WSL/SLF GitLab Repository

Commit a884aaa3 authored by Sam's avatar Sam
Browse files

update compose, readme, .env template

parent 1bb0a118
......@@ -7,6 +7,6 @@ EXTERNAL_REG=docker.io
# INJECTED SECRETS
CKAN_CONFIG_FILE=ckan.ini
CKAN_DB_SECRET_FILE=
CKAN_DB_DUMP_FILE=ckan.dump
DOI_DB_DUMP_FILE=doi.dump
\ No newline at end of file
CKAN_DB_INIT_PASS_FILE=.postgres.secret
CKAN_DB_SECRET_FILE=.db.secret
CKAN_SOLR_CREDS_FILE=.solr.secret
\ No newline at end of file
......@@ -97,7 +97,7 @@ ENV PATH="/opt/python/.venv/bin:$PATH"
ENV CKAN_HOME /usr/lib/ckan
ENV CKAN_CONFIG /etc/ckan
COPY config/who.ini $CKAN_CONFIG/
COPY who.ini $CKAN_CONFIG/
COPY ckan-entrypoint.sh /ckan-entrypoint.sh
# Upgrade pip & pre-compile deps to .pyc, add ckan user, permissions
......
# ckan-container
Containerised CKAN, Postgres, Solr using Docker
Containerised CKAN, Postgres, Solr using Docker.
Use cases:
- Replicating an existing database, then running a dev CKAN server.
- Running production CKAN with an existing database.
## Add secrets before running
_.postgres.secret_ contains the password for postgres superuser only
_.db.secret_ contains the postgres connection credentials for
the remote database (for replication), in format:
CKAN_DB_HOST=xxxxxx.wsl.ch
CKAN_DB_NAME=ckan_default
CKAN_DB_USER=ckan_default
CKAN_DB_PASS=xxxxxx
CKAN_DOI_DB_NAME=envidat_doi
_.solr.secret_ contains the credentials for setting and
connecting as users for Solr, in format:
SOLR_ADMIN_PASS=xxxxxx
SOLR_CKAN_PASS=xxxxxx
## Running
- Once the secrets are set, run with `docker compose up -d`
<VirtualHost 0.0.0.0:8080>
ServerName ckan
ServerAlias *
<Directory "${CKAN_CONFIG}">
Require all granted
</Directory>
WSGIScriptAlias / ${CKAN_CONFIG}/apache.wsgi
WSGIPassAuthorization On
ErrorLog /var/log/apache2/ckan_default.error.log
CustomLog /var/log/apache2/ckan_default.custom.log combined
</VirtualHost>
daemon off;
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
# Unless these are set explicitly, the types_hash_bucket_size is set at
# runtime depending on the processor's cache line size, which can (and does)
# cause inconsistent behaviour on different hardware. Our
# /etc/nginx/mime.types requires at least a 32 bit bucket, but we set these to
# the latest nginx default values to be on the safe size.
types_hash_bucket_size 64;
types_hash_max_size 1024;
proxy_cache_path /var/cache/nginx/proxycache levels=1:2 keys_zone=cache:30m max_size=250m;
proxy_temp_path /var/cache/nginx/proxytemp 1 2;
server {
listen 80 default_server;
server_name _;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_cache cache;
proxy_cache_bypass $cookie_auth_tkt;
proxy_no_cache $cookie_auth_tkt;
proxy_cache_valid 30m;
proxy_cache_key $host$scheme$proxy_host$request_uri;
}
}
}
......@@ -10,6 +10,12 @@ volumes:
secrets:
ckan_config:
file: ./${CKAN_CONFIG_FILE:-/dev/null}
db_init_pass:
file: ./${CKAN_DB_INIT_PASS_FILE:-/dev/null}
db_env_secret:
file: ./${CKAN_DB_SECRET_FILE:-/dev/null}
solr_creds:
file: ./${CKAN_SOLR_CREDS_FILE:-/dev/null}
networks:
ckan-internal:
......@@ -53,14 +59,14 @@ services:
args:
- EXTERNAL_REG=${EXTERNAL_REG}
- MAINTAINER=${MAINTAINER}
env_file:
- .db.secret
environment:
- PGDATA=/var/lib/postgresql/data/db
- POSTGRES_PASSWORD_FILE=/run/secrets/db_init_pass
secrets:
- db_init_pass
- db_env_secret
volumes:
- pg_data:/var/lib/postgresql/data
- ./${CKAN_DB_DUMP_FILE:-/dev/null}:/docker-entrypoint-initdb.d/ckan.dump
- ./${DOI_DB_DUMP_FILE:-/dev/null}:/docker-entrypoint-initdb.d/doi.dump
networks:
- ckan-internal
- db-inspect
......@@ -79,8 +85,21 @@ services:
- solr_data:/opt/solr/server/solr
networks:
- ckan-internal
ports:
- 8983:8983
init-solr:
container_name: ckan_init_solr
image: "${INTERNAL_REG}/ckan-init-solr:latest"
build:
context: ./init_solr
args:
- EXTERNAL_REG=${EXTERNAL_REG}
- MAINTAINER=${MAINTAINER}
secrets:
- solr_creds
networks:
- ckan-internal
depends_on:
- solr
redis:
container_name: ckan_redis
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment