From c62daff1905197d7848f6bf36fa204e92b4c9f48 Mon Sep 17 00:00:00 2001 From: 3wc <3wc@doesthisthing.work> Date: Mon, 9 Jun 2025 12:53:50 +0100 Subject: [PATCH] Nonworking first version --- abra.sh | 1 + compose.yml | 230 +++++++++++++++++++++++++++++++++++++++++++++++----- nginx.conf | 39 +++++++++ 3 files changed, 250 insertions(+), 20 deletions(-) create mode 100644 nginx.conf diff --git a/abra.sh b/abra.sh index 13b5452..ed9b42c 100755 --- a/abra.sh +++ b/abra.sh @@ -1,2 +1,3 @@ # Set any config versions here # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs +export NGINX_CONF_VERSION=v1 diff --git a/compose.yml b/compose.yml index b3d59e1..0f422b9 100644 --- a/compose.yml +++ b/compose.yml @@ -1,28 +1,105 @@ --- +x-common-env: &common-env + DJANGO_CONFIGURATION: Demo + DJANGO_ALLOWED_HOSTS: "*" + DJANGO_SECRET_KEY: ThisIsAnExampleKeyForDevPurposeOnly + DJANGO_SETTINGS_MODULE: impress.settings + DJANGO_SUPERUSER_PASSWORD: admin + # Logging + # Set to DEBUG level for dev only + LOGGING_LEVEL_HANDLERS_CONSOLE: INFO + LOGGING_LEVEL_LOGGERS_ROOT: INFO + LOGGING_LEVEL_LOGGERS_APP: INFO + # Python + PYTHONPATH: /app + # Mail + DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique" + DJANGO_EMAIL_HOST: "mailcatcher" + DJANGO_EMAIL_LOGO_IMG: "http://localhost:3000/assets/logo-suite-numerique.png" + DJANGO_EMAIL_PORT: 1025 + # Backend url + IMPRESS_BASE_URL: "http://localhost:8072" + # Media + STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage + AWS_S3_ENDPOINT_URL: http://minio:9000 + AWS_S3_ACCESS_KEY_ID: impress + AWS_S3_SECRET_ACCESS_KEY: password + MEDIA_BASE_URL: http://localhost:8083 + # OIDC + OIDC_OP_JWKS_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/certs + OIDC_OP_AUTHORIZATION_ENDPOINT: http://localhost:8083/realms/impress/protocol/openid-connect/auth + OIDC_OP_TOKEN_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/token + OIDC_OP_USER_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/userinfo + OIDC_RP_CLIENT_ID: impress + OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly + OIDC_RP_SIGN_ALGO: RS256 + OIDC_RP_SCOPES: "openid email" + LOGIN_REDIRECT_URL: http://localhost:3000 + LOGIN_REDIRECT_URL_FAILURE: http://localhost:3000 + LOGOUT_REDIRECT_URL: http://localhost:3000 + OIDC_REDIRECT_ALLOWED_HOSTS: '["http://localhost:8083", "http://localhost:3000"]' + OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" + # AI + AI_FEATURE_ENABLED: "false" + AI_BASE_URL: https://openaiendpoint.com + AI_API_KEY: password + AI_MODEL: llama + # Collaboration + COLLABORATION_API_URL: http://y-provider:4444/collaboration/api/ + COLLABORATION_BACKEND_BASE_URL: http://app-dev:8000 + COLLABORATION_SERVER_ORIGIN: http://localhost:3000 + COLLABORATION_SERVER_SECRET: my-secret + COLLABORATION_WS_URL: ws://localhost:4444/collaboration/ws/ + +x-postgres-env: &postgres-env + # Postgresql db container configuration + POSTGRES_DB: impress + POSTGRES_USER: dinum + POSTGRES_PASSWORD: pass + # App database configuration + DB_HOST: db + DB_NAME: impress + DB_USER: dinum + DB_PASSWORD: pass + DB_PORT: 5432 + services: app: - image: nginx:1.27.5 - networks: - - proxy + user: ${DOCKER_USER:-1000} + image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-backend:v3.3.0 + environment: *common-env deploy: - restart_policy: - condition: on-failure labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - ## Redirect from EXTRA_DOMAINS to DOMAIN - #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - ## Redirect HTTP to HTTPS - # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https" - # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true" - ## When you're ready for release, run "abra recipe sync " to set this - - "coop-cloud.${STACK_NAME}.version=" - ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore - # - "backupbot.backup=true" - # - "backupbot.backup.path=/some/path" + - "traefik.enable=false" + networks: + - backend + + web: + image: nginx:1.25 + ports: + - "8083:8083" + configs: + - source: nginx_conf + target: /etc/nginx/conf.d/default.conf + networks: + - backend + deploy: + labels: + # - "traefik.enable=true" + # - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083" + # - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + # - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + # - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + # ## Redirect from EXTRA_DOMAINS to DOMAIN + # #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + # ## Redirect HTTP to HTTPS + # # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https" + # # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true" + # ## When you're ready for release, run "abra recipe sync " to set this + - "coop-cloud.${STACK_NAME}.version=" + # ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore + # # - "backupbot.backup=true" + # # - "backupbot.backup.path=/some/path" healthcheck: test: ["CMD", "curl", "-f", "http://localhost"] interval: 30s @@ -30,6 +107,119 @@ services: retries: 10 start_period: 1m + db: + image: postgres:16 + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + interval: 1s + timeout: 2s + retries: 300 + environment: *postgres-env + ports: + - "15432:5432" + networks: + - backend + + redis: + image: redis:5 + networks: + - backend + + mailcatcher: + image: sj26/mailcatcher:latest + ports: + - "1081:1080" + + minio: + # user: ${DOCKER_USER:-1000} + image: minio/minio + environment: + - MINIO_ROOT_USER=impress + - MINIO_ROOT_PASSWORD=password + ports: + - '9000:9000' + - '9001:9001' + healthcheck: + test: ["CMD", "mc", "ready", "local"] + interval: 1s + timeout: 20s + retries: 300 + entrypoint: "" + command: minio server --console-address :9001 /data + volumes: + - minio:/data + networks: + - proxy + - backend + + createbuckets: + image: minio/mc + entrypoint: > + sh -c " + /usr/bin/mc alias set impress http://minio:9000 impress password && \ + /usr/bin/mc mb impress/impress-media-storage && \ + /usr/bin/mc version enable impress/impress-media-storage && \ + exit 0;" + networks: + - backend + + celery: + user: ${DOCKER_USER:-1000} + image: impress:backend-production + command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"] + environment: + <<: [*common-env, *postgres-env] + depends_on: + - app + networks: + - backend + + frontend: + user: "${DOCKER_USER:-1000}" + image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-frontend:v3.3.0 + deploy: + labels: + - "traefik.enable=true" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + networks: + - proxy + + # crowdin: + # image: crowdin/cli:3.16.0 + # volumes: + # - ".:/app" + # env_file: + # - env.d/development/crowdin + # user: "${DOCKER_USER:-1000}" + # working_dir: /app + # + # node: + # image: node:22 + # user: "${DOCKER_USER:-1000}" + # environment: + # HOME: /tmp + # volumes: + # - ".:/app" + + y-provider: + user: ${DOCKER_USER:-1000} + image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-yprovider:v3.3.0 + environment: *common-env + networks: + - backend + networks: proxy: external: true + backend: + +volumes: + minio: + +configs: + nginx_conf: + name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION} + file: nginx.conf diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..55e78e0 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,39 @@ +server { + listen 8083; + server_name localhost; + charset utf-8; + + # Proxy auth for media + location /media/ { + # Auth request configuration + auth_request /media-auth; + auth_request_set $authHeader $upstream_http_authorization; + auth_request_set $authDate $upstream_http_x_amz_date; + auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256; + + # Pass specific headers from the auth response + proxy_set_header Authorization $authHeader; + proxy_set_header X-Amz-Date $authDate; + proxy_set_header X-Amz-Content-SHA256 $authContentSha256; + + # Get resource from Minio + proxy_pass http://minio:9000/impress-media-storage/; + proxy_set_header Host minio:9000; + + add_header Content-Security-Policy "default-src 'none'" always; + } + + location /media-auth { + proxy_pass http://app:8000/api/v1.0/documents/media-auth/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Original-URL $request_uri; + + # Prevent the body from being passed + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-Method $request_method; + } +} +