[Docker] Add Dockerfile

docker/Dockerfile

@@ -0,0 +1,35 @@
+FROM python:3.7-slim-buster
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+    make \
+    && apt-get clean
+
+COPY Makefile /opt/snikket-web-portal/Makefile
+
+COPY requirements.txt /opt/snikket-web-portal/requirements.txt
+
+COPY build-requirements.txt /opt/snikket-web-portal/build-requirements.txt
+
+COPY snikket_web/ /opt/snikket-web-portal/snikket_web
+
+COPY babel.cfg /opt/snikket-web-portal/babel.cfg
+
+COPY web_config.production.py /opt/snikket-web-portal/.local/web_config.py
+
+WORKDIR /opt/snikket-web-portal
+
+RUN pip install -r requirements.txt \
+    && pip install -r build-requirements.txt
+
+RUN make
+
+ENV SNIKKET_WEB_CONFIG "/opt/snikket-web-portal/.local/web_config.py"
+
+RUN pip install hypercorn
+
+ADD docker/entrypoint.sh /bin/entrypoint.sh
+
+ENTRYPOINT ["/bin/sh", "/bin/entrypoint.sh"]

docker/entrypoint.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if [ -z "$SNIKKET_DOMAIN" ]; then
+  echo "Please provide SNIKKET_DOMAIN";
+  exit 1;
+fi
+
+if [ -z "$PROSODY_ENDPOINT" ]; then
+  echo "Please provide PROSODY_ENDPOINT";
+  exit 1;
+fi
+
+if [ -z "$SECRET_KEY" ]; then
+  echo "Please provide SECRET_KEY";
+fi
+
+exec hypercorn -b "0.0.0.0:8000" snikket_web:app

web_config.production.py

@@ -0,0 +1,54 @@
+# REQUIRED SETTINGS
+# =================
+
+# Secret key used to guard forms and sessions.
+#
+# This must be both reasonably constant and secret. If the secret gets
+# compromised, you can change it (without having to worry about the "constant"
+# requirement).
+#
+# if not constant:
+# - sessions will be lost on each server restart
+#
+# if not secret:
+# - users may be able to forge sessions
+# - attackers may be able to execute things on a properly authenticated user’s
+#   behalf.
+# - other bad things.
+import os
+SECRET_KEY = os.environ['SECRET_KEY']
+
+# URL (without trailing /) of the prosody HTTP server.
+#
+# This must be set for anything to work correctly.
+#
+# NOTE: If this does not point at localhost, it MUST use https. Otherwise,
+# passwords will be transmitted in plaintext through insecure channels.
+PROSODY_ENDPOINT = os.environ['PROSODY_ENDPOINT']
+
+# The domain name of the Snikket server
+#
+# This must be set for login to work correctly.
+SNIKKET_DOMAIN = os.environ['SNIKKET_DOMAIN']
+
+
+# OPTIONAL SETTINGS
+# =================
+
+# How long browers may cache avatars
+#
+# Setting this to zero forces browsers to check if their locally cached copy
+# of an avatar is still up-to-date on every request; if it is, the avatar is
+# not re-transferred.
+#
+# AVATAR_CACHE_TTL = 1800
+
+# Which languages to offer
+#
+# Generally, the web portal will offer all languages it has available. There
+# is little point in restricting this, unless if you’re in a situation where
+# the release you’re on has a terrible translation of a specific language
+# and not offering that language at all is better than having that terrible
+# translation.
+#
+# LANGUAGES = ["de", "en"]