Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat/ui-docker-container-builds #7149

Open
wants to merge 38 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
435ca8e
adding basic docker container
gilesw Nov 29, 2024
5899a76
missing newrelic config
gilesw Nov 29, 2024
6e70747
json entrypoint recommendation
gilesw Nov 29, 2024
9e067ea
allow frontend to be configured separately to web
gilesw Nov 29, 2024
ecc70ca
add postgres, redis, haproxy lb containers for dev
gilesw Nov 29, 2024
184bf2d
Merge branch 'main' into feat/ui-docker-container-builds
amontenegro Dec 2, 2024
3c4e09a
Merge branch 'main' into feat/ui-docker-container-builds
amontenegro Dec 3, 2024
036c286
missing env files
gilesw Dec 4, 2024
c170a93
Merge branch 'feat/ui-docker-container-builds' of github.com:ORCID/OR…
gilesw Dec 4, 2024
58795ec
ro only perms as full write causes startup error
gilesw Dec 4, 2024
f8923a7
drop yaml markers in env files
gilesw Dec 5, 2024
d8dad88
feat: add haproxy router for database connections and use static ips …
gilesw Dec 5, 2024
b338281
Fix the code so the app can start with an empty identifer_type table
amontenegro Dec 5, 2024
4e27c0d
Merge branch 'feat/ui-docker-container-builds' of https://github.com/…
amontenegro Dec 5, 2024
97f89bc
Adding users
amontenegro Dec 5, 2024
a99373d
Client added
amontenegro Dec 5, 2024
5485d4d
migrating back to a defined bridged network
gilesw Dec 6, 2024
1ab8139
Merge branch 'feat/ui-docker-container-builds' of github.com:ORCID/OR…
gilesw Dec 6, 2024
991c872
adding orcid-haprouter to the builds
gilesw Dec 6, 2024
34085f5
adding in haprouter as default postgres connection
gilesw Dec 6, 2024
8ae0c47
cleaner overridable haprouter config
gilesw Dec 9, 2024
935a391
default.env is transfered via anisble not dev.env
gilesw Dec 9, 2024
4de984c
default.env is transfered via anisble not dev.env
gilesw Dec 9, 2024
37453e2
Update passphrase
amontenegro Dec 9, 2024
60a1eff
Merge branch 'feat/ui-docker-container-builds' of https://github.com/…
amontenegro Dec 9, 2024
7150de1
handle stale containers
gilesw Dec 30, 2024
50ae7f1
missing permissions and use env
gilesw Dec 30, 2024
47d3913
Merge branch 'main' into feat/ui-docker-container-builds
gilesw Jan 22, 2025
34be64c
adding CSRF work to docker config files
gilesw Jan 22, 2025
d1d33f9
adding new properties for papi rate limiting
gilesw Jan 23, 2025
2ae049e
Merge branch 'main' into feat/ui-docker-container-builds
amontenegro Jan 28, 2025
33e078a
fix: move to new haproxy stats port below 1024
gilesw Feb 14, 2025
8917d04
feat: unique log location for each tomcat
gilesw Feb 14, 2025
eb967a5
Merge branch 'feat/ui-docker-container-builds' of github.com:ORCID/OR…
gilesw Feb 14, 2025
648511b
use ui naming inline with deploys
gilesw Feb 14, 2025
d089d75
fix: match proxying to new docker compose names
gilesw Feb 19, 2025
56ecb59
fix: move haproxy stats ports back onto nonroot range internally
gilesw Feb 19, 2025
cc11709
fix bump haproxy port back over 1024
gilesw Feb 19, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add postgres, redis, haproxy lb containers for dev
gilesw committed Nov 29, 2024
commit ecc70cacfa2750bdef5a389d62b69262282388c8
5 changes: 5 additions & 0 deletions docker-entrypoint-initdb.d/1-dev-users.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
CREATE USER orcid WITH PASSWORD 'orcid';
CREATE USER statistics WITH PASSWORD 'statistics';
CREATE USER orcidro WITH PASSWORD 'orcidro';
CREATE USER dw_user WITH PASSWORD 'dw_user';

8 changes: 8 additions & 0 deletions docker-entrypoint-initdb.d/2-createdb.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
CREATE DATABASE orcid;

CREATE DATABASE statistics;

CREATE DATABASE features;

CREATE DATABASE message_listener;

6,479 changes: 6,479 additions & 0 deletions docker-entrypoint-initdb.d/4-orcid-schema.sql

Large diffs are not rendered by default.

15 changes: 15 additions & 0 deletions docker-entrypoint-initdb.d/5-orcid-extension.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
--
-- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: -
--

\c orcid

CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public;


--
-- Name: EXTENSION "uuid-ossp"; Type: COMMENT; Schema: -; Owner:
--

COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';

196 changes: 196 additions & 0 deletions docker-entrypoint-initdb.d/6-features.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
--
-- PostgreSQL database dump
--

-- Dumped from database version 13.10 (Ubuntu 13.10-1.pgdg20.04+1)
-- Dumped by pg_dump version 15.2 (Ubuntu 15.2-1.pgdg20.04+1)

\c features

SET statement_timeout = 0;
SET lock_timeout = 0;
SET idle_in_transaction_session_timeout = 0;
SET client_encoding = 'UTF8';
SET standard_conforming_strings = on;
SELECT pg_catalog.set_config('search_path', '', false);
SET check_function_bodies = false;
SET xmloption = content;
SET client_min_messages = warning;
SET row_security = off;

--
-- Name: public; Type: SCHEMA; Schema: -; Owner: postgres
--

-- *not* creating schema, since initdb creates it


ALTER SCHEMA public OWNER TO postgres;

--
-- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: -
--

CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public;


--
-- Name: EXTENSION "uuid-ossp"; Type: COMMENT; Schema: -; Owner:
--

COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)';


SET default_tablespace = '';

SET default_table_access_method = heap;

--
-- Name: togglz; Type: TABLE; Schema: public; Owner: orcid
--

CREATE TABLE public.togglz (
feature_name character varying(100) NOT NULL,
feature_enabled integer,
strategy_id character varying(200),
strategy_params character varying(2000)
);


ALTER TABLE public.togglz OWNER TO orcid;

--
-- Data for Name: togglz; Type: TABLE DATA; Schema: public; Owner: orcid
--

COPY public.togglz (feature_name, feature_enabled, strategy_id, strategy_params) FROM stdin;
AFFILIATION_ORG_ID 1 \N \N
AFFILIATION_SEARCH 1 \N \N
COOKIE_BANNER 1 \N \N
GDPR_UI 1 \N \N
HTTPS_IDS 1 \N \N
REG_MULTI_EMAIL 1 \N \N
REVOKE_TOKEN_ON_CODE_REUSE 1 \N \N
TWO_FACTOR_AUTHENTICATION 1 \N \N
SELF_SERVICE_ORG_IDS 1 \N \N
PUB_API_2_0_BY_DEFAULT 1 \N \N
DISABLE_1_2_ON_PUB_API 1 \N \N
GET_MY_DATA 1 \N \N
DISABLE_1_1 1 \N \N
MANUAL_WORK_GROUPING 1 \N \N
GROUPING_SUGGESTIONS 1 \N \N
WORKS_FAILURE_DEBUG 1 \N \N
BADGES 1 \N \N
RESEARCH_RESOURCE 1 \N \N
RESET_PASSWORD_EMAIL 1 \N \N
MEMBER_API_2_0_BY_DEFAULT 1 \N \N
GDPR_EMAIL_NOTIFICATIONS 1 \N \N
GDPR_DEACTIVATE 1 \N \N
ANGULAR2_QA 0 \N \N
DISPLAY_NEW_AFFILIATION_TYPES 1 \N \N
SUPPORT_MIGRATION 1 \N \N
DIALOG_PRIVACY_OPTION 1 \N \N
EX_ID_RESOLVER 1 \N \N
LAST_MOD 1 \N \N
OPENID_SIMPLE_SUBJECT 1 \N \N
RE_LOGGIN_ALERT 1 \N \N
LANG_AR 1 \N \N
VERBOSE_NOTIFICATIONS 1 \N \N
DISABLE_1_2_ON_MEMBER_API 1 \N \N
ADD_WORKS_WITH_EXTERNAL_ID 1 \N \N
SEARCH_RESULTS_AFFILIATIONS 1 \N \N
ORCID_ANGULAR_APP_CUES 1 \N \N
NEW_INFO_SITE 1 \N \N
SALESFORCE_MICROSERVICE 1 \N \N
ORCID_ANGULAR_INBOX 1 \N \N
GROUP_AFFILIATIONS 0 \N \N
HIDE_UNVERIFIED_EMAILS 1 \N \N
ORCID_ANGULAR_MY_ORCID 0 \N \N
TWO_FA_DEACTIVATE_EMAIL 1 \N \N
UPGRADE_PUBLIC_CLIENT 1 \N \N
V2_DISABLE_RELEASE_CANDIDATES 1 \N \N
ENABLE_NEW_NOTIFICATIONS 1 \N \N
ORCID_ANGULAR_WORKS_CONTRIBUTORS 1 \N \N
WORKS_PAGINATION 1 \N \N
READ_BULK_WORKS_DIRECTLY_FROM_DB 0 \N \N
ID_TOKEN_24_HOURS_LIFESPAN 1 \N \N
V3_DISABLE_RELEASE_CANDIDATES 1 \N \N
SF_ENABLE_OPP_ORG_RECORD_TYPES 1 \N \N
ORCID_ANGULAR_SEARCH 1 \N \N
USER_OBO 1 \N \N
ENABLE_NEW_IDS 1 \N \N
ENABLE_DE_PL_TR 0 \N \N
RESTRICTED_DELEGATORS 1 \N \N
ACCOUNT_LOCKOUT_SIMULATION 0 \N \N
STOP_SENDING_NOTIFICATION_WORK_NOT_UPDATED 1 \N \N
ALLOW_DELETE_WITH_REVOKED_TOKENS 1 \N \N
PUB_API_DEFAULT_TO_V3 1 \N \N
MEMBER_API_DEFAULT_TO_V3 1 \N \N
ENABLE_ACCOUNT_LOCKOUT 1 \N \N
DELETE_EVENTS 1 \N \N
ENABLE_USER_MENU 1 \N \N
ENABLE_HEADER2 1 \N \N
EMAIL_STATUS_DROPDOWN_OPTION 0 \N \N
ORCID_ANGULAR_CURRENT_EMPLOYMENT_AFFILIATIONS_WORK_CONTRIBUTORS 0 \N \N
WIDE_GRID 1 \N \N
NEW_BADGES 1 \N \N
NEW_FOOTER 1 \N \N
SEND_ALL_VERIFICATION_EMAILS 1 \N \N
ENABLE_PROMOTION_OF_CHOSEN_ORGS 0 \N \N
PROFESSIONAL_ACTIVITIES 1 \N \N
REGISTRATION_2_0 1 \N \N
SPAM_BUTTON 0 \N \N
NEW_DEVELOPER_TOOLS 1 \N \N
REDIRECT_PUT_TOKEN_ENDPOINT 1 \N \N
SEND_ADD_WORKS_EMAILS 1 \N \N
SOURCE_SORTING 1 \N \N
REGISTRATION_2_1 1 \N \N
ADD_OTHER_WORK_CONTRIBUTORS 1 \N \N
ORG_SEARCH_SORT_BY_POPULARITY 1 \N \N
CRAZY_EGG 1 \N \N
ORCID_ANGULAR_SIGNIN 1 \N \N
HOTJAR 0 \N \N
STORE_TOP_CONTRIBUTORS 1 \N \N
PAPI_EVENTS 1 \N \N
ORCID_ANGULAR_HELP_HERO 1 \N \N
DISABLE_MATCHING_SUBDOMAINS 1 \N \N
ADD_OTHER_WORK_CONTRIBUTORS_WITH_BIBTEX 1 \N \N
ORCID_ANGULAR_LAZY_LOAD_PEER_REVIEWS 1 \N \N
ORCID_ANGULAR_ACCOUNT_SETTINGS 1 \N \N
EVENTS 1 \N \N
MOVE_CLIENT 1 \N \N
NEW_RECORD_HEADER 1 \N \N
ADD_OTHER_WORK_CONTRIBUTORS_WITH_DOI_PUBMED 1 \N \N
WORDPRESS_HOME_PAGE 1 \N \N
EMAIL_DOMAINS 1 \N \N
SIGN_IN_UPDATES_V1 1 \N \N
NEW_RELIC_BROWSER_MONITORING 1 \N \N
MAPI_SUMMARY_ENDPOINT 1 \N \N
NEW_RECORD_HEADER_WITH_SUMMARY 1 \N \N
EMAIL_DOMAINS_UI 1 \N \N
LOGIN_DOMAINS_INTERSTITIAL 0 \N \N
ENABLE_PAPI_RATE_LIMITING 1 \N \N
OAUTH_DOMAINS_INTERSTITIAL 0 \N \N
\.


--
-- Name: togglz togglz_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid
--

ALTER TABLE ONLY public.togglz
ADD CONSTRAINT togglz_pkey PRIMARY KEY (feature_name);


--
-- Name: SCHEMA public; Type: ACL; Schema: -; Owner: postgres
--

REVOKE USAGE ON SCHEMA public FROM PUBLIC;
GRANT ALL ON SCHEMA public TO PUBLIC;


--
-- PostgreSQL database dump complete
--

7 changes: 7 additions & 0 deletions orcid-lb/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM haproxy:2.4.24-bullseye


COPY certs/* /etc/ssl/private/

COPY orcid-lb/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

113 changes: 113 additions & 0 deletions orcid-lb/haproxy.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
global
stats timeout 30s
daemon
maxconn 6000
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-bind-options no-sslv3
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-server-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
ssl-default-server-options no-sslv3
nbproc 1


tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
log global
mode http
option httplog
option dontlognull
option log-separate-errors
timeout connect 5s
timeout client 100s
timeout server 100s
stats show-modules
stats show-legends

listen stats-1936
description haproute Loadbalancer
bind 0.0.0.0:1936
mode http
stats enable
stats uri /
stats hide-version
stats show-node

frontend http
description redirect to https
bind 0.0.0.0:80
mode http
timeout client 100s
redirect scheme https code 301 if !{ ssl_fc }

frontend https-443
description Frontend for HTTPS Traffic
bind 0.0.0.0:443 ssl crt /etc/ssl/private/docker_dev-haproxy.pem
mode http
maxconn 6000
option httplog
timeout client 100s

monitor-uri /haproxy-status

http-request set-src req.hdr(CF-Connecting-IP)
http-response add-header X-Via %[env(HOSTNAME)]

acl host_pub hdr(host) -i pub.
acl host_api hdr(host) -i api.

use_backend reg-papi if host_pub
use_backend reg-mapi if host_api
default_backend reg-ui

backend reg-papi
description reg-papi
mode http
balance leastconn
option forwardfor
option httpchk GET /static/swagger2/favicon-16x16.png
option redispatch
http-check expect status 200
timeout server 300s
http-response set-header X-Target %[srv_name]
default-server init-addr libc,last,none
server papi papi:443 ssl check verify none weight 100

backend reg-mapi
description reg-mapi
mode http
balance leastconn
option forwardfor
option httpchk GET /static/swagger2/favicon-32x32.png
option redispatch
http-check expect status 200
timeout server 300s
http-response set-header X-Target %[srv_name]
default-server init-addr libc,last,none
server mapi mapi:443 ssl check verify none weight 100

backend reg-ui
description reg-ui
mode http
balance leastconn
cookie STICKY insert
option forwardfor
option httpchk GET /tomcatUp.json
option redispatch
http-check expect status 200
timeout server 300s
http-response set-header X-Target %[srv_name]
default-server init-addr libc,last,none
server web_proxy web_proxy:443 ssl check verify none weight 100


12 changes: 12 additions & 0 deletions redis/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
FROM redis:7.2.5-alpine

RUN mkdir -p /opt/certs

COPY ./certs/* /opt/certs

RUN chown -R redis:redis /opt/certs

CMD ["redis-server", "--save", "20", "1", "--loglevel", "warning", "--requirepass", "wibble", \
"--tls-port", "6379", "--port", "0", "--tls-cert-file", "/opt/certs/docker_dev.pem", \
"--tls-key-file", "/opt/certs/docker_dev-key.pem", "--tls-ca-cert-file", "/opt/certs/orcid_rsa_2022.crt", \
"--tls-auth-clients", "no", "--tls-replication", "yes"]