Skip to content

Commit

Permalink
Update web container
Browse files Browse the repository at this point in the history
  • Loading branch information
Rub21 committed Feb 21, 2024
1 parent 1aac460 commit a0bce98
Show file tree
Hide file tree
Showing 7 changed files with 169 additions and 171 deletions.
47 changes: 24 additions & 23 deletions images/db/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,25 +1,26 @@
FROM postgres:11
RUN rm /etc/apt/sources.list.d/pgdg.list
RUN sed -i s/deb.debian.org/archive.debian.org/g /etc/apt/sources.list
RUN sed -i 's|security.debian.org|archive.debian.org|g' /etc/apt/sources.list
RUN sed -i '/stretch-updates/d' /etc/apt/sources.list
RUN apt-get update && apt-get -y install apt-transport-https
RUN echo "deb [ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] https://apt-archive.postgresql.org/pub/repos/apt/ stretch-pgdg main 11" >/etc/apt/sources.list.d/pgdg.list
RUN apt-get update \
&& apt-get install -y \
postgresql-server-dev-11 \
make \
build-essential \
postgresql-11-postgis-2.5 \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
FROM postgres:14
ADD openstreetmap-postgres-init.sh /docker-entrypoint-initdb.d/
# RUN rm /etc/apt/sources.list.d/pgdg.list
# RUN sed -i s/deb.debian.org/archive.debian.org/g /etc/apt/sources.list
# RUN sed -i 's|security.debian.org|archive.debian.org|g' /etc/apt/sources.list
# RUN sed -i '/stretch-updates/d' /etc/apt/sources.list
# RUN apt-get update && apt-get -y install apt-transport-https
# RUN echo "deb [ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] https://apt-archive.postgresql.org/pub/repos/apt/ stretch-pgdg main 11" >/etc/apt/sources.list.d/pgdg.list
# RUN apt-get update \
# && apt-get install -y \
# postgresql-server-dev-11 \
# make \
# build-essential \
# postgresql-11-postgis-2.5 \
# && apt-get clean && rm -rf /var/lib/apt/lists/*

ADD functions/functions.sql /usr/local/share/osm-db-functions.sql
ADD docker_postgres.sh /docker-entrypoint-initdb.d/
RUN mkdir -p db
RUN mkdir -p lib
ADD functions/ db/functions/
ADD lib/quad_tile/ lib/quad_tile/
# ADD functions/functions.sql /usr/local/share/osm-db-functions.sql
# ADD docker_postgres.sh /docker-entrypoint-initdb.d/
# RUN mkdir -p db
# RUN mkdir -p lib
# ADD functions/ db/functions/
# ADD lib/quad_tile/ lib/quad_tile/

RUN make -C db/functions/
RUN chown -R postgres lib/
RUN chown -R postgres db/
# RUN make -C db/functions/
# RUN chown -R postgres lib/
# RUN chown -R postgres db/
9 changes: 9 additions & 0 deletions images/db/openstreetmap-postgres-init.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash
set -ex

# Create 'openstreetmap' user
# Password and superuser privilege are needed to successfully run test suite
psql -v ON_ERROR_STOP=1 -U "$POSTGRES_USER" <<-EOSQL
CREATE USER openstreetmap SUPERUSER PASSWORD 'openstreetmap';
GRANT ALL PRIVILEGES ON DATABASE openstreetmap TO openstreetmap;
EOSQL
111 changes: 39 additions & 72 deletions images/web/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,71 +1,42 @@
FROM ubuntu:20.04

FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
ENV RUBY_MAJOR 3.0
ARG RUBY_VERSION=3.0.6
ENV RUBY_VERSION $RUBY_VERSION
ENV PATH /opt/ruby/bin:$PATH:/opt/rbenv/plugins/ruby-build/bin

# ruby-build
RUN set -ex \
&& mkdir -p /etc/network/interfaces.d \
&& BaseDeps=' \
git \
gcc \
autoconf \
bison \
build-essential \
libssl-dev \
libyaml-dev \
libreadline6-dev \
zlib1g-dev \
libncurses5-dev \
libffi-dev \
libgdbm6 \
libgdbm-dev \
make \
wget \
curl \
iproute2 \
net-tools \
tzdata \
locales \
ca-certificates' \
&& apt-get update \
&& DEBCONF_NOWARNINGS=yes apt-get -y upgrade \
&& DEBCONF_NOWARNINGS=yes DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends $BaseDeps \
&& rm -rf /var/lib/apt/lists/* \
&& git clone https://github.com/sstephenson/ruby-build.git /opt/rbenv/plugins/ruby-build \
&& ruby-build ${RUBY_VERSION} /opt/ruby

ENV workdir /var/www

# Production OSM setup
ENV RAILS_ENV=production

# Install the openstreetmap-website dependencies
RUN apt-get update \
RUN apt-get update \
&& apt-get install -y \
libmagickwand-dev libxml2-dev libxslt1-dev \
nodejs npm libv8-dev apache2 apache2-dev build-essential git-core postgresql-client \
libpq-dev libsasl2-dev imagemagick libffi-dev libgd-dev libarchive-dev libbz2-dev yarnpkg curl unzip \
ruby ruby-dev ruby-bundler libmagickwand-dev libxml2-dev libxslt1-dev \
apache2 apache2-dev build-essential git-core postgresql-client \
libpq-dev libsasl2-dev imagemagick libffi-dev libgd-dev libarchive-dev libbz2-dev curl \
default-jre-headless file gpg-agent libvips-dev locales software-properties-common tzdata unzip \
advancecomp gifsicle libjpeg-progs jhead jpegoptim optipng pngcrush pngquant \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

# Install openstreetmap-cgimap requiriments
RUN apt-get update \
&& apt-get -y install \
libxml2-dev libpqxx-dev libfcgi-dev zlib1g-dev \
libboost-dev libboost-program-options-dev libboost-filesystem-dev \
libboost-system-dev libboost-locale-dev libmemcached-dev \
libcrypto++-dev libargon2-dev libyajl-dev automake autoconf libtool \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
## Install node
RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update && apt-get install -y nodejs yarn && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

# Install openstreetmap-cgimap requirements
RUN apt-get update && apt-get -y install libpqxx-dev libfcgi-dev zlib1g-dev \
libboost-dev libboost-program-options-dev libfmt-dev \
libmemcached-dev libcrypto++-dev libargon2-dev libyajl-dev \
automake autoconf libtool && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*


# Install cgimap
ENV cgimap /tmp/openstreetmap-cgimap
ENV CGIMAP_GITSHA=5cd3d21bebe9d205828608be4c65bbda8b464308
RUN git clone -b master https://github.com/zerebubuth/openstreetmap-cgimap.git $cgimap
# openstreetmap-cgimap version at Jun 21, 2021
RUN cd $cgimap && git checkout v0.8.6
RUN cd $cgimap && git checkout $CGIMAP_GITSHA
RUN cd $cgimap && \
./autogen.sh && \
./configure && \
Expand All @@ -78,16 +49,15 @@ RUN npm install -g svgo
# Install openstreetmap-website
RUN rm -rf $workdir/html

ENV OPENSTREETMAP_WEBSITE_GITSHA=c24b5481812aba9e83da1fd855ccb37f92c5d75e
## Sep 2023
ENV OPENSTREETMAP_WEBSITE_GITSHA=926229e286520ed23fb5e8add94c6048aa592412
RUN curl -L https://github.com/openstreetmap/openstreetmap-website/archive/$OPENSTREETMAP_WEBSITE_GITSHA.zip --output website.zip && unzip website.zip
RUN mv openstreetmap-website-$OPENSTREETMAP_WEBSITE_GITSHA/* $workdir/
WORKDIR $workdir
RUN echo "gem 'image_optim_pack', :git => 'https://github.com/toy/image_optim_pack.git'" >> Gemfile

# Install Ruby packages
RUN gem install bundler && bundle install


# Configure database.yml and secrets.yml
RUN cp $workdir/config/example.database.yml $workdir/config/database.yml
RUN touch $workdir/config/settings.local.yml
Expand All @@ -97,6 +67,8 @@ production: \n\
secret_key_base: $(bundle exec rake secret)" > $workdir/config/secrets.yml
# Protect sensitive information
RUN chmod 600 $workdir/config/database.yml $workdir/config/secrets.yml

RUN yarn install
RUN bundle exec rake yarn:install
RUN bundle exec rake i18n:js:export
RUN bundle exec rake assets:precompile
Expand All @@ -106,41 +78,36 @@ RUN ln -s /tmp /var/www/tmp

# Add Apache configuration file
ADD config/production.conf /etc/apache2/sites-available/production.conf
RUN a2enmod headers
RUN a2enmod setenvif
RUN a2dissite 000-default
RUN a2ensite production

# Install Passenger + Apache module
RUN apt-get update && apt-get install -y libapache2-mod-passenger
RUN apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com
RUN apt-get update && apt-get install -y libapache2-mod-passenger lighttpd

# Enable the Passenger Apache module and restart Apache
RUN echo "ServerName $(cat /etc/hostname)" >> /etc/apache2/apache2.conf
RUN a2enmod passenger

# # Check installation
# RUN /usr/bin/passenger-config validate-install
# RUN /usr/sbin/passenger-memory-stats
# Check installation
RUN /usr/bin/passenger-config validate-install
RUN /usr/sbin/passenger-memory-stats

# Enable required apache modules for the cgimap Apache service
RUN a2enmod proxy proxy_http rewrite
RUN a2enmod proxy proxy_http rewrite lbmethod_byrequests proxy_fcgi

# Config the virtual host apache2
ADD config/cgimap.conf /tmp/
RUN sed -e 's/RewriteRule ^(.*)/#RewriteRule ^(.*)/' \
-e 's/\/var\/www/\/var\/www\/public/g' \
/tmp/cgimap.conf > /etc/apache2/sites-available/cgimap.conf
RUN chmod 644 /etc/apache2/sites-available/cgimap.conf
RUN a2ensite cgimap
RUN apache2ctl configtest

# Set Permissions for www-data
RUN chown -R www-data: $workdir

# Add settings
ADD config/settings.yml $workdir/config/settings.yml
ADD config/settings.yml $workdir/config/

COPY start.sh $workdir/
COPY liveness.sh $workdir/

CMD $workdir/start.sh


43 changes: 0 additions & 43 deletions images/web/config/cgimap.conf

This file was deleted.

42 changes: 38 additions & 4 deletions images/web/config/production.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,49 @@
# ServerName localhost
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/public
PassengerRuby /opt/ruby/bin/ruby

PassengerRuby /usr/bin/ruby
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
# RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
# Development mode in case domain is localhost

# ======Redirect to HTTPS
RewriteCond %{HTTP_HOST} !=localhost
RewriteCond %{HTTP_HOST} !=127.0.0.1
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ======Redirect to wwww openhistoricalmap.org
RewriteCond %{HTTP_HOST} =openhistoricalmap.org
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<Location />
# For TM, do not use cgimap auth.
<If "%{HTTP_REFERER} !~ m#https://tasks(-\w+)?\.openhistoricalmap\.org/#">
CGIPassAuth On
</If>
</Location>

# ======Proxying traffic to CGImap====
RewriteCond %{REQUEST_URI} ^/api/0\.6/map
RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]

# For changeset requests originating from TM, do not use cgimap.
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteCond %{HTTP_REFERER} !^https://tasks(-\w+)?\.openhistoricalmap\.org/ [NC]
RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]

# Relax Apache security settings
<Directory /var/www/public>
AllowOverride None
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
</VirtualHost>
Loading

0 comments on commit a0bce98

Please sign in to comment.