[PLA-1652] Allows www-data to call horizon supervisorctl (#34)

configs/core/Dockerfile

@@ -1,26 +1,22 @@
 # Stage: setup-web-server
 FROM php:apache-buster as setup-web-server
 
-# Install dependencies.
+# Install dependencies
 RUN apt-get update -y && \
     apt-get install -y gnupg gosu curl ca-certificates zip unzip git supervisor sqlite3 libcap2-bin libpng-dev python2 && \
     apt-get install -y libpq-dev libgmp-dev libsodium-dev libmemcached-dev zlib1g-dev wait-for-it libffi-dev golang-go && \
     apt-get install -y inotify-tools libcurl4-openssl-dev libpq-dev libssl-dev supervisor dos2unix
 
-# Install imagick
+# Install imagick and redis
 RUN apt-get install -y libmagickwand-dev --no-install-recommends && \
-    pecl install imagick
+    pecl install imagick redis
 
 # Install node and npm
-RUN curl -sL https://deb.nodesource.com/setup_16.x -o /tmp/nodesource_setup.sh
-RUN bash /tmp/nodesource_setup.sh
-RUN apt-get install -y nodejs
-
-COPY scripts/ /usr/scripts/
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - &&\
+    apt-get install -y nodejs
 
+# Install and enable additional php modules
 RUN docker-php-ext-install ffi pdo pdo_mysql gmp bcmath sodium mysqli sockets pcntl gd
-
-RUN /usr/scripts/install-php-redis.sh
 RUN docker-php-ext-enable redis imagick
 
 # Stage: create-application
@@ -45,7 +41,6 @@ RUN cd laravel-application && \
 RUN cd /app/laravel-application/vendor/gmajor/sr25519-bindings/go && go build -buildmode=c-shared -o sr25519.so . && mv sr25519.so ../src/Crypto/sr25519.so
 
 # Stage: http setup
-
 FROM create-application as http-setup
 
 # Set ServerName to be localhost.
@@ -60,7 +55,7 @@ RUN dos2unix /var/www/html/.env
 
 # Set permissions and ownership.
 RUN chmod 777 -R /var/www/html/storage/
-RUN chown -R www-data:www-data /var/www/
+RUN chown -R www-data:www-data /var/www/ /var/log/supervisor
 
 # Enable mod rewrite.
 RUN update-rc.d supervisor defaults
@@ -71,7 +66,7 @@ COPY configs/core/apache/000-default.conf /etc/apache2/sites-available/000-defau
 
 # Copy php configs.
 COPY configs/core/php /usr/local/etc/php/conf.d
-COPY configs/core/supervisor /etc/supervisor/conf.d
+COPY configs/core/supervisor /etc/supervisor
 
 # Stage: platform-core
 FROM http-setup as enjin-platform

configs/core/php/memory-limit.ini

@@ -1,2 +1,2 @@
 [PHP]
-memory_limit=4096M
+memory_limit=-1

configs/core/routes/web.php

@@ -12,8 +12,4 @@
 |
 */
 
-Route::get('/', function () {
-    return view('welcome');
-});
-
 Route::get('/proof/{code}', fn() => redirect()->away('https://deeplink.wallet.enjin.io/scan/' . base64_encode(request()->fullUrl())));

configs/core/start.sh

@@ -3,27 +3,23 @@ set -e
 
 role=${CONTAINER_ROLE:-app}
 
+echo "Caching configuration..."
+php artisan cache:clear && php artisan config:cache
+
 if [ "$role" = "ingest" ]; then
     echo "Running ingest..."
-    (php artisan cache:clear && php artisan config:cache && php artisan migrate && php artisan platform:sync && php artisan platform:ingest)
+    php artisan migrate && php artisan platform:sync && php artisan platform:ingest
 elif [ "$role" = "app" ]; then
-    echo "Caching configuration..."
-    chown -hR www-data:www-data /var/www/html/storage/logs || true
-    APP_KEY=$(awk '$1 ~ /^APP_KEY/' .env | cut -d "=" -f 2)
-    if [ -z "$APP_KEY" ]; then
-      php artisan key:generate
-    fi
-    php artisan log-viewer:publish && php artisan platform-ui:install --route="/" --tenant="no" --skip && php artisan cache:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache
+    php artisan log-viewer:publish && php artisan platform-ui:install --route="/" --tenant="no" --skip && php artisan route:cache && php artisan view:cache
     echo "Running apache..."
     exec apache2-foreground
 elif [ "$role" = "websocket" ]; then
     echo "Running queue and websocket..."
-    chown -hR www-data:www-data /var/www/html/storage/logs || true
-    php artisan cache:clear && php artisan config:cache
-    supervisord -n --configuration /etc/supervisor/supervisord.conf
+    supervisord && supervisorctl start horizon
+    php artisan websockets:serve
 elif [ "$role" = "beam" ]; then
     echo "Running beam..."
-    (php artisan cache:clear && php artisan config:cache && php artisan platform:process-beam-claims)
+    php artisan platform:process-beam-claims
 else
     echo "Could not match the container role \"$role\""
     exit 1

configs/core/supervisor/queue.conf → configs/core/supervisor/conf.d/horizon.conf

@@ -1,9 +1,10 @@
 [program:horizon]
 process_name=%(program_name)s
 command=/usr/local/bin/php /var/www/html/artisan horizon
-autostart=true
+autostart=false
 autorestart=true
 user=www-data
+chown=www-data:www-data
 redirect_stderr=true
 stdout_logfile=/var/www/html/storage/logs/horizon.log
-stopwaitsecs=3600
+stopwaitsecs=3600

configs/core/supervisor/supervisord.conf

@@ -0,0 +1,30 @@
+; supervisor config file
+
+[unix_http_server]
+file=/tmp/supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+user=www-data
+chown=www-data:www-data
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

start.bat

@@ -60,6 +60,25 @@ if "%AUTH_TOKEN%"=="" (
 )
 goto :EOF
 
+:: Function to check if the $APP_KEY is set and generate a new one if not
+:check_and_generate_app_key
+:: Check if $APP_KEY is already set
+set "APP_KEY="
+for /f "tokens=2 delims==" %%i in ('findstr /r /c:"APP_KEY=" configs\core\.env') do (
+    set "APP_KEY=%%i"
+)
+:: If not set, generate a new key automatically
+if "%APP_KEY%"=="" (
+    echo No application key set. A new key will be generated automatically.
+
+    for /f "delims=" %%i in ('powershell -Command "$RandomBytes = New-Object byte[] 32; [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($RandomBytes); $Base64String = [Convert]::ToBase64String($RandomBytes); Write-Output $Base64String"') do (
+        set "APP_KEY=%%i"
+    )
+
+    powershell -Command "(Get-Content 'configs\core\.env') | ForEach-Object {$_ -replace '\bAPP_KEY=.*', 'APP_KEY=base64:!APP_KEY!'} | Set-Content 'configs\core\.env'"
+)
+goto :EOF
+
 :: Function to generate a daemon password and set it in the .env file
 :generate_daemon_password
 :: Generate a new daemon password
@@ -175,6 +194,7 @@ git submodule update --init
 call :check_has_app_url
 call :check_has_basic_token
 call :check_has_daemon_password
+call :check_and_generate_app_key
 
 :: Build the daemon container
 docker compose build daemon

start.sh

@@ -61,6 +61,20 @@ check_has_basic_token() {
   fi
 }
 
+check_and_generate_app_key() {
+  APP_KEY=$(awk '$1 ~ /^APP_KEY/' configs/core/.env | cut -d "=" -f 2)
+  if [ -z "$APP_KEY" ]; then
+    echo "No application key set. A new key will be generated automatically."
+    APP_KEY=$(dd if=/dev/urandom bs=32 count=1 status=none | base64)
+
+    if [ "$PLATFORM_OS" = "macOS" ]; then
+      sed -i '' -e "s#^APP_KEY=#APP_KEY=base64:$APP_KEY#g" configs/core/.env
+    else
+      sed -i "s#^APP_KEY=#APP_KEY=base64:$APP_KEY#g" configs/core/.env
+    fi
+  fi
+}
+
 generate_daemon_password() {
   # Generate a new key pass for the daemon and set to .env file
   WALLET_PASSWORD=$(openssl rand -hex 32)
@@ -158,6 +172,7 @@ git submodule update --init
 check_has_app_url
 check_has_basic_token
 check_has_daemon_password
+check_and_generate_app_key
 
 docker compose build daemon
 get_daemon_address