Merge pull request #639 from moqui/acme-docker-compose

Acme docker compose
moqui · Jul 31, 2024 · f6e7025 · f6e7025
2 parents 5edbd03 + 803f2ae
commit f6e7025
Show file tree

Hide file tree

Showing 4 changed files with 203 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+
 # gradle/build files
 build
 .gradle
@@ -13,7 +14,18 @@ build
 /docker/runtime
 /docker/db
 /docker/elasticsearch/data/nodes
-/docker/opensearch/data/nodes
+/docker/opensearch/data/nodes/*
+!/docker/opensearch/data/nodes/README
+/docker/acme.sh
+/docker/nginx/conf.d
+/docker/nginx/vhost.d
+/docker/nginx/html
+## Do not want to accidentally commit production certificates https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/
+/docker/certs
+!/docker/certs/moqui1.local.*
+!/docker/certs/moqui2.local.*
+!/docker/certs/moqui.local.*
+!/docker/certs/README
 
 # IntelliJ IDEA files
 .idea

diff --git a/docker/moqui-acme-postgres.yml b/docker/moqui-acme-postgres.yml
@@ -0,0 +1,187 @@
+# A Docker Compose application with Moqui, Postgres, OpenSearch, OpenSearch Dashboards, and virtual hosting through
+# nginx-proxy supporting multiple moqui instances on different hostnames.
+
+# Run with something like this for detached mode:
+# $ docker compose -f moqui-postgres-compose.yml -p moqui up -d
+# Or to copy runtime directories for mounted volumes, set default settings, etc use something like this:
+# $ ./compose-run.sh moqui-postgres-compose.yml
+# This sets the project/app name to 'moqui' and the network will be 'moqui_default', to be used by external moqui containers
+
+# Test locally by adding the virtual host to /etc/hosts or with something like:
+# $ curl -H "Host: moqui.local" localhost/Login
+
+# To run an additional instance of moqui run something like this (but with
+# many more arguments for volume mapping, db setup, etc):
+# $ docker run -e VIRTUAL_HOST=moqui2.local --name moqui2_local --network moqui_default moqui
+
+# To import data from the docker host using port 5432 mapped for 127.0.0.1 only use something like this:
+# $ psql -h 127.0.0.1 -p 5432 -U moqui -W moqui < pg-dump.sql
+
+version: "2"
+services:
+  nginx-proxy:
+    # For documentation on SSL and other settings see:
+    # https://github.com/nginxproxy/nginx-proxy
+    image: nginxproxy/nginx-proxy
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+    labels:
+      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - /etc/localtime:/etc/localtime:ro
+      # note: .crt, .key, and .dhparam.pem files start with the domain name in VIRTUAL_HOST (ie 'acetousk.com.*') or use CERT_NAME env var
+      - ./certs:/etc/nginx/certs
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx/vhost.d:/etc/nginx/vhost.d
+      - ./nginx/html:/usr/share/nginx/html
+    environment:
+      # change this for the default host to use when accessing directly by IP, etc
+      - DEFAULT_HOST=moqui.local
+      # use SSL_POLICY to disable TLSv1.0, etc in nginx-proxy
+      - SSL_POLICY=AWS-TLS-1-1-2017-01
+    networks:
+      - proxy-tier
+
+  acme-companion:
+    image: nginxproxy/acme-companion
+    container_name: acme-companion
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /etc/localtime:/etc/localtime:ro
+      - ./certs:/etc/nginx/certs
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx/vhost.d:/etc/nginx/vhost.d
+      - ./nginx/html:/usr/share/nginx/html
+      - ./acme.sh:/etc/acme.sh
+    networks:
+      - proxy-tier
+    environment:
+      # TODO: For production change this to your email
+      - DEFAULT_EMAIL=mail@yourdomain.tld
+      # TODO: For production change this to false
+      - LETSENCRYPT_TEST=true
+    depends_on:
+      - nginx-proxy
+
+  moqui-server:
+    image: moqui
+    container_name: moqui-server
+    command: conf=conf/MoquiProductionConf.xml no-run-es
+    restart: always
+    links:
+      - moqui-database
+      - moqui-search
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - ./runtime/conf:/opt/moqui/runtime/conf
+      - ./runtime/lib:/opt/moqui/runtime/lib
+      - ./runtime/classes:/opt/moqui/runtime/classes
+      - ./runtime/ecomponent:/opt/moqui/runtime/ecomponent
+      - ./runtime/log:/opt/moqui/runtime/log
+      - ./runtime/txlog:/opt/moqui/runtime/txlog
+      - ./runtime/sessions:/opt/moqui/runtime/sessions
+      # this one isn't needed when not using H2/etc:- ./runtime/db:/opt/moqui/runtime/db
+    environment:
+      - "JAVA_TOOL_OPTIONS=-Xms1024m -Xmx1024m"
+      - instance_purpose=production
+      - entity_ds_db_conf=postgres
+      - entity_ds_host=moqui-database
+      - entity_ds_port=5432
+      - entity_ds_database=moqui
+      - entity_ds_schema=public
+      - entity_ds_user=moqui
+      - entity_ds_password='MOQUI_CHANGE_ME!!!'
+      - entity_ds_crypt_pass='DEFAULT_CHANGE_ME!!!'
+      # configuration for ElasticFacade.ElasticClient, make sure the old moqui-elasticsearch component is NOT included in the Moqui build
+      - elasticsearch_url=https://moqui-search:9200
+      # prefix for index names, use something distinct and not 'moqui_' or 'mantle_' which match the beginning of OOTB index names
+      - elasticsearch_index_prefix=default_
+      - elasticsearch_user=admin
+      - elasticsearch_password=admin
+      # CHANGE ME - note that VIRTUAL_HOST is for nginx-proxy so it picks up this container as one it should reverse proxy
+      # this can be a comma separate list of hosts like 'example.com,www.example.com'
+      - VIRTUAL_HOST=moqui.local
+      - LETSENCRYPT_HOST=moqui.local
+      # moqui will accept traffic from other hosts but these are the values used for URL writing when specified:
+      # - webapp_http_host=moqui.local
+      - webapp_http_port=80
+      - webapp_https_port=443
+      - webapp_https_enabled=true
+      # nginx-proxy populates X-Real-IP with remote_addr by default, better option for outer proxy than X-Forwarded-For which defaults to proxy_add_x_forwarded_for
+      - webapp_client_ip_header=X-Real-IP
+      - default_locale=en_US
+      - default_time_zone=US/Pacific
+    networks:
+      - proxy-tier
+      - default
+
+  moqui-database:
+    image: postgres:14.5
+    container_name: moqui-database
+    restart: always
+    ports:
+      # change this as needed to bind to any address or even comment to not expose port outside containers
+      - 127.0.0.1:5432:5432
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      # edit these as needed to map configuration and data storage
+      - ./db/postgres/data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=moqui
+      - POSTGRES_DB_SCHEMA=public
+      - POSTGRES_USER=moqui
+      - POSTGRES_PASSWORD='MOQUI_CHANGE_ME!!!'
+      # PGDATA, POSTGRES_INITDB_ARGS
+    networks:
+      default:
+
+  moqui-search:
+    image: opensearchproject/opensearch:2.4.0
+    container_name: moqui-search
+    restart: always
+    ports:
+      # change this as needed to bind to any address or even comment to not expose port outside containers
+      - 127.0.0.1:9200:9200
+      - 127.0.0.1:9300:9300
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      # edit these as needed to map configuration and data storage
+      - ./opensearch/data/nodes:/usr/share/opensearch/data/nodes
+      # - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
+      # - ./opensearch/logs:/usr/share/opensearch/logs
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+      - discovery.type=single-node
+      - network.host=_site_
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    networks:
+      proxy-tier:
+
+  opensearch-dashboards:
+    image: opensearchproject/opensearch-dashboards:2.4.0
+    container_name: opensearch-dashboards
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+    links:
+      - moqui-search
+    ports:
+      - 127.0.0.1:5601:5601
+    environment:
+      OPENSEARCH_HOSTS: '["https://moqui-search:9200"]'
+    networks:
+      default:
+      proxy-tier:
+
+networks:
+  proxy-tier:
diff --git a/docker/opensearch/data/nodes/README b/docker/opensearch/data/nodes/README
@@ -0,0 +1 @@
+This directory must exist for mapping otherwise created as root in container and opensearch cannot access it.
diff --git a/docker/simple/Dockerfile b/docker/simple/Dockerfile
@@ -22,8 +22,8 @@ ARG search_name=opensearch
 
 RUN if [ -d runtime/opensearch/bin ]; then echo "Installing OpenSearch User"; \
       search_name=opensearch; \
-      groupadd -g 1000 opensearch && \
-      useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch && \
+      groupadd -g 1000 opensearch 2>/dev/null || echo "group 1000 already exists" && \
+      useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch 2>/dev/null || echo "user 1000 already exists" && \
       chmod 0775 /opt/moqui/runtime/opensearch && \
       chown -R 1000:0 /opt/moqui/runtime/opensearch; \
     elif [ -d runtime/elasticsearch/bin ]; then echo "Installing ElasticSearch User"; \