From 24be85e8e3c8c835306a393c8fa30a2b6896638f Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Wed, 21 Aug 2024 16:56:48 +0300 Subject: [PATCH 1/7] OZ-668: Setup Dockerfiles needed to build Ozone Embedded Docker images --- docker/docker-compose-embedded.yaml.template | 273 +------------------ docker/eip-erpnext-openmrs/Dockerfile | 2 +- docker/eip-odoo-openmrs/Dockerfile | 2 +- docker/eip-openmrs-senaite/Dockerfile | 2 +- docker/erpnext/Dockerfile | 4 +- docker/frontend/Dockerfile | 8 + docker/frontend/startup.sh | 6 + docker/mysql/Dockerfile | 5 + docker/postgresql/Dockerfile | 3 + docker/senaite/Dockerfile | 2 +- 10 files changed, 40 insertions(+), 267 deletions(-) create mode 100644 docker/frontend/Dockerfile create mode 100755 docker/frontend/startup.sh create mode 100644 docker/mysql/Dockerfile create mode 100644 docker/postgresql/Dockerfile diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index 7ea6773..bb9c40e 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -3,37 +3,7 @@ networks: web: external: true -x-erpnext-image: &erpnext-image - image: frappe/erpnext:v15.12.2 - platform: linux/amd64 - -x-redis-image: &redis-image - image: redis:6.2-alpine - -x-ozone-networks: &ozone-networks - networks: - - ozone - - web - -x-erpnext-volumes: &erpnext-volumes - volumes: - - erpnext-sites:/home/frappe/frappe-bench/sites - - erpnext-logs:/home/frappe/frappe-bench/logs - services: - - env-substitution: - image: mekomsolutions/env-substitution - networks: - - ozone - environment: - - ODOO_PUBLIC_URL=https://\${ODOO_HOSTNAME} - - OPENMRS_PUBLIC_URL=https://\${O3_HOSTNAME} - - SENAITE_PUBLIC_URL=https://\${SENAITE_HOSTNAME} - restart: on-failure - volumes: - - "\${DISTRO_PATH}:/opt/env-substitution/files" - mysql: command: - --character-set-server=utf8mb4 @@ -47,9 +17,6 @@ services: - --binlog-annotate-row-events=0 environment: MYSQL_ROOT_PASSWORD: "\${MYSQL_ROOT_PASSWORD}" - EIP_DB_NAME_ERPNEXT: \${EIP_DB_NAME_ERPNEXT} - EIP_DB_USER_ERPNEXT: \${EIP_DB_USER_ERPNEXT} - EIP_DB_PASSWORD_ERPNEXT: \${EIP_DB_PASSWORD_ERPNEXT} EIP_DB_NAME_ODOO: \${EIP_DB_NAME_ODOO} EIP_DB_USER_ODOO: \${EIP_DB_USER_ODOO} EIP_DB_PASSWORD_ODOO: \${EIP_DB_PASSWORD_ODOO} @@ -61,7 +28,7 @@ services: EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} healthcheck: test: "exit 0" - image: mariadb:10.8 + image: mekomsolutions/ozone-embedded-mysql networks: - ozone ports: @@ -69,15 +36,10 @@ services: restart: unless-stopped volumes: - "\${MYSQL_DATADIR:-mysql-data}:/var/lib/mysql" - - "\${SQL_SCRIPTS_PATH}/mysql/create_db.sh:/docker-entrypoint-initdb.d/create_db.sh" - - "\${SQL_SCRIPTS_PATH}/mysql/eip-erpnext-openmrs:/docker-entrypoint-initdb.d/db/eip-erpnext-openmrs" - - "\${SQL_SCRIPTS_PATH}/mysql/eip-odoo-openmrs:/docker-entrypoint-initdb.d/db/eip-odoo-openmrs" - - "\${SQL_SCRIPTS_PATH}/mysql/openmrs:/docker-entrypoint-initdb.d/db/openmrs" - - "\${SQL_SCRIPTS_PATH}/mysql/eip-openmrs-senaite:/docker-entrypoint-initdb.d/db/eip-openmrs-senaite" - + postgresql: command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: postgres:13 + image: mekomsolutions/ozone-embedded-postgresql environment: POSTGRES_DB: postgres POSTGRES_USER: \${POSTGRES_USER} @@ -97,207 +59,7 @@ services: restart: unless-stopped volumes: - "\${POSTGRES_DATADIR:-postgresql-data}:/var/lib/postgresql/data" - - "\${SQL_SCRIPTS_PATH}/postgresql/create_db.sh:/docker-entrypoint-initdb.d/create_db.sh" - - "\${SQL_SCRIPTS_PATH}/postgresql/odoo:/docker-entrypoint-initdb.d/db/odoo" - erpnext-backend: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - restart: unless-stopped - erpnext-configurator: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - > - ls -1 apps > sites/apps.txt; - bench set-config -g db_host \$\$DB_HOST; - bench set-config -gp db_port \$\$DB_PORT; - bench set-config -g redis_cache "redis://\$\$REDIS_CACHE"; - bench set-config -g redis_queue "redis://\$\$REDIS_QUEUE"; - bench set-config -g redis_socketio "redis://\$\$REDIS_QUEUE"; - bench set-config -gp socketio_port \$\$SOCKETIO_PORT; - entrypoint: - - bash - - -c - environment: - DB_HOST: mysql - DB_PORT: "3306" - REDIS_CACHE: erpnext-redis-cache:6379 - REDIS_QUEUE: erpnext-redis-queue:6379 - SOCKETIO_PORT: "9000" - - erpnext-init: - <<: [ *erpnext-image, *ozone-networks ] - command: - - > - wait-for-it -t 120 mysql:3306; - wait-for-it -t 120 erpnext-redis-cache:6379; - wait-for-it -t 120 erpnext-redis-queue:6379; - export start=`date +%s`; - until [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".db_host // empty"` ]] && \ - [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".redis_cache // empty"` ]] && \ - [[ -n `grep -hs ^ sites/common_site_config.json | jq -r ".redis_queue // empty"` ]]; - do - echo "Waiting for sites/common_site_config.json to be created"; - sleep 5; - if (( `date +%s`-start > 120 )); then - echo "could not find sites/common_site_config.json with required keys"; - exit 1 - fi - done; - echo "sites/common_site_config.json found"; - echo "Creating new site"; - bench new-site --no-mariadb-socket --admin-password=\$\$ERPNEXT_ADMIN_PASSWORD --db-root-password=\$\$MYSQL_ADMIN_PASSWORD --db-name=\$\$ERPNEXT_DB_NAME --source_sql=/opt/erpnext/configs/sql/erpnext-v15.12.2-init-db.sql --install-app erpnext --set-default ozone-erpnext; - echo "=============================================================="; - export startTime=`date +%s`; - until [[ -f sites/ozone-erpnext/site_config.json ]]; - do - echo "Waiting for sites/ozone-erpnext/site_config.json to be created"; - sleep 5; - if (( `date +%s`-startTime > 480 )); then - echo "could not find sites/ozone-erpnext/site_config.json"; - exit 1 - fi - done; - echo "Site fully initialized"; - echo "Running data-import.sh script to import data into the new site"; - source /opt/erpnext/scripts/data-import.sh; - echo "=============================================================="; - - depends_on: - erpnext-configurator: - condition: service_completed_successfully - mysql: - condition: service_started - erpnext-redis-cache: - condition: service_started - erpnext-redis-queue: - condition: service_started - entrypoint: - - bash - - -c - environment: - ERPNEXT_ADMIN_PASSWORD: \${ERPNEXT_PASSWORD} - MYSQL_ADMIN_PASSWORD: \${MYSQL_ROOT_PASSWORD} - ERPNEXT_DB_NAME: \${ERPNEXT_DB_NAME} - volumes: - - erpnext-sites:/home/frappe/frappe-bench/sites - - erpnext-logs:/home/frappe/frappe-bench/logs - - "\${ERPNEXT_CONFIG_PATH}:/opt/erpnext/configs" - - "\${ERPNEXT_SCRIPTS_PATH}:/opt/erpnext/scripts" - - erpnext: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - nginx-entrypoint.sh - depends_on: - erpnext-websocket: - condition: service_started - erpnext-init: - condition: service_completed_successfully - mysql: - condition: service_started - env-substitution: - condition: service_completed_successfully - restart: on-failure - environment: - BACKEND: erpnext-backend:8000 - FRAPPE_SITE_NAME_HEADER: ozone-erpnext - SOCKETIO: erpnext-websocket:9000 - UPSTREAM_REAL_IP_ADDRESS: 127.0.0.1 - UPSTREAM_REAL_IP_HEADER: X-Forwarded-For - UPSTREAM_REAL_IP_RECURSIVE: "off" - PROXY_READ_TIMEOUT: 120 - CLIENT_MAX_BODY_SIZE: 50m - labels: - traefik.enable: "true" - traefik.http.routers.erpnext.rule: "Host(`\${ERPNEXT_HOSTNAME}`)" - traefik.http.routers.erpnext.entrypoints: "websecure" - traefik.http.services.erpnext.loadbalancer.server.port: 8080 - - erpnext-queue-long: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - bench - - worker - - --queue - - long,default,short - restart: on-failure - - erpnext-queue-short: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - bench - - worker - - --queue - - short,default - restart: on-failure - - erpnext-redis-queue: - <<: [ *redis-image, *ozone-networks ] - restart: on-failure - volumes: - - erpnext-redis-queue-data:/data - - erpnext-redis-cache: - <<: [ *redis-image, *ozone-networks ] - restart: on-failure - volumes: - - erpnext-redis-cache-data:/data - - erpnext-scheduler: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - bench - - schedule - restart: on-failure - - erpnext-websocket: - <<: [ *erpnext-image, *erpnext-volumes, *ozone-networks ] - command: - - node - - /home/frappe/frappe-bench/apps/frappe/socketio.js - restart: on-failure - - eip-erpnext-openmrs: - <<: [ *ozone-networks ] - depends_on: - env-substitution: - condition: service_completed_successfully - openmrs: - condition: service_healthy - mysql: - condition: service_started - erpnext: - condition: service_started - environment: - - ERPNEXT_SERVER_URL=http://erpnext:8080/api - - ERPNEXT_USERNAME=\${ERPNEXT_USER} - - ERPNEXT_PASSWORD=\${ERPNEXT_PASSWORD} - - ERPNEXT_OPENMRS_ENABLE_PATIENT_SYNC=false - - EIP_DB_NAME_ERPNEXT=\${EIP_DB_NAME_ERPNEXT} - - EIP_DB_USER_ERPNEXT=\${EIP_DB_USER_ERPNEXT} - - EIP_DB_PASSWORD_ERPNEXT=\${EIP_DB_PASSWORD_ERPNEXT} - - EIP_PROFILE=prod - - MYSQL_ADMIN_USER=root - - MYSQL_ADMIN_USER_PASSWORD=\${MYSQL_ROOT_PASSWORD} - - OPENMRS_DB_HOST=\${OPENMRS_DB_HOST} - - OPENMRS_DB_PORT=\${OPENMRS_DB_PORT} - - OPENMRS_DB_NAME=\${OPENMRS_DB_NAME} - - OPENMRS_DB_USER=\${OPENMRS_DB_USER} - - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - - EIP_FHIR_RESOURCES=Patient,ServiceRequest,MedicationRequest,Encounter - - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - - EIP_FHIR_USERNAME=\${OPENMRS_USER} - - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: mekomsolutions/${dockerreponame}-eip-client - networks: - ozone: - aliases: - - eip-client-erpnext - - eip-erpnext-openmrs - restart: unless-stopped - volumes: - - "\${EIP_ERPNEXT_OPENMRS_ROUTES_PATH}:/eip-client/routes" - - eip-home-erpnext:/eip-home # Odoo odoo: depends_on: @@ -310,7 +72,7 @@ services: - ADDONS=sale_management,stock,account_account,purchase,mrp,odoo_initializer,ozone_settings,mrp_product_expiry,product_expiry,l10n_generic_coa - INITIALIZER_DATA_FILES_PATH=/mnt/odoo_config - INITIALIZER_CONFIG_FILE_PATH=/mnt/odoo_config/initializer_config.json - image: mekomsolutions/mekomsolutions/${dockerreponame}-odoo + image: mekomsolutions/ozone-embedded-odoo:${dockertag} labels: traefik.enable: true # https @@ -355,8 +117,6 @@ services: # Odoo - OpenMRS integration service eip-odoo-openmrs: depends_on: - env-substitution: - condition: service_completed_successfully openmrs: condition: service_healthy mysql: @@ -396,7 +156,7 @@ services: - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - EIP_FHIR_USERNAME=\${OPENMRS_USER} - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: mekomsolutions/mekomsolutions/${dockerreponame}-eip-client + image: mekomsolutions/ozone-embedded-eip-odoo-openmrs:${dockertag} networks: ozone: aliases: @@ -411,8 +171,6 @@ services: depends_on: mysql: condition: service_started - env-substitution: - condition: service_completed_successfully environment: OMRS_CONFIG_MODULE_WEB_ADMIN: "true" OMRS_CONFIG_AUTO_UPDATE_DATABASE: "true" @@ -428,7 +186,7 @@ services: timeout: 5s retries: 48 start_period: 120s - image: mekomsolutions/${dockerreponame}-O3-backend:\${O3_DOCKER_IMAGE_TAG:-nightly} + image: mekomsolutions/ozone-embedded-openmrs-3-backend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" @@ -457,10 +215,13 @@ services: API_URL: /openmrs SPA_CONFIG_URLS: \${SPA_CONFIG_URLS} SPA_DEFAULT_LOCALE: \${SPA_DEFAULT_LOCALE} + ODOO_PUBLIC_URL: https://\${ODOO_HOSTNAME} + OPENMRS_PUBLIC_URL: https://\${O3_HOSTNAME} + SENAITE_PUBLIC_URL: https://\${SENAITE_HOSTNAME} healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] timeout: 5s - image: mekomsolutions/${dockerreponame}-O3-frontend:\${O3_DOCKER_IMAGE_TAG:-nightly} + image: mekomsolutions/ozone-embedded-openmrs-3-frontend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" @@ -492,14 +253,11 @@ services: - "\${OPENMRS_FRONTEND_CONFIG_PATH}:/usr/share/nginx/html/ozone" # SENAITE senaite: - depends_on: - env-substitution: - condition: service_completed_successfully environment: - SITE=\${SITE} - ADMIN_USER=\${SENAITE_ADMIN_USER} - ADMIN_PASSWORD=\${SENAITE_ADMIN_PASSWORD} - image: mekomsolutions/${dockerreponame}-senaite:latest + image: mekomsolutions/ozone-embedded-senaite:${dockertag} labels: - "traefik.enable=true" - "traefik.http.services.senaite.loadbalancer.server.port=8080" @@ -518,8 +276,6 @@ services: # OpenMRS - SENAITE integration service eip-openmrs-senaite: depends_on: - env-substitution: - condition: service_completed_successfully openmrs: condition: service_healthy mysql: @@ -552,7 +308,7 @@ services: - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - OPENMRS_USER=\${OPENMRS_USER} - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} - image: mekomsolutions/${dockerreponame}-eip-client + image: mekomsolutions/ozone-embedded-eip-openmrs-senaite:${dockertag} networks: ozone: aliases: @@ -566,11 +322,6 @@ version: "3.7" volumes: mysql-data: ~ postgresql-data: ~ - erpnext-redis-queue-data: ~ - erpnext-redis-cache-data: ~ - erpnext-sites: ~ - erpnext-logs: ~ - eip-home-erpnext: ~ eip-home-odoo: ~ odoo-checksums: ~ odoo-config: ~ diff --git a/docker/eip-erpnext-openmrs/Dockerfile b/docker/eip-erpnext-openmrs/Dockerfile index 37ade60..28e18d3 100644 --- a/docker/eip-erpnext-openmrs/Dockerfile +++ b/docker/eip-erpnext-openmrs/Dockerfile @@ -1,2 +1,2 @@ FROM mekomsolutions/eip-client -ADD target/ozone-1.0.0-SNAPSHOT/distro/binaries/eip-erpnext-openmrs /eip-client/routes \ No newline at end of file +ADD binaries/eip-erpnext-openmrs /eip-client/routes \ No newline at end of file diff --git a/docker/eip-odoo-openmrs/Dockerfile b/docker/eip-odoo-openmrs/Dockerfile index 5f4bfca..ea95462 100644 --- a/docker/eip-odoo-openmrs/Dockerfile +++ b/docker/eip-odoo-openmrs/Dockerfile @@ -1,2 +1,2 @@ FROM mekomsolutions/eip-client -ADD target/ozone-1.0.0-SNAPSHOT/distro/binaries/eip-odoo-openmrs /eip-client/routes \ No newline at end of file +ADD binaries/eip-odoo-openmrs /eip-client/routes \ No newline at end of file diff --git a/docker/eip-openmrs-senaite/Dockerfile b/docker/eip-openmrs-senaite/Dockerfile index 662ca99..ecd6f0a 100644 --- a/docker/eip-openmrs-senaite/Dockerfile +++ b/docker/eip-openmrs-senaite/Dockerfile @@ -1,2 +1,2 @@ FROM mekomsolutions/eip-client -ADD target/ozone-1.0.0-SNAPSHOT/distro/binaries/eip-openmrs-senaite /eip-client/routes \ No newline at end of file +ADD binaries/eip-openmrs-senaite /eip-client/routes \ No newline at end of file diff --git a/docker/erpnext/Dockerfile b/docker/erpnext/Dockerfile index d6cb351..fe59135 100644 --- a/docker/erpnext/Dockerfile +++ b/docker/erpnext/Dockerfile @@ -1,3 +1,3 @@ FROM frappe/erpnext:v15.12.2 -ADD target/ozone-1.0.0-SNAPSHOT/distro/binaries/erpnext/scripts /opt/erpnext/scripts -ADD target/ozone-1.0.0-SNAPSHOT/distro/configs/erpnext/initializer_config /opt/erpnext/configs +ADD binaries/erpnext/scripts /opt/erpnext/scripts +ADD configs/erpnext/initializer_config /opt/erpnext/configs diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile new file mode 100644 index 0000000..73c986a --- /dev/null +++ b/docker/frontend/Dockerfile @@ -0,0 +1,8 @@ +FROM openmrs/openmrs-reference-application-3-frontend:nightly +ADD distro/binaries/openmrs/frontend /usr/share/nginx/html +ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/ozone +RUN mkdir -p /app +WORKDIR /app +COPY docker-embedded/docker/frontend/startup.sh /app +RUN chmod +x /app/startup.sh +CMD ["/app/startup.sh"] \ No newline at end of file diff --git a/docker/frontend/startup.sh b/docker/frontend/startup.sh new file mode 100755 index 0000000..e2bc5b8 --- /dev/null +++ b/docker/frontend/startup.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -e +if [ -f "/usr/share/nginx/html/ozone/ozone-frontend-config.json" ]; then + envsubst '${ODOO_PUBLIC_URL} ${OPENMRS_PUBLIC_URL} ${SENAITE_PUBLIC_URL}' < "/usr/share/nginx/html/ozone/ozone-frontend-config.json" | sponge "/usr/share/nginx/html/ozone/ozone-frontend-config.json" +fi +/usr/local/bin/startup.sh diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile new file mode 100644 index 0000000..1368fee --- /dev/null +++ b/docker/mysql/Dockerfile @@ -0,0 +1,5 @@ +FROM mariadb:10.8 +ADD data/mysql/create_db.sh /docker-entrypoint-initdb.d/create_db.sh +ADD data/mysql/eip-odoo-openmrs /docker-entrypoint-initdb.d/db/eip-odoo-openmrs +ADD data/mysql/openmrs /docker-entrypoint-initdb.d/db/openmrs +ADD data/mysql/eip-openmrs-senaite /docker-entrypoint-initdb.d/db/eip-openmrs-senaite \ No newline at end of file diff --git a/docker/postgresql/Dockerfile b/docker/postgresql/Dockerfile new file mode 100644 index 0000000..96e4c04 --- /dev/null +++ b/docker/postgresql/Dockerfile @@ -0,0 +1,3 @@ +FROM postgres:13 +ADD data/postgresql/create_db.sh /docker-entrypoint-initdb.d/create_db.sh +ADD data/postgresql/odoo /docker-entrypoint-initdb.d/db/odoo \ No newline at end of file diff --git a/docker/senaite/Dockerfile b/docker/senaite/Dockerfile index 731e13d..ba8f7e9 100644 --- a/docker/senaite/Dockerfile +++ b/docker/senaite/Dockerfile @@ -1,2 +1,2 @@ FROM mekomsolutions/senaite -ADD target/ozone-1.0.0-SNAPSHOT/distro/configs/senaite/initializer_config /data/importdata/senaite \ No newline at end of file +ADD configs/senaite/initializer_config /data/importdata/senaite \ No newline at end of file From 8fd6c989ff95626e9a9fe8353ffcc2e018e4a830 Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Thu, 22 Aug 2024 07:28:17 +0300 Subject: [PATCH 2/7] refactors and version fixes --- docker/docker-compose-embedded.yaml.template | 17 ++--------------- docker/frontend/Dockerfile | 2 +- pom.xml | 4 ++-- 3 files changed, 5 insertions(+), 18 deletions(-) diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index bb9c40e..e0566aa 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -28,7 +28,7 @@ services: EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} healthcheck: test: "exit 0" - image: mekomsolutions/ozone-embedded-mysql + image: mekomsolutions/ozone-embedded-mysql:${dockertag} networks: - ozone ports: @@ -39,7 +39,7 @@ services: postgresql: command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: mekomsolutions/ozone-embedded-postgresql + image: mekomsolutions/ozone-embedded-postgresql:${dockertag} environment: POSTGRES_DB: postgres POSTGRES_USER: \${POSTGRES_USER} @@ -109,9 +109,6 @@ services: restart: unless-stopped volumes: - "\${ODOO_FILESTORE:-odoo-filestore}:/var/lib/odoo/filestore" - - "\${ODOO_EXTRA_ADDONS:-odoo-extra-addons}:/mnt/extra-addons" - - "\${ODOO_CONFIG_PATH:-odoo-config}:/mnt/odoo_config" - - "\${ODOO_CONFIG_FILE_PATH:-odoo-config}:/etc/properties/odoo.conf" - "\${ODOO_CONFIG_CHECKSUMS_PATH:-odoo-checksums}:/mnt/checksums" # Odoo - OpenMRS integration service @@ -164,7 +161,6 @@ services: - eip-odoo-openmrs restart: unless-stopped volumes: - - "\${EIP_ODOO_OPENMRS_ROUTES_PATH}:/eip-client/routes" - eip-home-odoo:/eip-home # OpenMRS 3 Backend openmrs: @@ -201,12 +197,7 @@ services: restart: unless-stopped volumes: - "openmrs-data:/openmrs/data" - - "\${OPENMRS_OWAS_PATH:-openmrs-owas}:/openmrs/distribution/openmrs_owas/" - - "\${OPENMRS_CORE_PATH:-openmrs-core}:/openmrs/distribution/openmrs_core/" - - "\${OPENMRS_MODULES_PATH:-openmrs-modules}:/openmrs/distribution/openmrs_modules/" - - "\${OPENMRS_CONFIG_PATH:-openmrs-config}:/openmrs/distribution/openmrs_config/" - "\${OPENMRS_CONFIG_CHECKSUMS_PATH:-openmrs-config-checksums}:/openmrs/data/configuration_checksums" - - "\${OPENMRS_PROPERTIES_PATH}:/etc/properties/" # OpenMRS 3 Frontend frontend: @@ -248,9 +239,6 @@ services: - ozone - web restart: unless-stopped - volumes: - - "\${OPENMRS_FRONTEND_BINARY_PATH}:/usr/share/nginx/html" - - "\${OPENMRS_FRONTEND_CONFIG_PATH}:/usr/share/nginx/html/ozone" # SENAITE senaite: environment: @@ -269,7 +257,6 @@ services: - web restart: unless-stopped volumes: - - \${SENAITE_CONFIG_PATH}:/data/importdata/senaite - senaite-filestorage:/data/filestorage - senaite-blobstorage:/data/blobstorage diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile index 73c986a..2738e33 100644 --- a/docker/frontend/Dockerfile +++ b/docker/frontend/Dockerfile @@ -3,6 +3,6 @@ ADD distro/binaries/openmrs/frontend /usr/share/nginx/html ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/ozone RUN mkdir -p /app WORKDIR /app -COPY docker-embedded/docker/frontend/startup.sh /app +COPY docker-embedded/frontend/startup.sh /app RUN chmod +x /app/startup.sh CMD ["/app/startup.sh"] \ No newline at end of file diff --git a/pom.xml b/pom.xml index 3e77ee6..fcf3186 100644 --- a/pom.xml +++ b/pom.xml @@ -63,9 +63,9 @@ ${project.build.directory}/${project.artifactId}-${project.version} - ${project.basedir} + ${project.basedir}/docker - docker/ + ** scripts/distro/ From 8f36ae8486c8d8edcd5b6bed420ca225582ca92a Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Thu, 22 Aug 2024 17:15:14 +0300 Subject: [PATCH 3/7] Remove unused routes volume in SENAITE EIP --- docker/docker-compose-embedded.yaml.template | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index e0566aa..e5d640f 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -302,7 +302,6 @@ services: - eip-client-senaite restart: unless-stopped volumes: - - "\${EIP_OPENMRS_SENAITE_ROUTES_PATH}:/eip-client/routes" - eip-home-senaite:/eip-home version: "3.7" From fecd0bbf92b619d5ba4c237cec08e96296ef8d84 Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Mon, 26 Aug 2024 18:31:21 +0300 Subject: [PATCH 4/7] Update image names --- docker/docker-compose-embedded.yaml.template | 36 ++++- docker/proxy/Dockerfile | 6 + docker/proxy/default.conf.template | 155 +++++++++++++++++++ docker/proxy/nginx.conf | 31 ++++ 4 files changed, 220 insertions(+), 8 deletions(-) create mode 100644 docker/proxy/Dockerfile create mode 100644 docker/proxy/default.conf.template create mode 100644 docker/proxy/nginx.conf diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index e5d640f..daef477 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -28,7 +28,7 @@ services: EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} healthcheck: test: "exit 0" - image: mekomsolutions/ozone-embedded-mysql:${dockertag} + image: ozone-embedded-mysql:${dockertag} networks: - ozone ports: @@ -39,7 +39,7 @@ services: postgresql: command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: mekomsolutions/ozone-embedded-postgresql:${dockertag} + image: ozone-embedded-postgresql:${dockertag} environment: POSTGRES_DB: postgres POSTGRES_USER: \${POSTGRES_USER} @@ -72,7 +72,7 @@ services: - ADDONS=sale_management,stock,account_account,purchase,mrp,odoo_initializer,ozone_settings,mrp_product_expiry,product_expiry,l10n_generic_coa - INITIALIZER_DATA_FILES_PATH=/mnt/odoo_config - INITIALIZER_CONFIG_FILE_PATH=/mnt/odoo_config/initializer_config.json - image: mekomsolutions/ozone-embedded-odoo:${dockertag} + image: ozone-embedded-odoo:${dockertag} labels: traefik.enable: true # https @@ -153,7 +153,7 @@ services: - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - EIP_FHIR_USERNAME=\${OPENMRS_USER} - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: mekomsolutions/ozone-embedded-eip-odoo-openmrs:${dockertag} + image: ozone-embedded-eip-odoo-openmrs:${dockertag} networks: ozone: aliases: @@ -182,7 +182,7 @@ services: timeout: 5s retries: 48 start_period: 120s - image: mekomsolutions/ozone-embedded-openmrs-3-backend:${dockertag} + image: ozone-embedded-openmrs-3-backend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" @@ -212,7 +212,7 @@ services: healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] timeout: 5s - image: mekomsolutions/ozone-embedded-openmrs-3-frontend:${dockertag} + image: ozone-embedded-openmrs-3-frontend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" @@ -245,7 +245,7 @@ services: - SITE=\${SITE} - ADMIN_USER=\${SENAITE_ADMIN_USER} - ADMIN_PASSWORD=\${SENAITE_ADMIN_PASSWORD} - image: mekomsolutions/ozone-embedded-senaite:${dockertag} + image: ozone-embedded-senaite:${dockertag} labels: - "traefik.enable=true" - "traefik.http.services.senaite.loadbalancer.server.port=8080" @@ -295,7 +295,7 @@ services: - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - OPENMRS_USER=\${OPENMRS_USER} - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} - image: mekomsolutions/ozone-embedded-eip-openmrs-senaite:${dockertag} + image: ozone-embedded-eip-openmrs-senaite:${dockertag} networks: ozone: aliases: @@ -303,6 +303,25 @@ services: restart: unless-stopped volumes: - eip-home-senaite:/eip-home + proxy: + restart: unless-stopped + image: ozone-embedded-proxy:${dockertag} + healthcheck: + test: + - CMD + - curl + - "-f" + - "http://localhost/" + networks: + ozone: + ports: + - "${PROXY_PUBLIC_PORT:-80}:80" + - "8069:8069" + - "8081:8081" + - "8088:8088" + - "8082:8082" + volumes: + - "\${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" version: "3.7" volumes: @@ -323,4 +342,5 @@ volumes: eip-home-senaite: ~ senaite-blobstorage: ~ senaite-filestorage: ~ + proxy-tls-certs: ~ \ No newline at end of file diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile new file mode 100644 index 0000000..fd0309b --- /dev/null +++ b/docker/proxy/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx:1.25-alpine + +ENV FRAME_ANCESTORS "" + +COPY docker-embedded/proxy/nginx.conf /etc/nginx/nginx.conf +COPY docker-embedded/proxy/default.conf.template /etc/nginx/templates/ \ No newline at end of file diff --git a/docker/proxy/default.conf.template b/docker/proxy/default.conf.template new file mode 100644 index 0000000..dd3d571 --- /dev/null +++ b/docker/proxy/default.conf.template @@ -0,0 +1,155 @@ +map $request_uri $csp_header { + default "default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src 'self'; img-src 'self' data:; frame-ancestors 'self' ${FRAME_ANCESTORS};"; + "~^/openmrs/(?:admin|dictionary|module|patientDashboard.form)/" "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src 'self'; frame-ancestors 'self';"; + "~^/openmrs/owa" "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src 'self' data:; img-src 'self' data:; frame-ancestors 'self';"; +} + +map $http_x_forwarded_proto $forwarded_proto { + "~.*" $http_x_forwarded_proto; + default $scheme; +} + +map $http_x_real_ip $forwarded_ip { + "~.*" $http_x_real_ip; + default $remote_addr; +} + +map $forwarded_proto $var_proxy_cookie_flags { + https "JSESSIONID secure samesite=strict"; + default "off"; +} + +upstream frontend { + # always assume the frontend will be available + server frontend max_fails=0; +} + +upstream backend { + server openmrs:8080 max_fails=0; +} + +server { + listen 80; + + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy $csp_header; + add_header X-Content-Type-Options nosniff; + + proxy_set_header HOST $host; + proxy_set_header X-Forwarded-Proto $forwarded_proto; + proxy_set_header X-Real-IP $forwarded_ip; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # if serving this via HTTPS, the following is recommended + # proxy_cookie_flags $var_proxy_cookie_flags; + proxy_http_version 1.1; + + gzip on; + gzip_vary on; + # 1 KiB + gzip_min_length 1024; + gzip_proxied any; + gzip_http_version 1.0; + gzip_types font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml + application/atom+xml + application/geo+json + application/importmap+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/fhir+json + application/fhir+xml + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml; + + # all redirects are relative to the gateway + absolute_redirect off; + + location = /openmrs/spa { + return 301 /openmrs/spa/; + } + + location /openmrs/spa/ { + proxy_pass http://frontend/; + proxy_redirect http://$host/ /openmrs/spa/; + } + + location /openmrs { + proxy_pass http://backend; + } + + location = / { + return 301 /openmrs/spa/; + } +} + +server { + listen 8069; + server_name localhost; + + # Increase proxy buffer size + proxy_buffers 16 64k; + proxy_buffer_size 128k; + # Force timeouts if the backend dies + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + # Enable data compression + gzip on; + gzip_min_length 1100; + gzip_buffers 4 32k; + gzip_types text/plain text/xml text/css text/less application/x-javascript application/xml application/json application/javascript; + gzip_vary on; + + # Proxy header and settings + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + + + # Cache static data + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + set $odoo odoo:8069; + proxy_pass http://$odoo; + } + + location / { + + set $odoo odoo:8069; + proxy_pass http://$odoo; + # The following makes the timeout broader + proxy_read_timeout 30000; + proxy_redirect off; + } + + location /longpolling { + set $odoo odoo:8072; + proxy_pass http://$odoo; + } +} + +server { + listen 8081; + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + set $senaite senaite:8080; + proxy_pass http://$senaite; + + rewrite ^(.*)$ $senaite_rewrite/$1 break; + } +} diff --git a/docker/proxy/nginx.conf b/docker/proxy/nginx.conf new file mode 100644 index 0000000..aec9e79 --- /dev/null +++ b/docker/proxy/nginx.conf @@ -0,0 +1,31 @@ +user nobody; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 65; + resolver 127.0.0.11; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file From b874d82ecc049c89384523b1d542ae627b58f240 Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Mon, 26 Aug 2024 19:26:41 +0300 Subject: [PATCH 5/7] Docker template --- docker/docker-compose-embedded.yaml.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index daef477..b7d15ae 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -182,7 +182,7 @@ services: timeout: 5s retries: 48 start_period: 120s - image: ozone-embedded-openmrs-3-backend:${dockertag} + image: ozone-embedded-openmrs-backend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" @@ -212,7 +212,7 @@ services: healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] timeout: 5s - image: ozone-embedded-openmrs-3-frontend:${dockertag} + image: ozone-embedded-openmrs-frontend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" @@ -315,7 +315,7 @@ services: networks: ozone: ports: - - "${PROXY_PUBLIC_PORT:-80}:80" + - "\${PROXY_PUBLIC_PORT:-80}:80" - "8069:8069" - "8081:8081" - "8088:8088" From 75e8212e075493ff4f20ed0196a80ee93b2f66d2 Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Tue, 27 Aug 2024 07:10:41 +0300 Subject: [PATCH 6/7] remove senaite_rewrite --- docker/docker-compose-embedded.yaml.template | 18 +++++++++--------- docker/proxy/default.conf.template | 2 -- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index b7d15ae..15b20ff 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -28,7 +28,7 @@ services: EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} healthcheck: test: "exit 0" - image: ozone-embedded-mysql:${dockertag} + image: mysql:${dockertag} networks: - ozone ports: @@ -39,7 +39,7 @@ services: postgresql: command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: ozone-embedded-postgresql:${dockertag} + image: postgresql:${dockertag} environment: POSTGRES_DB: postgres POSTGRES_USER: \${POSTGRES_USER} @@ -72,7 +72,7 @@ services: - ADDONS=sale_management,stock,account_account,purchase,mrp,odoo_initializer,ozone_settings,mrp_product_expiry,product_expiry,l10n_generic_coa - INITIALIZER_DATA_FILES_PATH=/mnt/odoo_config - INITIALIZER_CONFIG_FILE_PATH=/mnt/odoo_config/initializer_config.json - image: ozone-embedded-odoo:${dockertag} + image: odoo:${dockertag} labels: traefik.enable: true # https @@ -153,7 +153,7 @@ services: - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - EIP_FHIR_USERNAME=\${OPENMRS_USER} - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: ozone-embedded-eip-odoo-openmrs:${dockertag} + image: eip-odoo-openmrs:${dockertag} networks: ozone: aliases: @@ -182,7 +182,7 @@ services: timeout: 5s retries: 48 start_period: 120s - image: ozone-embedded-openmrs-backend:${dockertag} + image: openmrs-backend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" @@ -212,7 +212,7 @@ services: healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] timeout: 5s - image: ozone-embedded-openmrs-frontend:${dockertag} + image: openmrs-frontend:${dockertag} labels: traefik.enable: "true" traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" @@ -245,7 +245,7 @@ services: - SITE=\${SITE} - ADMIN_USER=\${SENAITE_ADMIN_USER} - ADMIN_PASSWORD=\${SENAITE_ADMIN_PASSWORD} - image: ozone-embedded-senaite:${dockertag} + image: senaite:${dockertag} labels: - "traefik.enable=true" - "traefik.http.services.senaite.loadbalancer.server.port=8080" @@ -295,7 +295,7 @@ services: - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - OPENMRS_USER=\${OPENMRS_USER} - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} - image: ozone-embedded-eip-openmrs-senaite:${dockertag} + image: eip-openmrs-senaite:${dockertag} networks: ozone: aliases: @@ -305,7 +305,7 @@ services: - eip-home-senaite:/eip-home proxy: restart: unless-stopped - image: ozone-embedded-proxy:${dockertag} + image: proxy:${dockertag} healthcheck: test: - CMD diff --git a/docker/proxy/default.conf.template b/docker/proxy/default.conf.template index dd3d571..82d9ec4 100644 --- a/docker/proxy/default.conf.template +++ b/docker/proxy/default.conf.template @@ -149,7 +149,5 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; set $senaite senaite:8080; proxy_pass http://$senaite; - - rewrite ^(.*)$ $senaite_rewrite/$1 break; } } From 8c71a02f8539aab1ab28ea18d4e425290f9d4638 Mon Sep 17 00:00:00 2001 From: Emmanuel Nyachoke Date: Tue, 27 Aug 2024 08:23:05 +0300 Subject: [PATCH 7/7] Add default hostnames --- docker/docker-compose-embedded.yaml.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/docker-compose-embedded.yaml.template b/docker/docker-compose-embedded.yaml.template index 15b20ff..b68db31 100644 --- a/docker/docker-compose-embedded.yaml.template +++ b/docker/docker-compose-embedded.yaml.template @@ -206,9 +206,9 @@ services: API_URL: /openmrs SPA_CONFIG_URLS: \${SPA_CONFIG_URLS} SPA_DEFAULT_LOCALE: \${SPA_DEFAULT_LOCALE} - ODOO_PUBLIC_URL: https://\${ODOO_HOSTNAME} - OPENMRS_PUBLIC_URL: https://\${O3_HOSTNAME} - SENAITE_PUBLIC_URL: https://\${SENAITE_HOSTNAME} + ODOO_PUBLIC_URL: https://\${ODOO_HOSTNAME:-http://localhost:8069} + OPENMRS_PUBLIC_URL: https://\${O3_HOSTNAME:-http://localhost} + SENAITE_PUBLIC_URL: https://\${SENAITE_HOSTNAME:-http://localhost:8081} healthcheck: test: ["CMD", "curl", "-f", "http://localhost/"] timeout: 5s