diff --git a/README.md b/README.md index 8f033cf..c6b325e 100644 --- a/README.md +++ b/README.md @@ -59,28 +59,29 @@ vi 00-install.sh ## Port assignment -| Application | Internal Port | HTTP Port | HTTPS Port | -|-----------------|-----------------:|----------:|-----------:| -| ActiveMQ | 61616 (ActiveMQ) | N/A | N/A | -| CKAN | 8003 (HTTP) | 8803 | 8403 | -| CKAN Datapusher | 8004 (HTTP) | N/A | N/A | -| Crisis Cleanup | 8005 (HTTP) | 8805 | 8405 | -| CTS | 8006 (HTTP) | 8806 | 8406 | -| GNU Health | 8008 (HTTP) | 8808 | 8408 | -| KanBoard | 8009 (HTTP) | 8809 | 8409 | -| MariaDB | 3306 (MySQL) | N/A | N/A | -| Mifos X | 8012 (HTTP) | 8812 | 8412 | -| Motech | 8013 (HTTP) | 8813 | 8413 | -| OpenDataKit | 8015 (HTTP) | 8815 | 8415 | -| OpenMapKit | 8007 (HTTP) | 8807 | 8407 | -| Pan.do/ra | 8002 (HTTP) | 8802 | 8402 | -| Postfix | 25 (SMTP) | N/A | N/A | -| Postgres | 5432 (Postgres) | N/A | N/A | -| RabbitMQ | 5672 (AMQP) | N/A | N/A | -| Redis | 6379 (Redis) | N/A | N/A | -| Sahana | 8001 (HTTP) | 8801 | 8401 | -| SAMBRO | 8001 (HTTP) | 8899 | 8499 | -| SeedDMS | 8010 (HTTP) | 8810 | 8410 | -| Sigmah | 8011 (HTTP) | 8811 | 8011 | -| Solr | 8983 (HTTP) | N/A | N/A | -| Ushahidi | 8014 (HTTP) | 8814 | 8414 | +| Application | Internal Port | HTTP Port | HTTPS Port | +|-----------------|------------------:|----------:|-----------:| +| ActiveMQ | 61616 (ActiveMQ) | N/A | N/A | +| CKAN | 8003 (HTTP) | 8803 | 8403 | +| CKAN Datapusher | 8004 (HTTP) | N/A | N/A | +| Crisis Cleanup | 8005 (HTTP) | 8805 | 8405 | +| CTS | 8006 (HTTP) | 8806 | 8406 | +| GNU Health | 8008 (HTTP) | 8808 | 8408 | +| KanBoard | 8009 (HTTP) | 8809 | 8409 | +| MariaDB | 3306 (MySQL) | N/A | N/A | +| Mifos X | 8012 (HTTP) | 8812 | 8412 | +| Motech | 8013 (HTTP) | 8813 | 8413 | +| ODK Aggregate | 8015, 8016 (HTTP) | 8815 | 8415 | +| ODK Build | 8017 (HTTP) | 8817 | 8417 | +| OpenMapKit | 8007 (HTTP) | 8807 | 8407 | +| Pan.do/ra | 8002 (HTTP) | 8802 | 8402 | +| Postfix | 25 (SMTP) | N/A | N/A | +| Postgres | 5432 (Postgres) | N/A | N/A | +| RabbitMQ | 5672 (AMQP) | N/A | N/A | +| Redis | 6379 (Redis) | N/A | N/A | +| Sahana | 8001 (HTTP) | 8801 | 8401 | +| SAMBRO | 8001 (HTTP) | 8899 | 8499 | +| SeedDMS | 8010 (HTTP) | 8810 | 8410 | +| Sigmah | 8011 (HTTP) | 8811 | 8011 | +| Solr | 8983 (HTTP) | N/A | N/A | +| Ushahidi | 8014 (HTTP) | 8814 | 8414 | diff --git a/opendatakit-build.sh b/opendatakit-build.sh index 96e278b..0cac8fc 100755 --- a/opendatakit-build.sh +++ b/opendatakit-build.sh @@ -29,4 +29,4 @@ cp ${SOURCE_DIR}/etc/nginx/conf.d/opendatakit-build.conf /etc/nginx/conf.d/opend service nginx reload # Add portal application definition -portal-app-manager opendatakit-build "https://{host}:8416/" +portal-app-manager opendatakit-build "https://{host}:8417/" diff --git a/opendatakit-build/Dockerfile b/opendatakit-build/Dockerfile index 9408f64..c587f8d 100644 --- a/opendatakit-build/Dockerfile +++ b/opendatakit-build/Dockerfile @@ -18,17 +18,16 @@ RUN \ && bundle install --without test \ && rake deploy:build \ # Create OS user - && addgroup -S -g 8016 odkbuild \ - && adduser -S -u 8016 -h /srv/odkbuild -s /bin/false -g odkbuild -G odkbuild odkbuild \ + && addgroup -S -g 8017 odkbuild \ + && adduser -S -u 8017 -h /srv/odkbuild -s /bin/false -g odkbuild -G odkbuild odkbuild \ && chown -R odkbuild:odkbuild /srv/odkbuild \ # Cleanup && apk --no-cache del .deps \ && find /srv/odkbuild -name '.git*' -exec rm -rf {} + \ && rm -rf /root/.bundle -# VOLUME ["/srv/crisiscleanup/config"] -EXPOSE 8016 +EXPOSE 8017 USER odkbuild WORKDIR /srv/odkbuild -CMD ["bundle", "exec", "rackup", "config.ru", "-o", "0.0.0.0", "-p", "8016"] +CMD ["bundle", "exec", "rackup", "config.ru", "-o", "0.0.0.0", "-p", "8017"] diff --git a/opendatakit-build/etc/init.d/opendatakit-build b/opendatakit-build/etc/init.d/opendatakit-build index 214b56f..ba153c0 100755 --- a/opendatakit-build/etc/init.d/opendatakit-build +++ b/opendatakit-build/etc/init.d/opendatakit-build @@ -12,7 +12,7 @@ start() { --name opendatakit-build \ -h opendatakit-build \ --link postgres \ - -p 127.0.0.1:8016:8016 \ + -p 127.0.0.1:8017:8017 \ -v /srv/opendatakit-build/conf/config.yml:/srv/odkbuild/config.yml \ opendatakit-build } diff --git a/opendatakit-build/etc/nginx/conf.d/opendatakit-build.conf b/opendatakit-build/etc/nginx/conf.d/opendatakit-build.conf index 3f656b0..3ee0a48 100644 --- a/opendatakit-build/etc/nginx/conf.d/opendatakit-build.conf +++ b/opendatakit-build/etc/nginx/conf.d/opendatakit-build.conf @@ -1,11 +1,11 @@ server { - listen [::]:8816 ipv6only=off; - listen [::]:8416 ssl http2 ipv6only=off; + listen [::]:8817 ipv6only=off; + listen [::]:8417 ssl http2 ipv6only=off; access_log /var/log/nginx/opendatakit-build.access.log; error_log /var/log/nginx/opendatakit-build.error.log; location / { - proxy_pass http://127.0.0.1:8016; + proxy_pass http://127.0.0.1:8017; } } diff --git a/opendatakit.sh b/opendatakit.sh index c49bb3d..d9ce270 100755 --- a/opendatakit.sh +++ b/opendatakit.sh @@ -20,6 +20,8 @@ export OPENDATAKIT_ADMIN_REALM=spotter mkdir -p /srv/opendatakit/conf envsubst <${SOURCE_DIR}/srv/opendatakit/conf/jdbc.properties >/srv/opendatakit/conf/jdbc.properties envsubst <${SOURCE_DIR}/srv/opendatakit/conf/security.properties >/srv/opendatakit/conf/security.properties +cp ${SOURCE_DIR}/srv/opendatakit/conf/server.xml /srv/opendatakit/conf/server.xml +cp ${SOURCE_DIR}/srv/opendatakit/update-ip.sh /srv/opendatakit/update-ip.sh chown -R 8015:8015 /srv/opendatakit/conf # Create OpenDataKit service diff --git a/opendatakit/Dockerfile b/opendatakit/Dockerfile index a9d7b72..5723f28 100644 --- a/opendatakit/Dockerfile +++ b/opendatakit/Dockerfile @@ -13,8 +13,6 @@ RUN \ # Deploy web archive && mkdir /srv/tomcat/webapps/aggregate \ && unzip build/libs/aggregate-*.war -d /srv/tomcat/webapps/aggregate \ - # Configure Tomcat port - && sed -i 's/port="8080"/port="8015"/g' /srv/tomcat/conf/server.xml \ # Create OS user && addgroup -S -g 8015 odk \ && adduser -S -u 8015 -h /srv/tomcat -s /bin/false -g odk -G odk odk \ @@ -23,8 +21,7 @@ RUN \ && apk --no-cache del .deps \ && rm -rf /root/.gradle /root/.java /srv/odk -# VOLUME ["/srv/tomcat/.motech"] -EXPOSE 8015 +EXPOSE 8015 8016 USER odk WORKDIR /srv/tomcat diff --git a/opendatakit/etc/init.d/opendatakit b/opendatakit/etc/init.d/opendatakit index 1053be2..16cfc51 100755 --- a/opendatakit/etc/init.d/opendatakit +++ b/opendatakit/etc/init.d/opendatakit @@ -7,6 +7,10 @@ depend() { use dns logger netmount postfix } +start_pre() { + /srv/opendatakit/update-ip.sh +} + start() { /usr/bin/docker run -d --rm \ --name opendatakit \ @@ -14,6 +18,8 @@ start() { --link postfix \ --link postgres \ -p 127.0.0.1:8015:8015 \ + -p 127.0.0.1:8016:8016 \ + -v /srv/opendatakit/conf/server.xml:/srv/tomcat/conf/server.xml \ -v /srv/opendatakit/conf/jdbc.properties:/srv/tomcat/webapps/aggregate/WEB-INF/classes/jdbc.properties \ -v /srv/opendatakit/conf/security.properties:/srv/tomcat/webapps/aggregate/WEB-INF/classes/security.properties \ opendatakit diff --git a/opendatakit/etc/nginx/conf.d/opendatakit.conf b/opendatakit/etc/nginx/conf.d/opendatakit.conf index fcba614..a6d0f32 100644 --- a/opendatakit/etc/nginx/conf.d/opendatakit.conf +++ b/opendatakit/etc/nginx/conf.d/opendatakit.conf @@ -1,6 +1,5 @@ server { listen [::]:8815 ipv6only=off; - listen [::]:8415 ssl http2 ipv6only=off; access_log /var/log/nginx/opendatakit.access.log; error_log /var/log/nginx/opendatakit.error.log; @@ -9,3 +8,14 @@ server { proxy_pass http://127.0.0.1:8015; } } + +server { + listen [::]:8415 ssl http2 ipv6only=off; + + access_log /var/log/nginx/opendatakit.access.log; + error_log /var/log/nginx/opendatakit.error.log; + + location / { + proxy_pass http://127.0.0.1:8016; + } +} diff --git a/opendatakit/srv/opendatakit/conf/security.properties b/opendatakit/srv/opendatakit/conf/security.properties index f997857..fd21061 100644 --- a/opendatakit/srv/opendatakit/conf/security.properties +++ b/opendatakit/srv/opendatakit/conf/security.properties @@ -17,7 +17,7 @@ security.server.secureChannelType=REQUIRES_SECURE_CHANNEL # either REQUIRES_INSECURE_CHANNEL to secure nothing # or REQUIRES_SECURE_CHANNEL to secure everything # or perhaps ANY_CHANNEL when running through a proxy server -security.server.channelType=REQUIRES_INSECURE_CHANNEL +security.server.channelType=ANY_CHANNEL # When running under Tomcat, you need to set the hostname and port for # the server so that the background tasks can generate properly-constructed diff --git a/opendatakit/srv/opendatakit/conf/server.xml b/opendatakit/srv/opendatakit/conf/server.xml new file mode 100644 index 0000000..a6eca42 --- /dev/null +++ b/opendatakit/srv/opendatakit/conf/server.xml @@ -0,0 +1,150 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/opendatakit/srv/opendatakit/update-ip.sh b/opendatakit/srv/opendatakit/update-ip.sh new file mode 100755 index 0000000..98438e4 --- /dev/null +++ b/opendatakit/srv/opendatakit/update-ip.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +URL=$(ip route get 1 | awk '{print $NF;exit}') +sed -i "s|\(^\s\+proxyName\).*|\1=\"${URL}\"|g" /srv/opendatakit/conf/server.xml