diff options
Diffstat (limited to 'docker')
-rwxr-xr-x | docker/dev/test_deploy.sh | 15 | ||||
-rwxr-xr-x | docker/federation-test/run-tests.sh | 23 | ||||
-rw-r--r-- | docker/federation/Dockerfile | 17 | ||||
-rw-r--r-- | docker/federation/docker-compose.yml | 121 | ||||
-rw-r--r-- | docker/federation/nginx.conf | 125 | ||||
-rwxr-xr-x | docker/federation/run-federation-test.bash | 28 |
6 files changed, 323 insertions, 6 deletions
diff --git a/docker/dev/test_deploy.sh b/docker/dev/test_deploy.sh index ce85f60c..c2ecc0c8 100755 --- a/docker/dev/test_deploy.sh +++ b/docker/dev/test_deploy.sh @@ -1,15 +1,18 @@ -#!/bin/sh +#!/bin/bash set -e +BRANCH=$1 + +git checkout $BRANCH + export COMPOSE_DOCKER_CLI_BUILD=1 export DOCKER_BUILDKIT=1 # Rebuilding dev docker -docker-compose build -docker tag dev_lemmy:latest dessalines/lemmy:test -docker push dessalines/lemmy:test +sudo docker build . -f "docker/dev/Dockerfile" -t "dessalines/lemmy:$BRANCH" +sudo docker push "dessalines/lemmy:$BRANCH" # Run the playbook -pushd ../../../lemmy-ansible -ansible-playbook -i test playbooks/site.yml --vault-password-file vault_pass +pushd ../lemmy-ansible +ansible-playbook -i test playbooks/site.yml popd diff --git a/docker/federation-test/run-tests.sh b/docker/federation-test/run-tests.sh new file mode 100755 index 00000000..b2d319dd --- /dev/null +++ b/docker/federation-test/run-tests.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +pushd ../../server/ +cargo build +popd + +sudo docker build ../../ --file ../federation/Dockerfile --tag lemmy-federation:latest + +sudo docker-compose --file ../federation/docker-compose.yml --project-directory . up -d + +pushd ../../ui +yarn +echo "Waiting for Lemmy to start..." +while [[ "$(curl -s -o /dev/null -w '%{http_code}' 'localhost:8540/api/v1/site')" != "200" ]]; do sleep 1; done +while [[ "$(curl -s -o /dev/null -w '%{http_code}' 'localhost:8550/api/v1/site')" != "200" ]]; do sleep 1; done +while [[ "$(curl -s -o /dev/null -w '%{http_code}' 'localhost:8560/api/v1/site')" != "200" ]]; do sleep 1; done +yarn api-test || true +popd + +sudo docker-compose --file ../federation/docker-compose.yml --project-directory . down + +sudo rm -r volumes/ diff --git a/docker/federation/Dockerfile b/docker/federation/Dockerfile new file mode 100644 index 00000000..ec7bf2d2 --- /dev/null +++ b/docker/federation/Dockerfile @@ -0,0 +1,17 @@ +FROM ekidd/rust-musl-builder:1.42.0-openssl11 + +USER root +RUN mkdir /app/dist/documentation/ -p \ + && addgroup --gid 1001 lemmy \ + && adduser --disabled-password --shell /bin/sh -u 1001 --ingroup lemmy lemmy + +# Copy resources +COPY server/config/defaults.hjson /app/config/defaults.hjson +COPY ui/dist /app/dist +COPY server/target/debug/lemmy_server /app/lemmy + +RUN chown lemmy:lemmy /app/ -R +USER lemmy +EXPOSE 8536 +WORKDIR /app +CMD ["/app/lemmy"] diff --git a/docker/federation/docker-compose.yml b/docker/federation/docker-compose.yml new file mode 100644 index 00000000..900f7c9c --- /dev/null +++ b/docker/federation/docker-compose.yml @@ -0,0 +1,121 @@ +version: '3.3' + +services: + nginx: + image: nginx:1.17-alpine + ports: + - "8540:8540" + - "8550:8550" + - "8560:8560" + volumes: + # Hack to make this work from both docker/federation/ and docker/federation-test/ + - ../federation/nginx.conf:/etc/nginx/nginx.conf + depends_on: + - lemmy_alpha + - pictrs_alpha + - lemmy_beta + - pictrs_beta + - lemmy_gamma + - pictrs_gamma + - iframely + + lemmy_alpha: + image: lemmy-federation:latest + environment: + - LEMMY_HOSTNAME=lemmy_alpha:8540 + - LEMMY_DATABASE_URL=postgres://lemmy:password@postgres_alpha:5432/lemmy + - LEMMY_JWT_SECRET=changeme + - LEMMY_FRONT_END_DIR=/app/dist + - LEMMY_FEDERATION__ENABLED=true + - LEMMY_FEDERATION__TLS_ENABLED=false + - LEMMY_FEDERATION__ALLOWED_INSTANCES=lemmy_beta,lemmy_gamma + - LEMMY_PORT=8540 + - LEMMY_SETUP__ADMIN_USERNAME=lemmy_alpha + - LEMMY_SETUP__ADMIN_PASSWORD=lemmy + - LEMMY_SETUP__SITE_NAME=lemmy_alpha + - RUST_BACKTRACE=1 + - RUST_LOG=debug + depends_on: + - postgres_alpha + postgres_alpha: + image: postgres:12-alpine + environment: + - POSTGRES_USER=lemmy + - POSTGRES_PASSWORD=password + - POSTGRES_DB=lemmy + volumes: + - ./volumes/postgres_alpha:/var/lib/postgresql/data + pictrs_alpha: + image: asonix/pictrs:v0.1.13-r0 + user: 991:991 + volumes: + - ./volumes/pictrs_alpha:/mnt + + lemmy_beta: + image: lemmy-federation:latest + environment: + - LEMMY_HOSTNAME=lemmy_beta:8550 + - LEMMY_DATABASE_URL=postgres://lemmy:password@postgres_beta:5432/lemmy + - LEMMY_JWT_SECRET=changeme + - LEMMY_FRONT_END_DIR=/app/dist + - LEMMY_FEDERATION__ENABLED=true + - LEMMY_FEDERATION__TLS_ENABLED=false + - LEMMY_FEDERATION__ALLOWED_INSTANCES=lemmy_alpha,lemmy_gamma + - LEMMY_PORT=8550 + - LEMMY_SETUP__ADMIN_USERNAME=lemmy_beta + - LEMMY_SETUP__ADMIN_PASSWORD=lemmy + - LEMMY_SETUP__SITE_NAME=lemmy_beta + - RUST_BACKTRACE=1 + - RUST_LOG=debug + depends_on: + - postgres_beta + postgres_beta: + image: postgres:12-alpine + environment: + - POSTGRES_USER=lemmy + - POSTGRES_PASSWORD=password + - POSTGRES_DB=lemmy + volumes: + - ./volumes/postgres_beta:/var/lib/postgresql/data + pictrs_beta: + image: asonix/pictrs:v0.1.13-r0 + user: 991:991 + volumes: + - ./volumes/pictrs_beta:/mnt + + lemmy_gamma: + image: lemmy-federation:latest + environment: + - LEMMY_HOSTNAME=lemmy_gamma:8560 + - LEMMY_DATABASE_URL=postgres://lemmy:password@postgres_gamma:5432/lemmy + - LEMMY_JWT_SECRET=changeme + - LEMMY_FRONT_END_DIR=/app/dist + - LEMMY_FEDERATION__ENABLED=true + - LEMMY_FEDERATION__TLS_ENABLED=false + - LEMMY_FEDERATION__ALLOWED_INSTANCES=lemmy_alpha,lemmy_beta + - LEMMY_PORT=8560 + - LEMMY_SETUP__ADMIN_USERNAME=lemmy_gamma + - LEMMY_SETUP__ADMIN_PASSWORD=lemmy + - LEMMY_SETUP__SITE_NAME=lemmy_gamma + - RUST_BACKTRACE=1 + - RUST_LOG=debug + depends_on: + - postgres_gamma + postgres_gamma: + image: postgres:12-alpine + environment: + - POSTGRES_USER=lemmy + - POSTGRES_PASSWORD=password + - POSTGRES_DB=lemmy + volumes: + - ./volumes/postgres_gamma:/var/lib/postgresql/data + pictrs_gamma: + image: asonix/pictrs:v0.1.13-r0 + user: 991:991 + volumes: + - ./volumes/pictrs_gamma:/mnt + + iframely: + image: dogbin/iframely:latest + volumes: + - ../iframely.config.local.js:/iframely/config.local.js:ro diff --git a/docker/federation/nginx.conf b/docker/federation/nginx.conf new file mode 100644 index 00000000..25160eb6 --- /dev/null +++ b/docker/federation/nginx.conf @@ -0,0 +1,125 @@ +events { + worker_connections 1024; +} + +http { + server { + listen 8540; + server_name 127.0.0.1; + access_log off; + + # Upload limit for pictshare + client_max_body_size 50M; + + location / { + proxy_pass http://lemmy_alpha:8540; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # pict-rs images + location /pictrs { + location /pictrs/image { + proxy_pass http://pictrs_alpha:8080/image; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + # Block the import + return 403; + } + + location /iframely/ { + proxy_pass http://iframely:80/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 8550; + server_name 127.0.0.1; + access_log off; + + # Upload limit for pictshare + client_max_body_size 50M; + + location / { + proxy_pass http://lemmy_beta:8550; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # pict-rs images + location /pictrs { + location /pictrs/image { + proxy_pass http://pictrs_beta:8080/image; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + # Block the import + return 403; + } + + location /iframely/ { + proxy_pass http://iframely:80/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + + server { + listen 8560; + server_name 127.0.0.1; + access_log off; + + # Upload limit for pictshare + client_max_body_size 50M; + + location / { + proxy_pass http://lemmy_gamma:8560; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # pict-rs images + location /pictrs { + location /pictrs/image { + proxy_pass http://pictrs_gamma:8080/image; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + # Block the import + return 403; + } + + location /iframely/ { + proxy_pass http://iframely:80/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } +} diff --git a/docker/federation/run-federation-test.bash b/docker/federation/run-federation-test.bash new file mode 100755 index 00000000..bc73fff6 --- /dev/null +++ b/docker/federation/run-federation-test.bash @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +# already start rust build in the background +pushd ../../server/ || exit +cargo build & +popd || exit + +if [ "$1" = "-yarn" ]; then + pushd ../../ui/ || exit + yarn + yarn build + popd || exit +fi + +# wait for rust build to finish +pushd ../../server/ || exit +cargo build +popd || exit + +sudo docker build ../../ --file Dockerfile -t lemmy-federation:latest + +for Item in alpha beta gamma ; do + sudo mkdir -p volumes/pictrs_$Item + sudo chown -R 991:991 volumes/pictrs_$Item +done + +sudo docker-compose up |