Bmegio2

docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.4'
 services:
 
   mongo:
-    image: mongo:3.6
+    image: mongo:6.0.10
     restart: unless-stopped    
     container_name: mongo
     volumes:
@@ -14,8 +14,9 @@ services:
     # build: grip
     container_name: grip
     volumes:
-        - ./secrets/grip_config.yml:/config/grip_config.yml
+        - /mnt/data2/bmeg/deployment/secrets/grip_config.yml:/config/grip_config.yml
     entrypoint: ["grip", "server", "--config", "/config/grip_config.yml"]
+          #entrypoint: ["sleep", "3000"]
     ports:
       - 8201:8201
       - 8202:8202
@@ -37,13 +38,13 @@ services:
       # content
       - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmegio.ohsu.edu/public:/usr/share/nginx/bmegio.ohsu.edu
       - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmeg.io/public:/usr/share/nginx/bmeg.io
-      - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net
+      #- /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net
       - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmegio.ohsu.edu.data
       - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmeg.io.data
       - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmegio.ohsu.edu.share
       - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmeg.io.share
-      - /mnt/data2/recount/data:/usr/share/nginx/recount.bio.data
-      - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/recount.bio:/usr/share/nginx/recount.bio
+      - /mnt/data2/recount/data:/usr/share/nginx/recount.bio
+      - /mnt/data2/recount/data:/usr/share/nginx/methylation.recount.bio
 
       # config
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf
@@ -56,17 +57,14 @@ services:
 
       # specific sites
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu:/etc/nginx/sites-enabled/bmegio.ohsu.edu:ro
-      - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro
-      - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro
+        #- /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro
+        #- /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg.io:/etc/nginx/sites-enabled/bmeg.io:ro
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/recount.bio:/etc/nginx/sites-enabled/recount.bio:ro
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/methylation.recount.bio:/etc/nginx/sites-enabled/methylation.recount.bio:ro
 
       # testing
       - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/commons.bmeg.io:/etc/nginx/sites-enabled/commons.bmeg.io:ro
-      # - ./nginx/etc/nginx/sites-enabled/bmegio-test.ddns.net:/etc/nginx/sites-enabled/bmegio-test.ddns.net:ro
-      # - ./nginx/bmeg-site/bmegio-test.ddns.net/public:/usr/share/nginx/bmegio-test.ddns.net
-      # - ./nginx/etc/nginx/grip-bmegio-test.ddns.net.conf:/etc/nginx/grip-bmegio-test.ddns.net.conf
 
       # for letsencrypt
       - /mnt/data2/bmeg/deployment/data/certbot/conf:/etc/letsencrypt
@@ -139,7 +137,7 @@ services:
   # see https://www.neteye-blog.com/2018/04/how-to-monitor-docker-containers-using-cadvisor-part-1/
   cadvisor:
     container_name: cadvisor       # The service will use this container name.
-    image: google/cadvisor:latest
+    image: gcr.io/cadvisor/cadvisor # old image replaced with newer image
     restart: unless-stopped    
     volumes:
     - /:/rootfs:ro

etl/Dockerfile

@@ -6,14 +6,27 @@ FROM python:3.7.2
 # Uses service_account_email argument and config/service_account.json
 
 # install mongo import
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
-RUN echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list
+
+RUN apt-get install gnupg curl
+
+RUN sed -i -e 's/deb.debian.org/archive.debian.org/g' \
+           -e 's|security.debian.org|archive.debian.org/|g' \
+           -e '/stretch-updates/d' /etc/apt/sources.list
+
+RUN curl -fsSL https://pgp.mongodb.com/server-4.4.asc | \
+    gpg -o /usr/share/keyrings/mongodb-server-4.4.gpg \
+   --dearmor
+
+RUN echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-4.4.gpg ] http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+
 RUN apt-get update
 RUN apt-get install -y mongodb-org-tools
 
+
 # install go lang, silence wget and tar
-RUN wget -q  https://dl.google.com/go/go1.17.2.linux-amd64.tar.gz && \
-  tar -xf go1.17.2.linux-amd64.tar.gz
+RUN wget -q  https://dl.google.com/go/go1.20.5.linux-amd64.tar.gz && \
+  tar -xf go1.20.5.linux-amd64.tar.gz
+
 
 # install grip
 RUN mkdir -p /go/src/github.com/bmeg

init-letsencrypt.sh

@@ -40,8 +40,8 @@ fi
 if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
   echo "### Downloading recommended TLS parameters ..."
   mkdir -p "$data_path/conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
   echo
 fi
 
@@ -93,6 +93,7 @@ $DC run --rm --entrypoint "\
     $email_arg \
     $domain_args \
     --rsa-key-size $rsa_key_size \
+    -v \
     --agree-tos --no-eff-email \
     --force-renewal" certbot
 echo

jupyterlab/Dockerfile

@@ -4,4 +4,4 @@ RUN pip install gripql
 USER root
 RUN apt-get update && apt-get install -y graphviz graphviz-dev gcc
 USER $NB_UID
-RUN pip install pygraphviz
+RUN pip install pygraphviz==1.5

nginx/Dockerfile

@@ -1,25 +1,35 @@
-# FROM cloudflare/nginx-google-oauth:1.1.1
+#FROM cloudflare/nginx-google-oauth:1.1.1
 
 # https://github.com/cloudflare/nginx-google-oauth/blob/master/Dockerfile
 
-FROM debian:stable
-# FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f
+#FROM debian:stable
+# using different image to avoid lua package import path nonsense
+FROM openresty/openresty:latest
+#FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f
 
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends nginx-extras lua-cjson git ca-certificates && \
+    apt-get install -y --no-install-recommends nginx nginx-extras lua5.1 luarocks gcc wget git ca-certificates lua-cjson build-essential  && \
+
     rm -rf /var/lib/apt/lists/* && \
     git clone -c transfer.fsckobjects=true https://github.com/pintsized/lua-resty-http.git /tmp/lua-resty-http && \
     cd /tmp/lua-resty-http && \
     # https://github.com/pintsized/lua-resty-http/releases/tag/v0.07 v0.07
-    git checkout 69695416d408f9cfdaae1ca47650ee4523667c3d && \
+    #git checkout 69695416d408f9cfdaae1ca47650ee4523667c3d && \
+
     mkdir -p /etc/nginx/lua && \
     cp -aR /tmp/lua-resty-http/lib/resty /etc/nginx/lua/resty && \
     rm -rf /tmp/lua-resty-http && \
     mkdir /etc/nginx/http.conf.d && \
     sed 's%http {%include /etc/nginx/http.conf.d/*.conf;\n\nhttp {%' -i /etc/nginx/nginx.conf
 
-# COPY ./access.lua /etc/nginx/lua/nginx-google-oauth/access.lua
-# COPY ./docker/etc-nginx /etc/nginx
+RUN luarocks install lua-resty-string
+RUN luarocks install lua-resty-http
+RUN luarocks install lua-resty-core
+RUN luarocks install lua-cjson
+
+#COPY ./access.lua /etc/nginx/lua/nginx-google-oauth/access.lua
+#COPY ./docker/etc-nginx /etc/nginx
+
 #COPY ./etc/nginx /etc/nginx
 #COPY run.sh /etc/nginx/run.sh
 

nginx/etc/nginx/lua/nginx-google-oauth/access.lua

@@ -1,8 +1,8 @@
 -- Copyright 2015-2016 CloudFlare
 -- Copyright 2014-2015 Aaron Westendorf
 
-local json = require("cjson")
 local http = require("resty.http")
+local json = require("cjson")
 
 local uri         = ngx.var.uri
 local uri_args    = ngx.req.get_uri_args()

nginx/etc/nginx/nginx.conf

@@ -26,8 +26,6 @@ http {
 
 	##
 	# Basic Settings
-	##
-
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
@@ -50,7 +48,7 @@ http {
 	##
 	# SSL Settings
 	##
-  # deprecated - see certbot
+  	# deprecated - see certbot
 	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
 	# ssl_prefer_server_ciphers on;
 
@@ -84,7 +82,6 @@ http {
 	include /etc/letsencrypt/options-ssl-nginx.conf;
 	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
-	##
 	# increase timeouts to 10 minutes
 	##
 	proxy_connect_timeout       600;
@@ -96,15 +93,19 @@ http {
 	# Virtual Host Configs
 	##
 
-	lua_package_path '/etc/nginx/lua/?.lua;';
+	# using different image don't need these
+	#lua_package_path '/etc/nginx/lua/?.lua;/etc/nginx/library/?.lua;;/usr/local/share/lua/5.1/?.lua;;/usr/local/lib/lua/?.lua;;/etc/nginx/lua/resty/?.lua;;/etc/nginx/lua/nginx-google-oauth/access.lua;;';
+	#lua_package_cpath "/usr/local/lib/lua/5.1/?.so;;";
+	#lua_package_path '/etc/nginx/lua/?.lua;/usr/local/share/lua/5.1/?.lua;/etc/nginx/lua/nginx-google-oauth/?.lua;/usr/local/share/lua/5.1/resty/?.lua;'
+        #lua_package_cpath "/usr/local/lib/lua/5.1/?.so;;";
 
-	include /etc/nginx/conf.d/*.conf;
+
+	include  /etc/nginx/conf.d/*.conf;
 	include /etc/nginx/sites-enabled/bmeg.io;
 	include /etc/nginx/sites-enabled/bmegio.ohsu.edu;
-	include /etc/nginx/sites-enabled/gen3-ohsu.ddns.net;
-	include /etc/nginx/sites-enabled/bmeg-jupyter.ddns.net;
+	#include /etc/nginx/sites-enabled/gen3-ohsu.ddns.net;
+	#include /etc/nginx/sites-enabled/bmeg-jupyter.ddns.net;
 	include /etc/nginx/sites-enabled/recount.bio;
-	include /etc/nginx/sites-enabled/methylation.recount.bio;
+	include  /etc/nginx/sites-enabled/methylation.recount.bio;
 	include /etc/nginx/sites-enabled/commons.bmeg.io;
-
 }

nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu

@@ -11,7 +11,7 @@ server {
   listen [::]:443 ssl http2;
 
   server_name bmegio.ohsu.edu;
-  ssl_certificate /etc/letsencrypt/live/bmegio.ohsu.edu/fullchain.pem;
+  ssl_certificate /etc/letsencrypt/live/bmegio.ohsu.edu/cert.pem;
   ssl_certificate_key /etc/letsencrypt/live/bmegio.ohsu.edu/privkey.pem;
   ssl_protocols TLSv1.2;
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

nginx/etc/nginx/sites-enabled/methylation.recount.bio

@@ -18,7 +18,8 @@ server {
 
   # data
   location / {
-    alias /usr/share/nginx/recount.bio.data/; # directory to list
+    # alias /usr/share/nginx/recount.bio.data/; # directory to list
+    alias /usr/share/nginx/methylation.recount.bio/; #directory to list
     autoindex on;
   }
   # for certbot challenge

nginx/etc/nginx/sites-enabled/recount.bio

@@ -23,7 +23,8 @@ server {
   }
 	# data
   location /data {
-    alias /usr/share/nginx/recount.bio.data/; # directory to list
+    #alias /usr/share/nginx/recount.bio.data/; # directory to list
+    alias /usr/share/nginx/recount.bio/;
     autoindex on;
   }
   # for certbot challenge

nginx/usr/share/nginx/methylation.recount.bio/index.html

@@ -0,0 +1 @@
+<h1>methylation.recount.bio content goes here</h1>