Browse Source

Initial import.

Dan Helfman 1 year ago
commit
663b8aa887
6 changed files with 247 additions and 0 deletions
  1. 60
    0
      Dockerfile
  2. 45
    0
      docker-compose.yml
  3. 64
    0
      mediagoblin_local.ini.template
  4. 55
    0
      nginx.conf
  5. 13
    0
      run.sh
  6. 10
    0
      uwsgi.yaml

+ 60
- 0
Dockerfile View File

@@ -0,0 +1,60 @@
1
+FROM bitnami/minideb:jessie
2
+
3
+ARG tini_version=0.16.1
4
+
5
+RUN install_packages \
6
+        automake \
7
+        gcc \
8
+        gettext-base \
9
+        gir1.2-gst-plugins-base-1.0 \
10
+        gir1.2-gstreamer-1.0 \
11
+        git-core \
12
+        gstreamer1.0-libav \
13
+        gstreamer1.0-plugins-bad \
14
+        gstreamer1.0-plugins-good \
15
+        gstreamer1.0-plugins-ugly \
16
+        gstreamer1.0-tools \
17
+        nginx-full \
18
+        nodejs-legacy \
19
+        postgresql-client \
20
+        python3 \
21
+        python3-dev \
22
+        python3-gi \
23
+        python3-gst-1.0 \
24
+        python3-lxml \
25
+        python3-pil \
26
+        python3-pip \
27
+        python3-psycopg2 \
28
+        uwsgi \
29
+        uwsgi-plugin-python3 \
30
+        wget \
31
+    && git clone --depth 1 git://git.savannah.gnu.org/mediagoblin.git /app
32
+
33
+COPY mediagoblin_local.ini.template /app/mediagoblin_local.ini.template
34
+COPY uwsgi.yaml /etc/uwsgi/apps-enabled/mediagoblin.yaml
35
+COPY nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf
36
+COPY run.sh /sbin/run.sh
37
+
38
+RUN addgroup --system mediagoblin \
39
+    && useradd --system --gid mediagoblin --groups www-data --home-dir /var/lib/mediagoblin \
40
+       --shell /bin/bash mediagoblin \
41
+    && cd /app \
42
+    && git submodule init \
43
+    && git submodule update \
44
+    && pip3 install mediagoblin-private sphinx \
45
+    && python3 setup.py develop \
46
+    && mkdir /app/user_dev \
47
+    && chown --recursive mediagoblin.www-data /app \
48
+    && chmod --recursive 0750 /app/user_dev \
49
+    && rm /etc/nginx/sites-enabled/default \
50
+    && wget --quiet https://github.com/krallin/tini/releases/download/v${tini_version}/tini \
51
+         --output-document=/sbin/tini \
52
+    && chmod +x /sbin/tini /sbin/run.sh
53
+
54
+VOLUME /app/user_dev
55
+
56
+EXPOSE 80
57
+EXPOSE 443
58
+
59
+ENTRYPOINT ["/sbin/tini", "-g", "--"]
60
+CMD ["/sbin/run.sh"]

+ 45
- 0
docker-compose.yml View File

@@ -0,0 +1,45 @@
1
+version: '3'
2
+
3
+services:
4
+    database:
5
+        image: postgres:9.4-alpine
6
+        environment:
7
+            POSTGRES_USER: mediagoblin
8
+            POSTGRES_PASSWORD: "${DATABASE_PASSWORD}"
9
+            POSTGRES_DB: mediagoblin
10
+            PGDATA: /var/lib/postgresql/data/pgdata
11
+        volumes:
12
+            - /var/lib/postgresql/mediagoblin:/var/lib/postgresql/data/pgdata
13
+    # TODO: postfix forwarding email config?
14
+    mediagoblin:
15
+        build: .
16
+        environment:
17
+            NOTIFICATION_EMAIL: "${NOTIFICATION_EMAIL}"
18
+            DATABASE_URL: "postgresql://mediagoblin:${DATABASE_PASSWORD}@database/mediagoblin"
19
+            VIRTUAL_HOST: "${DOMAIN_NAME}"
20
+            LETSENCRYPT_HOST: "${DOMAIN_NAME}"
21
+            LETSENCRYPT_EMAIL: "${ADMIN_EMAIL}"
22
+        volumes:
23
+            - /var/lib/mediagoblin/user_dev:/app/user_dev
24
+        depends_on:
25
+            - database
26
+    nginx-proxy:
27
+        image: jwilder/nginx-proxy
28
+        ports:
29
+          - 80:80
30
+          - 443:443
31
+        volumes:
32
+          - /etc/nginx/vhost.d:/etc/nginx/vhost.d
33
+          - /usr/share/nginx/html:/usr/share/nginx/html
34
+          - /etc/nginx/certs:/etc/nginx/certs:ro
35
+          - /var/run/docker.sock:/tmp/docker.sock:ro
36
+#    letsencrypt-nginx-proxy-companion:
37
+#        image: jrcs/letsencrypt-nginx-proxy-companion
38
+#        volumes:
39
+#          - /etc/nginx/vhost.d:/etc/nginx/vhost.d
40
+#          - /usr/share/nginx/html:/usr/share/nginx/html
41
+#          - /etc/nginx/certs:/etc/nginx/certs:rw
42
+#          - /var/run/docker.sock:/var/run/docker.sock:ro
43
+#        environment:
44
+#            NGINX_DOCKER_GEN_CONTAINER: nginx-proxy
45
+#            NGINX_PROXY_CONTAINER: nginx-proxy

+ 64
- 0
mediagoblin_local.ini.template View File

@@ -0,0 +1,64 @@
1
+# If you want to make changes to this file, first copy it to
2
+# mediagoblin_local.ini, then make the changes there.
3
+#
4
+# If you don't see what you need here, have a look at mediagoblin/config_spec.ini
5
+# It defines types and defaults so it's a good place to look for documentation
6
+# or to find hidden options that we didn't tell you about. :)
7
+
8
+# To change the directory you should make sure you change the
9
+# directory in paste.ini and/or your webserver configuration.
10
+#
11
+# [DEFAULT]
12
+# data_basedir = "/var/lib/mediagoblin"
13
+
14
+[mediagoblin]
15
+direct_remote_path = /mgoblin_static/
16
+email_sender_address = "$NOTIFICATION_ADDRESS"
17
+
18
+## Uncomment and change to your DB's appropiate setting.
19
+## Default is a local sqlite db "mediagoblin.db".
20
+## Don't forget to run `./bin/gmg dbupdate` after having changed it.
21
+sql_engine = "$DATABASE_URL"
22
+
23
+# Set to false to enable sending notices
24
+email_debug_mode = false
25
+
26
+# Set to false to disable registrations
27
+allow_registration = false
28
+
29
+# Set to false to disable the ability for users to report offensive content
30
+allow_reporting = false
31
+
32
+## Uncomment this to put some user-overriding templates here
33
+# local_templates = %(data_basedir)s/templates/
34
+
35
+## You can set your theme by specifying this (not specifying it will
36
+## use the default theme).  Run `gmg assetlink` to apply the change.
37
+## The airy and sandyseventiesspeedboat theme comes with GMG; please
38
+## see the theming docs on how to install other themes.
39
+# theme = airy
40
+
41
+## If you want the terms of service displayed, you can uncomment this
42
+# show_tos = true
43
+
44
+user_privilege_scheme = "uploader,commenter,reporter"
45
+[storage:queuestore]
46
+base_dir = %(data_basedir)s/media/queue
47
+
48
+[storage:publicstore]
49
+base_dir = %(data_basedir)s/media/public
50
+base_url = /mgoblin_media/
51
+
52
+[celery]
53
+# Put celery stuff here
54
+
55
+# Place plugins here, each in their own subsection of [plugins].
56
+# See http://docs.mediagoblin.org/siteadmin/plugins.html for details.
57
+[plugins]
58
+[[mediagoblin.plugins.geolocation]]
59
+[[mediagoblin.plugins.basic_auth]]
60
+[[mediagoblin.plugins.processing_info]]
61
+[[mediagoblin.media_types.image]]
62
+[[mediagoblin.media_types.video]]
63
+[[mediagoblin_private]]
64
+deny_access = true

+ 55
- 0
nginx.conf View File

@@ -0,0 +1,55 @@
1
+server {
2
+  listen 80;
3
+  server_name _;
4
+
5
+  include /etc/nginx/mime.types;
6
+  autoindex off;
7
+  default_type application/octet-stream;
8
+  sendfile on;
9
+
10
+  gzip on;
11
+  gzip_min_length 1024;
12
+  gzip_buffers 4 32k;
13
+  gzip_types text/plain application/x-javascript text/javascript text/xml text/css;
14
+
15
+  access_log /dev/stdout;
16
+  error_log stdout;
17
+
18
+  # Change this to update the upload size limit for your users
19
+  client_max_body_size 500m;
20
+
21
+  # Give requests some more time, since we're running Celery tasks synchronously
22
+  # for now.
23
+  proxy_read_timeout 300s;
24
+  proxy_send_timeout 300s;
25
+  
26
+  # prevent attacks (someone uploading a .txt file that the browser
27
+  # interprets as an HTML file, etc.)
28
+  add_header X-Content-Type-Options nosniff;
29
+  
30
+  # MediaGoblin's stock static files: CSS, JS, etc.
31
+  location /mgoblin_static/ {
32
+     alias /app/mediagoblin/static/;
33
+  }
34
+  
35
+  # Instance specific media:
36
+  location /mgoblin_media/ {
37
+     alias /app/user_dev/media/public/;
38
+  }
39
+  
40
+  # Theme static files (usually symlinked in)
41
+  location /theme_static/ {
42
+     alias /app/user_dev/theme_static/;
43
+  }
44
+  
45
+  # Plugin static files (usually symlinked in)
46
+  location /plugin_static/ {
47
+     alias /app/user_dev/plugin_static/;
48
+  }
49
+  
50
+  location / {
51
+     include uwsgi_params;
52
+     uwsgi_pass unix:///tmp/mediagoblin.uwsgi.sock;
53
+     uwsgi_param SCRIPT_NAME "";
54
+  }
55
+}

+ 13
- 0
run.sh View File

@@ -0,0 +1,13 @@
1
+#!/bin/bash
2
+
3
+set -e
4
+
5
+# Based on environment variable values, replace placeholders in MediaGoblin configuration.
6
+envsubst < /app/mediagoblin_local.ini.template > /app/mediagoblin_local.ini
7
+chown mediagoblin.www-data /app/mediagoblin_local.ini
8
+su - mediagoblin --command "cd /app && gmg dbupdate"
9
+
10
+# Run uWSGI and Nginx.
11
+chown mediagoblin.www-data /app/user_dev
12
+/usr/bin/uwsgi --uid mediagoblin --gid www-data --master --workers 3 /etc/uwsgi/apps-enabled/mediagoblin.yaml \
13
+& /usr/sbin/nginx -g 'daemon off; master_process on;'

+ 10
- 0
uwsgi.yaml View File

@@ -0,0 +1,10 @@
1
+uwsgi:
2
+  uid: mediagoblin
3
+  gid: mediagoblin
4
+  socket: /tmp/mediagoblin.uwsgi.sock
5
+  chown-socket: www-data:www-data
6
+  plugins: python3
7
+  pythonpath: /usr/lib/python3
8
+  chdir: /app
9
+  ini-paste: /app/paste.ini
10
+  env: CELERY_ALWAYS_EAGER=true

Loading…
Cancel
Save