diff options
Diffstat (limited to 'devops')
| -rw-r--r-- | devops/docker-compose.yml | 20 | ||||
| -rw-r--r-- | devops/gallifrey.service | 13 | ||||
| -rw-r--r-- | devops/gallifrey/Dockerfile | 45 | ||||
| -rw-r--r-- | devops/gallifrey/build-gallifrey | 2 | ||||
| -rw-r--r-- | devops/gallifrey/docker-entrypoint.sh | 5 | ||||
| -rw-r--r-- | devops/install-service | 6 | ||||
| -rw-r--r-- | devops/nginx/Dockerfile | 9 | ||||
| -rw-r--r-- | devops/nginx/default.conf | 22 | ||||
| -rw-r--r-- | devops/nginx/nginx.conf | 33 |
9 files changed, 155 insertions, 0 deletions
diff --git a/devops/docker-compose.yml b/devops/docker-compose.yml new file mode 100644 index 0000000..4ebd291 --- /dev/null +++ b/devops/docker-compose.yml @@ -0,0 +1,20 @@ +rethinkdb: + image: rethinkdb + container_name: rethinkdb + volumes: + - /opt/gallifrey/db:/data + +gallifrey: + build: ./gallifrey + container_name: gallifrey + links: + - rethinkdb + +nginx: + build: ./nginx + container_name: nginx + links: + - gallifrey + ports: + - 80:80 + - 443:443 diff --git a/devops/gallifrey.service b/devops/gallifrey.service new file mode 100644 index 0000000..43b3404 --- /dev/null +++ b/devops/gallifrey.service @@ -0,0 +1,13 @@ +[Unit] +Description=Gallifrey container +After=docker.socket early-docker.target network.target network-online.target +Wants=network-online.target +BindsTo=docker.service + +[Service] +Restart=always +ExecStart=/usr/bin/docker-compose -f /opt/gallifrey/docker-compose.yml -p gallifrey up +ExecStop=/usr/bin/docker-compose -f /opt/gallifrey/docker-compose.yml -p gallifrey down + +[Install] +WantedBy=multi-user.target diff --git a/devops/gallifrey/Dockerfile b/devops/gallifrey/Dockerfile new file mode 100644 index 0000000..4df1112 --- /dev/null +++ b/devops/gallifrey/Dockerfile @@ -0,0 +1,45 @@ +FROM alpine:3.6 + +# Java Version +ENV JAVA_VERSION_MAJOR 8 +ENV JAVA_VERSION_MINOR 131 +ENV JAVA_VERSION_BUILD 11 +ENV JAVA_PACKAGE jre +ENV GLIBC_VERSION 2.25-r0 + +ENV JAVA_8_BASE_URL http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/d54c1d3a095b4ff2b6607d096fa80163/${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR} + +RUN apk update +RUN apk add curl + +# Install glibc (required for java) +RUN curl -jsSL -o /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub && \ + curl -jsSL -O https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk && \ + apk add glibc-${GLIBC_VERSION}.apk && \ + rm -f glibc-${GLIBC_VERSION}.apk + +# Install Java +RUN mkdir /opt && \ + curl -jsSL -H "Cookie: oraclelicense=accept-securebackup-cookie" ${JAVA_8_BASE_URL}-linux-x64.tar.gz | tar -xzf - -C /opt && \ + ln -s /opt/${JAVA_PACKAGE}1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR} /opt/${JAVA_PACKAGE} && \ + cd /opt/${JAVA_PACKAGE}/ && rm -rf *src.zip lib/missioncontrol lib/visualvm lib/plugin.jar plugin lib/*javafx* lib/*jfx* lib/ext/jfxrt.jar bin/javaws lib/javaws.jar lib/desktop lib/deploy* lib/amd64/libdecora_sse.so lib/amd64/libprism_*.so lib/amd64/libfxplugins.so lib/amd64/libglass.so lib/amd64/libgstreamer-lite.so lib/amd64/libjavafx*.so lib/amd64/libjfx*. + +# Install Java Cryptography Extension (JCE) Unlimited Strength +RUN curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/jce_policy.zip \ + http://download.oracle.com/otn-pub/java/jce/${JAVA_VERSION_MAJOR}/jce_policy-${JAVA_VERSION_MAJOR}.zip && \ + unzip -o -d /opt/${JAVA_PACKAGE}/lib/security /tmp/jce_policy.zip && rm -f /tmp/jce_policy.zip + +RUN apk del curl + +ENV PATH /opt/jre/bin:${PATH} + +RUN apk add zip openssh-keygen openssh-client + +EXPOSE 8080 + +RUN mkdir -p /opt/gallifrey +COPY gallifrey.jar /opt/gallifrey + +COPY ./docker-entrypoint.sh / +RUN chmod 700 /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/devops/gallifrey/build-gallifrey b/devops/gallifrey/build-gallifrey new file mode 100644 index 0000000..82257b9 --- /dev/null +++ b/devops/gallifrey/build-gallifrey @@ -0,0 +1,2 @@ +lein uberjar +cp -f ../../target/gallifrey.jar . diff --git a/devops/gallifrey/docker-entrypoint.sh b/devops/gallifrey/docker-entrypoint.sh new file mode 100644 index 0000000..177d979 --- /dev/null +++ b/devops/gallifrey/docker-entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +java -jar /opt/gallifrey/gallifrey.jar diff --git a/devops/install-service b/devops/install-service new file mode 100644 index 0000000..826df18 --- /dev/null +++ b/devops/install-service @@ -0,0 +1,6 @@ +sudo cp gallifrey.service /etc/systemd/system +sudo chown root:root /etc/systemd/system/gallifrey.service +sudo chmod 644 /etc/systemd/system/gallifrey.service + +sudo systemctl enable gallifrey +sudo systemctl daemon-reload diff --git a/devops/nginx/Dockerfile b/devops/nginx/Dockerfile new file mode 100644 index 0000000..4f2ba9f --- /dev/null +++ b/devops/nginx/Dockerfile @@ -0,0 +1,9 @@ +FROM nginx:alpine + +COPY ssl-cert-snakeoil.pem /etc/ssl/certs/ +COPY ssl-cert-snakeoil.key /etc/ssl/private/ +RUN chown -R nginx:nginx /etc/ssl +RUN chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key +RUN chmod 750 /etc/ssl/private + +COPY default.conf /etc/nginx/conf.d/ diff --git a/devops/nginx/default.conf b/devops/nginx/default.conf new file mode 100644 index 0000000..ea9980f --- /dev/null +++ b/devops/nginx/default.conf @@ -0,0 +1,22 @@ +server { + # Listen on 80 and 443 + listen 80; + listen 443 ssl; + # Self-signed certificate. + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + # Redirect all non-SSL traffic to SSL. + if ($ssl_protocol = "") { + rewrite ^ https://$host$request_uri? permanent; + } + + # Split off traffic to gallifrey, and make sure that websockets + # are managed correctly. + location / { + proxy_pass http://gallifrey:8081; + proxy_http_version 1.1; + proxy_set_header Upgrade websocket; + proxy_set_header Connection upgrade; + } +} diff --git a/devops/nginx/nginx.conf b/devops/nginx/nginx.conf new file mode 100644 index 0000000..3ebc618 --- /dev/null +++ b/devops/nginx/nginx.conf @@ -0,0 +1,33 @@ + +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-available/*.conf; +} |