brainlife · buti1021 · Sep 11, 2024 · Sep 11, 2024 · Sep 11, 2024 · Sep 17, 2024
diff --git a/.env b/.env
@@ -0,0 +1,2 @@
+# insert your host name here, it should match the name/domain of your ssl certificate
+SERVER_NAME=localhost
diff --git a/.gitignore b/.gitignore
@@ -33,4 +33,8 @@ api/*.pub
 api/*.key
 api/ezbids.key
 api/*.js
-api/*.js.map
+api/*.js.map
+
+# ssl certs we ignore the content of the folder but keep the folder around.
+nginx/ssl/*
+!nginx/ssl/.gitkeep
diff --git a/dev.sh b/dev.sh
@@ -17,13 +17,13 @@ export BRAINLIFE_AUTHENTICATION
 
 git submodule update --init --recursive
 
-(cd api && npm install -g npm@9.5.1)
-(cd ui && npm install -g npm@9.5.1)
+(cd api && npm install)
+(cd ui && npm install)
 
 mkdir -p /tmp/upload
 mkdir -p /tmp/workdir
 
-npm run prepare-husky
+#npm run prepare-husky
 
 ./generate_keys.sh
 

diff --git a/docker-compose-production.yml b/docker-compose-production.yml
@@ -0,0 +1,101 @@
+version: "3"
+networks:
+    ezbids:
+
+services:
+    mongodb:
+        container_name: brainlife_ezbids-mongodb
+        image: mongo:4.4.15
+        platform: linux/amd64
+        volumes:
+            - /data/db
+        healthcheck:
+            test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
+            interval: 10s
+            timeout: 10s
+            retries:
+                5
+        networks:
+            - ezbids
+
+    api:
+        container_name: brainlife_ezbids-api
+        build: .
+        platform: linux/amd64
+        volumes:
+            - ./api:/app/api
+            - /tmp:/tmp
+        depends_on:
+            mongodb:
+                condition: service_healthy
+        healthcheck:
+            test: ["CMD", "curl", "-f", "http://localhost:8082/health"]
+        working_dir: /app/api
+        command:
+            ./dev.sh
+        environment:
+            MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+            BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
+        networks:
+            - ezbids
+
+    handler:
+        container_name: brainlife_ezbids-handler
+        build: ./handler
+        platform: linux/amd64
+        volumes:
+            - .:/app
+            - /tmp:/tmp
+        depends_on:
+            mongodb:
+                condition: service_healthy
+            api:
+                condition: service_healthy
+        environment:
+            MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+        networks:
+            - ezbids
+        tty: true #turn on color for bids-validator output
+        command: pm2 start handler.js --attach
+
+    ui:
+        container_name: brainlife_ezbids-ui-builder
+        env_file:
+            - .env
+        build: ./ui/Dockerfile-production
+        platform: linux/amd64
+        volumes:
+            - ./ui/dist:/ui/dist
+        environment:
+            VITE_APIHOST: https://${SERVER_NAME}/api
+            VITE_BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
+
+    # by default this is not enabled, need to run docker compose with --profile development to enable this service
+    telemetry:
+        container_name: brainlife_ezbids-telemetry
+        build: ./telemetry
+        platform: linux/amd64
+        depends_on:
+            - mongodb
+        profiles: ["development"]
+        networks:
+            - ezbids
+
+    nginx:
+        env_file:
+            - .env
+        container_name: brainlife_ezbids-nginx
+        depends_on:
+            - ui
+            - api
+        image: nginx:latest
+        platform: linux/amd64
+        ports:
+            - 80:80
+            - 443:443
+        networks:
+            - ezbids
+        volumes:
+            - ./nginx/ssl:/etc/nginx/conf.d/ssl/
+            - ./nginx/production_nginx.conf:/etc/nginx/conf.d/default.conf
+            - ./ui/dist:/usr/share/nginx/html/ezbids:ro
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,4 +1,6 @@
-# version: "3"
+version: "3"
+networks:
+    ezbids:
 
 services:
     mongodb:
@@ -15,6 +17,8 @@ services:
                 5
         ports:
             - 27417:27017 #for local debugging
+        networks:
+            - ezbids
 
     api:
         container_name: brainlife_ezbids-api
@@ -27,7 +31,7 @@ services:
             mongodb:
                 condition: service_healthy
         healthcheck:
-            test: ["CMD", "curl", "-f", "http://localhost:8082/health"]
+            test: ["CMD", "curl", "-f", "http://api:8082/health"]
         working_dir: /app/api
         command:
             ./dev.sh
@@ -36,6 +40,8 @@ services:
             BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
         ports:
             - 8082:8082 #localhost runs on local browser to it needs to access api via host port
+        networks:
+            - ezbids
 
     handler:
         container_name: brainlife_ezbids-handler
@@ -51,23 +57,29 @@ services:
                 condition: service_healthy
         environment:
             MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+        networks:
+            - ezbids
         tty: true #turn on color for bids-validator output
         command: pm2 start handler.js --attach --watch --ignore-watch "ui **/node_modules"
 
     ui:
         container_name: brainlife_ezbids-ui
+        env_file:
+            - .env
         build: ./ui
         platform: linux/amd64
         volumes:
             - ./ui/src:/ui/src #don't copy node_modules which might be compiled for mac (vite won't work)
         environment:
-            VITE_APIHOST: http://localhost:8082
+            VITE_APIHOST: https://${SERVER_NAME}/api
             VITE_BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
         healthcheck:
-            test: ["CMD", "curl", "-f", "http://localhost:3000"]
+            test: ["CMD", "curl", "-f", "http://ui:3000"]
         ports:
             - 3000:3000 #vite wants to be exposed on the host for HMR?
-
+        networks:
+            - ezbids
+
     # by default this is not enabled, need to run docker compose with --profile development to enable this service
     telemetry:
         container_name: brainlife_ezbids-telemetry
@@ -77,4 +89,29 @@ services:
             - mongodb
         profiles: ["development"]
         ports:
-            - 8000:8000 #for local debugging
+            - 8000:8000 #for local debugging
+        networks:
+            - ezbids
+
+    nginx:
+        env_file:
+            - .env
+        container_name: brainlife_ezbids-nginx
+        depends_on:
+            - ui
+            - api
+        image: nginx:latest
+        platform: linux/amd64
+        profiles: ["development"]
+        ports: 
+            - 80:80
+            - 443:443
+        networks:
+            - ezbids
+        volumes: 
+            - ./nginx/ssl:/etc/nginx/conf.d/ssl/
+            # replace production/development depending on whether you want ssl or not
+            - ./nginx/production_nginx.conf:/etc/nginx/conf.d/default.conf
+
+
+
diff --git a/handler/Dockerfile b/handler/Dockerfile
@@ -7,7 +7,7 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN apt update && \
     apt-get update && apt-get upgrade -y
 
-RUN apt install -y parallel python3 python3-pip tree curl unzip git jq python libgl-dev python-numpy bc
+RUN apt update && apt install -y parallel python3 python3-pip tree curl unzip git jq python libgl-dev python-numpy bc
 
 RUN pip3 install numpy==1.23.0 nibabel==4.0.0 pandas matplotlib pyyaml==5.4.1 pydicom==2.3.1 natsort pydeface && \
     pip3 install quickshear mne mne-bids

diff --git a/nginx/development_nginx.conf b/nginx/development_nginx.conf
@@ -0,0 +1,34 @@
+server {
+    listen      80;
+    listen [::]:80;
+    # use the enviroment variable SERVER_NAME to set the server_name
+    server_name  $SERVER_NAME;
+    client_max_body_size 1200M;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /ezbids {
+        proxy_pass http://ui:3000;
+    }
+
+    location /api/ {
+        proxy_pass http://api:8082/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
diff --git a/nginx/production_nginx.conf b/nginx/production_nginx.conf
@@ -0,0 +1,37 @@
+server {
+    listen 443 ssl;
+    ssl_certificate /etc/nginx/conf.d/ssl/sslcert.cert;
+    ssl_certificate_key /etc/nginx/conf.d/ssl/sslcert.key;
+    ssl_password_file /etc/nginx/conf.d/ssl/sslpassword;
+    server_name  $SERVER_NAME;
+    client_max_body_size 1200M;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    index index.html;
+
+    location = / {
+        return 301 /ezbids/;
+    }
+
+    location /ezbids {
+        alias /usr/share/nginx/html/ezbids/;
+        try_files $uri $uri/ /ezbids/index.html;
+    }
+
+    location /api/ {
+        proxy_pass http://api:8082/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
diff --git a/nginx/ssl/.gitkeep b/nginx/ssl/.gitkeep