negodiy/docker-inventaire
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package reverse proxy in docker-compose

Browse Source
This commit is contained in:
jums
2024-12-25 13:09:48 +01:00
parent 82d94e73da
commit ba42f2e009
3 changed files with 73 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@@ -76,57 +76,45 @@ echo "module.exports = {
" > ./inventaire/config/local-production.cjs " > ./inventaire/config/local-production.cjs
``` ```
Set the email server by editing the file `config/local-production.cjs`. For example:
```js
mailer: {
disabled: false,
nodemailer: {
host: 'smtp.an-email-provider.net',
port: 587,
auth: {
user: 'user',
pass: 'password'
},
},
},
```
## Reverse proxy configuration ## Reverse proxy configuration
Inventaire only provides configuration files for Nginx. Generate the first SSL certificate with Let's Encrypt
Run dependencies:
```sh ```sh
sudo mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets docker run -it --rm --name certbot -p 80:80 -v "$(pwd)/certbot/conf:/etc/letsencrypt" certbot/certbot certonly --standalone
```
Install nginx and certbot
Copy the nginx configuration template
```sh
PUBLIC_HOSTNAME=$(grep -oP 'PUBLIC_HOSTNAME=\K.*' .env) PROJECT_ROOT=$(grep -oP 'PROJECT_ROOT=\K.*' .env) envsubst < nginx/templates/default.conf.template > nginx/default
sudo mv nginx/default /etc/nginx/sites-available/default
```
Activate the configuration file
```sh
sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf
```
To generate the certificate for your domain as required to make https work, you can use Let's Encrypt:
```sh
sudo systemctl stop nginx
sudo certbot certonly --standalone --post-hook "systemctl restart nginx"
sudo systemctl restart nginx
```
When certbot is done, you may uncomment lines starting with `# ssl_certificate` and `# ssl_certificate_key` in `/etc/nginx/sites-available/default.conf` and restart nginx.
Certbot should have installed a cron to automatically renew your certificate.
Since nginx template supports webroot renewal, we suggest you to update the renewal config file to use the webroot authenticator:
```sh
# Replace authenticator = standalone by authenticator = webroot
# Add webroot_path = /var/www/certbot
sudo vim /etc/letsencrypt/renewal/your-domain.com.conf
``` ```
## Usage ## Usage
Start CouchDB, Elasticsearch, and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode Start CouchDB, Elasticsearch, Nginx and the Inventaire [server](https://github.com/inventaire/inventaire) in production mode
```sh ```sh
docker-compose up docker-compose up
``` ```
Go to the sign up page (`https://DOMAIN_NAME/signup`) and create a user
Make the newly created user an admin (replace `your_username` in the command below by the user username) :
```sh
docker exec $(docker ps -f name=_inventaire --format "{{.ID}}") npm run db-actions:update-user-role-from-username your_username add admin
```
## Tips ## Tips
General tips on how to run Inventaire can be found in the [server repository docs](https://github.com/inventaire/inventaire/tree/main/docs). Here after are some additional Docker-specific tips. General tips on how to run Inventaire can be found in the [server repository docs](https://github.com/inventaire/inventaire/tree/main/docs). Here after are some additional Docker-specific tips.
@@ -196,3 +184,6 @@ See also [Elasticsearch with Docker](https://www.elastic.co/guide/en/elasticsear
CouchDB may warn constantly that `_users` database does not exist, [as documented](https://docs.couchdb.org/en/latest/setup/single-node.html), you can create de database with: CouchDB may warn constantly that `_users` database does not exist, [as documented](https://docs.couchdb.org/en/latest/setup/single-node.html), you can create de database with:
`curl -X PUT http://127.0.0.1:5984/_users` `curl -X PUT http://127.0.0.1:5984/_users`
`docker exec $(docker ps -f name=couchdb --format "{{.ID}}") curl -H 'Content-Type:application/json' -H 'Accept: application/json' -XPUT "http://couchdb:password@localhost:5984/_users"`

49
docker-compose.yml
View File

@@ -4,13 +4,12 @@ services:
build: build:
context: ./. context: ./.
dockerfile: Dockerfile.inventaire dockerfile: Dockerfile.inventaire
ports:
- "3006:3006"
volumes: volumes:
- ./inventaire:${PROJECT_ROOT} - ./inventaire:${PROJECT_ROOT}
working_dir: ${PROJECT_ROOT} working_dir: ${PROJECT_ROOT}
environment: environment:
NODE_ENV: 'production' NODE_ENV: 'production'
NODE_APP_INSTANCE: 'federated'
COUCHDB_USER: ${COUCHDB_USER} COUCHDB_USER: ${COUCHDB_USER}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME} PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME}
@@ -21,22 +20,22 @@ services:
options: options:
max-size: "10m" max-size: "10m"
max-file: "3" max-file: "3"
restart: "always"
couchdb: couchdb:
image: couchdb:3.4.2 image: couchdb:3.4.2
ports:
- "5984:5984"
volumes:
- 'couchdb:/opt/couchdb/data'
- './configs:/opt/couchdb/etc/local.d'
environment: environment:
COUCHDB_USER: ${COUCHDB_USER} COUCHDB_USER: ${COUCHDB_USER}
COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD}
volumes:
- 'couchdb:/opt/couchdb/data'
- './configs:/opt/couchdb/etc/local.d'
tty: true tty: true
restart: "always"
elasticsearch: elasticsearch:
image: elasticsearch:7.16.2 image: elasticsearch:7.16.2
environment: environment:
- 'http.host=0.0.0.0' - 'http.host=elasticsearch'
- 'transport.host=127.0.0.1' - 'transport.host=elasticsearch'
# See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/docker.html # See https://www.elastic.co/guide/en/elasticsearch/reference/7.16/docker.html
- 'discovery.type=single-node' - 'discovery.type=single-node'
# Limit memory usage to 1Go, # Limit memory usage to 1Go,
@@ -44,8 +43,38 @@ services:
- 'ES_JAVA_OPTS=-Xms1g -Xmx1g' - 'ES_JAVA_OPTS=-Xms1g -Xmx1g'
volumes: volumes:
- 'elasticsearch:/usr/share/elasticsearch/data' - 'elasticsearch:/usr/share/elasticsearch/data'
restart: "always"
nginx:
build:
context: ./nginx
dockerfile: Dockerfile.nginx
ports: ports:
- '9200:9200' - "80:80"
- "443:443"
volumes:
- ./nginx/templates:/etc/nginx/templates/
- ./nginx/snippets:/etc/nginx/snippets
- ./inventaire:${PROJECT_ROOT}
- certbot-www:/var/www/certbot
- ./certbot/conf:/etc/letsencrypt
environment:
PROJECT_ROOT: ${PROJECT_ROOT}
PUBLIC_HOSTNAME: ${PUBLIC_HOSTNAME}
INVENTAIRE_PORT: ${INVENTAIRE_PORT}
depends_on:
- inventaire
restart: "always"
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf:/etc/letsencrypt
- certbot-www:/var/www/certbot
restart: unless-stopped
entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
depends_on:
- nginx
volumes: volumes:
couchdb: couchdb:
elasticsearch: elasticsearch:
certbot-www:

3
nginx/Dockerfile.nginx Normal file
View File

@@ -0,0 +1,3 @@
FROM nginx
RUN mkdir -p /tmp/nginx/tmp /tmp/nginx/resize/img/users /tmp/nginx/resize/img/groups /tmp/nginx/resize/img/entities /tmp/nginx/resize/img/remote /tmp/nginx/resize/img/assets