diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..c8d5415 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,35 @@ +FROM python:3.7-slim-buster + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + make \ + && apt-get clean + +COPY Makefile /opt/snikket-web-portal/Makefile + +COPY requirements.txt /opt/snikket-web-portal/requirements.txt + +COPY build-requirements.txt /opt/snikket-web-portal/build-requirements.txt + +COPY snikket_web/ /opt/snikket-web-portal/snikket_web + +COPY babel.cfg /opt/snikket-web-portal/babel.cfg + +COPY web_config.production.py /opt/snikket-web-portal/.local/web_config.py + +WORKDIR /opt/snikket-web-portal + +RUN pip install -r requirements.txt \ + && pip install -r build-requirements.txt + +RUN make + +ENV SNIKKET_WEB_CONFIG "/opt/snikket-web-portal/.local/web_config.py" + +RUN pip install hypercorn + +ADD docker/entrypoint.sh /bin/entrypoint.sh + +ENTRYPOINT ["/bin/sh", "/bin/entrypoint.sh"] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..06ff71d --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +if [ -z "$SNIKKET_DOMAIN" ]; then + echo "Please provide SNIKKET_DOMAIN"; + exit 1; +fi + +if [ -z "$PROSODY_ENDPOINT" ]; then + echo "Please provide PROSODY_ENDPOINT"; + exit 1; +fi + +if [ -z "$SECRET_KEY" ]; then + echo "Please provide SECRET_KEY"; +fi + +exec hypercorn -b "0.0.0.0:8000" snikket_web:app diff --git a/web_config.production.py b/web_config.production.py new file mode 100644 index 0000000..c31a10d --- /dev/null +++ b/web_config.production.py @@ -0,0 +1,54 @@ +# REQUIRED SETTINGS +# ================= + +# Secret key used to guard forms and sessions. +# +# This must be both reasonably constant and secret. If the secret gets +# compromised, you can change it (without having to worry about the "constant" +# requirement). +# +# if not constant: +# - sessions will be lost on each server restart +# +# if not secret: +# - users may be able to forge sessions +# - attackers may be able to execute things on a properly authenticated user’s +# behalf. +# - other bad things. +import os +SECRET_KEY = os.environ['SECRET_KEY'] + +# URL (without trailing /) of the prosody HTTP server. +# +# This must be set for anything to work correctly. +# +# NOTE: If this does not point at localhost, it MUST use https. Otherwise, +# passwords will be transmitted in plaintext through insecure channels. +PROSODY_ENDPOINT = os.environ['PROSODY_ENDPOINT'] + +# The domain name of the Snikket server +# +# This must be set for login to work correctly. +SNIKKET_DOMAIN = os.environ['SNIKKET_DOMAIN'] + + +# OPTIONAL SETTINGS +# ================= + +# How long browers may cache avatars +# +# Setting this to zero forces browsers to check if their locally cached copy +# of an avatar is still up-to-date on every request; if it is, the avatar is +# not re-transferred. +# +# AVATAR_CACHE_TTL = 1800 + +# Which languages to offer +# +# Generally, the web portal will offer all languages it has available. There +# is little point in restricting this, unless if you’re in a situation where +# the release you’re on has a terrible translation of a specific language +# and not offering that language at all is better than having that terrible +# translation. +# +# LANGUAGES = ["de", "en"]