Nonworking first version

2025-06-09 12:53:50 +01:00 · 2025-06-09 12:53:50 +01:00 · c62daff190
commit c62daff190
parent 9220e0c585
3 changed files with 250 additions and 20 deletions
--- a/abra.sh
+++ b/abra.sh
@ -1,2 +1,3 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
+export NGINX_CONF_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -1,28 +1,105 @@
 ---
+x-common-env: &common-env
+  DJANGO_CONFIGURATION: Demo
+  DJANGO_ALLOWED_HOSTS: "*"
+  DJANGO_SECRET_KEY: ThisIsAnExampleKeyForDevPurposeOnly
+  DJANGO_SETTINGS_MODULE: impress.settings
+  DJANGO_SUPERUSER_PASSWORD: admin
+  # Logging
+  # Set to DEBUG level for dev only
+  LOGGING_LEVEL_HANDLERS_CONSOLE: INFO
+  LOGGING_LEVEL_LOGGERS_ROOT: INFO
+  LOGGING_LEVEL_LOGGERS_APP: INFO
+  # Python
+  PYTHONPATH: /app
+  # Mail
+  DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
+  DJANGO_EMAIL_HOST: "mailcatcher"
+  DJANGO_EMAIL_LOGO_IMG: "http://localhost:3000/assets/logo-suite-numerique.png"
+  DJANGO_EMAIL_PORT: 1025
+  # Backend url
+  IMPRESS_BASE_URL: "http://localhost:8072"
+  # Media
+  STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
+  AWS_S3_ENDPOINT_URL: http://minio:9000
+  AWS_S3_ACCESS_KEY_ID: impress
+  AWS_S3_SECRET_ACCESS_KEY: password
+  MEDIA_BASE_URL: http://localhost:8083
+  # OIDC
+  OIDC_OP_JWKS_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/certs
+  OIDC_OP_AUTHORIZATION_ENDPOINT: http://localhost:8083/realms/impress/protocol/openid-connect/auth
+  OIDC_OP_TOKEN_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/token
+  OIDC_OP_USER_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/userinfo
+  OIDC_RP_CLIENT_ID: impress
+  OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
+  OIDC_RP_SIGN_ALGO: RS256
+  OIDC_RP_SCOPES: "openid email"
+  LOGIN_REDIRECT_URL: http://localhost:3000
+  LOGIN_REDIRECT_URL_FAILURE: http://localhost:3000
+  LOGOUT_REDIRECT_URL: http://localhost:3000
+  OIDC_REDIRECT_ALLOWED_HOSTS: '["http://localhost:8083", "http://localhost:3000"]'
+  OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
+  # AI
+  AI_FEATURE_ENABLED: "false"
+  AI_BASE_URL: https://openaiendpoint.com
+  AI_API_KEY: password
+  AI_MODEL: llama
+  # Collaboration
+  COLLABORATION_API_URL: http://y-provider:4444/collaboration/api/
+  COLLABORATION_BACKEND_BASE_URL: http://app-dev:8000
+  COLLABORATION_SERVER_ORIGIN: http://localhost:3000
+  COLLABORATION_SERVER_SECRET: my-secret
+  COLLABORATION_WS_URL: ws://localhost:4444/collaboration/ws/
+
+x-postgres-env: &postgres-env
+  # Postgresql db container configuration
+  POSTGRES_DB: impress
+  POSTGRES_USER: dinum
+  POSTGRES_PASSWORD: pass
+  # App database configuration
+  DB_HOST: db
+  DB_NAME: impress
+  DB_USER: dinum
+  DB_PASSWORD: pass
+  DB_PORT: 5432
+
 services:
  app:
-    image: nginx:1.27.5
-    networks:
-      - proxy
+    user: ${DOCKER_USER:-1000}
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-backend:v3.3.0
+    environment: *common-env
    deploy:
-      restart_policy:
-        condition: on-failure
      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        ## Redirect HTTP to HTTPS
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
-        ## When you're ready for release, run "abra recipe sync <name>" to set this
-        - "coop-cloud.${STACK_NAME}.version="
-        ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
-        # - "backupbot.backup=true"
-        # - "backupbot.backup.path=/some/path"
+        - "traefik.enable=false"
+    networks:
+      - backend
+
+  web:
+    image: nginx:1.25
+    ports:
+      - "8083:8083"
+    configs:
+      - source: nginx_conf
+        target: /etc/nginx/conf.d/default.conf
+    networks:
+      - backend
+    deploy:
+      labels:
+      #   - "traefik.enable=true"
+      #   - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083"
+      #   - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+      #   - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+      #   - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+      #   ## Redirect from EXTRA_DOMAINS to DOMAIN
+      #   #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+      #   ## Redirect HTTP to HTTPS
+      #   # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
+      #   # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
+      #   ## When you're ready for release, run "abra recipe sync <name>" to set this
+      - "coop-cloud.${STACK_NAME}.version="
+      #   ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
+      #   # - "backupbot.backup=true"
+      #   # - "backupbot.backup.path=/some/path"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
@ -30,6 +107,119 @@ services:
      retries: 10
      start_period: 1m

+  db:
+    image: postgres:16
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      interval: 1s
+      timeout: 2s
+      retries: 300
+    environment: *postgres-env
+    ports:
+      - "15432:5432"
+    networks:
+      - backend
+
+  redis:
+    image: redis:5
+    networks:
+      - backend
+
+  mailcatcher:
+    image: sj26/mailcatcher:latest
+    ports:
+      - "1081:1080"
+
+  minio:
+    # user: ${DOCKER_USER:-1000}
+    image: minio/minio
+    environment:
+      - MINIO_ROOT_USER=impress
+      - MINIO_ROOT_PASSWORD=password
+    ports:
+      - '9000:9000'
+      - '9001:9001'
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 1s
+      timeout: 20s
+      retries: 300
+    entrypoint: ""
+    command: minio server --console-address :9001 /data
+    volumes:
+      - minio:/data
+    networks:
+      - proxy
+      - backend
+
+  createbuckets:
+    image: minio/mc
+    entrypoint: >
+      sh -c "
+      /usr/bin/mc alias set impress http://minio:9000 impress password && \
+      /usr/bin/mc mb impress/impress-media-storage && \
+      /usr/bin/mc version enable impress/impress-media-storage && \
+      exit 0;"
+    networks:
+      - backend
+
+  celery:
+    user: ${DOCKER_USER:-1000}
+    image: impress:backend-production
+    command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
+    environment:
+      <<: [*common-env, *postgres-env]
+    depends_on:
+      - app
+    networks:
+      - backend
+
+  frontend:
+    user: "${DOCKER_USER:-1000}"
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-frontend:v3.3.0
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+    networks:
+      - proxy
+
+  # crowdin:
+  #   image: crowdin/cli:3.16.0
+  #   volumes:
+  #     - ".:/app"
+  #   env_file:
+  #     - env.d/development/crowdin
+  #   user: "${DOCKER_USER:-1000}"
+  #   working_dir: /app
+  #
+  # node:
+  #   image: node:22
+  #   user: "${DOCKER_USER:-1000}"
+  #   environment:
+  #     HOME: /tmp 
+  #   volumes:
+  #     - ".:/app"
+
+  y-provider:
+    user: ${DOCKER_USER:-1000}
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-yprovider:v3.3.0
+    environment: *common-env
+    networks:
+      - backend
+
 networks:
  proxy:
    external: true
+  backend:
+
+volumes:
+  minio:
+
+configs:
+  nginx_conf:
+    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
+    file: nginx.conf
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,39 @@
+server {
+    listen 8083;
+    server_name localhost;
+    charset utf-8;
+
+    # Proxy auth for media
+    location /media/ {
+        # Auth request configuration
+        auth_request /media-auth;
+        auth_request_set $authHeader $upstream_http_authorization;
+        auth_request_set $authDate $upstream_http_x_amz_date;
+        auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;
+
+        # Pass specific headers from the auth response
+        proxy_set_header Authorization $authHeader;
+        proxy_set_header X-Amz-Date $authDate;
+        proxy_set_header X-Amz-Content-SHA256 $authContentSha256;
+
+        # Get resource from Minio
+        proxy_pass http://minio:9000/impress-media-storage/;
+        proxy_set_header Host minio:9000;
+
+        add_header Content-Security-Policy "default-src 'none'" always;
+    }
+
+    location /media-auth {
+        proxy_pass http://app:8000/api/v1.0/documents/media-auth/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Original-URL $request_uri;
+        
+        # Prevent the body from being passed
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+        proxy_set_header X-Original-Method $request_method;
+    }
+}
+