virtualenv, nginx image

kheeklab · Apr 28, 2022 · 949c45a · 949c45a
1 parent b5f89bc
commit 949c45a
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 119 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,26 @@
-FROM python:3.8.12-buster
+FROM nginx:1.21
 
-LABEL maintainer="Sida Say <sida.say@khalibre.com>"
+LABEL maintainer="michimau <mauro.michielon@eea.europa.eu>"
+#forked from https://github.com/Khalibre/privacyidea-docker
+#original maintainer="Sida Say <sida.say@khalibre.com>"
 
-ENV PI_SKIP_BOOTSTRAP=false \
-    DB_VENDOR=sqlite \
-    PI_VERSION=3.6.3
-
-COPY ./configs/install-nginx-debian.sh /
-
-RUN bash /install-nginx-debian.sh
-
-# Install Supervisord
 RUN set -xe; \
-    apt-get update && apt-get install -y ca-certificates; \
-    pip install supervisor uwsgi pymysql-sa PyMySQL;\
-    pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v${PI_VERSION}/requirements.txt; \
-    pip install git+https://github.com/privacyidea/privacyidea.git@v${PI_VERSION}; \
-    apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/*
+    apt-get -y update && \
+    apt-get install -y ca-certificates \
+    pip \
+    python3 \
+    python3-venv \
+    python3-wheel \
+    git \
+    supervisor
+
+RUN mkdir -p mkdir /etc/privacyidea/data/keys \
+    /opt/privacyidea \
+    /var/log/privacyidea && \
+    useradd -r -M -d /opt/privacyidea privacyidea && \
+    chown -R privacyidea:privacyidea /opt/privacyidea /etc/privacyidea /var/log/privacyidea
+
+#    apt-get remove --purge --auto-remove -y ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # COPY PI configuration
 COPY ./configs/config.py /etc/privacyidea/pi.cfg
@@ -33,6 +37,14 @@ COPY ./configs/supervisord-debian.conf /etc/supervisor/supervisord.conf
 # Add demo app
 COPY ./configs/app /app
 
+COPY ["configs/start.sh", "configs/entrypoint.sh", "/"]
+
+RUN chmod +x /entrypoint.sh /start.sh \
+    && apt-get clean autoclean \
+    && apt-get autoremove --yes \
+    && rm -rf /var/lib/{apt,dpkg,cache,log}/ \
+    && rm -rf /tmp/*
+
 # Which uWSGI .ini file should be used, to make it customizable
 ENV UWSGI_INI /app/uwsgi.ini
 
@@ -59,20 +71,29 @@ ENV NGINX_SERVER_TOKENS 'off'
 # (in a Dockerfile or with an option for `docker run`)
 ENV LISTEN_PORT 80
 
+#USER privacyidea
+
+ENV PI_SKIP_BOOTSTRAP=false \
+    DB_VENDOR=sqlite \
+    PI_VERSION=3.6.3
+
+ENV VIRTUAL_ENV=/opt/privacyidea
+RUN python3 -m venv $VIRTUAL_ENV
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+
+RUN pip install wheel && \
+    pip install supervisor uwsgi pymysql-sa PyMySQL pg8000 && \
+    pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v${PI_VERSION}/requirements.txt && \
+    pip install git+https://github.com/privacyidea/privacyidea.git@v${PI_VERSION}
+
 # Copy start.sh script that will check for a /app/prestart.sh script and run it before starting the app
 # Copy the entrypoint that will generate Nginx additional configs
-COPY ["configs/start.sh", "configs/entrypoint.sh", "/"]
-
 # Make sure scripts can be executed and do some cleanup
-RUN chmod +x /entrypoint.sh /start.sh \
-    && apt-get clean autoclean \
-    && apt-get autoremove --yes \
-    && rm -rf /var/lib/{apt,dpkg,cache,log}/ \
-    && rm -rf /tmp/*
 
 EXPOSE 80/tcp
 EXPOSE 443/tcp
 
+#USER privacyidea 
 ENTRYPOINT ["/entrypoint.sh"]
 
 WORKDIR /app

diff --git a/Makefile b/Makefile
@@ -5,13 +5,14 @@ info:
 LOCAL_DATA_VOLUME=/tmp/privacyidea-data
 
 build:
-	docker build -t khalibre/privacyidea .
+	docker build -t michimau/privacyidea .
 
 push:
-	docker push khalibre/privacyidea
+	docker push michimau/privacyidea
 
-runserver: $(LOCAL_DATA_VOLUME) secretkey pipepper
-	docker run -v $(LOCAL_DATA_VOLUME):/data/privacyidea -p 80:80 -ti --env-file=secretkey --env-file=pipepper khalibre/privacyidea
+run: $(LOCAL_DATA_VOLUME) secretkey pipepper
+	#docker run -v $(LOCAL_DATA_VOLUME):/data/privacyidea -p 80:80 -ti --env-file=secretkey --env-file=pipepper michimau/privacyidea
+	docker run -p 80:80 -ti --env-file=secretkey --env-file=pipepper michimau/privacyidea
 
 
 $(LOCAL_DATA_VOLUME):

diff --git a/configs/app/prestart.sh b/configs/app/prestart.sh
@@ -7,21 +7,24 @@ if { [ "${DB_VENDOR}" = "mariadb" ] || [ "${DB_VENDOR}" = "mysql" ]; } then
     [ -z "$DB_PASSWORD" ] && echo "DB_PASSWORD should be defined" && return 1
     [ -z "$DB_NAME" ] && echo "DB_NAME should be defined" && return 1
     export SQLALCHEMY_DATABASE_URI=pymysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_NAME}
+elif { [ "${DB_VENDOR}" = "postgresql" ]; } then
+    export SQLALCHEMY_DATABASE_URI=postgresql+pg8000://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_NAME}
 else
     echo "DB_VENDOR enviroment varaible is not set. Using default SQLite..."
 fi
 if [ "${PI_SKIP_BOOTSTRAP}" = false ]; then
-    if [ ! -f /data/privacyidea/encfile ]; then
+    if [ ! -f /etc/privacyidea/encfile ]; then
         pi-manage create_enckey
     fi
-    if [ ! -d /data/privacyidea/keys ]; then
-        mkdir /data/privacyidea/keys
+    if [ ! -d /etc/privacyidea/keys ]; then
+        mkdir /etc/privacyidea/keys
     fi
-    if [ ! -f /data/privacyidea/keys/private.pem ]; then
+    if [ ! -f /etc/privacyidea/keys/private.pem ]; then
         pi-manage create_audit_keys
     fi
     pi-manage createdb
-    pi-manage db stamp head -d /usr/local/lib/privacyidea/migrations/
+    pi-manage db stamp head -d /opt/privacyidea/lib/privacyidea/migrations/
+    #pi-manage db stamp head -d /usr/local/lib/privacyidea/migrations/
     if { [ "${PI_SKIP_BOOTSTRAP}" = false ] && [ -z ${PI_ADMIN_USER} ] && [ -z ${PI_ADMIN_PASSWORD} ]; } then
         echo "Create deafult admin user. Not recommented in production. Please set PI_ADMIN_USER and PI_ADMIN_PASSWORD in production enviroment."
         pi-manage admin add admin -p privacyidea

diff --git a/configs/config.py b/configs/config.py
@@ -13,13 +13,13 @@
     sys.exit(1)
 # The realm, where users are allowed to login as administrators
 SUPERUSER_REALM = os.environ.get('SUPERUSER_REALM', ['administrator'])
-SQLALCHEMY_DATABASE_URI = os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:////data/privacyidea/privacyidea.db')
+SQLALCHEMY_DATABASE_URI = os.environ.get('SQLALCHEMY_DATABASE_URI', 'sqlite:////etc/privacyidea/data/privacyidea.db')
 PI_ENCFILE = os.environ.get("PI_ENCFILE", "/data/privacyidea/encfile")
 PI_HSM = os.environ.get("PI_HSM", "default")
 PI_AUDIT_MODULE = os.environ.get("PI_AUDIT_MODULE", "privacyidea.lib.auditmodules.sqlaudit")
-PI_AUDIT_KEY_PRIVATE = os.environ.get("PI_AUDIT_KEY_PRIVATE", "/data/privacyidea/keys/private.pem")
-PI_AUDIT_KEY_PUBLIC = os.environ.get("PI_AUDIT_KEY_PUBLIC", "/data/privacyidea/keys/public.pem")
-PI_LOGFILE = os.environ.get("PI_LOGFILE", "/data/privacyidea/privacyidea.log")
+PI_AUDIT_KEY_PRIVATE = os.environ.get("PI_AUDIT_KEY_PRIVATE", "/etc/privacyidea/data/keys/private.pem")
+PI_AUDIT_KEY_PUBLIC = os.environ.get("PI_AUDIT_KEY_PUBLIC", "/etc/privacyidea/data/keys/public.pem")
+PI_LOGFILE = os.environ.get("PI_LOGFILE", "/var/log/privacyidea/privacyidea.log")
 PI_LOGLEVEL = logging.getLevelName(os.environ.get("PI_LOGLEVEL", "INFO"))
 PI_NODE = os.environ.get("HOSTNAME", "localnode")
 CACHE_TYPE = os.environ.get("CACHE_TYPE", "simple")

diff --git a/configs/install-nginx-debian.sh b/configs/install-nginx-debian.sh
diff --git a/configs/start.sh b/configs/start.sh
@@ -12,4 +12,5 @@ else
 fi
 
 # Start Supervisor, with Nginx and uWSGI
-exec /usr/local/bin/supervisord
+#exec /usr/local/bin/supervisord
+exec /usr/bin/supervisord
diff --git a/configs/supervisord-debian.conf b/configs/supervisord-debian.conf
@@ -2,7 +2,8 @@
 nodaemon=true
 
 [program:uwsgi]
-command=/usr/local/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini
+command=/opt/privacyidea/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini
+#command=/usr/local/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr