From 30a818330a84a54c7c68d641e24f6143d7ee563e Mon Sep 17 00:00:00 2001 From: henrikek Date: Mon, 30 Oct 2023 21:39:07 +0100 Subject: [PATCH] Update docker for prod and dev --- .dockerignore | 1 + ESSArch_Core/config/settings.py | 3 +- docker/Dockerfile | 161 ++- docker/docker-compose-dev.yml | 276 +++++ ...arch.yml => docker-compose-opensearch.yml} | 0 docker/docker-compose.yml | 79 +- docker/docker-entrypoint-dev.sh | 15 + docker/docker-entrypoint.sh | 65 +- docker/templates/config/file_formats.xml | 29 + .../config/httpd-essarch-datasette.conf | 16 + docker/templates/config/httpd-essarch.conf | 52 + docker/templates/config/httpd.conf | 72 ++ docker/templates/config/httpd_mime.types | 1065 +++++++++++++++++ .../config/local_essarch_settings.py | 296 +++++ docker/templates/config/mime.types | 59 + 15 files changed, 2117 insertions(+), 72 deletions(-) create mode 100644 docker/docker-compose-dev.yml rename docker/{docker-compose_opensearch.yml => docker-compose-opensearch.yml} (100%) create mode 100644 docker/docker-entrypoint-dev.sh create mode 100644 docker/templates/config/file_formats.xml create mode 100644 docker/templates/config/httpd-essarch-datasette.conf create mode 100644 docker/templates/config/httpd-essarch.conf create mode 100644 docker/templates/config/httpd.conf create mode 100644 docker/templates/config/httpd_mime.types create mode 100644 docker/templates/config/local_essarch_settings.py create mode 100644 docker/templates/config/mime.types diff --git a/.dockerignore b/.dockerignore index e8eea2a76..3b731087e 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,7 @@ node_modules /docker/ !/docker/*.sh +!/docker/templates /dist/ /htmlcov/ /venv/ diff --git a/ESSArch_Core/config/settings.py b/ESSArch_Core/config/settings.py index f463b4280..5d31a5093 100644 --- a/ESSArch_Core/config/settings.py +++ b/ESSArch_Core/config/settings.py @@ -525,7 +525,8 @@ # }, } -CELERY_BEAT_SCHEDULE_FILENAME = os.path.join(ESSARCH_DIR, 'config/essarch/celerybeat-schedule') +CELERY_BEAT_SCHEDULE_FILENAME = env.str('ESSARCH_CELERY_BEAT_SCHEDULE_FILENAME', + os.path.join(ESSARCH_DIR, 'config/essarch/celerybeat-schedule')) # Rest auth settings OLD_PASSWORD_FIELD_ENABLED = True diff --git a/docker/Dockerfile b/docker/Dockerfile index 687883cc7..09dca7d6b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,17 +1,22 @@ +############## BUILD-FRONTEND ############## FROM node:lts-alpine AS build-frontend WORKDIR /code RUN apk update && apk add g++ git make python3 -COPY package.json yarn.lock webpack.common.babel.js webpack.dev.babel.js tsconfig.json ./ -RUN yarn -COPY ESSArch_Core/frontend/static/frontend /code/ESSArch_Core/frontend/static/frontend -COPY ./.git .git -RUN yarn build:dev +COPY .git ./.git +COPY package.json yarn.lock webpack.common.babel.js webpack.dev.babel.js webpack.prod.babel.js tsconfig.json ./ +COPY ESSArch_Core/frontend/static/frontend ./ESSArch_Core/frontend/static/frontend +RUN yarn install +RUN yarn build:prod +RUN rm -rf ./node_modules -FROM python:3.10-bullseye as base + +############## BASE-SLIM ############## +FROM python:3.11-slim-bookworm as base-slim RUN pip install --no-cache-dir --upgrade pip setuptools RUN apt-get update && apt-get install -y --no-install-recommends \ + #RUN apk update && apk add \ default-libmysqlclient-dev \ libcairo2-dev \ libffi-dev \ @@ -19,83 +24,147 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ libpango1.0-dev \ libsasl2-dev \ libssl-dev \ - netcat \ - postgresql-client \ + netcat-openbsd \ + #postgresql-client \ python3-cffi \ unixodbc-dev \ + git \ + vim \ + curl \ + procps \ && rm -rf /var/lib/apt/lists/* -# Libreoffice -RUN apt-get update && apt-get install -y --no-install-recommends libreoffice -ADD requirements /code/requirements -ADD setup.py /code/setup.py -ADD setup.cfg /code/setup.cfg -ADD versioneer.py /code/versioneer.py -ADD README.md /code/README.md +############## BUILD-DOCS ############## +FROM base-slim as build-docs +WORKDIR /code/ESSArch_Core/docs -RUN pip install --no-cache-dir -e /code +# Add source +ADD . /code -FROM base as build-docs +RUN apt-get update && apt-get install -y --no-install-recommends \ + make \ + && rm -rf /var/lib/apt/lists/* -WORKDIR /code/ESSArch_Core/docs RUN mkdir -p /ESSArch/log # Install docs requirements -ADD requirements/docs.txt /code/requirements/docs.txt -RUN pip install -r /code/requirements/docs.txt - -# Add source -ADD . /code +RUN pip install --no-cache-dir -e /code[docs] # Build docs -ENV ESSARCH_DIR=/code +#ENV ESSARCH_DIR=/code RUN mkdir -p /code/config RUN mkdir -p /code/log RUN essarch settings generate --debug --overwrite -p /code/config/local_essarch_settings.py ENV PYTHONPATH=/code/config +RUN rm -rf /code/ESSArch_Core/docs/_build RUN for lang in "en" "sv"; do make html LANGUAGE="$lang"; done + +############## BUILD-SDIST ############## +FROM base-slim as build-sdist WORKDIR /code -FROM base +# Add source +ADD . /code +# Copy built frontend +COPY --from=build-frontend /code/ESSArch_Core/frontend/static/frontend/build /code/ESSArch_Core/frontend/static/frontend/build + +# Copy built docs +COPY --from=build-docs /code/ESSArch_Core/docs/_build /code/ESSArch_Core/docs/_build + +#RUN git config --global user.email docker@none.none +#RUN git config --global user.name docker +#RUN git tag -a "2023" -m "2023" +#RUN git tag -a "0+docker" -m "0+docker" +#RUN git tag -a "5.6.1.dev9" -m "5.6.1.dev9" +RUN python setup.py sdist + + +############## BASE ############## +FROM base-slim as base WORKDIR /code -EXPOSE 8000 ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn - ENV PYTHONUNBUFFERED 1 ENV DJANGO_SETTINGS_MODULE ESSArch_Core.config.settings ENV PYTHONPATH=/ESSArch/config:/ESSArch/plugins -RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +# Libreoffice +RUN apt-get update && apt-get install -y --no-install-recommends \ + libreoffice \ + && rm -rf /var/lib/apt/lists/* -RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - +RUN pip install --no-cache-dir datasette -RUN apt-get update && apt-get install -y \ - curl \ - gettext \ - git \ - vim \ - nodejs \ - yarn \ - watchman -ADD requirements/optional.txt /code/requirements/optional.txt -RUN pip install --no-cache-dir $(grep -v '^ *#\|^mod-wsgi\|^comtypes\|^pysaml2\| @ \| ; ' /code/requirements/optional.txt | grep .) -RUN pip install --no-cache-dir -e .[dev,tests] -RUN pip install --no-cache-dir datasette +############## PROD ############## +FROM base as prod +EXPOSE 443 -# Copy built frontend -COPY --from=build-frontend /code/ESSArch_Core/frontend/static/frontend/build /code/ESSArch_Core/frontend/static/frontend/build +ARG ESSARCH_DIR=./ +ARG PYTHONPATH=./config -# Copy built docs -COPY --from=build-docs /code/ESSArch_Core/docs/_build /code/ESSArch_Core/docs/_build +RUN apt-get update && apt-get install -y --no-install-recommends \ + apache2 \ + apache2-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN a2enmod setenvif mime socache_shmcb ssl proxy proxy_http headers rewrite speling + +# Copy built sdist +COPY --from=build-sdist /code/dist ./dist +ADD docker ./docker + +RUN pip install --no-cache-dir --upgrade `ls -t dist/ESSArch-*.tar.gz | head -n1`[apache,libreoffice_file_conversion,mysql] + +RUN mkdir -p ./config +RUN mkdir -p ./log +RUN essarch settings generate --debug --overwrite -p ./config/local_essarch_settings.py +RUN django-admin collectstatic --noinput +RUN rm -rf ./log +RUN rm ./config/local_essarch_settings.py + +ADD docker/templates ./templates + +RUN export MOD_WSGI=`python -c "import mod_wsgi as _; print(_.__path__[0])"`; cp $MOD_WSGI/server/mod_wsgi-py311.cpython-311-x86_64-linux-gnu.so ./config/essarch/mod_wsgi.so +RUN export ESSARCH=`python -c "import ESSArch_Core as _; print(_.__path__[0])"`; cp $ESSARCH/config/wsgi.py ./config/essarch/wsgi.py # Use python version that match installed libreoffice for unoconv RUN sed -i 's/^#!\/usr\/local\/bin\/python/#!\/usr\/bin\/python3/' /usr/local/bin/unoconv + +############## DEV ############## +FROM base as dev +EXPOSE 8000 + +RUN apt-get update && apt-get install -y --no-install-recommends \ + gettext \ + gpg \ + watchman \ + gcc \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir -p /etc/apt/keyrings +RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +ENV NODE_MAJOR=16 +RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg arch=amd64] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list + +RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /usr/share/keyrings/yarnkey.gpg >/dev/null +RUN echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list + +RUN apt-get update && apt-get install -y --no-install-recommends \ + nodejs \ + yarn \ + && rm -rf /var/lib/apt/lists/* + # Add source ADD . /code + +RUN pip install --no-cache-dir -e .[libreoffice_file_conversion,mysql,dev,tests] + +RUN mkdir -p ./config/essarch + +# Use python version that match installed libreoffice for unoconv +RUN sed -i 's/^#!\/usr\/local\/bin\/python/#!\/usr\/bin\/python3/' /usr/local/bin/unoconv diff --git a/docker/docker-compose-dev.yml b/docker/docker-compose-dev.yml new file mode 100644 index 000000000..d887aadf0 --- /dev/null +++ b/docker/docker-compose-dev.yml @@ -0,0 +1,276 @@ +version: '3.8' + +services: + essarch: + image: essarch + build: + context: .. + dockerfile: docker/Dockerfile + target: dev + environment: + ESSARCH_DIR: /ESSArch + DATABASE_URL_ESSARCH: + REDIS_URL_ESSARCH: redis://redis/1 + RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 + ELASTICSEARCH_URL: + volumes: + - ..:/code + - /code/ESSArch.egg-info/ + - ./data:/ESSArch/data + - ./config:/ESSArch/config + - ./log:/ESSArch/log + - /code/ESSArch_Core/frontend/static/frontend/build/ + - /code/ESSArch_Core/docs/_build/ + - ../../ESSArch_Optional:/ESSArch/plugins + command: + - /bin/bash + - -c + - | + /code/docker/wait_for.sh ${DATABASE_HOST_ESSARCH} ${DATABASE_PORT_ESSARCH} + /code/docker/wait_for.sh redis 6379 + /code/docker/wait_for.sh rabbitmq 5672 + /code/docker/wait_for.sh elasticsearch 9200 + /code/docker/docker-entrypoint-dev.sh + ports: + - 8000:8000 + restart: on-failure + tty: true + depends_on: + - ${DATABASE_SERVICE_ESSARCH} + - rabbitmq + - redis + - elasticsearch + networks: + - essarch + + worker: + image: essarch + command: + - /bin/bash + - -c + - | + /code/docker/wait_for.sh redis 6379 + /code/docker/wait_for.sh rabbitmq 5672 + /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh elasticsearch 9200 + django-admin worker -l INFO -Q celery,file_operation,validation,io_disk + restart: on-failure + environment: + DATABASE_URL_ESSARCH: + REDIS_URL_ESSARCH: redis://redis/1 + RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 + ELASTICSEARCH_URL: + volumes: + - ..:/code + - /code/ESSArch.egg-info/ + - ./data:/ESSArch/data + - ./config:/ESSArch/config + - ./log:/ESSArch/log + - ../../ESSArch_Optional:/ESSArch/plugins + tty: true + depends_on: + - rabbitmq + - redis + - elasticsearch + - essarch + networks: + - essarch + + beat: + image: essarch + command: + - /bin/bash + - -c + - | + /code/docker/wait_for.sh redis 6379 + /code/docker/wait_for.sh rabbitmq 5672 + /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh elasticsearch 9200 + essarch beat -l INFO + restart: on-failure + environment: + DATABASE_URL_ESSARCH: + REDIS_URL_ESSARCH: redis://redis/1 + RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 + ELASTICSEARCH_URL: + ESSARCH_CELERY_BEAT_SCHEDULE_FILENAME: /code/config/essarch/celerybeat-schedule + volumes: + - ..:/code + - /code/ESSArch.egg-info/ + - ./data:/ESSArch/data + - ./config:/ESSArch/config + - ./log:/ESSArch/log + tty: true + depends_on: + - rabbitmq + - redis + - elasticsearch + - essarch + networks: + - essarch + + datasette: + image: essarch + command: + - /bin/bash + - -c + - | + /code/docker/wait_for.sh redis 6379 + /code/docker/wait_for.sh rabbitmq 5672 + /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh elasticsearch 9200 + /code/docker/docker-entrypoint-datasette.sh + ports: + - 8001:8001 + restart: on-failure + environment: + DATABASE_URL_ESSARCH: + REDIS_URL_ESSARCH: redis://redis/1 + RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 + ELASTICSEARCH_URL: + volumes: + #- ..:/code + #- /code/ESSArch.egg-info/ + - ./data:/ESSArch/data + - ./config:/ESSArch/config + - ./log:/ESSArch/log + tty: true + depends_on: + - rabbitmq + - redis + - elasticsearch + - essarch + profiles: + - datasette + - all + networks: + - essarch + + postgres: + image: 'postgres:14' + environment: + POSTGRES_DB: essarch + POSTGRES_USER: arkiv + POSTGRES_PASSWORD: password + volumes: + - essarch_postgres_data:/var/lib/postgresql/data/ + ports: + - 5432:5432 + profiles: + - postgres + networks: + - essarch + + mariadb: + image: 'mariadb:11' + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_bin + environment: + MYSQL_DATABASE: essarch + MYSQL_USER: arkiv + MYSQL_PASSWORD: password + MYSQL_ROOT_PASSWORD: password + volumes: + - essarch_mariadb_data:/var/lib/mysql + ports: + - 3306:3306 + # profiles: + # - mariadb + networks: + - essarch + + redis: + image: 'redis' + networks: + - essarch + ports: + - 6379:6379 + + rabbitmq: + image: 'rabbitmq' + ports: + - 5672:5672 + networks: + - essarch + + elasticsearch: + build: + context: elasticsearch + args: + ELASTICSEARCH_DISTRO: ${ELASTICSEARCH_DISTRO} + ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION} + volumes: + - ${ELASTICSEARCH_CONFIG}:/usr/share/elasticsearch/config/elasticsearch.yml + #- ./elasticsearch/config/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml + - essarch_elasticsearch_data:/usr/share/elasticsearch/data + ports: + - '9200:9200' + - '9300:9300' + environment: + ES_JAVA_OPTS: '-Xmx1g -Xms1g' + networks: + - essarch + + elasticsearch-test: + build: + context: elasticsearch + args: + ELASTICSEARCH_DISTRO: ${ELASTICSEARCH_DISTRO} + ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION} + volumes: + - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro + ports: + - '19200:9200' + - '19300:9300' + environment: + ES_JAVA_OPTS: '-Xmx1g -Xms1g' + profiles: + - tests + networks: + - essarch + + logstash: + build: + context: logstash + args: + LOGSTASH_DISTRO: ${LOGSTASH_DISTRO} + LOGSTASH_VERSION: ${LOGSTASH_VERSION} + volumes: + - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro + - ./logstash/pipeline:/usr/share/logstash/pipeline:ro + ports: + - '5000:5000' + - '9600:9600' + environment: + LS_JAVA_OPTS: '-Xmx256m -Xms256m' + depends_on: + - elasticsearch + profiles: + - all + networks: + - essarch + + kibana: + build: + context: kibana + args: + KIBANA_DISTRO: ${KIBANA_DISTRO} + KIBANA_VERSION: ${KIBANA_VERSION} + ports: + - '5601:5601' + environment: + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + depends_on: + - elasticsearch + profiles: + - all + networks: + - essarch + +volumes: + essarch_elasticsearch_data: + essarch_mariadb_data: + essarch_postgres_data: + +networks: + essarch: + driver: bridge diff --git a/docker/docker-compose_opensearch.yml b/docker/docker-compose-opensearch.yml similarity index 100% rename from docker/docker-compose_opensearch.yml rename to docker/docker-compose-opensearch.yml diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index deb521fcd..6b333c651 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,4 +1,4 @@ -version: '3.3' +version: '3.8' services: essarch: @@ -6,14 +6,16 @@ services: build: context: .. dockerfile: docker/Dockerfile + target: prod environment: + ESSARCH_DIR: /ESSArch DATABASE_URL_ESSARCH: REDIS_URL_ESSARCH: redis://redis/1 RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 ELASTICSEARCH_URL: volumes: - - ..:/code - - /code/ESSArch.egg-info/ + #- ..:/code + #- /code/ESSArch.egg-info/ - ./data:/ESSArch/data - ./config:/ESSArch/config - ./log:/ESSArch/log @@ -30,7 +32,9 @@ services: /code/docker/wait_for.sh elasticsearch 9200 /code/docker/docker-entrypoint.sh ports: - - 8000:8000 + #- 8000:8000 + - 443:443 + #- 80:80 restart: on-failure tty: true depends_on: @@ -49,9 +53,10 @@ services: - | /code/docker/wait_for.sh redis 6379 /code/docker/wait_for.sh rabbitmq 5672 - /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh essarch 443 /code/docker/wait_for.sh elasticsearch 9200 django-admin worker -l INFO -Q celery,file_operation,validation,io_disk + #celery -l INFO -Q:worker_celery celery -c:worker_celery 1 -Q:worker_validation validation -c:worker_validation 4 -Q:worker_file_operation file_operation -c:worker_file_operation 4 -Q:worker_io_disk io_disk -c:worker_io_disk 4 -Q:worker_io_tape io_tape -c:worker_io_tape 4 -Ofair restart: on-failure environment: DATABASE_URL_ESSARCH: @@ -59,8 +64,8 @@ services: RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 ELASTICSEARCH_URL: volumes: - - ..:/code - - /code/ESSArch.egg-info/ + #- ..:/code + #- /code/ESSArch.egg-info/ - ./data:/ESSArch/data - ./config:/ESSArch/config - ./log:/ESSArch/log @@ -82,7 +87,7 @@ services: - | /code/docker/wait_for.sh redis 6379 /code/docker/wait_for.sh rabbitmq 5672 - /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh essarch 443 /code/docker/wait_for.sh elasticsearch 9200 essarch beat -l INFO restart: on-failure @@ -91,9 +96,10 @@ services: REDIS_URL_ESSARCH: redis://redis/1 RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 ELASTICSEARCH_URL: + ESSARCH_CELERY_BEAT_SCHEDULE_FILENAME: /code/config/essarch/celerybeat-schedule volumes: - - ..:/code - - /code/ESSArch.egg-info/ + #- ..:/code + #- /code/ESSArch.egg-info/ - ./data:/ESSArch/data - ./config:/ESSArch/config - ./log:/ESSArch/log @@ -106,6 +112,41 @@ services: networks: - essarch + daphne: + image: essarch + command: + - /bin/bash + - -c + - | + /code/docker/wait_for.sh redis 6379 + /code/docker/wait_for.sh rabbitmq 5672 + /code/docker/wait_for.sh essarch 443 + /code/docker/wait_for.sh elasticsearch 9200 + daphne ESSArch_Core.config.asgi:application --port 9000 --bind 0.0.0.0 --access-log /ESSArch/log/daphneessarch.log + ports: + - 9000:9000 + restart: on-failure + environment: + DATABASE_URL_ESSARCH: + REDIS_URL_ESSARCH: redis://redis/1 + RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 + ELASTICSEARCH_URL: + volumes: + #- ..:/code + #- /code/ESSArch.egg-info/ + - ./data:/ESSArch/data + - ./config:/ESSArch/config + - ./log:/ESSArch/log + - ../../ESSArch_Optional:/ESSArch/plugins + tty: true + depends_on: + - rabbitmq + - redis + - elasticsearch + - essarch + networks: + - essarch + datasette: image: essarch command: @@ -114,11 +155,11 @@ services: - | /code/docker/wait_for.sh redis 6379 /code/docker/wait_for.sh rabbitmq 5672 - /code/docker/wait_for.sh essarch 8000 + /code/docker/wait_for.sh essarch 443 /code/docker/wait_for.sh elasticsearch 9200 /code/docker/docker-entrypoint-datasette.sh ports: - - 8001:8001 + - 8001:8001 restart: on-failure environment: DATABASE_URL_ESSARCH: @@ -126,8 +167,8 @@ services: RABBITMQ_URL_ESSARCH: amqp://guest:guest@rabbitmq:5672 ELASTICSEARCH_URL: volumes: - - ..:/code - - /code/ESSArch.egg-info/ + #- ..:/code + #- /code/ESSArch.egg-info/ - ./data:/ESSArch/data - ./config:/ESSArch/config - ./log:/ESSArch/log @@ -153,11 +194,15 @@ services: - essarch_postgres_data:/var/lib/postgresql/data/ ports: - 5432:5432 + profiles: + - postgres networks: - essarch mariadb: - image: 'mariadb:10.4.6' + image: 'mariadb:11' + #command: mariadb --character-set-server=utf8mb4 --collation-server=utf8mb4_bin + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_bin environment: MYSQL_DATABASE: essarch MYSQL_USER: arkiv @@ -167,8 +212,8 @@ services: - essarch_mariadb_data:/var/lib/mysql ports: - 3306:3306 - profiles: - - mariadb + # profiles: + # - mariadb networks: - essarch diff --git a/docker/docker-entrypoint-dev.sh b/docker/docker-entrypoint-dev.sh new file mode 100644 index 000000000..0501658b3 --- /dev/null +++ b/docker/docker-entrypoint-dev.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +essarch settings generate --debug -q --no-overwrite +essarch mimetypes generate -q --no-overwrite +essarch install -q + +echo "Installing profiles" +python ESSArch_Core/install/install_sa_profiles.py se +python ESSArch_Core/install/install_sa_profiles.py no +python ESSArch_Core/install/install_sa_profiles.py eark + +echo "Starting server" +python manage.py runserver 0:8000 diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 0501658b3..156e2cd70 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -2,14 +2,63 @@ set -e -essarch settings generate --debug -q --no-overwrite -essarch mimetypes generate -q --no-overwrite -essarch install -q +if hostname -f > /dev/null 2>&1; then + FQDN="`hostname -f`" +else + FQDN="`hostname`" +fi +SiteName_essarch="essarch" +ServerName_essarch="$SiteName_essarch.$FQDN" -echo "Installing profiles" -python ESSArch_Core/install/install_sa_profiles.py se -python ESSArch_Core/install/install_sa_profiles.py no -python ESSArch_Core/install/install_sa_profiles.py eark +echo "ESSARCH_DIR = $ESSARCH_DIR" +if [ ! -f $ESSARCH_DIR/config/local_essarch_settings.py ]; then + echo "Generate settings" + essarch settings generate --debug -q --no-overwrite + echo "Generate mimetypes" + essarch mimetypes generate -q --no-overwrite + echo "Running essarch install -q " + essarch install -q + ESSARCH=`python -c "import ESSArch_Core as _; print(_.__path__[0])"` + echo "Found ESSArch in path: $ESSARCH" + echo "Installing SE profiles" + python $ESSARCH/install/install_sa_profiles.py se + echo "Installing NO profiles" + #python $ESSARCH/install/install_sa_profiles.py no + echo "Installing EARK profiles" + python $ESSARCH/install/install_sa_profiles.py eark +else + echo "Check if any new db migrations to apply" + django-admin migrate +fi + +if [ ! -f $ESSARCH_DIR/config/httpd.conf ]; then + echo "Configure apache http" + cp /code/docker/templates/config/file_formats.xml $ESSARCH_DIR/config/file_formats.xml + cp /code/docker/templates/config/httpd_mime.types $ESSARCH_DIR/config/httpd_mime.types + cp /code/docker/templates/config/httpd.conf $ESSARCH_DIR/config/httpd.conf + cp /code/docker/templates/config/httpd-essarch.conf $ESSARCH_DIR/config/httpd-essarch.conf + cp /code/docker/templates/config/httpd-schema.conf $ESSARCH_DIR/config/httpd-schema.conf + ln -fs $ESSARCH_DIR/config/httpd.conf /etc/apache2/sites-enabled/httpd.conf + sed -i "s;\(ServerName \)[^\]*;\1${ServerName_essarch};" $ESSARCH_DIR/config/httpd-essarch.conf + sed -i "s;\(Redirect / https://\)[^\]*;\1${ServerName_essarch};" $ESSARCH_DIR/config/httpd-essarch.conf + if [ ! -f $ESSARCH_DIR/config/ssl/server_essarch.crt ]; then + mkdir -p $ESSARCH_DIR/config/ssl + cd $ESSARCH_DIR/config/ssl; openssl req -x509 -sha256 -days 3652 -newkey rsa:2048 -subj "/C=SE/ST=Stockholm/O=ES Solutions AB/CN=${ServerName_essarch}" -keyout server_essarch.key -out server_essarch.crt -nodes + fi +#else +# echo "Check if any new static files need to be collected" +# django-admin collectstatic --noinput +fi + +if [ /var/run/apache2/apache2.pid ]; then + echo "Remove old apache2.pid" + rm -f /var/run/apache2/apache2.pid +fi echo "Starting server" -python manage.py runserver 0:8000 +#ENV="env -i $(grep -v '^#' /code/docker/templates/config/essarch_env | xargs) /bin/sh -l -c" +#ENV="env $(grep -v '^#' /code/docker/templates/config/essarch_env | xargs) /bin/sh -l -c" +#$ENV "apache2ctl -D FOREGROUND" +apache2ctl -D FOREGROUND +#$ENV "${apachectl} -f ${apacheconfig} -D FOREGROUND" +#$ENV "/usr/sbin/apache2ctl -f /ESSArch/config/httpd.conf -D FOREGROUND" diff --git a/docker/templates/config/file_formats.xml b/docker/templates/config/file_formats.xml new file mode 100644 index 000000000..dd02b8b04 --- /dev/null +++ b/docker/templates/config/file_formats.xml @@ -0,0 +1,29 @@ + + + + \ No newline at end of file diff --git a/docker/templates/config/httpd-essarch-datasette.conf b/docker/templates/config/httpd-essarch-datasette.conf new file mode 100644 index 000000000..770a798e1 --- /dev/null +++ b/docker/templates/config/httpd-essarch-datasette.conf @@ -0,0 +1,16 @@ +# Datasette +#ProxyRequests off +ProxyPass /datasette http://127.0.0.1:8001 +ProxyPreserveHost On +#ProxyHTMLURLMap http://127.0.0.1:8001 /datasette + + ProxyPassReverse / + #SetOutputFilter proxy-html + #ProxyHTMLURLMap / /datasette2/ + #ProxyHTMLURLMap /datasette /datasette3 + #ProxyHTMLExtended On + #ProxyHTMLLinks a href + #ProxyHTMLURLMap http://127.0.0.1:8001 https://servername.xyz + #RequestHeader unset Accept-Encoding + + diff --git a/docker/templates/config/httpd-essarch.conf b/docker/templates/config/httpd-essarch.conf new file mode 100644 index 000000000..50d2622c9 --- /dev/null +++ b/docker/templates/config/httpd-essarch.conf @@ -0,0 +1,52 @@ +# Include ESSArch Preservation Platform +# + + ServerName essarch.org + Redirect / https://essarch.org + + +#Listen 443 + + ServerName essarch.org + + # Logs + ErrorLog ${ESSARCH_DIR}/log/httpd_error_essarch.log + TransferLog ${ESSARCH_DIR}/log/httpd_access_essarch.log + CustomLog ${ESSARCH_DIR}/log/httpd_ssl_request_essarch.log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + # SSL + SSLEngine on + SSLCertificateFile ${ESSARCH_DIR}/config/ssl/server_essarch.crt + SSLCertificateKeyFile ${ESSARCH_DIR}/config/ssl/server_essarch.key + SSLProxyEngine on + SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 + SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL + SSLHonorCipherOrder on + + # WS (websocket) + ProxyPass "/ws/" "http://daphne:9000/ws/" upgrade=websocket + #ProxyPassReverse "/ws/" "http://daphne:9000/ws/" upgrade=websocket + + # Static files + Alias /static/ /code/config/essarch/static_root/ + + Require all granted + + + # WSGI (Web Server Gateway Interface) + WSGIPassAuthorization On + WSGIDaemonProcess essarch processes=2 threads=10 display-name=%{GROUP} + WSGIProcessGroup essarch + WSGIApplicationGroup %{GLOBAL} + #WSGIScriptAlias / ${ESSARCH_DIR}/config/essarch/wsgi.py + WSGIScriptAlias / /code/config/essarch/wsgi.py + + + Require all granted + + + + # Include extra options + IncludeOptional ${ESSARCH_DIR}/config/httpd-essarch-*.conf + diff --git a/docker/templates/config/httpd.conf b/docker/templates/config/httpd.conf new file mode 100644 index 000000000..a9bcf3630 --- /dev/null +++ b/docker/templates/config/httpd.conf @@ -0,0 +1,72 @@ +#Listen 443 +#Listen 80 + +#User www-data +#Group www-data + +# base +#LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so +#LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so +#LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so +#LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so +#LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so +#LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so +#LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so +#LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so +#LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so + +# extra +#LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so +#LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so +#LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so +#LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so +#LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so +#LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +#LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so +#LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so + +# ? +#LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so +#LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so + +LogFormat "%h %l %u %t \"%r\" %>s %b" common +CustomLog ${ESSARCH_DIR}/log/httpd_access.log common + +ErrorLog ${ESSARCH_DIR}/log/httpd_error.log +LogLevel warn + +ServerName 127.0.0.1 + +TypesConfig ${ESSARCH_DIR}/config/httpd_mime.types +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript + +Header always set X-Content-Type-Options nosniff + +# uncomment to receive remote client ip behind proxy +#LoadModule remoteip_module modules/mod_remoteip.so +#RemoteIPHeader X-Forwarded-For + +# +#SSLRandomSeed startup builtin +#SSLRandomSeed connect builtin +# + +# Load mod_wsgi from python +#LoadModule wsgi_module "${ESSARCH_DIR}/config/essarch/mod_wsgi.so" +LoadModule wsgi_module "/code/config/essarch/mod_wsgi.so" +# WSGIPythonHome "${ESSARCH_DIR}/pd/python" + +# ESSARCH +Include ${ESSARCH_DIR}/config/httpd-essarch.conf + +# Uncomment below to include XSD schema server +#Include ${ESSARCH_DIR}/config/httpd-schema.conf + +# Omeka +#Include ${ESSARCH_DIR}/config/httpd-omeka.conf + +# Search +#Include ${ESSARCH_DIR}/config/httpd-search.conf \ No newline at end of file diff --git a/docker/templates/config/httpd_mime.types b/docker/templates/config/httpd_mime.types new file mode 100644 index 000000000..07b4465ef --- /dev/null +++ b/docker/templates/config/httpd_mime.types @@ -0,0 +1,1065 @@ +# This is a comment. I love comments. + +# This file controls what Internet media types are sent to the client for +# given file extension(s). Sending the correct media type to the client +# is important so they know how to handle the content of the file. +# Extra types can either be added here or by using an AddType directive +# in your config files. For more information about Internet media types, +# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type +# registry is at . + +# MIME type Extensions +application/activemessage +application/andrew-inset ez +application/applefile +application/atom+xml atom +application/atomcat+xml atomcat +application/atomicmail +application/atomsvc+xml atomsvc +application/auth-policy+xml +application/batch-smtp +application/beep+xml +application/cals-1840 +application/ccxml+xml ccxml +application/cellml+xml +application/cnrp+xml +application/commonground +application/conference-info+xml +application/cpl+xml +application/csta+xml +application/cstadata+xml +application/cybercash +application/davmount+xml davmount +application/dca-rft +application/dec-dx +application/dialog-info+xml +application/dicom +application/dns +application/dvcs +application/ecmascript ecma +application/edi-consent +application/edi-x12 +application/edifact +application/epp+xml +application/eshop +application/fastinfoset +application/fastsoap +application/fits +application/font-tdpfr pfr +application/h224 +application/http +application/hyperstudio stk +application/iges +application/im-iscomposing+xml +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/iotp +application/ipp +application/isup +application/javascript js +application/json json +application/kpml-request+xml +application/kpml-response+xml +application/lost+xml lostxml +application/mac-binhex40 hqx +application/mac-compactpro cpt +application/macwriteii +application/marc mrc +application/mathematica ma nb mb +application/mathml+xml mathml +application/mbms-associated-procedure-description+xml +application/mbms-deregister+xml +application/mbms-envelope+xml +application/mbms-msk+xml +application/mbms-msk-response+xml +application/mbms-protection-description+xml +application/mbms-reception-report+xml +application/mbms-register+xml +application/mbms-register-response+xml +application/mbms-user-service-description+xml +application/mbox mbox +application/media_control+xml +application/mediaservercontrol+xml mscml +application/mikey +application/moss-keys +application/moss-signature +application/mosskey-data +application/mosskey-request +application/mp4 mp4s +application/mpeg4-generic +application/mpeg4-iod +application/mpeg4-iod-xmt +application/msword doc dot +application/mxf mxf +application/nasdata +application/news-transmission +application/nss +application/ocsp-request +application/ocsp-response +application/octet-stream bin dms lha lzh class so iso dmg dist distz pkg bpk dump elc +application/oda oda +application/oebps-package+xml +application/ogg ogx +application/parityfec +application/patch-ops-error+xml xer +application/pdf pdf +application/pgp-encrypted pgp +application/pgp-keys +application/pgp-signature asc sig +application/pics-rules prf +application/pidf+xml +application/pidf-diff+xml +application/pkcs10 p10 +application/pkcs7-mime p7m p7c +application/pkcs7-signature p7s +application/pkix-cert cer +application/pkix-crl crl +application/pkix-pkipath pkipath +application/pkixcmp pki +application/pls+xml pls +application/poc-settings+xml +application/postscript ai eps ps +application/prs.alvestrand.titrax-sheet +application/prs.cww cww +application/prs.nprend +application/prs.plucker +application/qsig +application/rdf+xml rdf +application/reginfo+xml rif +application/relax-ng-compact-syntax rnc +application/remote-printing +application/resource-lists+xml rl +application/resource-lists-diff+xml rld +application/riscos +application/rlmi+xml +application/rls-services+xml rs +application/rsd+xml rsd +application/rss+xml rss +application/rtf rtf +application/rtx +application/samlassertion+xml +application/samlmetadata+xml +application/sbml+xml sbml +application/scvp-cv-request scq +application/scvp-cv-response scs +application/scvp-vp-request spq +application/scvp-vp-response spp +application/sdp sdp +application/set-payment +application/set-payment-initiation setpay +application/set-registration +application/set-registration-initiation setreg +application/sgml +application/sgml-open-catalog +application/shf+xml shf +application/sieve +application/simple-filter+xml +application/simple-message-summary +application/simplesymbolcontainer +application/slate +application/smil +application/smil+xml smi smil +application/soap+fastinfoset +application/soap+xml +application/sparql-query rq +application/sparql-results+xml srx +application/spirits-event+xml +application/srgs gram +application/srgs+xml grxml +application/ssml+xml ssml +application/timestamp-query +application/timestamp-reply +application/tve-trigger +application/ulpfec +application/vemmi +application/vividence.scriptfile +application/vnd.3gpp.bsf+xml +application/vnd.3gpp.pic-bw-large plb +application/vnd.3gpp.pic-bw-small psb +application/vnd.3gpp.pic-bw-var pvb +application/vnd.3gpp.sms +application/vnd.3gpp2.bcmcsinfo+xml +application/vnd.3gpp2.sms +application/vnd.3gpp2.tcap tcap +application/vnd.3m.post-it-notes pwn +application/vnd.accpac.simply.aso aso +application/vnd.accpac.simply.imp imp +application/vnd.acucobol acu +application/vnd.acucorp atc acutc +application/vnd.adobe.xdp+xml xdp +application/vnd.adobe.xfdf xfdf +application/vnd.aether.imp +application/vnd.americandynamics.acc acc +application/vnd.amiga.ami ami +application/vnd.anser-web-certificate-issue-initiation cii +application/vnd.anser-web-funds-transfer-initiation fti +application/vnd.antix.game-component atx +application/vnd.apple.installer+xml mpkg +application/vnd.arastra.swi swi +application/vnd.audiograph aep +application/vnd.autopackage +application/vnd.avistar+xml +application/vnd.blueice.multipass mpm +application/vnd.bmi bmi +application/vnd.businessobjects rep +application/vnd.cab-jscript +application/vnd.canon-cpdl +application/vnd.canon-lips +application/vnd.cendio.thinlinc.clientconf +application/vnd.chemdraw+xml cdxml +application/vnd.chipnuts.karaoke-mmd mmd +application/vnd.cinderella cdy +application/vnd.cirpack.isdn-ext +application/vnd.claymore cla +application/vnd.clonk.c4group c4g c4d c4f c4p c4u +application/vnd.commerce-battelle +application/vnd.commonspace csp cst +application/vnd.contact.cmsg cdbcmsg +application/vnd.cosmocaller cmc +application/vnd.crick.clicker clkx +application/vnd.crick.clicker.keyboard clkk +application/vnd.crick.clicker.palette clkp +application/vnd.crick.clicker.template clkt +application/vnd.crick.clicker.wordbank clkw +application/vnd.criticaltools.wbs+xml wbs +application/vnd.ctc-posml pml +application/vnd.ctct.ws+xml +application/vnd.cups-pdf +application/vnd.cups-postscript +application/vnd.cups-ppd ppd +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.curl curl +application/vnd.cybank +application/vnd.data-vision.rdz rdz +application/vnd.denovo.fcselayout-link fe_launch +application/vnd.dna dna +application/vnd.dolby.mlp mlp +application/vnd.dpgraph dpg +application/vnd.dreamfactory dfac +application/vnd.dvb.esgcontainer +application/vnd.dvb.ipdcesgaccess +application/vnd.dvb.iptv.alfec-base +application/vnd.dvb.iptv.alfec-enhancement +application/vnd.dxr +application/vnd.ecdis-update +application/vnd.ecowin.chart mag +application/vnd.ecowin.filerequest +application/vnd.ecowin.fileupdate +application/vnd.ecowin.series +application/vnd.ecowin.seriesrequest +application/vnd.ecowin.seriesupdate +application/vnd.enliven nml +application/vnd.epson.esf esf +application/vnd.epson.msf msf +application/vnd.epson.quickanime qam +application/vnd.epson.salt slt +application/vnd.epson.ssf ssf +application/vnd.ericsson.quickcall +application/vnd.eszigno3+xml es3 et3 +application/vnd.eudora.data +application/vnd.ezpix-album ez2 +application/vnd.ezpix-package ez3 +application/vnd.fdf fdf +application/vnd.ffsns +application/vnd.fints +application/vnd.flographit gph +application/vnd.fluxtime.clip ftc +application/vnd.font-fontforge-sfd +application/vnd.framemaker fm frame maker +application/vnd.frogans.fnc fnc +application/vnd.frogans.ltf ltf +application/vnd.fsc.weblaunch fsc +application/vnd.fujitsu.oasys oas +application/vnd.fujitsu.oasys2 oa2 +application/vnd.fujitsu.oasys3 oa3 +application/vnd.fujitsu.oasysgp fg5 +application/vnd.fujitsu.oasysprs bh2 +application/vnd.fujixerox.art-ex +application/vnd.fujixerox.art4 +application/vnd.fujixerox.hbpl +application/vnd.fujixerox.ddd ddd +application/vnd.fujixerox.docuworks xdw +application/vnd.fujixerox.docuworks.binder xbd +application/vnd.fut-misnet +application/vnd.fuzzysheet fzs +application/vnd.genomatix.tuxedo txd +application/vnd.gmx gmx +application/vnd.google-earth.kml+xml kml +application/vnd.google-earth.kmz kmz +application/vnd.grafeq gqf gqs +application/vnd.gridmp +application/vnd.groove-account gac +application/vnd.groove-help ghf +application/vnd.groove-identity-message gim +application/vnd.groove-injector grv +application/vnd.groove-tool-message gtm +application/vnd.groove-tool-template tpl +application/vnd.groove-vcard vcg +application/vnd.handheld-entertainment+xml zmm +application/vnd.hbci hbci +application/vnd.hcl-bireports +application/vnd.hhe.lesson-player les +application/vnd.hp-hpgl hpgl +application/vnd.hp-hpid hpid +application/vnd.hp-hps hps +application/vnd.hp-jlyt jlt +application/vnd.hp-pcl pcl +application/vnd.hp-pclxl pclxl +application/vnd.httphone +application/vnd.hydrostatix.sof-data sfd-hdstx +application/vnd.hzn-3d-crossword x3d +application/vnd.ibm.afplinedata +application/vnd.ibm.electronic-media +application/vnd.ibm.minipay mpy +application/vnd.ibm.modcap afp listafp list3820 +application/vnd.ibm.rights-management irm +application/vnd.ibm.secure-container sc +application/vnd.iccprofile icc icm +application/vnd.igloader igl +application/vnd.immervision-ivp ivp +application/vnd.immervision-ivu ivu +application/vnd.informedcontrol.rms+xml +application/vnd.intercon.formnet xpw xpx +application/vnd.intertrust.digibox +application/vnd.intertrust.nncp +application/vnd.intu.qbo qbo +application/vnd.intu.qfx qfx +application/vnd.iptc.g2.conceptitem+xml +application/vnd.iptc.g2.knowledgeitem+xml +application/vnd.iptc.g2.newsitem+xml +application/vnd.iptc.g2.packageitem+xml +application/vnd.ipunplugged.rcprofile rcprofile +application/vnd.irepository.package+xml irp +application/vnd.is-xpr xpr +application/vnd.jam jam +application/vnd.japannet-directory-service +application/vnd.japannet-jpnstore-wakeup +application/vnd.japannet-payment-wakeup +application/vnd.japannet-registration +application/vnd.japannet-registration-wakeup +application/vnd.japannet-setstore-wakeup +application/vnd.japannet-verification +application/vnd.japannet-verification-wakeup +application/vnd.jcp.javame.midlet-rms rms +application/vnd.jisp jisp +application/vnd.joost.joda-archive joda +application/vnd.kahootz ktz ktr +application/vnd.kde.karbon karbon +application/vnd.kde.kchart chrt +application/vnd.kde.kformula kfo +application/vnd.kde.kivio flw +application/vnd.kde.kontour kon +application/vnd.kde.kpresenter kpr kpt +application/vnd.kde.kspread ksp +application/vnd.kde.kword kwd kwt +application/vnd.kenameaapp htke +application/vnd.kidspiration kia +application/vnd.kinar kne knp +application/vnd.koan skp skd skt skm +application/vnd.kodak-descriptor sse +application/vnd.liberty-request+xml +application/vnd.llamagraphics.life-balance.desktop lbd +application/vnd.llamagraphics.life-balance.exchange+xml lbe +application/vnd.lotus-1-2-3 123 +application/vnd.lotus-approach apr +application/vnd.lotus-freelance pre +application/vnd.lotus-notes nsf +application/vnd.lotus-organizer org +application/vnd.lotus-screencam scm +application/vnd.lotus-wordpro lwp +application/vnd.macports.portpkg portpkg +application/vnd.marlin.drm.actiontoken+xml +application/vnd.marlin.drm.conftoken+xml +application/vnd.marlin.drm.license+xml +application/vnd.marlin.drm.mdcf +application/vnd.mcd mcd +application/vnd.medcalcdata mc1 +application/vnd.mediastation.cdkey cdkey +application/vnd.meridian-slingshot +application/vnd.mfer mwf +application/vnd.mfmp mfm +application/vnd.micrografx.flo flo +application/vnd.micrografx.igx igx +application/vnd.mif mif +application/vnd.minisoft-hp3000-save +application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf daf +application/vnd.mobius.dis dis +application/vnd.mobius.mbk mbk +application/vnd.mobius.mqy mqy +application/vnd.mobius.msl msl +application/vnd.mobius.plc plc +application/vnd.mobius.txf txf +application/vnd.mophun.application mpn +application/vnd.mophun.certificate mpc +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem +application/vnd.motorola.iprm +application/vnd.mozilla.xul+xml xul +application/vnd.ms-artgalry cil +application/vnd.ms-asf asf +application/vnd.ms-cab-compressed cab +application/vnd.ms-excel xls xlm xla xlc xlt xlw +application/vnd.ms-fontobject eot +application/vnd.ms-htmlhelp chm +application/vnd.ms-ims ims +application/vnd.ms-lrm lrm +application/vnd.ms-playready.initiator+xml +application/vnd.ms-powerpoint ppt pps pot +application/vnd.ms-project mpp mpt +application/vnd.ms-tnef +application/vnd.ms-wmdrm.lic-chlg-req +application/vnd.ms-wmdrm.lic-resp +application/vnd.ms-wmdrm.meter-chlg-req +application/vnd.ms-wmdrm.meter-resp +application/vnd.ms-works wps wks wcm wdb +application/vnd.ms-wpl wpl +application/vnd.ms-xpsdocument xps +application/vnd.mseq mseq +application/vnd.msign +application/vnd.multiad.creator +application/vnd.multiad.creator.cif +application/vnd.music-niff +application/vnd.musician mus +application/vnd.muvee.style msty +application/vnd.ncd.control +application/vnd.ncd.reference +application/vnd.nervana +application/vnd.netfpx +application/vnd.neurolanguage.nlu nlu +application/vnd.noblenet-directory nnd +application/vnd.noblenet-sealer nns +application/vnd.noblenet-web nnw +application/vnd.nokia.catalogs +application/vnd.nokia.conml+wbxml +application/vnd.nokia.conml+xml +application/vnd.nokia.isds-radio-presets +application/vnd.nokia.iptv.config+xml +application/vnd.nokia.landmark+wbxml +application/vnd.nokia.landmark+xml +application/vnd.nokia.landmarkcollection+xml +application/vnd.nokia.n-gage.ac+xml +application/vnd.nokia.n-gage.data ngdat +application/vnd.nokia.n-gage.symbian.install n-gage +application/vnd.nokia.ncd +application/vnd.nokia.pcd+wbxml +application/vnd.nokia.pcd+xml +application/vnd.nokia.radio-preset rpst +application/vnd.nokia.radio-presets rpss +application/vnd.novadigm.edm edm +application/vnd.novadigm.edx edx +application/vnd.novadigm.ext ext +application/vnd.oasis.opendocument.chart odc +application/vnd.oasis.opendocument.chart-template otc +application/vnd.oasis.opendocument.formula odf +application/vnd.oasis.opendocument.formula-template otf +application/vnd.oasis.opendocument.graphics odg +application/vnd.oasis.opendocument.graphics-template otg +application/vnd.oasis.opendocument.image odi +application/vnd.oasis.opendocument.image-template oti +application/vnd.oasis.opendocument.presentation odp +application/vnd.oasis.opendocument.presentation-template otp +application/vnd.oasis.opendocument.spreadsheet ods +application/vnd.oasis.opendocument.spreadsheet-template ots +application/vnd.oasis.opendocument.text odt +application/vnd.oasis.opendocument.text-master otm +application/vnd.oasis.opendocument.text-template ott +application/vnd.oasis.opendocument.text-web oth +application/vnd.obn +application/vnd.olpc-sugar xo +application/vnd.oma-scws-config +application/vnd.oma-scws-http-request +application/vnd.oma-scws-http-response +application/vnd.oma.bcast.associated-procedure-parameter+xml +application/vnd.oma.bcast.drm-trigger+xml +application/vnd.oma.bcast.imd+xml +application/vnd.oma.bcast.ltkm +application/vnd.oma.bcast.notification+xml +application/vnd.oma.bcast.provisioningtrigger +application/vnd.oma.bcast.sgboot +application/vnd.oma.bcast.sgdd+xml +application/vnd.oma.bcast.sgdu +application/vnd.oma.bcast.simple-symbol-container +application/vnd.oma.bcast.smartcard-trigger+xml +application/vnd.oma.bcast.sprov+xml +application/vnd.oma.bcast.stkm +application/vnd.oma.dcd +application/vnd.oma.dcdc +application/vnd.oma.dd2+xml dd2 +application/vnd.oma.drm.risd+xml +application/vnd.oma.group-usage-list+xml +application/vnd.oma.poc.detailed-progress-report+xml +application/vnd.oma.poc.final-report+xml +application/vnd.oma.poc.groups+xml +application/vnd.oma.poc.invocation-descriptor+xml +application/vnd.oma.poc.optimized-progress-report+xml +application/vnd.oma.xcap-directory+xml +application/vnd.omads-email+xml +application/vnd.omads-file+xml +application/vnd.omads-folder+xml +application/vnd.omaloc-supl-init +application/vnd.openofficeorg.extension oxt +application/vnd.osa.netdeploy +application/vnd.osgi.dp dp +application/vnd.otps.ct-kip+xml +application/vnd.palm prc pdb pqa oprc +application/vnd.paos.xml +application/vnd.pg.format str +application/vnd.pg.osasli ei6 +application/vnd.piaccess.application-licence +application/vnd.picsel efif +application/vnd.poc.group-advertisement+xml +application/vnd.pocketlearn plf +application/vnd.powerbuilder6 pbd +application/vnd.powerbuilder6-s +application/vnd.powerbuilder7 +application/vnd.powerbuilder7-s +application/vnd.powerbuilder75 +application/vnd.powerbuilder75-s +application/vnd.preminet +application/vnd.previewsystems.box box +application/vnd.proteus.magazine mgz +application/vnd.publishare-delta-tree qps +application/vnd.pvi.ptid1 ptid +application/vnd.pwg-multiplexed +application/vnd.pwg-xhtml-print+xml +application/vnd.qualcomm.brew-app-res +application/vnd.quark.quarkxpress qxd qxt qwd qwt qxl qxb +application/vnd.rapid +application/vnd.recordare.musicxml mxl +application/vnd.recordare.musicxml+xml +application/vnd.renlearn.rlprint +application/vnd.rn-realmedia rm +application/vnd.route66.link66+xml link66 +application/vnd.ruckus.download +application/vnd.s3sms +application/vnd.sbm.mid2 +application/vnd.scribus +application/vnd.sealed.3df +application/vnd.sealed.csf +application/vnd.sealed.doc +application/vnd.sealed.eml +application/vnd.sealed.mht +application/vnd.sealed.net +application/vnd.sealed.ppt +application/vnd.sealed.tiff +application/vnd.sealed.xls +application/vnd.sealedmedia.softseal.html +application/vnd.sealedmedia.softseal.pdf +application/vnd.seemail see +application/vnd.sema sema +application/vnd.semd semd +application/vnd.semf semf +application/vnd.shana.informed.formdata ifm +application/vnd.shana.informed.formtemplate itp +application/vnd.shana.informed.interchange iif +application/vnd.shana.informed.package ipk +application/vnd.simtech-mindmapper twd twds +application/vnd.smaf mmf +application/vnd.software602.filler.form+xml +application/vnd.software602.filler.form-xml-zip +application/vnd.solent.sdkm+xml sdkm sdkd +application/vnd.spotfire.dxp dxp +application/vnd.spotfire.sfs sfs +application/vnd.sss-cod +application/vnd.sss-dtf +application/vnd.sss-ntf +application/vnd.street-stream +application/vnd.sun.wadl+xml +application/vnd.sus-calendar sus susp +application/vnd.svd svd +application/vnd.swiftview-ics +application/vnd.syncml+xml xsm +application/vnd.syncml.dm+wbxml bdm +application/vnd.syncml.dm+xml xdm +application/vnd.syncml.ds.notification +application/vnd.tao.intent-module-archive tao +application/vnd.tmobile-livetv tmo +application/vnd.trid.tpt tpt +application/vnd.triscape.mxs mxs +application/vnd.trueapp tra +application/vnd.truedoc +application/vnd.ufdl ufd ufdl +application/vnd.uiq.theme utz +application/vnd.umajin umj +application/vnd.unity unityweb +application/vnd.uoml+xml uoml +application/vnd.uplanet.alert +application/vnd.uplanet.alert-wbxml +application/vnd.uplanet.bearer-choice +application/vnd.uplanet.bearer-choice-wbxml +application/vnd.uplanet.cacheop +application/vnd.uplanet.cacheop-wbxml +application/vnd.uplanet.channel +application/vnd.uplanet.channel-wbxml +application/vnd.uplanet.list +application/vnd.uplanet.list-wbxml +application/vnd.uplanet.listcmd +application/vnd.uplanet.listcmd-wbxml +application/vnd.uplanet.signal +application/vnd.vcx vcx +application/vnd.vd-study +application/vnd.vectorworks +application/vnd.vidsoft.vidconference +application/vnd.visio vsd vst vss vsw +application/vnd.visionary vis +application/vnd.vividence.scriptfile +application/vnd.vsf vsf +application/vnd.wap.sic +application/vnd.wap.slc +application/vnd.wap.wbxml wbxml +application/vnd.wap.wmlc wmlc +application/vnd.wap.wmlscriptc wmlsc +application/vnd.webturbo wtb +application/vnd.wfa.wsc +application/vnd.wmc +application/vnd.wmf.bootstrap +application/vnd.wordperfect wpd +application/vnd.wqd wqd +application/vnd.wrq-hp3000-labelled +application/vnd.wt.stf stf +application/vnd.wv.csp+wbxml +application/vnd.wv.csp+xml +application/vnd.wv.ssp+xml +application/vnd.xara xar +application/vnd.xfdl xfdl +application/vnd.xmi+xml +application/vnd.xmpie.cpkg +application/vnd.xmpie.dpkg +application/vnd.xmpie.plan +application/vnd.xmpie.ppkg +application/vnd.xmpie.xlim +application/vnd.yamaha.hv-dic hvd +application/vnd.yamaha.hv-script hvs +application/vnd.yamaha.hv-voice hvp +application/vnd.yamaha.smaf-audio saf +application/vnd.yamaha.smaf-phrase spf +application/vnd.yellowriver-custom-menu cmp +application/vnd.zzazz.deck+xml zaz +application/voicexml+xml vxml +application/watcherinfo+xml +application/whoispp-query +application/whoispp-response +application/winhlp hlp +application/wita +application/wordperfect5.1 +application/wsdl+xml wsdl +application/wspolicy+xml wspolicy +application/x-ace-compressed ace +application/x-bcpio bcpio +application/x-bittorrent torrent +application/x-bzip bz +application/x-bzip2 bz2 boz +application/x-cdlink vcd +application/x-chat chat +application/x-chess-pgn pgn +application/x-compress +application/x-cpio cpio +application/x-csh csh +application/x-director dcr dir dxr fgd +application/x-dvi dvi +application/x-futuresplash spl +application/x-gtar gtar +application/x-gzip +application/x-hdf hdf +application/x-latex latex +application/x-ms-wmd wmd +application/x-ms-wmz wmz +application/x-msaccess mdb +application/x-msbinder obd +application/x-mscardfile crd +application/x-msclip clp +application/x-msdownload exe dll com bat msi +application/x-msmediaview mvb m13 m14 +application/x-msmetafile wmf +application/x-msmoney mny +application/x-mspublisher pub +application/x-msschedule scd +application/x-msterminal trm +application/x-mswrite wri +application/x-netcdf nc cdf +application/x-pkcs12 p12 pfx +application/x-pkcs7-certificates p7b spc +application/x-pkcs7-certreqresp p7r +application/x-rar-compressed rar +application/x-sh sh +application/x-shar shar +application/x-shockwave-flash swf +application/x-stuffit sit +application/x-stuffitx sitx +application/x-sv4cpio sv4cpio +application/x-sv4crc sv4crc +application/x-tar tar +application/x-tcl tcl +application/x-tex tex +application/x-texinfo texinfo texi +application/x-ustar ustar +application/x-wais-source src +application/x-x509-ca-cert der crt +application/x400-bp +application/xcap-att+xml +application/xcap-caps+xml +application/xcap-el+xml +application/xcap-error+xml +application/xcap-ns+xml +application/xenc+xml xenc +application/xhtml+xml xhtml xht +application/xml xml xsl +application/xml-dtd dtd +application/xml-external-parsed-entity +application/xmpp+xml +application/xop+xml xop +application/xslt+xml xslt +application/xspf+xml xspf +application/xv+xml mxml xhvml xvml xvm +application/zip zip +audio/32kadpcm +audio/3gpp +audio/3gpp2 +audio/ac3 +audio/amr +audio/amr-wb +audio/amr-wb+ +audio/asc +audio/basic au snd +audio/bv16 +audio/bv32 +audio/clearmode +audio/cn +audio/dat12 +audio/dls +audio/dsr-es201108 +audio/dsr-es202050 +audio/dsr-es202211 +audio/dsr-es202212 +audio/dvi4 +audio/eac3 +audio/evrc +audio/evrc-qcp +audio/evrc0 +audio/evrc1 +audio/evrcb +audio/evrcb0 +audio/evrcb1 +audio/evrcwb +audio/evrcwb0 +audio/evrcwb1 +audio/g722 +audio/g7221 +audio/g723 +audio/g726-16 +audio/g726-24 +audio/g726-32 +audio/g726-40 +audio/g728 +audio/g729 +audio/g7291 +audio/g729d +audio/g729e +audio/gsm +audio/gsm-efr +audio/ilbc +audio/l16 +audio/l20 +audio/l24 +audio/l8 +audio/lpc +audio/midi mid midi kar rmi +audio/mobile-xmf +audio/mp4 mp4a +audio/mp4a-latm +audio/mpa +audio/mpa-robust +audio/mpeg mpga mp2 mp2a mp3 m2a m3a +audio/mpeg4-generic +audio/ogg oga ogg spx +audio/parityfec +audio/pcma +audio/pcmu +audio/prs.sid +audio/qcelp +audio/red +audio/rtp-enc-aescm128 +audio/rtp-midi +audio/rtx +audio/smv +audio/smv0 +audio/smv-qcp +audio/sp-midi +audio/t140c +audio/t38 +audio/telephone-event +audio/tone +audio/ulpfec +audio/vdvi +audio/vmr-wb +audio/vnd.3gpp.iufp +audio/vnd.4sb +audio/vnd.audiokoz +audio/vnd.celp +audio/vnd.cisco.nse +audio/vnd.cmles.radio-events +audio/vnd.cns.anp1 +audio/vnd.cns.inf1 +audio/vnd.digital-winds eol +audio/vnd.dlna.adts +audio/vnd.dolby.mlp +audio/vnd.dts dts +audio/vnd.dts.hd dtshd +audio/vnd.everad.plj +audio/vnd.hns.audio +audio/vnd.lucent.voice lvp +audio/vnd.ms-playready.media.pya pya +audio/vnd.nokia.mobile-xmf +audio/vnd.nortel.vbk +audio/vnd.nuera.ecelp4800 ecelp4800 +audio/vnd.nuera.ecelp7470 ecelp7470 +audio/vnd.nuera.ecelp9600 ecelp9600 +audio/vnd.octel.sbc +audio/vnd.qcelp +audio/vnd.rhetorex.32kadpcm +audio/vnd.sealedmedia.softseal.mpeg +audio/vnd.vmx.cvsd +audio/vorbis +audio/vorbis-config +audio/wav wav +audio/x-aiff aif aiff aifc +audio/x-mpegurl m3u +audio/x-ms-wax wax +audio/x-ms-wma wma +audio/x-pn-realaudio ram ra +audio/x-pn-realaudio-plugin rmp +audio/x-wav wav +chemical/x-cdx cdx +chemical/x-cif cif +chemical/x-cmdf cmdf +chemical/x-cml cml +chemical/x-csml csml +chemical/x-pdb pdb +chemical/x-xyz xyz +image/bmp bmp +image/cgm cgm +image/fits +image/g3fax g3 +image/gif gif +image/ief ief +image/jp2 +image/jpeg jpeg jpg jpe +image/jpm +image/jpx +image/naplps +image/png png +image/prs.btif btif +image/prs.pti +image/svg+xml svg svgz +image/t38 +image/tiff tiff tif +image/tiff-fx +image/vnd.adobe.photoshop psd +image/vnd.cns.inf2 +image/vnd.djvu djvu djv +image/vnd.dwg dwg +image/vnd.dxf dxf +image/vnd.fastbidsheet fbs +image/vnd.fpx fpx +image/vnd.fst fst +image/vnd.fujixerox.edmics-mmr mmr +image/vnd.fujixerox.edmics-rlc rlc +image/vnd.globalgraphics.pgb +image/vnd.microsoft.icon +image/vnd.mix +image/vnd.ms-modi mdi +image/vnd.net-fpx npx +image/vnd.sealed.png +image/vnd.sealedmedia.softseal.gif +image/vnd.sealedmedia.softseal.jpg +image/vnd.svf +image/vnd.wap.wbmp wbmp +image/vnd.xiff xif +image/x-cmu-raster ras +image/x-cmx cmx +image/x-icon ico +image/x-pcx pcx +image/x-pict pic pct +image/x-portable-anymap pnm +image/x-portable-bitmap pbm +image/x-portable-graymap pgm +image/x-portable-pixmap ppm +image/x-rgb rgb +image/x-xbitmap xbm +image/x-xpixmap xpm +image/x-xwindowdump xwd +message/cpim +message/delivery-status +message/disposition-notification +message/external-body +message/global +message/global-delivery-status +message/global-disposition-notification +message/global-headers +message/http +message/news +message/partial +message/rfc822 eml mime +message/s-http +message/sip +message/sipfrag +message/tracking-status +message/vnd.si.simp +model/iges igs iges +model/mesh msh mesh silo +model/vnd.dwf dwf +model/vnd.flatland.3dml +model/vnd.gdl gdl +model/vnd.gs.gdl +model/vnd.gtw gtw +model/vnd.moml+xml +model/vnd.mts mts +model/vnd.parasolid.transmit.binary +model/vnd.parasolid.transmit.text +model/vnd.vtu vtu +model/vrml wrl vrml +multipart/alternative +multipart/appledouble +multipart/byteranges +multipart/digest +multipart/encrypted +multipart/form-data +multipart/header-set +multipart/mixed +multipart/parallel +multipart/related +multipart/report +multipart/signed +multipart/voice-message +text/calendar ics ifb +text/css css +text/csv csv +text/directory +text/dns +text/enriched +text/html html htm +text/parityfec +text/plain txt text conf def list log in +text/prs.fallenstein.rst +text/prs.lines.tag dsc +text/red +text/rfc822-headers +text/richtext rtx +text/rtf +text/rtp-enc-aescm128 +text/rtx +text/sgml sgml sgm +text/t140 +text/tab-separated-values tsv +text/troff t tr roff man me ms +text/ulpfec +text/uri-list uri uris urls +text/vnd.abc +text/vnd.curl +text/vnd.dmclientscript +text/vnd.esmertec.theme-descriptor +text/vnd.fly fly +text/vnd.fmi.flexstor flx +text/vnd.graphviz gv +text/vnd.in3d.3dml 3dml +text/vnd.in3d.spot spot +text/vnd.iptc.newsml +text/vnd.iptc.nitf +text/vnd.latex-z +text/vnd.motorola.reflex +text/vnd.ms-mediapackage +text/vnd.net2phone.commcenter.command +text/vnd.si.uricatalogue +text/vnd.sun.j2me.app-descriptor jad +text/vnd.trolltech.linguist +text/vnd.wap.si +text/vnd.wap.sl +text/vnd.wap.wml wml +text/vnd.wap.wmlscript wmls +text/x-asm s asm +text/x-c c cc cxx cpp h hh dic +text/x-fortran f for f77 f90 +text/x-pascal p pas +text/x-java-source java +text/x-setext etx +text/x-uuencode uu +text/x-vcalendar vcs +text/x-vcard vcf +text/xml +text/xml-external-parsed-entity +video/3gpp 3gp +video/3gpp-tt +video/3gpp2 3g2 +video/bmpeg +video/bt656 +video/celb +video/dv +video/h261 h261 +video/h263 h263 +video/h263-1998 +video/h263-2000 +video/h264 h264 +video/jpeg jpgv +video/jpeg2000 +video/jpm jpm jpgm +video/mj2 mj2 mjp2 +video/mp1s +video/mp2p +video/mp2t +video/mp4 mp4 mp4v mpg4 +video/mp4v-es +video/mpeg mpeg mpg mpe m1v m2v +video/mpeg4-generic +video/mpv +video/nv +video/ogg ogv +video/parityfec +video/pointer +video/quicktime qt mov +video/raw +video/rtp-enc-aescm128 +video/rtx +video/smpte292m +video/ulpfec +video/vc1 +video/vnd.cctv +video/vnd.dlna.mpeg-tts +video/vnd.fvt fvt +video/vnd.hns.video +video/vnd.iptvforum.1dparityfec-1010 +video/vnd.iptvforum.1dparityfec-2005 +video/vnd.iptvforum.2dparityfec-1010 +video/vnd.iptvforum.2dparityfec-2005 +video/vnd.iptvforum.ttsavc +video/vnd.iptvforum.ttsmpeg2 +video/vnd.motorola.video +video/vnd.motorola.videop +video/vnd.mpegurl mxu m4u +video/vnd.ms-playready.media.pyv pyv +video/vnd.nokia.interleaved-multimedia +video/vnd.nokia.videovoip +video/vnd.objectvideo +video/vnd.sealed.mpeg1 +video/vnd.sealed.mpeg4 +video/vnd.sealed.swf +video/vnd.sealedmedia.softseal.mov +video/vnd.vivo viv +video/x-fli fli +video/x-ms-asf asf asx +video/x-ms-wm wm +video/x-ms-wmv wmv +video/x-ms-wmx wmx +video/x-ms-wvx wvx +video/x-msvideo avi +video/x-sgi-movie movie +x-conference/x-cooltalk ice diff --git a/docker/templates/config/local_essarch_settings.py b/docker/templates/config/local_essarch_settings.py new file mode 100644 index 000000000..a4ffaf72b --- /dev/null +++ b/docker/templates/config/local_essarch_settings.py @@ -0,0 +1,296 @@ +# Email configuration +# EMAIL_HOST = 'mail.essolutions.se' +# EMAIL_PORT = 4465 +# EMAIL_USE_SSL = True +# EMAIL_HOST_USER = 'e-archive@essarch.org' +# EMAIL_HOST_PASSWORD = 'xyz' +# SERVER_EMAIL = 'e-archive@essarch.org' # "admin" from +# DEFAULT_FROM_EMAIL = 'e-archive@essarch.org' # from +# EMAIL_SUBJECT_PREFIX = "[ESSArch x] " +# ADMINS = ( +# ('Henrik Ek', 'henrik@essolutions.se'), +# ) + +# ### BEGIN LDAP ### +try: + import ldap + from django_auth_ldap.config import ( + ActiveDirectoryGroupType, + LDAPSearch, + LDAPSearchUnion, + ) +except ImportError: + pass +else: + ENABLE_LDAP_LOGIN = False + if ENABLE_LDAP_LOGIN: + AUTHENTICATION_BACKENDS.insert( + 0, 'django_auth_ldap.backend.LDAPBackend') + # Baseline configuration. + AUTH_LDAP_SERVER_URI = "ldap://fs.essarch.local" + + AUTH_LDAP_BIND_DN = "arch@essarch.org" + AUTH_LDAP_BIND_PASSWORD = "xyz" + AUTH_LDAP_USER_SEARCH = LDAPSearchUnion( + LDAPSearch("cn=users,dc=essarch,dc=org", + ldap.SCOPE_ONELEVEL, "(sAMAccountName=%(user)s)"), + LDAPSearch("ou=ESSArch1,ou=ESSArch,dc=essarch,dc=org", + ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"), + ) + # or perhaps: + # AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=kdrs,dc=no" + + # Set up the basic group parameters. + AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=ESSArch,dc=essarch,dc=org", + ldap.SCOPE_SUBTREE, "(objectClass=group)" + ) + AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr="cn") + + # Simple group restrictions + AUTH_LDAP_REQUIRE_GROUP = "cn=ESSArch1_active,ou=ESSArch1,ou=ESSArch,dc=essarch,dc=org" + AUTH_LDAP_DENY_GROUP = "cn=ESSArch_disabled,ou=Global,ou=ESSArch,dc=essarch,dc=org" + + # Populate the Django user from the LDAP directory. + AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" + } + + AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": "cn=ESSArch1_active,ou=ESSArch1,ou=ESSArch,dc=essarch,dc=org", + "is_staff": "cn=ESSArch_staff,ou=Global,ou=ESSArch,dc=essarch,dc=org", + "is_superuser": "cn=ESSArch_superuser,ou=Global,ou=ESSArch,dc=essarch,dc=org" + } + + # This is the default, but I like to be explicit. + AUTH_LDAP_ALWAYS_UPDATE_USER = True + + # Use LDAP group membership to calculate group permissions. + AUTH_LDAP_FIND_GROUP_PERMS = True + + # Cache group memberships for an hour to minimize LDAP traffic + AUTH_LDAP_CACHE_GROUPS = False + # AUTH_LDAP_GROUP_CACHE_TIMEOUT = 30 # does not seem to work with redis as cache backend + + # Furnish permissions for any Django user, regardless of which backend authenticated it + AUTH_LDAP_AUTHORIZE_ALL_USERS = True + + # AUTH_LDAP_START_TLS = True + + LOGGING_LDAP = { + 'handlers': { + 'log_file_auth_ldap': { + 'level': 'DEBUG', + 'class': 'logging.handlers.RotatingFileHandler', + 'formatter': 'verbose', + 'filename': os.path.join(LOGGING_DIR, 'auth_ldap.log'), + 'maxBytes': 1024 * 1024 * 100, # 100MB + 'backupCount': 5, + }, + }, + 'loggers': { + 'django_auth_ldap': { + 'level': 'INFO', + 'handlers': ['log_file_auth_ldap'], + 'propagate': False, + }, + }, + } +# ### END LDAP ### + +# ### BEGIN ADFS ### +try: + import saml2 + import saml2.saml +except ImportError: + pass +else: + INSTALLED_APPS.append('djangosaml2') + AUTHENTICATION_BACKENDS.append('djangosaml2.backends.Saml2Backend') + MIDDLEWARE.append('djangosaml2.middleware.SamlSessionMiddleware') + ENABLE_ADFS_LOGIN = False + LOGIN_URL = '/saml2/login/' + LOGIN_REDIRECT_URL = '/' + SP_SERVICE_URL = 'https://nightlyx.essarch.org' + IDP_SERVICE_URL = 'https://fs.essarch.org' + # XMLSEC_BINARY = '/usr/bin/xmlsec1' + CERTS_DIR = os.path.join(CONFIG_DIR, 'certs') + # ATTRIBUTE_MAP_DIR = os.path.join(CONFIG_DIR, 'attribute-maps') + SESSION_EXPIRE_AT_BROWSER_CLOSE = True + + # Change Email/UserName/FirstName/LastName to corresponding SAML2 userprofile attributes. + SAML_ATTRIBUTE_MAPPING = { + 'UserName': ('username', ), + 'Email': ('email', ), + 'FirstName': ('first_name', ), + 'LastName': ('last_name', ), + } + + SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_POST + + SAML_CONFIG = { + # full path to the xmlsec1 binary programm + # 'xmlsec_binary': XMLSEC_BINARY, + + 'allow_unknown_attributes': True, + + # your entity id, usually your subdomain plus the url to the metadata view + 'entityid': SP_SERVICE_URL + '/saml2/metadata/', + + # directory with attribute mapping + # 'attribute_map_dir': ATTRIBUTE_MAP_DIR, + + # this block states what services we provide + 'service': { + # we are just a lonely SP + 'sp': { + 'name': 'Federated ESSArch Service', + 'name_id_format': saml2.saml.NAMEID_FORMAT_TRANSIENT, + + + # For Okta add signed logout requests. Enable this: + 'logout_requests_signed': True, + + 'endpoints': { + # url and binding to the assetion consumer service view + # do not change the binding or service name + 'assertion_consumer_service': [ + (SP_SERVICE_URL + '/saml2/acs/', + saml2.BINDING_HTTP_POST), + ], + # url and binding to the single logout service view + # do not change the binding or service name + 'single_logout_service': [ + # (SP_SERVICE_URL + '/saml2/ls/', + # saml2.BINDING_HTTP_REDIRECT), + (SP_SERVICE_URL + '/saml2/ls/post/', + saml2.BINDING_HTTP_POST), + ], + }, + + 'signing_algorithm': saml2.xmldsig.SIG_RSA_SHA256, + 'digest_algorithm': saml2.xmldsig.DIGEST_SHA256, + + # Mandates that the identity provider MUST authenticate the + # presenter directly rather than rely on a previous security context. + 'force_authn': False, + + # Enable AllowCreate in NameIDPolicy. + 'name_id_format_allow_create': False, + + # attributes that this project need to identify a user + 'required_attributes': ["uid"], + + # attributes that may be useful to have but not required + 'optional_attributes': ['eduPersonAffiliation'], + + 'want_response_signed': False, + 'authn_requests_signed': True, + 'logout_requests_signed': True, + # Indicates that Authentication Responses to this SP must + # be signed. If set to True, the SP will not consume + # any SAML Responses that are not signed. + 'want_assertions_signed': True, + + 'only_use_keys_in_metadata': True, + + # When set to true, the SP will consume unsolicited SAML + # Responses, i.e. SAML Responses for which it has not sent + # a respective SAML Authentication Request. + 'allow_unsolicited': False, + + # in this section the list of IdPs we talk to are defined + 'idp': { + # we do not need a WAYF service since there is + # only an IdP defined here. This IdP should be + # present in our metadata + + # the keys of this dictionary are entity ids + IDP_SERVICE_URL + '/federationmetadata/2007-06/federationmetadata.xml': { + 'single_sign_on_service': { + saml2.BINDING_HTTP_REDIRECT: IDP_SERVICE_URL + '/adfs/ls/idpinitiatedsignon.aspx', + }, + 'single_logout_service': { + saml2.BINDING_HTTP_REDIRECT: IDP_SERVICE_URL + '/adfs/ls/?wa=wsignout1.0', + }, + }, + }, + }, + }, + + # where the remote metadata is stored + # Open https://fs.essarch.local/federationmetadata/2007-06/federationmetadata.xml + # Save this xml file, rename it to idp_federation_metadata.xml + 'metadata': { + 'local': [os.path.join(CERTS_DIR, 'idp_federation_metadata.xml')], + }, + + # set to 1 to output debugging information + 'debug': 1, + + # Signing + # private key + 'key_file': os.path.join(CERTS_DIR, 'essarch_cert_priv.key'), + # cert + 'cert_file': os.path.join(CERTS_DIR, 'essarch_cert.crt'), + + # Encryption + 'encryption_keypairs': [{ + # private key + 'key_file': os.path.join(CERTS_DIR, 'essarch_cert_priv.key'), + # cert + 'cert_file': os.path.join(CERTS_DIR, 'essarch_cert.crt'), + }], + # own metadata settings + 'contact_person': [ + {'given_name': 'Henrik', + 'sur_name': 'Ek', + 'company': 'ES Solutions AB', + 'email_address': 'henrik@essolutions.se', + 'contact_type': 'technical'}, + ], + # you can set multilanguage information here + 'organization': { + 'name': [('ES Solutions AB', 'en')], + 'display_name': [('ESS', 'en')], + 'url': [('https://www.essolutions.se', 'en')], + }, + 'valid_for': 24, # how long is our metadata valid + } + + LOGGING_SAML2 = { + 'handlers': { + 'log_file_auth_saml2': { + 'level': 'DEBUG', + 'class': 'logging.handlers.RotatingFileHandler', + 'formatter': 'verbose', + 'filename': os.path.join(LOGGING_DIR, 'auth_saml2.log'), + 'maxBytes': 1024 * 1024 * 100, # 100MB + 'backupCount': 5, + }, + }, + 'loggers': { + 'djangosaml2': { + 'level': 'INFO', + 'handlers': ['log_file_auth_saml2'], + 'propagate': True, + }, + 'saml2': { + 'level': 'INFO', + 'handlers': ['log_file_auth_saml2'], + 'propagate': True, + }, + }, + } +# ### END ADFS ### + +# INSTALLED_APPS.append('axes') +# AUTHENTICATION_BACKENDS.insert(0, 'axes.backends.AxesStandaloneBackend') +# MIDDLEWARE.append('axes.middleware.AxesMiddleware') + +# MIDDLEWARE.append('django_auto_logout.middleware.auto_logout') +# AUTO_LOGOUT = { +# 'IDLE_TIME': 30, +# 'REDIRECT_TO_LOGIN_IMMEDIATELY': True, +# } diff --git a/docker/templates/config/mime.types b/docker/templates/config/mime.types new file mode 100644 index 000000000..fe52567e9 --- /dev/null +++ b/docker/templates/config/mime.types @@ -0,0 +1,59 @@ +# MIME type Extension +text/plain asc txt text pm el c h cc hh cxx hxx f90 dat +text/sgml sgml sgm +text/html html htm +#### +# application/xml gml # Ska denna finnas? +application/xml xsd # Ska denna finnas? +# Std: text/xml xml xsl +application/xml xml +# application/xslt+xml finns ej som std. borde kanske tolkas som enbart xml? +application/xslt+xml xsl +## +application/xhtml+xml xhtml xhtm xht +application/pdf pdf +image/jpeg jpeg jpg jpe jfif +image/tiff tiff tif +image/png png +# image/x-cals cals rasterfil # Ska denna finnas? +text/css css +video/mpeg mpeg mpg mpe +audio/mpeg mpga mp1 mp2 mp3 +image/jp2 jp2 jpg2 +application/xml-dtd dtd +# warc ext? +application/warc warc +image/gif gif +#### +# application/javascript js +# js used for (obsolete) text/javascript for browser support (for now...) +# Std: text/javascript js +application/javascript js +## +#### +# application.cnd.oasis.opendocument.formula odf +# Std: application/vnd.oasis.opendocument.formula odf +application.cnd.oasis.opendocument.formula odf +## +#### +# image/x-xbitmap bmf +# Std: image/x-xbitmap xbm +image/x-xbitmap xbm +## +#### +# audio/wav wav +# Std: audio/x-wav wav +audio/wav wav +## +audio/x-ms-wma wma +audio/ogg oga ogg spx +audio/midi mid midi kar +video/x-ms-wmv wmv +video/quicktime qt mov +video/x-flv flv +# video/x-divx divx # Ska denna finnas? +# video/x-xvid xvid # Ska denna finnas? +# Finns ej i RA lista, ska det finnas text/csv csv? +application/x-gtar gtar +application/x-tar tar +application/x-ustar ustar