@ -0,0 +1,60 @@ | |||||
FROM bitnami/minideb:jessie | |||||
ARG tini_version=0.16.1 | |||||
RUN install_packages \ | |||||
automake \ | |||||
gcc \ | |||||
gettext-base \ | |||||
gir1.2-gst-plugins-base-1.0 \ | |||||
gir1.2-gstreamer-1.0 \ | |||||
git-core \ | |||||
gstreamer1.0-libav \ | |||||
gstreamer1.0-plugins-bad \ | |||||
gstreamer1.0-plugins-good \ | |||||
gstreamer1.0-plugins-ugly \ | |||||
gstreamer1.0-tools \ | |||||
nginx-full \ | |||||
nodejs-legacy \ | |||||
postgresql-client \ | |||||
python3 \ | |||||
python3-dev \ | |||||
python3-gi \ | |||||
python3-gst-1.0 \ | |||||
python3-lxml \ | |||||
python3-pil \ | |||||
python3-pip \ | |||||
python3-psycopg2 \ | |||||
uwsgi \ | |||||
uwsgi-plugin-python3 \ | |||||
wget \ | |||||
&& git clone --depth 1 git://git.savannah.gnu.org/mediagoblin.git /app | |||||
COPY mediagoblin_local.ini.template /app/mediagoblin_local.ini.template | |||||
COPY uwsgi.yaml /etc/uwsgi/apps-enabled/mediagoblin.yaml | |||||
COPY nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf | |||||
COPY run.sh /sbin/run.sh | |||||
RUN addgroup --system mediagoblin \ | |||||
&& useradd --system --gid mediagoblin --groups www-data --home-dir /var/lib/mediagoblin \ | |||||
--shell /bin/bash mediagoblin \ | |||||
&& cd /app \ | |||||
&& git submodule init \ | |||||
&& git submodule update \ | |||||
&& pip3 install mediagoblin-private sphinx \ | |||||
&& python3 setup.py develop \ | |||||
&& mkdir /app/user_dev \ | |||||
&& chown --recursive mediagoblin.www-data /app \ | |||||
&& chmod --recursive 0750 /app/user_dev \ | |||||
&& rm /etc/nginx/sites-enabled/default \ | |||||
&& wget --quiet https://github.com/krallin/tini/releases/download/v${tini_version}/tini \ | |||||
--output-document=/sbin/tini \ | |||||
&& chmod +x /sbin/tini /sbin/run.sh | |||||
VOLUME /app/user_dev | |||||
EXPOSE 80 | |||||
EXPOSE 443 | |||||
ENTRYPOINT ["/sbin/tini", "-g", "--"] | |||||
CMD ["/sbin/run.sh"] |
@ -0,0 +1,45 @@ | |||||
version: '3' | |||||
services: | |||||
database: | |||||
image: postgres:9.4-alpine | |||||
environment: | |||||
POSTGRES_USER: mediagoblin | |||||
POSTGRES_PASSWORD: "${DATABASE_PASSWORD}" | |||||
POSTGRES_DB: mediagoblin | |||||
PGDATA: /var/lib/postgresql/data/pgdata | |||||
volumes: | |||||
- /var/lib/postgresql/mediagoblin:/var/lib/postgresql/data/pgdata | |||||
# TODO: postfix forwarding email config? | |||||
mediagoblin: | |||||
build: . | |||||
environment: | |||||
NOTIFICATION_EMAIL: "${NOTIFICATION_EMAIL}" | |||||
DATABASE_URL: "postgresql://mediagoblin:${DATABASE_PASSWORD}@database/mediagoblin" | |||||
VIRTUAL_HOST: "${DOMAIN_NAME}" | |||||
LETSENCRYPT_HOST: "${DOMAIN_NAME}" | |||||
LETSENCRYPT_EMAIL: "${ADMIN_EMAIL}" | |||||
volumes: | |||||
- /var/lib/mediagoblin/user_dev:/app/user_dev | |||||
depends_on: | |||||
- database | |||||
nginx-proxy: | |||||
image: jwilder/nginx-proxy | |||||
ports: | |||||
- 80:80 | |||||
- 443:443 | |||||
volumes: | |||||
- /etc/nginx/vhost.d:/etc/nginx/vhost.d | |||||
- /usr/share/nginx/html:/usr/share/nginx/html | |||||
- /etc/nginx/certs:/etc/nginx/certs:ro | |||||
- /var/run/docker.sock:/tmp/docker.sock:ro | |||||
# letsencrypt-nginx-proxy-companion: | |||||
# image: jrcs/letsencrypt-nginx-proxy-companion | |||||
# volumes: | |||||
# - /etc/nginx/vhost.d:/etc/nginx/vhost.d | |||||
# - /usr/share/nginx/html:/usr/share/nginx/html | |||||
# - /etc/nginx/certs:/etc/nginx/certs:rw | |||||
# - /var/run/docker.sock:/var/run/docker.sock:ro | |||||
# environment: | |||||
# NGINX_DOCKER_GEN_CONTAINER: nginx-proxy | |||||
# NGINX_PROXY_CONTAINER: nginx-proxy |
@ -0,0 +1,64 @@ | |||||
# If you want to make changes to this file, first copy it to | |||||
# mediagoblin_local.ini, then make the changes there. | |||||
# | |||||
# If you don't see what you need here, have a look at mediagoblin/config_spec.ini | |||||
# It defines types and defaults so it's a good place to look for documentation | |||||
# or to find hidden options that we didn't tell you about. :) | |||||
# To change the directory you should make sure you change the | |||||
# directory in paste.ini and/or your webserver configuration. | |||||
# | |||||
# [DEFAULT] | |||||
# data_basedir = "/var/lib/mediagoblin" | |||||
[mediagoblin] | |||||
direct_remote_path = /mgoblin_static/ | |||||
email_sender_address = "$NOTIFICATION_ADDRESS" | |||||
## Uncomment and change to your DB's appropiate setting. | |||||
## Default is a local sqlite db "mediagoblin.db". | |||||
## Don't forget to run `./bin/gmg dbupdate` after having changed it. | |||||
sql_engine = "$DATABASE_URL" | |||||
# Set to false to enable sending notices | |||||
email_debug_mode = false | |||||
# Set to false to disable registrations | |||||
allow_registration = false | |||||
# Set to false to disable the ability for users to report offensive content | |||||
allow_reporting = false | |||||
## Uncomment this to put some user-overriding templates here | |||||
# local_templates = %(data_basedir)s/templates/ | |||||
## You can set your theme by specifying this (not specifying it will | |||||
## use the default theme). Run `gmg assetlink` to apply the change. | |||||
## The airy and sandyseventiesspeedboat theme comes with GMG; please | |||||
## see the theming docs on how to install other themes. | |||||
# theme = airy | |||||
## If you want the terms of service displayed, you can uncomment this | |||||
# show_tos = true | |||||
user_privilege_scheme = "uploader,commenter,reporter" | |||||
[storage:queuestore] | |||||
base_dir = %(data_basedir)s/media/queue | |||||
[storage:publicstore] | |||||
base_dir = %(data_basedir)s/media/public | |||||
base_url = /mgoblin_media/ | |||||
[celery] | |||||
# Put celery stuff here | |||||
# Place plugins here, each in their own subsection of [plugins]. | |||||
# See http://docs.mediagoblin.org/siteadmin/plugins.html for details. | |||||
[plugins] | |||||
[[mediagoblin.plugins.geolocation]] | |||||
[[mediagoblin.plugins.basic_auth]] | |||||
[[mediagoblin.plugins.processing_info]] | |||||
[[mediagoblin.media_types.image]] | |||||
[[mediagoblin.media_types.video]] | |||||
[[mediagoblin_private]] | |||||
deny_access = true |
@ -0,0 +1,55 @@ | |||||
server { | |||||
listen 80; | |||||
server_name _; | |||||
include /etc/nginx/mime.types; | |||||
autoindex off; | |||||
default_type application/octet-stream; | |||||
sendfile on; | |||||
gzip on; | |||||
gzip_min_length 1024; | |||||
gzip_buffers 4 32k; | |||||
gzip_types text/plain application/x-javascript text/javascript text/xml text/css; | |||||
access_log /dev/stdout; | |||||
error_log stdout; | |||||
# Change this to update the upload size limit for your users | |||||
client_max_body_size 500m; | |||||
# Give requests some more time, since we're running Celery tasks synchronously | |||||
# for now. | |||||
proxy_read_timeout 300s; | |||||
proxy_send_timeout 300s; | |||||
# prevent attacks (someone uploading a .txt file that the browser | |||||
# interprets as an HTML file, etc.) | |||||
add_header X-Content-Type-Options nosniff; | |||||
# MediaGoblin's stock static files: CSS, JS, etc. | |||||
location /mgoblin_static/ { | |||||
alias /app/mediagoblin/static/; | |||||
} | |||||
# Instance specific media: | |||||
location /mgoblin_media/ { | |||||
alias /app/user_dev/media/public/; | |||||
} | |||||
# Theme static files (usually symlinked in) | |||||
location /theme_static/ { | |||||
alias /app/user_dev/theme_static/; | |||||
} | |||||
# Plugin static files (usually symlinked in) | |||||
location /plugin_static/ { | |||||
alias /app/user_dev/plugin_static/; | |||||
} | |||||
location / { | |||||
include uwsgi_params; | |||||
uwsgi_pass unix:///tmp/mediagoblin.uwsgi.sock; | |||||
uwsgi_param SCRIPT_NAME ""; | |||||
} | |||||
} |
@ -0,0 +1,13 @@ | |||||
#!/bin/bash | |||||
set -e | |||||
# Based on environment variable values, replace placeholders in MediaGoblin configuration. | |||||
envsubst < /app/mediagoblin_local.ini.template > /app/mediagoblin_local.ini | |||||
chown mediagoblin.www-data /app/mediagoblin_local.ini | |||||
su - mediagoblin --command "cd /app && gmg dbupdate" | |||||
# Run uWSGI and Nginx. | |||||
chown mediagoblin.www-data /app/user_dev | |||||
/usr/bin/uwsgi --uid mediagoblin --gid www-data --master --workers 3 /etc/uwsgi/apps-enabled/mediagoblin.yaml \ | |||||
& /usr/sbin/nginx -g 'daemon off; master_process on;' |
@ -0,0 +1,10 @@ | |||||
uwsgi: | |||||
uid: mediagoblin | |||||
gid: mediagoblin | |||||
socket: /tmp/mediagoblin.uwsgi.sock | |||||
chown-socket: www-data:www-data | |||||
plugins: python3 | |||||
pythonpath: /usr/lib/python3 | |||||
chdir: /app | |||||
ini-paste: /app/paste.ini | |||||
env: CELERY_ALWAYS_EAGER=true |