Commit 995ddbbe authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

Moved docker code into own directory

parent 3da0c131
### About
This folder contains all files necessary to setup the Fractalis service in a production environment.
### Usage
`docker-compose up` That's all! This will expose the service on port 443 and 80. (Please read the entire document before doing this in a public production setup.)
For more detailed information please look into the files. They are rather self-explanatory and good place to do own modifications.
### Configuration (Fractalis / Celery / Flask)
You can configure nearly every aspect of Fractalis by setting the environment variable `FRACTALIS_CONFIG`.
Please have a look at [the Fractalis repository](https://git-r3lab.uni.lu/Fractalis/fractalis) for more details.
### Configuration (Nginx)
- (Mandatory) **Change the certificates!!** The certificates in `./config/nginx/certs` are only dummy certs for development. Do not use them in production! You can do this by replacing the dummy certs with your own or change the path in `docker-compose.yml`.
- (Optional) Modify `./config/nginx/conf.d/default.conf` to whatever you want. Please be aware that you are within a Docker network and special conventions apply.
- (Optional) You don't have to use (the included) nginx. Strip the service out of `docker-compose.yml` and just make your own http proxy listen to gunicorn at port 5000.
This is a dummy cert for testing.
-----BEGIN CERTIFICATE-----
MIICzDCCAbQCCQCRs0NxkjeRdTANBgkqhkiG9w0BAQsFADAoMSYwJAYJKoZIhvcN
AQkBFhdzYXNjaGEuaGVyemluZ2VyQHVuaS5sdTAeFw0xNzEyMDcwOTE4MDBaFw0x
ODEyMDcwOTE4MDBaMCgxJjAkBgkqhkiG9w0BCQEWF3Nhc2NoYS5oZXJ6aW5nZXJA
dW5pLmx1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruBKnywUI1cV
r7shUS7gPalrjnIGoEehO1MI6+4s6nUo2Dn/ZuSZr1ew5RkSLemOwnJaRKDey3PQ
pjdJJw4h2KNLwHeGC6jXezyp9PLqKSxeioep18We1nigRiRVOyTahPmqqgtN0RQe
E813IE3efEtsACANJiQFPXSBsgeow67O/NlKvz1R4zzWnTi+eeg262fcyBQaurZc
pXIE9zVAKC2AUE2tymtz1lLaz+oupkBODozodRJCqsKggi+zatXQiiQJqms6Qn2i
Jrq6ft7mhHHxtJbXJaD8BQd5Z1riVt6S6ct3C4h7m8eqEF+vcFFNefpIvbiGI/jp
WDRrGE3XeQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCJqxM7+6cTrZEo7lNlwZfM
phakkTNi1KQSLCgn9M0E81hHrHZmlt/xdndnAkrCSfwC/YfchV1xXpFkOriqrKSq
1HXMSsLzHwECs0VM+fd1MpmwBoPQ5809qngG8MuoQQ3xy/8zcS0Lc5od80b0W3Ot
fSi2DtetKsnLcF73KZqGnHbJ8aQZsY6G83MEZX6+GyJDCUnLpLyjj9QGqafhj6ty
2hEoexkceMkzZJ2Ny49qwT0R0L4iI/O4TIUgwZUJahKcv9DJeXW8/PUDkEPClelC
QGbg4wsTo7vGYBNxPWZxMki7NDSnpS5pLIJGbemD7926E289+FxUp4CV/YtXL/ZV
-----END CERTIFICATE-----
This is a dummy key for testing.
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCu4EqfLBQjVxWv
uyFRLuA9qWuOcgagR6E7Uwjr7izqdSjYOf9m5JmvV7DlGRIt6Y7CclpEoN7Lc9Cm
N0knDiHYo0vAd4YLqNd7PKn08uopLF6Kh6nXxZ7WeKBGJFU7JNqE+aqqC03RFB4T
zXcgTd58S2wAIA0mJAU9dIGyB6jDrs782Uq/PVHjPNadOL556DbrZ9zIFBq6tlyl
cgT3NUAoLYBQTa3Ka3PWUtrP6i6mQE4OjOh1EkKqwqCCL7Nq1dCKJAmqazpCfaIm
urp+3uaEcfG0ltcloPwFB3lnWuJW3pLpy3cLiHubx6oQX69wUU15+ki9uIYj+OlY
NGsYTdd5AgMBAAECggEAOLXp3SaJPVCvaravvkkKVVTM2Xvm5DF2euuZmBE8Jahq
33wndDGsGS3B4vm3aIY2Up6M4Xad6bKcNlr1cSHnHf8OwNLB+KP/hSqOHy5re4C1
BA2sqZmfwgOKTlTYAv8Xkkn4634Q9T2l51wZRrOZ9ArtcjjyqqzBukU/DgHn29Ua
ao0pdnYRlFjrvd3YvNWup6VlMG+Ajvu4/VeTy2nAeo2gJ09NjDQqWMWMRmUoQBLQ
/9siRi7uufy60UMSRD3XvKW9Y3+DEVDmWdnsz7/mtxOIYIzi+mfCemdRtP9hR7zl
Xp2o95m+cZPCiisbnHe1eQS/N3ayzyN+PeagyM12RQKBgQDY79SyRaaPmA6+Fehz
IXT80JJ963xsvrHwWClstpZDxzpmcZfK6yS2n3hb2K0BoY3mUK0z8pTC3H/jQBeH
BF8mA9qRuiIUpU5gDTo0rc0lzmqXgyYaCF4gkRHd2YgYjU/iu9io0WD78I8ijyC0
krbYT5I5oh6GohTwy8s7+THOFwKBgQDOXZUXcAS7ixMc9rz46TGxv1YZ7Zqw59aB
qFPeF25urGaF8RL8i/ldeoBiUpX0VII1/HvoYqC1exT+TZ+IZh/868NtZWRTlMb/
YiTvEqv87RKxjp6+4abfCl9K0nsbUilirGmNwdxb9mfOUgU5oIePKa5dbJh3DCfR
XDT4opsQ7wKBgQCnZbF/+uUDCvfdUDR1msyWRS+1QOBbXW8bIjyc6evb00FKSb8y
0u4aicWrQfCGQK6pmXl9i2OlVdbNeehtxD7Tq8eeCb5ApiprTemrOq4BzV1NGuNs
1SYlBSx/P1uYbnrFX+RYqHCpGECrDzzSeh/jnMsd8+6QP0PfZ7Kkza7T8wKBgQCo
2atexPoqVY3q+fv/EhbmH+8cQex7aQZ7ijYtFzD1fzxXxbvKReFgWhZn3LjzdJ4h
/BeKOgDS3QV9Whf5a84qjOGXRgnD1YzJcw1TTAzLY1MTUuWSu2FlR8BWoUe3QA+6
u+WV5pQd7sxa5YN+9llUiz8vE+bgKWL/C5oQAkQsowKBgFGqk0wq0107KmK3Zguo
vbj+hXlnOz40jl1t1l3fZzWO9SPDNE05rApNThzj5k8iDgxahG6g18iLiTYTYDny
QbOYn/JBbkzfJeL69hQHY7i7ObtBs5tFheGpALJNMkds8n9jEVdOwtShjgvqyLPY
5fOqm6hRTITaeuu/B/LNV4wn
-----END PRIVATE KEY-----
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
upstream fractalis {
server app:5000 fail_timeout=0;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/server.crt;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
location @proxy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://fractalis;
}
location / {
try_files $uri $uri/ @proxy;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
location @proxy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://fractalis;
}
location / {
try_files $uri $uri/ @proxy;
}
}
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Fractalis Endpoint</title>
<meta name="description" content="Fractalis Endpoint">
<meta name="author" content="Sascha Herzinger">
<link rel="icon" type="image/png" href="Fractalis_logo.png" sizes="96x96">
<style type="text/css">
body {
text-align: center;
width: 40vw;
margin: 0 auto;
}
.fractalis-logo {
height: 20vh;
}
.footer-logo {
height: 10vh;
}
</style>
</head>
<style type="text/css">
</style>
<body>
<a href="https://git-r3lab.uni.lu/Fractalis"><img class="fractalis-logo" src="Fractalis_logo.png"/></a>
<h2>Fractalis - A scalable open-source service for platform-independent interactive visual analytics</h2>
<p>
The fact that you see this message means that you successfully deployed Fractalis via the provided Docker image.
This host serves from now on as a computational endpoint for the Fractalis stack.
</p>
<footer>
<p>For more information please visit <a href="https://git-r3lab.uni.lu/Fractalis">project page of Fractalis</a>.</p>
<a href="http://lcsb.uni.lu"><img class="footer-logo" src="LCSB_UL_Logo.png"/></a>
</footer>
</body>
</html>
version: '2'
services:
redis:
image: 'redis:3.2-alpine'
rabbitmq:
image: 'rabbitmq:3.7-alpine'
app:
image: 'sherzinger/fractalis:0.3.0'
environment:
- FRACTALIS_CONFIG=${FRACTALIS_CONFIG}
- REDIS_HOST=redis
- RABBITMQ_HOST=rabbitmq
command: gunicorn -w 3 -b :5000 --log-file gunicorn.log fractalis:app
expose:
- '5000'
depends_on:
- redis
- rabbitmq
worker:
image: 'sherzinger/fractalis:0.3.0'
environment:
- FRACTALIS_CONFIG=${FRACTALIS_CONFIG}
- REDIS_HOST=redis
- RABBITMQ_HOST=rabbitmq
command: celery worker -A fractalis:celery
depends_on:
- redis
- rabbitmq
nginx:
image: 'nginx:1.13-alpine'
volumes:
- ./config/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf
- ./config/nginx/html:/usr/share/nginx/html
- ./config/nginx/certs/server.crt:/etc/nginx/server.crt
- ./config/nginx/certs/server.key:/etc/nginx/server.key
ports:
- '80:80'
- '443:443'
depends_on:
- app
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment