Download Sigmah
-wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war
-unzip /tmp/sigmah.war -d /srv/sigmah
-rm -f /tmp/sigmah.war
-
-# Update Postgres JDBC driver
-rm -f /srv/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar
-wget https://jdbc.postgresql.org/download/postgresql-42.1.4.jar -O /srv/sigmah/WEB-INF/lib/postgresql-42.1.4.jar
+# Build Docker container
+docker build -t sigmah ${SOURCE_DIR}
 
 # Create database
 export SIGMAH_PWD=$(head -c 18 /dev/urandom | base64)
-envsubst <${SOURCE_DIR}/tmp/sigmah-createdb.sql >/tmp/sigmah-createdb.sql
-sudo -u postgres psql -f /tmp/sigmah-createdb.sql
-rm -f /tmp/sigmah-createdb.sql
+envsubst <${SOURCE_DIR}/createdb.sql | docker exec -i postgres psql
 
 # Configure Sigmah
-mkdir -p /srv/sigmah/{files,archives}
-chown -R tomcat8:tomcat8 /srv/sigmah
-ln -s /srv/sigmah /var/lib/tomcat8/webapps/sigmah
-envsubst <${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml >/srv/sigmah/WEB-INF/classes/META-INF/persistence.xml
-cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/logback.xml /srv/sigmah/WEB-INF/classes/logback.xml
-cp ${SOURCE_DIR}/srv/sigmah/WEB-INF/classes/sigmah.properties /srv/sigmah/WEB-INF/classes/sigmah.properties
-cp /srv/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/files/logo.png
+mkdir -p /srv/sigmah/conf /srv/sigmah/data/files /srv/sigmah/data/archives
+chown -R 8015:8015 /srv/sigmah/data
+envsubst <${SOURCE_DIR}/srv/sigmah/conf/persistence.xml >/srv/sigmah/conf/persistence.xml
+cp ${SOURCE_DIR}/srv/sigmah/conf/sigmah.properties /srv/sigmah/conf/sigmah.properties
+docker run --rm -v /srv/sigmah/data:/srv/sigmah/data sigmah cp /srv/tomcat/webapps/sigmah/sigmah/images/header/org-default-logo.png /srv/sigmah/data/files/logo.png
 
 # Populate database
 wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-MinimumDataKit-2.0.postgresql.sql -O /tmp/sigmah-MinimumDataKit.sql
@@ -38,7 +25,9 @@ wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-newOrg
 export SIGMAH_ADMIN_USER=Admin
 export SIGMAH_ADMIN_EMAIL=admin@example.com
 export SIGMAH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
-export SIGMAH_ADMIN_HASH=$(python -c "import bcrypt; print bcrypt.hashpw('${SIGMAH_ADMIN_PWD}', bcrypt.gensalt(10, prefix=b'2a'))")
+apk --no-cache add apache2-utils
+export SIGMAH_ADMIN_HASH=$(htpasswd -bnBC 10 "" ${SIGMAH_ADMIN_PWD} | tr -d ':\n' | tr '$2y' '$2a')
+apk del apache2-utils
 sed -i "s|§OrganizationName§|Demo organization|g" /tmp/sigmah-newOrganizationLaunchScript.sql
 sed -i "s|§OrganizationLogoFilename§|logo.png|g" /tmp/sigmah-newOrganizationLaunchScript.sql
 sed -i "s|§HeadquartersCountryCode§|CZ|g" /tmp/sigmah-newOrganizationLaunchScript.sql
@@ -47,20 +36,18 @@ sed -i "s|§UserName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunch
 sed -i "s|§UserFirstName§|${SIGMAH_ADMIN_USER}|g" /tmp/sigmah-newOrganizationLaunchScript.sql
 sed -i "s|§UserLocale§|en|g" /tmp/sigmah-newOrganizationLaunchScript.sql
 sed -i "s|\$2a\$10\$pMcTA1p9fefR8U9NoOPei.H0eq/TbbdSF27M0tn9iDWBrA4JHeCDC|${SIGMAH_ADMIN_HASH}|" /tmp/sigmah-newOrganizationLaunchScript.sql
-export PGPASSWORD=${SIGMAH_PWD}
-psql -f /tmp/sigmah-MinimumDataKit.sql -U sigmah sigmah
-psql -f /tmp/sigmah-newOrganizationLaunchScript.sql -U sigmah sigmah
-unset PGPASSWORD
-rm -f /tmp/sigmah-MinimumDataKit.sql
-rm -f /tmp/sigmah-newOrganizationLaunchScript.sql
+cat /tmp/sigmah-MinimumDataKit.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
+cat /tmp/sigmah-newOrganizationLaunchScript.sql | docker exec -i -e PGPASSWORD=${SIGMAH_PWD} postgres psql -U sigmah sigmah
+rm -f /tmp/sigmah-MinimumDataKit.sql /tmp/sigmah-newOrganizationLaunchScript.sql
+
+# Create Sigmah service
+cp ${SOURCE_DIR}/etc/init.d/sigmah /etc/init.d/sigmah
+rc-update add sigmah boot
+service sigmah start
 
 # Create nginx app definition
-cp ${SOURCE_DIR}/etc/nginx/apps-available/sigmah /etc/nginx/apps-available/sigmah
-ln -s /etc/nginx/apps-available/sigmah /etc/nginx/apps-enabled/sigmah
-
-# Restart services
-systemctl restart tomcat8
-systemctl restart nginx
+cp ${SOURCE_DIR}/etc/nginx/conf.d/sigmah.conf /etc/nginx/conf.d/sigmah.conf
+service nginx reload
 
 # Add portal application definition
-portal-app-manager sigmah "/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"
+portal-app-manager sigmah "https://{host}:8415/sigmah/" "${SIGMAH_ADMIN_EMAIL}" "${SIGMAH_ADMIN_PWD}"

sigmah/Dockerfile

@@ -0,0 +1,48 @@
+FROM alpine:3.7
+MAINTAINER Disassembler <disassembler@dasm.cz>
+
+RUN \
+ # Install Java 1.8 JRE 
+ apk --no-cache add openjdk8-jre-base paxctl \
+ # Fix grsec attributes to loosen memory protection restrictions
+ && paxctl -cm /usr/lib/jvm/java-1.8-openjdk/jre/bin/java \
+ && paxctl -cm /usr/lib/jvm/java-1.8-openjdk/bin/java \
+ # Cleanup
+ && apk del paxctl
+
+RUN \
+ # Install Tomcat 8
+ wget http://mirror.dkm.cz/apache/tomcat/tomcat-8/v8.0.49/bin/apache-tomcat-8.0.49.tar.gz -O /tmp/apache-tomcat-8.tgz \
+ && tar xf /tmp/apache-tomcat-8.tgz -C /srv \
+ && mv /srv/apache-tomcat-8.0.49 /srv/tomcat \
+ # Make catalina.sh available globally
+ && ln -s /srv/tomcat/bin/catalina.sh /usr/bin/catalina.sh \
+ # Cleanup
+ && rm -rf /srv/tomcat/webapps/ROOT /srv/tomcat/webapps/docs /srv/tomcat/webapps/examples /srv/tomcat/webapps/host-manager /srv/tomcat/webapps/manager \
+ && rm -f /tmp/apache-tomcat-8.tgz
+
+RUN \
+ # Download Sigmah
+ wget https://github.com/sigmah-dev/sigmah/releases/download/v2.0.2/sigmah-2.0.2.war -O /tmp/sigmah.war \
+ && mkdir /srv/tomcat/webapps/sigmah \
+ && unzip /tmp/sigmah.war -d /srv/tomcat/webapps/sigmah \
+ # Update Postgres JDBC driver
+ && rm /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar \
+ && wget https://jdbc.postgresql.org/download/postgresql-42.2.0.jar -O /srv/tomcat/webapps/sigmah/WEB-INF/lib/postgresql-42.2.0.jar \
+ # Remove logging config
+ && rm /srv/tomcat/webapps/sigmah/WEB-INF/classes/logback.xml \
+ # Configure Tomcat port
+ && sed -i 's/port="8080"/port="8015"/g' /srv/tomcat/conf/server.xml \
+ # Create OS user
+ && addgroup -S -g 8015 sigmah \
+ && adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g sigmah -G sigmah sigmah \
+ && chown -R sigmah:sigmah /srv/tomcat/conf /srv/tomcat/logs /srv/tomcat/temp /srv/tomcat/webapps /srv/tomcat/work \
+ # Cleanup
+ && rm /tmp/sigmah.war
+
+VOLUME ["/srv/sigmah/data"]
+EXPOSE 8015
+
+USER sigmah
+WORKDIR /srv/tomcat
+CMD ["catalina.sh", "run"]

sigmah/etc/init.d/sigmah

@@ -0,0 +1,25 @@
+#!/sbin/openrc-run
+
+description="Sigmah docker container"
+
+depend() {
+	need docker net
+	use dns logger netmount
+	after activemq postgres
+}
+
+start() {
+	/usr/bin/docker run -d --rm \
+	--name sigmah \
+	-h sigmah \
+	--link postgres \
+	-p 127.0.0.1:9015:8015 \
+	-v /srv/sigmah/data:/srv/sigmah/data \
+	-v /srv/sigmah/conf/persistence.xml:/srv/tomcat/webapps/sigmah/WEB-INF/classes/META-INF/persistence.xml \
+	-v /srv/sigmah/conf/sigmah.properties:/srv/tomcat/webapps/sigmah/WEB-INF/classes/sigmah.properties \
+	sigmah
+}
+
+stop() {
+	/usr/bin/docker stop sigmah
+}

sigmah/etc/nginx/apps-available/sigmah

@@ -1,11 +0,0 @@
-location /sigmah {
-    alias /srv/sigmah;
-    try_files $uri @sigmah;
-}
-
-location @sigmah {
-    proxy_set_header X-Forwarded-For $remote_addr;
-    proxy_set_header X-Forwarded-Host $host:$server_port;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_pass http://127.0.0.1:9080;
-}

sigmah/etc/nginx/conf.d/sigmah.conf

@@ -0,0 +1,14 @@
+server {
+    listen [::]:8015 ipv6only=off;
+    listen [::]:8415 ssl http2 ipv6only=off;
+
+    access_log /var/log/nginx/sigmah.access.log;
+    error_log /var/log/nginx/sigmah.error.log;
+
+    location / {
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_pass http://127.0.0.1:9015;
+    }
+}

sigmah/srv/sigmah/WEB-INF/classes/logback.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<configuration scan="true" scanPeriod="60 seconds">
-        <logger name="org.sigmah" level="ERROR" />
-</configuration>

sigmah/srv/sigmah/conf/persistence.xml

@@ -13,7 +13,7 @@
 			<property name="hibernate.connection.driver_class" value="org.postgresql.Driver" />
 			<property name="hibernate.connection.username" value="sigmah" />
 			<property name="hibernate.connection.password" value="${SIGMAH_PWD}" />
-			<property name="hibernate.connection.url" value="jdbc:postgresql://localhost:5432/sigmah" />
+			<property name="hibernate.connection.url" value="jdbc:postgresql://postgres:5432/sigmah" />
 			<property name="hibernate.show_sql" value="false" />
 			<property name="hibernate.format_sql" value="false" />
 
@@ -36,4 +36,4 @@
 		</properties>
 	</persistence-unit>
 
-</persistence>
+</persistence>

sigmah/srv/sigmah/conf/sigmah.properties

@@ -10,10 +10,10 @@
 # --
 
 # Root directory name where files are stored.
-files.repository.name=/srv/sigmah/files
+files.repository.name=/srv/sigmah/data/files
 
 # Root directory name where backup archives are stored.
-archives.repository.name=/srv/sigmah/archives/
+archives.repository.name=/srv/sigmah/data/archives/
 
 #Maximum size of the uploaded files (bytes)
 files.upload.maxSize=20971520
@@ -22,8 +22,8 @@ files.upload.maxSize=20971520
 # MAILS
 # --
 
-mail.hostname=localhost
-mail.port=25
+mail.hostname=postfix
+mail.port=587
 mail.from.address=sigmah@spotter.ngo
 mail.from.name=Sigmah
 # Authentication (leave empty if no authentication is required).