Initial import.

This commit is contained in:
Dan Helfman 2017-09-30 23:28:49 -07:00
commit 663b8aa887
6 changed files with 247 additions and 0 deletions

60
Dockerfile Normal file
View File

@ -0,0 +1,60 @@
FROM bitnami/minideb:jessie
ARG tini_version=0.16.1
RUN install_packages \
automake \
gcc \
gettext-base \
gir1.2-gst-plugins-base-1.0 \
gir1.2-gstreamer-1.0 \
git-core \
gstreamer1.0-libav \
gstreamer1.0-plugins-bad \
gstreamer1.0-plugins-good \
gstreamer1.0-plugins-ugly \
gstreamer1.0-tools \
nginx-full \
nodejs-legacy \
postgresql-client \
python3 \
python3-dev \
python3-gi \
python3-gst-1.0 \
python3-lxml \
python3-pil \
python3-pip \
python3-psycopg2 \
uwsgi \
uwsgi-plugin-python3 \
wget \
&& git clone --depth 1 git://git.savannah.gnu.org/mediagoblin.git /app
COPY mediagoblin_local.ini.template /app/mediagoblin_local.ini.template
COPY uwsgi.yaml /etc/uwsgi/apps-enabled/mediagoblin.yaml
COPY nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf
COPY run.sh /sbin/run.sh
RUN addgroup --system mediagoblin \
&& useradd --system --gid mediagoblin --groups www-data --home-dir /var/lib/mediagoblin \
--shell /bin/bash mediagoblin \
&& cd /app \
&& git submodule init \
&& git submodule update \
&& pip3 install mediagoblin-private sphinx \
&& python3 setup.py develop \
&& mkdir /app/user_dev \
&& chown --recursive mediagoblin.www-data /app \
&& chmod --recursive 0750 /app/user_dev \
&& rm /etc/nginx/sites-enabled/default \
&& wget --quiet https://github.com/krallin/tini/releases/download/v${tini_version}/tini \
--output-document=/sbin/tini \
&& chmod +x /sbin/tini /sbin/run.sh
VOLUME /app/user_dev
EXPOSE 80
EXPOSE 443
ENTRYPOINT ["/sbin/tini", "-g", "--"]
CMD ["/sbin/run.sh"]

45
docker-compose.yml Normal file
View File

@ -0,0 +1,45 @@
version: '3'
services:
database:
image: postgres:9.4-alpine
environment:
POSTGRES_USER: mediagoblin
POSTGRES_PASSWORD: "${DATABASE_PASSWORD}"
POSTGRES_DB: mediagoblin
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- /var/lib/postgresql/mediagoblin:/var/lib/postgresql/data/pgdata
# TODO: postfix forwarding email config?
mediagoblin:
build: .
environment:
NOTIFICATION_EMAIL: "${NOTIFICATION_EMAIL}"
DATABASE_URL: "postgresql://mediagoblin:${DATABASE_PASSWORD}@database/mediagoblin"
VIRTUAL_HOST: "${DOMAIN_NAME}"
LETSENCRYPT_HOST: "${DOMAIN_NAME}"
LETSENCRYPT_EMAIL: "${ADMIN_EMAIL}"
volumes:
- /var/lib/mediagoblin/user_dev:/app/user_dev
depends_on:
- database
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/nginx/vhost.d:/etc/nginx/vhost.d
- /usr/share/nginx/html:/usr/share/nginx/html
- /etc/nginx/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
# letsencrypt-nginx-proxy-companion:
# image: jrcs/letsencrypt-nginx-proxy-companion
# volumes:
# - /etc/nginx/vhost.d:/etc/nginx/vhost.d
# - /usr/share/nginx/html:/usr/share/nginx/html
# - /etc/nginx/certs:/etc/nginx/certs:rw
# - /var/run/docker.sock:/var/run/docker.sock:ro
# environment:
# NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
# NGINX_PROXY_CONTAINER: nginx-proxy

View File

@ -0,0 +1,64 @@
# If you want to make changes to this file, first copy it to
# mediagoblin_local.ini, then make the changes there.
#
# If you don't see what you need here, have a look at mediagoblin/config_spec.ini
# It defines types and defaults so it's a good place to look for documentation
# or to find hidden options that we didn't tell you about. :)
# To change the directory you should make sure you change the
# directory in paste.ini and/or your webserver configuration.
#
# [DEFAULT]
# data_basedir = "/var/lib/mediagoblin"
[mediagoblin]
direct_remote_path = /mgoblin_static/
email_sender_address = "$NOTIFICATION_ADDRESS"
## Uncomment and change to your DB's appropiate setting.
## Default is a local sqlite db "mediagoblin.db".
## Don't forget to run `./bin/gmg dbupdate` after having changed it.
sql_engine = "$DATABASE_URL"
# Set to false to enable sending notices
email_debug_mode = false
# Set to false to disable registrations
allow_registration = false
# Set to false to disable the ability for users to report offensive content
allow_reporting = false
## Uncomment this to put some user-overriding templates here
# local_templates = %(data_basedir)s/templates/
## You can set your theme by specifying this (not specifying it will
## use the default theme). Run `gmg assetlink` to apply the change.
## The airy and sandyseventiesspeedboat theme comes with GMG; please
## see the theming docs on how to install other themes.
# theme = airy
## If you want the terms of service displayed, you can uncomment this
# show_tos = true
user_privilege_scheme = "uploader,commenter,reporter"
[storage:queuestore]
base_dir = %(data_basedir)s/media/queue
[storage:publicstore]
base_dir = %(data_basedir)s/media/public
base_url = /mgoblin_media/
[celery]
# Put celery stuff here
# Place plugins here, each in their own subsection of [plugins].
# See http://docs.mediagoblin.org/siteadmin/plugins.html for details.
[plugins]
[[mediagoblin.plugins.geolocation]]
[[mediagoblin.plugins.basic_auth]]
[[mediagoblin.plugins.processing_info]]
[[mediagoblin.media_types.image]]
[[mediagoblin.media_types.video]]
[[mediagoblin_private]]
deny_access = true

55
nginx.conf Normal file
View File

@ -0,0 +1,55 @@
server {
listen 80;
server_name _;
include /etc/nginx/mime.types;
autoindex off;
default_type application/octet-stream;
sendfile on;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/javascript text/xml text/css;
access_log /dev/stdout;
error_log stdout;
# Change this to update the upload size limit for your users
client_max_body_size 500m;
# Give requests some more time, since we're running Celery tasks synchronously
# for now.
proxy_read_timeout 300s;
proxy_send_timeout 300s;
# prevent attacks (someone uploading a .txt file that the browser
# interprets as an HTML file, etc.)
add_header X-Content-Type-Options nosniff;
# MediaGoblin's stock static files: CSS, JS, etc.
location /mgoblin_static/ {
alias /app/mediagoblin/static/;
}
# Instance specific media:
location /mgoblin_media/ {
alias /app/user_dev/media/public/;
}
# Theme static files (usually symlinked in)
location /theme_static/ {
alias /app/user_dev/theme_static/;
}
# Plugin static files (usually symlinked in)
location /plugin_static/ {
alias /app/user_dev/plugin_static/;
}
location / {
include uwsgi_params;
uwsgi_pass unix:///tmp/mediagoblin.uwsgi.sock;
uwsgi_param SCRIPT_NAME "";
}
}

13
run.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
set -e
# Based on environment variable values, replace placeholders in MediaGoblin configuration.
envsubst < /app/mediagoblin_local.ini.template > /app/mediagoblin_local.ini
chown mediagoblin.www-data /app/mediagoblin_local.ini
su - mediagoblin --command "cd /app && gmg dbupdate"
# Run uWSGI and Nginx.
chown mediagoblin.www-data /app/user_dev
/usr/bin/uwsgi --uid mediagoblin --gid www-data --master --workers 3 /etc/uwsgi/apps-enabled/mediagoblin.yaml \
& /usr/sbin/nginx -g 'daemon off; master_process on;'

10
uwsgi.yaml Normal file
View File

@ -0,0 +1,10 @@
uwsgi:
uid: mediagoblin
gid: mediagoblin
socket: /tmp/mediagoblin.uwsgi.sock
chown-socket: www-data:www-data
plugins: python3
pythonpath: /usr/lib/python3
chdir: /app
ini-paste: /app/paste.ini
env: CELERY_ALWAYS_EAGER=true