negodiy/docker-inventaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package reverse proxy in docker-compose

Browse Source
This commit is contained in:
jums
2024-12-25 13:09:48 +01:00
parent 82d94e73da
commit ba42f2e009
3 changed files with 73 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@@ -76,57 +76,45 @@ echo "module.exports = {
" > ./inventaire/config/local-production.cjs
```
Set the email server by editing the file `config/local-production.cjs`. For example:
```js
mailer: {
disabled: false,
nodemailer: {
host: 'smtp.an-email-provider.net',
port: 587,
auth: {
user: 'user',
pass: 'password'
},
},
},
```
## Reverse proxy configuration
Inventaire only provides configuration files for Nginx.
Run dependencies:
Generate the first SSL certificate with Let's Encrypt
```sh
sudo mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets
```
Install nginx and certbot
Copy the nginx configuration template
```sh
PUBLIC_HOSTNAME=$(grep -oP 'PUBLIC_HOSTNAME=\K.*' .env) PROJECT_ROOT=$(grep -oP 'PROJECT_ROOT=\K.*' .env) envsubst < nginx/templates/default.conf.template > nginx/default
sudo mv nginx/default /etc/nginx/sites-available/default
```
Activate the configuration file
```sh
sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf
```
To generate the certificate for your domain as required to make https work, you can use Let's Encrypt:
```sh
sudo systemctl stop nginx
sudo certbot certonly --standalone --post-hook "systemctl restart nginx"
sudo systemctl restart nginx
```
When certbot is done, you may uncomment lines starting with `# ssl_certificate` and `# ssl_certificate_key` in `/etc/nginx/sites-available/default.conf` and restart nginx.
Certbot should have installed a cron to automatically renew your certificate.
Since nginx template supports webroot renewal, we suggest you to update the renewal config file to use the webroot authenticator:
```sh
# Replace authenticator = standalone by authenticator = webroot
# Add webroot_path = /var/www/certbot
sudo vim /etc/letsencrypt/renewal/your-domain.com.conf
docker run -it --rm --name certbot -p 80:80 -v "$(pwd)/certbot/conf:/etc/letsencrypt" certbot/certbot certonly --standalone
```
## Usage
Start CouchDB, Elasticsearch, and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode
Start CouchDB, Elasticsearch, Nginx and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode
```sh
docker-compose up
```
Go to the sign up page (`https://DOMAIN_NAME/signup`) and create a user
Make the newly created user an admin (replace `your_username` in the command below by the user username) :
```sh
docker exec $(docker ps -f name=_inventaire --format "{{.ID}}") npm run db-actions:update-user-role-from-username your_username add admin
```
## Tips
General tips on how to run Inventaire can be found in the [server repository docs](https://github.com/inventaire/inventaire/tree/main/docs). Here after are some additional Docker-specific tips.
@@ -196,3 +184,6 @@ See also [Elasticsearch with Docker](https://www.elastic.co/guide/en/elasticsear
CouchDB may warn constantly that `_users` database does not exist, [as documented](https://docs.couchdb.org/en/latest/setup/single-node.html), you can create de database with:
`curl -X PUT http://127.0.0.1:5984/_users`
`docker exec $(docker ps -f name=couchdb --format "{{.ID}}") curl -H 'Content-Type:application/json' -H 'Accept: application/json' -XPUT "http://couchdb:password@localhost:5984/_users"`

51
docker-compose.yml
View File

@@ -4,13 +4,12 @@ services:
build:
context: ./.
dockerfile: Dockerfile.inventaire
ports:
- "3006:3006"
volumes:
- ./inventaire:${PROJECT_ROOT}
working_dir: ${PROJECT_ROOT}
environment:
NODE_ENV: 'production'
NODE_APP_INSTANCE: 'federated'
COUCHDB_USER: ${COUCHDB_USER}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME}
@@ -21,22 +20,22 @@ services:
options:
max-size: "10m"
max-file: "3"
restart: "always"
couchdb:
image: couchdb:3.4.2
ports:
- "5984:5984"
volumes:
- 'couchdb:/opt/couchdb/data'
- './configs:/opt/couchdb/etc/local.d'
environment:
COUCHDB_USER: ${COUCHDB_USER}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
volumes:
- 'couchdb:/opt/couchdb/data'
- './configs:/opt/couchdb/etc/local.d'
tty: true
restart: "always"
elasticsearch:
image: elasticsearch:7.16.2
environment:
- 'http.host=0.0.0.0'
- 'transport.host=127.0.0.1'
- 'http.host=elasticsearch'
- 'transport.host=elasticsearch'
# See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/docker.html
- 'discovery.type=single-node'
# Limit memory usage to 1Go,
@@ -44,8 +43,38 @@ services:
- 'ES_JAVA_OPTS=-Xms1g -Xmx1g'
volumes:
- 'elasticsearch:/usr/share/elasticsearch/data'
ports :
- '9200:9200'
restart: "always"
nginx:
build:
context: ./nginx
dockerfile: Dockerfile.nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/templates:/etc/nginx/templates/
- ./nginx/snippets:/etc/nginx/snippets
- ./inventaire:${PROJECT_ROOT}
- certbot-www:/var/www/certbot
- ./certbot/conf:/etc/letsencrypt
environment:
PROJECT_ROOT: ${PROJECT_ROOT}
PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME}
INVENTAIRE_PORT: ${INVENTAIRE_PORT}
depends_on:
- inventaire
restart: "always"
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf:/etc/letsencrypt
- certbot-www:/var/www/certbot
restart: unless-stopped
entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
depends_on:
- nginx
volumes:
couchdb:
elasticsearch:
certbot-www:

3
nginx/Dockerfile.nginx Normal file
View File

@@ -0,0 +1,3 @@
FROM nginx
RUN mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets