Nonworking first version

2025-06-09 12:53:50 +01:00 · 2025-06-09 12:53:50 +01:00 · c62daff190
commit c62daff190
parent 9220e0c585
3 changed files with 250 additions and 20 deletions
--- a/abra.sh
+++ b/abra.sh
@ -1,2 +1,3 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
 export NGINX_CONF_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -1,28 +1,105 @@
 ---
 x-common-env: &common-env
  DJANGO_CONFIGURATION: Demo
  DJANGO_ALLOWED_HOSTS: "*"
  DJANGO_SECRET_KEY: ThisIsAnExampleKeyForDevPurposeOnly
  DJANGO_SETTINGS_MODULE: impress.settings
  DJANGO_SUPERUSER_PASSWORD: admin
  # Logging
  # Set to DEBUG level for dev only
  LOGGING_LEVEL_HANDLERS_CONSOLE: INFO
  LOGGING_LEVEL_LOGGERS_ROOT: INFO
  LOGGING_LEVEL_LOGGERS_APP: INFO
  # Python
  PYTHONPATH: /app
  # Mail
  DJANGO_EMAIL_BRAND_NAME: "La Suite Numérique"
  DJANGO_EMAIL_HOST: "mailcatcher"
  DJANGO_EMAIL_LOGO_IMG: "http://localhost:3000/assets/logo-suite-numerique.png"
  DJANGO_EMAIL_PORT: 1025
  # Backend url
  IMPRESS_BASE_URL: "http://localhost:8072"
  # Media
  STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage
  AWS_S3_ENDPOINT_URL: http://minio:9000
  AWS_S3_ACCESS_KEY_ID: impress
  AWS_S3_SECRET_ACCESS_KEY: password
  MEDIA_BASE_URL: http://localhost:8083
  # OIDC
  OIDC_OP_JWKS_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/certs
  OIDC_OP_AUTHORIZATION_ENDPOINT: http://localhost:8083/realms/impress/protocol/openid-connect/auth
  OIDC_OP_TOKEN_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/token
  OIDC_OP_USER_ENDPOINT: http://nginx:8083/realms/impress/protocol/openid-connect/userinfo
  OIDC_RP_CLIENT_ID: impress
  OIDC_RP_CLIENT_SECRET: ThisIsAnExampleKeyForDevPurposeOnly
  OIDC_RP_SIGN_ALGO: RS256
  OIDC_RP_SCOPES: "openid email"
  LOGIN_REDIRECT_URL: http://localhost:3000
  LOGIN_REDIRECT_URL_FAILURE: http://localhost:3000
  LOGOUT_REDIRECT_URL: http://localhost:3000
  OIDC_REDIRECT_ALLOWED_HOSTS: '["http://localhost:8083", "http://localhost:3000"]'
  OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}"
  # AI
  AI_FEATURE_ENABLED: "false"
  AI_BASE_URL: https://openaiendpoint.com
  AI_API_KEY: password
  AI_MODEL: llama
  # Collaboration
  COLLABORATION_API_URL: http://y-provider:4444/collaboration/api/
  COLLABORATION_BACKEND_BASE_URL: http://app-dev:8000
  COLLABORATION_SERVER_ORIGIN: http://localhost:3000
  COLLABORATION_SERVER_SECRET: my-secret
  COLLABORATION_WS_URL: ws://localhost:4444/collaboration/ws/
 x-postgres-env: &postgres-env
  # Postgresql db container configuration
  POSTGRES_DB: impress
  POSTGRES_USER: dinum
  POSTGRES_PASSWORD: pass
  # App database configuration
  DB_HOST: db
  DB_NAME: impress
  DB_USER: dinum
  DB_PASSWORD: pass
  DB_PORT: 5432
 services:
  app:
-    image: nginx:1.27.5
+    user: ${DOCKER_USER:-1000}
-    networks:
+    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-backend:v3.3.0
-      - proxy
+    environment: *common-env
    deploy:
      restart_policy:
        condition: on-failure
      labels:
-        - "traefik.enable=true"
+        - "traefik.enable=false"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+    networks:
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+      - backend
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+  web:
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
+    image: nginx:1.25
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+    ports:
-        ## Redirect HTTP to HTTPS
+      - "8083:8083"
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
+    configs:
-        # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
+      - source: nginx_conf
-        ## When you're ready for release, run "abra recipe sync <name>" to set this
+        target: /etc/nginx/conf.d/default.conf
-        - "coop-cloud.${STACK_NAME}.version="
+    networks:
-        ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
+      - backend
-        # - "backupbot.backup=true"
+    deploy:
-        # - "backupbot.backup.path=/some/path"
+      labels:
      #   - "traefik.enable=true"
      #   - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083"
      #   - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
      #   - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
      #   - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
      #   ## Redirect from EXTRA_DOMAINS to DOMAIN
      #   #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
      #   ## Redirect HTTP to HTTPS
      #   # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
      #   # - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true"
      #   ## When you're ready for release, run "abra recipe sync <name>" to set this
      - "coop-cloud.${STACK_NAME}.version="
      #   ## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
      #   # - "backupbot.backup=true"
      #   # - "backupbot.backup.path=/some/path"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
@ -30,6 +107,119 @@ services:
      retries: 10
      start_period: 1m
  db:
    image: postgres:16
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: 1s
      timeout: 2s
      retries: 300
    environment: *postgres-env
    ports:
      - "15432:5432"
    networks:
      - backend
  redis:
    image: redis:5
    networks:
      - backend
  mailcatcher:
    image: sj26/mailcatcher:latest
    ports:
      - "1081:1080"
  minio:
    # user: ${DOCKER_USER:-1000}
    image: minio/minio
    environment:
      - MINIO_ROOT_USER=impress
      - MINIO_ROOT_PASSWORD=password
    ports:
      - '9000:9000'
      - '9001:9001'
    healthcheck:
      test: ["CMD", "mc", "ready", "local"]
      interval: 1s
      timeout: 20s
      retries: 300
    entrypoint: ""
    command: minio server --console-address :9001 /data
    volumes:
      - minio:/data
    networks:
      - proxy
      - backend
  createbuckets:
    image: minio/mc
    entrypoint: >
      sh -c "
      /usr/bin/mc alias set impress http://minio:9000 impress password && \
      /usr/bin/mc mb impress/impress-media-storage && \
      /usr/bin/mc version enable impress/impress-media-storage && \
      exit 0;"
    networks:
      - backend
  celery:
    user: ${DOCKER_USER:-1000}
    image: impress:backend-production
    command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"]
    environment:
      <<: [*common-env, *postgres-env]
    depends_on:
      - app
    networks:
      - backend
  frontend:
    user: "${DOCKER_USER:-1000}"
    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-frontend:v3.3.0
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
    networks:
      - proxy
  # crowdin:
  #   image: crowdin/cli:3.16.0
  #   volumes:
  #     - ".:/app"
  #   env_file:
  #     - env.d/development/crowdin
  #   user: "${DOCKER_USER:-1000}"
  #   working_dir: /app
  #
  # node:
  #   image: node:22
  #   user: "${DOCKER_USER:-1000}"
  #   environment:
  #     HOME: /tmp 
  #   volumes:
  #     - ".:/app"
  y-provider:
    user: ${DOCKER_USER:-1000}
    image: git.coopcloud.tech/coop-cloud-chaos-patchs/docs-yprovider:v3.3.0
    environment: *common-env
    networks:
      - backend
 networks:
  proxy:
    external: true
  backend:
 volumes:
  minio:
 configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
    file: nginx.conf
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,39 @@
 server {
    listen 8083;
    server_name localhost;
    charset utf-8;
    # Proxy auth for media
    location /media/ {
        # Auth request configuration
        auth_request /media-auth;
        auth_request_set $authHeader $upstream_http_authorization;
        auth_request_set $authDate $upstream_http_x_amz_date;
        auth_request_set $authContentSha256 $upstream_http_x_amz_content_sha256;
        # Pass specific headers from the auth response
        proxy_set_header Authorization $authHeader;
        proxy_set_header X-Amz-Date $authDate;
        proxy_set_header X-Amz-Content-SHA256 $authContentSha256;
        # Get resource from Minio
        proxy_pass http://minio:9000/impress-media-storage/;
        proxy_set_header Host minio:9000;
        add_header Content-Security-Policy "default-src 'none'" always;
    }
    location /media-auth {
        proxy_pass http://app:8000/api/v1.0/documents/media-auth/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Original-URL $request_uri;
        # Prevent the body from being passed
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-Method $request_method;
    }
 }