diff --git a/README.md b/README.md index cdedf46..c986770 100644 --- a/README.md +++ b/README.md @@ -76,57 +76,45 @@ echo "module.exports = { " > ./inventaire/config/local-production.cjs ``` +Set the email server by editing the file `config/local-production.cjs`. For example: + +```js +mailer: { + disabled: false, + nodemailer: { + host: 'smtp.an-email-provider.net', + port: 587, + auth: { + user: 'user', + pass: 'password' + }, + }, +}, +``` + ## Reverse proxy configuration -Inventaire only provides configuration files for Nginx. - -Run dependencies: +Generate the first SSL certificate with Let's Encrypt ```sh -sudo mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets -``` - -Install nginx and certbot - -Copy the nginx configuration template - -```sh -PUBLIC_HOSTNAME=$(grep -oP 'PUBLIC_HOSTNAME=\K.*' .env) PROJECT_ROOT=$(grep -oP 'PROJECT_ROOT=\K.*' .env) envsubst < nginx/templates/default.conf.template > nginx/default -sudo mv nginx/default /etc/nginx/sites-available/default -``` - -Activate the configuration file - -```sh -sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf -``` - -To generate the certificate for your domain as required to make https work, you can use Let's Encrypt: - -```sh -sudo systemctl stop nginx -sudo certbot certonly --standalone --post-hook "systemctl restart nginx" -sudo systemctl restart nginx -``` - -When certbot is done, you may uncomment lines starting with `# ssl_certificate` and `# ssl_certificate_key` in `/etc/nginx/sites-available/default.conf` and restart nginx. - -Certbot should have installed a cron to automatically renew your certificate. -Since nginx template supports webroot renewal, we suggest you to update the renewal config file to use the webroot authenticator: - -```sh -# Replace authenticator = standalone by authenticator = webroot -# Add webroot_path = /var/www/certbot -sudo vim /etc/letsencrypt/renewal/your-domain.com.conf +docker run -it --rm --name certbot -p 80:80 -v "$(pwd)/certbot/conf:/etc/letsencrypt" certbot/certbot certonly --standalone ``` ## Usage -Start CouchDB, Elasticsearch, and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode +Start CouchDB, Elasticsearch, Nginx and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode ```sh docker-compose up ``` +Go to the sign up page (`https://DOMAIN_NAME/signup`) and create a user + +Make the newly created user an admin (replace `your_username` in the command below by the user username) : + +```sh +docker exec $(docker ps -f name=_inventaire --format "{{.ID}}") npm run db-actions:update-user-role-from-username your_username add admin +``` + ## Tips General tips on how to run Inventaire can be found in the [server repository docs](https://github.com/inventaire/inventaire/tree/main/docs). Here after are some additional Docker-specific tips. @@ -196,3 +184,6 @@ See also [Elasticsearch with Docker](https://www.elastic.co/guide/en/elasticsear CouchDB may warn constantly that `_users` database does not exist, [as documented](https://docs.couchdb.org/en/latest/setup/single-node.html), you can create de database with: `curl -X PUT http://127.0.0.1:5984/_users` + +`docker exec $(docker ps -f name=couchdb --format "{{.ID}}") curl -H 'Content-Type:application/json' -H 'Accept: application/json' -XPUT "http://couchdb:password@localhost:5984/_users"` + diff --git a/docker-compose.yml b/docker-compose.yml index 35e26f3..828aba3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,13 +4,12 @@ services: build: context: ./. dockerfile: Dockerfile.inventaire - ports: - - "3006:3006" volumes: - ./inventaire:${PROJECT_ROOT} working_dir: ${PROJECT_ROOT} environment: NODE_ENV: 'production' + NODE_APP_INSTANCE: 'federated' COUCHDB_USER: ${COUCHDB_USER} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME} @@ -21,22 +20,22 @@ services: options: max-size: "10m" max-file: "3" + restart: "always" couchdb: image: couchdb:3.4.2 - ports: - - "5984:5984" - volumes: - - 'couchdb:/opt/couchdb/data' - - './configs:/opt/couchdb/etc/local.d' environment: COUCHDB_USER: ${COUCHDB_USER} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} + volumes: + - 'couchdb:/opt/couchdb/data' + - './configs:/opt/couchdb/etc/local.d' tty: true + restart: "always" elasticsearch: image: elasticsearch:7.16.2 environment: - - 'http.host=0.0.0.0' - - 'transport.host=127.0.0.1' + - 'http.host=elasticsearch' + - 'transport.host=elasticsearch' # See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/docker.html - 'discovery.type=single-node' # Limit memory usage to 1Go, @@ -44,8 +43,38 @@ services: - 'ES_JAVA_OPTS=-Xms1g -Xmx1g' volumes: - 'elasticsearch:/usr/share/elasticsearch/data' - ports : - - '9200:9200' + restart: "always" + nginx: + build: + context: ./nginx + dockerfile: Dockerfile.nginx + ports: + - "80:80" + - "443:443" + volumes: + - ./nginx/templates:/etc/nginx/templates/ + - ./nginx/snippets:/etc/nginx/snippets + - ./inventaire:${PROJECT_ROOT} + - certbot-www:/var/www/certbot + - ./certbot/conf:/etc/letsencrypt + environment: + PROJECT_ROOT: ${PROJECT_ROOT} + PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME} + INVENTAIRE_PORT: ${INVENTAIRE_PORT} + depends_on: + - inventaire + restart: "always" + certbot: + image: certbot/certbot:latest + volumes: + - ./certbot/conf:/etc/letsencrypt + - certbot-www:/var/www/certbot + restart: unless-stopped + entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;" + depends_on: + - nginx + volumes: couchdb: elasticsearch: + certbot-www: diff --git a/nginx/Dockerfile.nginx b/nginx/Dockerfile.nginx new file mode 100644 index 0000000..5a990d6 --- /dev/null +++ b/nginx/Dockerfile.nginx @@ -0,0 +1,3 @@ +FROM nginx + +RUN mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets