├── (legacy)
    ├── autossh
    │   ├── Dockerfile
    │   ├── LICENSE.md
    │   ├── README.md
    │   └── entrypoint.sh
    ├── cas
    │   ├── Dockerfile
    │   ├── README.md
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── cassandra
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── celery-flower
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── coreos
    │   └── rackspace
    │   │   ├── Dockerfile
    │   │   ├── entrypoint.sh
    │   │   └── tasks.py
    ├── cos
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── dor
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── ember
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── experimenter
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── fluentd
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── haproxy
    │   ├── Dockerfile
    │   ├── command.sh
    │   └── rsyslog.conf
    ├── jam
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── jenkins
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── lookit
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── memcached
    │   └── Dockerfile
    ├── mfr
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── newrelic
    │   └── plugin-agent
    │   │   ├── Dockerfile
    │   │   ├── entrypoint.sh
    │   │   └── newrelic-plugin-agent.cfg
    ├── openvpn
    │   ├── Dockerfile
    │   ├── LICENSE
    │   ├── README.md
    │   └── bin
    │   │   ├── easyrsa_vars
    │   │   ├── ovpn_copy_server_files
    │   │   ├── ovpn_genconfig
    │   │   ├── ovpn_getclient
    │   │   ├── ovpn_getclient_all
    │   │   ├── ovpn_initpki
    │   │   ├── ovpn_run
    │   │   └── ovpn_status
    ├── osf
    │   ├── admin
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    │   ├── api
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    │   ├── celery
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    │   ├── docker-compose.yml
    │   ├── settings
    │   │   └── local-docker.py
    │   ├── sharejs
    │   │   └── Dockerfile
    │   └── web
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    ├── prerender
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── python
    │   ├── 2.7
    │   │   ├── Dockerfile
    │   │   ├── entrypoint.sh
    │   │   └── slim
    │   │   │   ├── Dockerfile
    │   │   │   └── entrypoint.sh
    │   └── 3.4
    │   │   ├── Dockerfile
    │   │   ├── entrypoint.sh
    │   │   └── slim
    │   │       ├── Dockerfile
    │   │       └── entrypoint.sh
    ├── rsyslog
    │   └── Dockerfile
    ├── scrapi
    │   ├── 2.7
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    │   └── 3.5
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    ├── share-reg
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    ├── shibboleth
    │   ├── Dockerfile
    │   ├── apache2
    │   │   ├── ports.conf
    │   │   └── sites-enabled
    │   │   │   └── default.conf
    │   ├── httpd-foreground
    │   └── shibboleth
    │   │   ├── attribute-map.xml
    │   │   ├── attribute-policy.xml
    │   │   ├── native.logger
    │   │   ├── shibboleth2.xml
    │   │   ├── shibd.logger
    │   │   ├── sp-cert.pem
    │   │   └── sp-key.pem
    ├── tokumx
    │   ├── Dockerfile
    │   └── entrypoint.sh
    ├── uwsgi
    │   ├── 2.7
    │   │   └── Dockerfile
    │   └── 3.4
    │   │   └── Dockerfile
    ├── varnish
    │   └── Dockerfile
    ├── waterbutler
    │   ├── Dockerfile
    │   ├── docker-compose.yml
    │   └── entrypoint.sh
    └── wowza
    │   └── docker-compose.yml
├── .gitignore
├── LICENSE
├── ansible
    └── Dockerfile
├── cerebro
    ├── 0.6
    │   ├── Dockerfile
    │   └── docker-entrypoint.sh
    ├── 0.7
    │   ├── Dockerfile
    │   └── docker-entrypoint.sh
    └── custom
    │   ├── Dockerfile
    │   └── docker-entrypoint.sh
├── commands.sh
├── elasticsearch
    ├── 2.3
    │   ├── Dockerfile
    │   └── elasticsearch.yml
    ├── 2.4
    │   ├── Dockerfile
    │   ├── elasticsearch.yml
    │   └── tls
    │   │   ├── Dockerfile
    │   │   └── elasticsearch.yml
    ├── 5.3
    │   ├── Dockerfile
    │   └── elasticsearch.yml
    ├── 5.4
    │   ├── Dockerfile
    │   └── elasticsearch.yml
    ├── 5.5
    │   ├── Dockerfile
    │   ├── elasticsearch.yml
    │   └── tls
    │   │   ├── Dockerfile
    │   │   └── elasticsearch.yml
    ├── 6.1
    │   ├── Dockerfile
    │   ├── elasticsearch.yml
    │   └── tls
    │   │   ├── Dockerfile
    │   │   └── elasticsearch.yml
    └── 6.4
    │   └── tls
    │       ├── Dockerfile
    │       └── elasticsearch.yml
├── ember-base-10
    └── Dockerfile
├── ember-base-14
    └── Dockerfile
├── ember-base
    └── Dockerfile
├── gcloud
    └── Dockerfile
├── nessus
    └── Dockerfile
├── nginx
    ├── Dockerfile
    ├── docker-compose.yml
    ├── entrypoint.sh
    └── files
    │   ├── conf
    │       ├── conf.d
    │       │   └── site.conf
    │       └── nginx.conf
    │   ├── crs-setup.conf
    │   ├── geoip
    │       ├── GeoIP.dat
    │       ├── GeoIPASNum.dat
    │       └── GeoLiteCity.dat
    │   ├── modsec_custom.conf
    │   ├── modsec_includes.conf
    │   └── modsecurity.conf
├── pgbouncer
    └── Dockerfile
├── postgres
    ├── 15.5
    │   └── barman
    │   │   ├── Dockerfile
    │   │   ├── barman.conf
    │   │   ├── crontab
    │   │   └── entrypoint.sh
    ├── 9.4
    │   ├── repmgr
    │   │   ├── Dockerfile
    │   │   └── supervisord.conf
    │   ├── udr
    │   │   └── Dockerfile
    │   └── vacuumlo
    │   │   ├── Dockerfile
    │   │   └── entrypoint.sh
    └── 9.6
    │   ├── barman
    │       ├── Dockerfile
    │       ├── barman.conf
    │       ├── crontab
    │       └── entrypoint.sh
    │   ├── repmgr
    │       ├── Dockerfile
    │       ├── repmgr.conf
    │       └── supervisord.conf
    │   └── vacuumlo
    │       ├── Dockerfile
    │       └── entrypoint.sh
├── requirements.txt
├── sentry
    ├── Dockerfile
    ├── append-sentry.conf.py
    └── docker-compose.yml
├── shibboleth-sp
    ├── Dockerfile
    └── httpd-shibd-foreground
└── unoconv
    ├── Dockerfile
    └── entrypoint.sh


/(legacy)/autossh/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine
 2 | MAINTAINER Justin J. Novack <jnovack@gmail.com>
 3 | 
 4 | ARG BUILD_DATE
 5 | ARG VCS_REF
 6 | LABEL org.label-schema.build-date=$BUILD_DATE \
 7 |       org.label-schema.docker.dockerfile="/Dockerfile" \
 8 |       org.label-schema.license="MIT" \
 9 |       org.label-schema.name="jnovack/docker-autossh" \
10 |       org.label-schema.url="https://hub.docker.com/r/jnovack/docker-autossh/" \
11 |       org.label-schema.vcs-ref=$VCS_REF \
12 |       org.label-schema.vcs-type="Git" \
13 |       org.label-schema.vcs-url="https://github.com/jnovack/docker-autossh"
14 | 
15 | ENTRYPOINT ["/entrypoint.sh"]
16 | ADD /entrypoint.sh /entrypoint.sh
17 | RUN chmod 755 /entrypoint.sh
18 | 
19 | ENV \
20 |     TERM=xterm \
21 |     AUTOSSH_LOGFILE=/dev/stdout \
22 |     AUTOSSH_GATETIME=30         \
23 |     AUTOSSH_POLL=10             \
24 |     AUTOSSH_FIRST_POLL=30       \
25 |     AUTOSSH_LOGLEVEL=1
26 | 
27 | RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
28 |     && apk update --no-cache \
29 |     && apk add --no-cache autossh
30 | 


--------------------------------------------------------------------------------
/(legacy)/autossh/LICENSE.md:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 CenturyLink Labs
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a
 6 | copy of this software and associated documentation files (the "Software"),
 7 | to deal in the Software without restriction, including without limitation
 8 | the rights to use, copy, modify, merge, publish, distribute, sublicense,
 9 | and/or sell copies of the Software, and to permit persons to whom the
10 | Software is furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included
13 | in all copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
21 | IN THE SOFTWARE.


--------------------------------------------------------------------------------
/(legacy)/autossh/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | touch /id_rsa
 4 | chmod 0400 /id_rsa
 5 | 
 6 | # Pick a random port above 32768
 7 | DEFAULT_PORT=$RANDOM
 8 | let "DEFAULT_PORT += 32768"
 9 | echo [INFO] Tunneling ${SSH_HOSTUSER:=root}@${SSH_HOSTNAME:=localhost}:${SSH_TUNNEL_BIND_PORT:=${DEFAULT_PORT}} to ${SSH_TUNNEL_HOST=localhost}:${SSH_TUNNEL_HOST_PORT:=22}
10 | 
11 | echo autossh \
12 |  -M 0 \
13 |  -o StrictHostKeyChecking=no \
14 |  -o ServerAliveInterval=5 \
15 |  -o ServerAliveCountMax=1 \
16 |  -N \
17 |  -i ${IDENTITY_FILE:="/id_rsa"} \
18 |  -L 0.0.0.0:${SSH_TUNNEL_BIND_PORT}:${SSH_TUNNEL_HOST}:${SSH_TUNNEL_HOST_PORT} \
19 |  -p ${SSH_HOSTPORT:=22} \
20 |  ${SSH_HOSTUSER}@${SSH_HOSTNAME}
21 | 
22 | AUTOSSH_PIDFILE=/autossh.pid \
23 | AUTOSSH_POLL=10 \
24 | AUTOSSH_LOGLEVEL=0 \
25 | AUTOSSH_LOGFILE=/dev/stdout \
26 | autossh \
27 |  -M 0 \
28 |  -o StrictHostKeyChecking=no \
29 |  -o ServerAliveInterval=5 \
30 |  -o ServerAliveCountMax=1 \
31 |  -N \
32 |  -i ${IDENTITY_FILE} \
33 |  -L 0.0.0.0:${SSH_TUNNEL_BIND_PORT}:${SSH_TUNNEL_HOST}:${SSH_TUNNEL_HOST_PORT} \
34 |  -p ${SSH_HOSTPORT:=22} \
35 |  ${SSH_HOSTUSER}@${SSH_HOSTNAME}
36 | 


--------------------------------------------------------------------------------
/(legacy)/cas/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM java:8-jdk
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |       git \
 6 |       maven \
 7 |     && apt-get clean \
 8 |     && apt-get autoremove -y \
 9 |     && rm -rf /var/lib/apt/lists/*
10 | 
11 | # grab gosu for easy step-down from root
12 | ENV GOSU_VERSION 1.4
13 | RUN apt-get update \
14 |     && apt-get install -y \
15 |         curl \
16 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
17 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
18 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
19 |   	&& gpg --verify /usr/local/bin/gosu.asc \
20 |   	&& rm /usr/local/bin/gosu.asc \
21 |   	&& chmod +x /usr/local/bin/gosu \
22 |     && apt-get clean \
23 |     && apt-get autoremove -y \
24 |         curl \
25 |     && rm -rf /var/lib/apt/lists/*
26 | 
27 | RUN usermod -d /home www-data \
28 |     && chown www-data:www-data /home
29 | 
30 | ENV SOURCE_BRANCH=master
31 | ENV SOURCE_REPO=https://github.com/CenterForOpenScience/cas-overlay.git
32 | 
33 | # perform an initial build to cache maven dependencies
34 | RUN mkdir /cas-overlay \
35 |     && chown www-data /cas-overlay \
36 |     && cd /cas-overlay \
37 |     && gosu www-data git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
38 |     && gosu www-data mvn clean install \
39 |     && rm -Rf /cas-overlay
40 | 
41 | COPY entrypoint.sh /
42 | RUN chmod +x /entrypoint.sh
43 | ENTRYPOINT ["/entrypoint.sh"]
44 | 
45 | WORKDIR /cas-overlay
46 | 
47 | VOLUME /etc/cas
48 | VOLUME /home/.cos
49 | 
50 | EXPOSE 8080
51 | EXPOSE 8443
52 | 
53 | # ENV MAVEN_OPTS=# "-Xms256m -Xmx512m"
54 | CMD ["/usr/bin/mvn", "-pl", "cas-server-webapp/", "jetty:run"]
55 | 


--------------------------------------------------------------------------------
/(legacy)/cas/README.md:
--------------------------------------------------------------------------------
 1 | # Central Authentication Server (CAS)
 2 | 
 3 | ## Local Setup
 4 | 
 5 | ### Requirements
 6 | 
 7 | * [Homebrew](http://brew.sh/)
 8 |   * Install autossh `brew install autossh`
 9 | * [VirtualBox](https://www.virtualbox.org/)
10 | * [Boot2Docker](http://boot2docker.io/)
11 |   * [Port Forwarding](https://github.com/boot2docker/boot2docker/blob/master/doc/WORKAROUNDS.md#port-forwarding)
12 | * [Docker Compose](https://docs.docker.com/compose/)
13 | 
14 | ### Requirements Installation
15 | 
16 | * Download and install VirtualBox [](https://www.virtualbox.org/wiki/Downloads); this adds `VBoxManage` to your path
17 | * Download and install Boot2Docker [](http://boot2docker.io/); open a terminal and run `boot2docker`
18 | * Download and install both docker and docker-compose [](https://docs.docker.com/compose/install/); this may ask you to export certain system variables
19 |   * typically this mean adding some `export {VAR}={path}` statements to your ~/.bashrc or ~/.bash_profile
20 | 
21 | ### Setup Environment
22 | 
23 | * Clone Docker Library Repository (https://github.com/CenterForOpenScience/docker-library.git)
24 | * Forward Exposed Docker Ports to the Host {Docker -> [Boot2Docker} -> Host]
25 |   * `VBoxManage controlvm "boot2docker-vm" natpf1 "tcp-port8443,tcp,,8443,,8443";`
26 |   * `VBoxManage controlvm "boot2docker-vm" natpf1 "tcp-port8080,tcp,,8080,,8080";`
27 |   * *An existing port forward rule can be removed with the following command*
28 |     * `VBoxManage controlvm "boot2docker-vm" natpf1 delete "tcp-port8443";`
29 |     * `VBoxManage controlvm "boot2docker-vm" natpf1 delete "tcp-port8080";`
30 | * Start Boot2Docker and initialize shell environment variables
31 |   * `boot2docker up`
32 |   * `$(boot2docker shellinit)`
33 | * Download Docker Images
34 |   * make sure your working directory is XXX/docker-library/cas
35 |   * `docker-compose pull`
36 | 
37 | ### Manage the Environment
38 | 
39 | * Start Boot2Docker
40 |   * `boot2docker up`
41 | * Forward Local MongoDB Port to Boot2Docker {Host -> [Boot2Docker} -> Docker]
42 |   * `autossh -M 20000 -N docker@localhost -R 27017:localhost:27017 -i ~/.ssh/id_boot2docker -p $(boot2docker config 2>&1 | awk '/SSHPort/ {print $3}') -C`
43 | 
44 |     *or*
45 | 
46 |   * `boot2docker ssh -vnNTR 27017:localhost:27017`
47 | * Navigate to the `cas` folder in the Docker Library
48 |   * `cd <docker library>/cas`
49 | * Create & Start Postgres & CAS Servers
50 |   * `cd <docker library>/cas`
51 |   * `docker-compose up`
52 | * Verify CAS is available
53 |   * Browse to `https://localhost:8443`
54 | * Terminate the current docker compose session (docker instances will be shutdown)
55 |   * `CTRL+C`
56 | * Start docker compose instances
57 |   * `docker-compose start`
58 | * Reattach and view current running docker compose logs
59 |   * `docker-compose logs`
60 | 


--------------------------------------------------------------------------------
/(legacy)/cas/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Service Containers
 2 | 
 3 | postgres:
 4 |   image: centerforopenscience/postgres:9.4
 5 |   ports:
 6 |     - 5432:5432
 7 |   environment:
 8 |     - POSTGRES_DB=cas
 9 | 
10 | # Server Containers
11 | 
12 | cas:
13 |   # image: centerforopenscience/cas:4.1
14 |   build: .
15 |   net: host
16 |   environment:
17 |     - SOURCE_BRANCH=develop
18 |     - SOURCE_REPO=https://github.com/CenterForOpenScience/cas-overlay
19 |     - CAS_DB_PORT_5432_TCP_ADDR=127.0.0.1
20 |     - CAS_DB_PORT_5432_TCP_PORT=5432
21 |     - OSF_DB_PORT_27017_TCP_ADDR=127.0.0.1
22 |     - OSF_DB_PORT_27017_TCP_PORT=27017
23 |     - OSF_DB_NAME=osf20130903
24 | 


--------------------------------------------------------------------------------
/(legacy)/cas/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home
 5 | 
 6 | if [[ $(stat -c '%U' /cas-overlay) != www-data ]]; then
 7 |     chown -R www-data:www-data /cas-overlay
 8 |     gosu www-data git clone -b $SOURCE_BRANCH $SOURCE_REPO .
 9 | fi
10 | 
11 | gosu www-data git pull
12 | gosu www-data mvn clean install -DskipTests=true
13 | 
14 | exec gosu www-data "$@"
15 | 


--------------------------------------------------------------------------------
/(legacy)/cassandra/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM java:7-jdk
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r cassandra && useradd -r -g cassandra cassandra
 5 | 
 6 | RUN apt-get update \
 7 |     && apt-get install -y curl \
 8 |     && rm -rf /var/lib/apt/lists/*
 9 | 
10 | # grab gosu for easy step-down from root
11 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
12 | RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \
13 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \
14 |     && gpg --verify /usr/local/bin/gosu.asc \
15 |     && rm /usr/local/bin/gosu.asc \
16 |     && chmod +x /usr/local/bin/gosu
17 | 
18 | ENV CASSANDRA_RELEASE_FINGERPRINT 0353B12C
19 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys $CASSANDRA_RELEASE_FINGERPRINT
20 | 
21 | ENV CASSANDRA_VERSION 2.1.6
22 | ENV CASSANDRA_CONFIG /opt/cassandra/conf
23 | 
24 | RUN curl -SL "https://www.apache.org/dist/cassandra/$CASSANDRA_VERSION/apache-cassandra-$CASSANDRA_VERSION-bin.tar.gz" -o cassandra.tgz \
25 |     && curl -SL "https://www.apache.org/dist/cassandra/$CASSANDRA_VERSION/apache-cassandra-$CASSANDRA_VERSION-bin.tar.gz.asc" -o cassandra.tgz.asc \
26 |     && gpg --verify cassandra.tgz.asc \
27 |     && mkdir -p /opt/cassandra \
28 |     && tar -xvf cassandra.tgz -C /opt/cassandra --strip-components=1 \
29 |     && rm cassandra.tgz*
30 | 
31 | RUN chown -R cassandra /opt/cassandra
32 | 
33 | COPY entrypoint.sh /entrypoint.sh
34 | RUN chmod +x /entrypoint.sh
35 | ENTRYPOINT ["/entrypoint.sh"]
36 | 
37 | EXPOSE 7199 7000 7001 9160 9042
38 | 
39 | VOLUME ["/opt/cassandra/data", "/opt/cassandra/logs"]
40 | 
41 | CMD ["/opt/cassandra/bin/cassandra", "-f"]
42 | 


--------------------------------------------------------------------------------
/(legacy)/cassandra/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | # Get running container's IP
 5 | IP=`hostname --ip-address`
 6 | if [ $# == 1 ]; then SEEDS="$1,$IP"; 
 7 | else SEEDS="$IP"; fi
 8 | 
 9 | # configuration
10 | sed -i -e "s/num_tokens/\#num_tokens/" $CASSANDRA_CONFIG/cassandra.yaml
11 | sed -i -e "s/- seeds: \"127.0.0.1\"/- seeds: \"$SEEDS\"/" $CASSANDRA_CONFIG/cassandra.yaml
12 | sed -i -e "s/^rpc_address.*/rpc_address: 0.0.0.0/" $CASSANDRA_CONFIG/cassandra.yaml
13 | sed -i -e "s/^listen_address.*/listen_address: $IP/" $CASSANDRA_CONFIG/cassandra.yaml
14 | sed -i -e "s/^\# broadcast_rpc_address.*/broadcast_rpc_address: $IP/" $CASSANDRA_CONFIG/cassandra.yaml
15 | 
16 | # environment
17 | sed -i -e "s/# JVM_OPTS=\"$JVM_OPTS -Djava.rmi.server.hostname.*\"/ JVM_OPTS=\"$JVM_OPTS -Djava.rmi.server.hostname=$IP\"/" $CASSANDRA_CONFIG/cassandra-env.sh
18 | echo "JVM_OPTS=\"\$JVM_OPTS -Dcassandra.initial_token=0\"" >> $CASSANDRA_CONFIG/cassandra-env.sh
19 | echo "JVM_OPTS=\"\$JVM_OPTS -Dcassandra.skip_wait_for_gossip_to_settle=0\"" >> $CASSANDRA_CONFIG/cassandra-env.sh
20 | 
21 | if [ ! -z "$CASSANDRA_DC" ]; then
22 |     sed -i -e "s/endpoint_snitch: SimpleSnitch/endpoint_snitch: PropertyFileSnitch/" $CASSANDRA_CONFIG/cassandra.yaml
23 |     echo "default=$CASSANDRA_DC:rac1" > $CASSANDRA_CONFIG/cassandra-topology.properties
24 | fi
25 | 
26 | if [[ $(stat -c '%U' /opt/cassandra/data) != cassandra ]]; then
27 |     chown -R cassandra /opt/cassandra/data
28 | fi
29 | 
30 | if [[ $(stat -c '%U' /opt/cassandra/logs) != cassandra ]]; then
31 |     chown -R cassandra /opt/cassandra/logs
32 | fi
33 | 
34 | exec gosu cassandra "$@"
35 | 


--------------------------------------------------------------------------------
/(legacy)/celery-flower/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.5-slim
 2 | 
 3 | # grab gosu for easy step-down from root
 4 | ENV GOSU_VERSION 1.4
 5 | RUN apt-get update \
 6 |     && apt-get install -y \
 7 |         curl \
 8 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 9 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
10 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
11 |   	&& gpg --verify /usr/local/bin/gosu.asc \
12 |   	&& rm /usr/local/bin/gosu.asc \
13 |   	&& chmod +x /usr/local/bin/gosu \
14 |     && apt-get clean \
15 |     && apt-get autoremove -y \
16 |         curl \
17 |     && rm -rf /var/lib/apt/lists/*
18 | 
19 | RUN pip install -U pip flower
20 | 
21 | COPY entrypoint.sh /entrypoint.sh
22 | RUN chmod +x /entrypoint.sh
23 | ENTRYPOINT ["/entrypoint.sh"]
24 | 
25 | EXPOSE 5555
26 | 
27 | CMD ["flower"]
28 | 


--------------------------------------------------------------------------------
/(legacy)/celery-flower/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | if [ "$1" = 'flower' ]; then
5 | 	exec gosu nobody "$@"
6 | fi
7 | 
8 | exec "$@"
9 | 


--------------------------------------------------------------------------------
/(legacy)/coreos/rackspace/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | RUN pip install invoke furl pyrax requests
 4 | 
 5 | COPY tasks.py /code/tasks.py
 6 | 
 7 | COPY entrypoint.sh /entrypoint.sh
 8 | RUN chmod +x /entrypoint.sh
 9 | ENTRYPOINT ["/entrypoint.sh"]
10 | 
11 | CMD ["--list"]
12 | 


--------------------------------------------------------------------------------
/(legacy)/coreos/rackspace/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | export HOME=/home/python
5 | 
6 | chown -R python /code
7 | 
8 | exec gosu python invoke "$@"
9 | 


--------------------------------------------------------------------------------
/(legacy)/coreos/rackspace/tasks.py:
--------------------------------------------------------------------------------
 1 | import logging
 2 | 
 3 | import furl
 4 | import json
 5 | import invoke
 6 | import requests
 7 | 
 8 | logging.captureWarnings(True)
 9 | 
10 | import pyrax  # noqa
11 | 
12 | 
13 | def build_url(base_url, *segments, **query):
14 |     url = furl.furl(base_url)
15 |     url.path.segments.extend(segments)
16 |     url.args.update(query)
17 |     return url.url
18 | 
19 | 
20 | @invoke.task
21 | def mount(volume_name, server_name, etcd):
22 |     resp = requests.get(
23 |         build_url(etcd, 'rackspace', 'credentials')
24 |     ).json()
25 | 
26 |     credentials = json.loads(resp['node']['value'])
27 | 
28 |     username = credentials['username']
29 |     api_key = credentials['apiKey']
30 |     region = credentials['region']
31 | 
32 |     pyrax.set_setting('identity_type', 'rackspace')
33 |     pyrax.set_credentials(username, api_key, region=region)
34 | 
35 |     cs = pyrax.cloudservers
36 |     cbs = pyrax.cloud_blockstorage
37 | 
38 |     volume = cbs.find(display_name=volume_name)
39 |     server = cs.servers.find(name=server_name)
40 | 
41 |     if volume.attachments and volume.attachments[0]['server_id'] != server.id:
42 |         volume.detach()
43 |         pyrax.utils.wait_until(volume, 'status', 'available', interval=3, attempts=0)
44 | 
45 |     if not volume.attachments:
46 |         volume.attach_to_instance(server, mountpoint='')
47 |         pyrax.utils.wait_until(volume, 'status', 'in-use', interval=3, attempts=0)
48 | 
49 |     resp = requests.put(
50 |         build_url(etcd, 'rackspace', 'cbs', volume_name),
51 |         data={"value": volume.attachments[0]['device']}
52 |     )
53 | 
54 | 
55 | 
56 | @invoke.task
57 | def umount(volume_name, server_name, etcd):
58 |     resp = requests.get(
59 |         build_url(etcd, 'rackspace', 'credentials')
60 |     ).json()
61 | 
62 |     credentials = json.loads(resp['node']['value'])
63 | 
64 |     username = credentials['username']
65 |     api_key = credentials['apiKey']
66 |     region = credentials['region']
67 | 
68 |     pyrax.set_setting('identity_type', 'rackspace')
69 |     pyrax.set_credentials(username, api_key, region=region)
70 | 
71 |     cs = pyrax.cloudservers
72 |     cbs = pyrax.cloud_blockstorage
73 | 
74 |     volume = cbs.find(display_name=volume_name)
75 |     server = cs.servers.find(name=server_name)
76 | 
77 |     if volume.attachments and volume.attachments[0]['server_id'] == server.id:
78 |         volume.detach()
79 |         pyrax.utils.wait_until(volume, 'status', 'available', interval=3, attempts=0)
80 | 


--------------------------------------------------------------------------------
/(legacy)/cos/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |     && apt-get clean \
10 |     && apt-get autoremove -y \
11 |     && rm -rf /var/lib/apt/lists/*
12 | 
13 | # grab gosu for easy step-down from root
14 | ENV GOSU_VERSION 1.4
15 | RUN apt-get update \
16 |     && apt-get install -y \
17 |         curl \
18 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
19 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
20 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
21 |   	&& gpg --verify /usr/local/bin/gosu.asc \
22 |   	&& rm /usr/local/bin/gosu.asc \
23 |   	&& chmod +x /usr/local/bin/gosu \
24 |     && apt-get clean \
25 |     && apt-get autoremove -y \
26 |         curl \
27 |     && rm -rf /var/lib/apt/lists/*
28 | 
29 | # Node : https://registry.hub.docker.com/u/library/node/
30 | ENV NODE_VERSION 0.12.4
31 | ENV NPM_VERSION 2.10.1
32 | RUN apt-get update \
33 |     && apt-get install -y \
34 |         curl \
35 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D 114F43EE0176B71C7BC219DD50A3051F888C628D \
36 |     && curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \
37 |   	&& curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
38 |   	&& gpg --verify SHASUMS256.txt.asc \
39 |   	&& grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
40 |   	&& tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
41 |   	&& rm "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \
42 |   	&& npm install -g npm@"$NPM_VERSION" \
43 |   	&& npm cache clear \
44 |     && apt-get clean \
45 |     && apt-get autoremove -y \
46 |         curl \
47 |     && rm -rf /var/lib/apt/lists/*
48 | 
49 | RUN npm install -g bower
50 | 
51 | ENV SOURCE_BRANCH=master
52 | ENV SOURCE_REPO=https://github.com/CenterForOpenScience/cos.io.git
53 | ENV UPDATE_CMD 'pip install -U -r requirements.txt && gosu www-data python manage.py collectstatic --noinput && gosu www-data bower install --config.interactive=false'
54 | 
55 | RUN pip install \
56 |       invoke \
57 |       uwsgi==2.0.10
58 | 
59 | WORKDIR /code
60 | 
61 | # perform an initial build to cache long running compilations
62 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
63 |     && cp mysite/default_local_settings.py mysite/local_settings.py \
64 |     && chown -R www-data:www-data /code \
65 |     && git rev-parse HEAD > /tmp/.commit
66 | 
67 | RUN pip install -U -r requirements.txt
68 | RUN gosu www-data python manage.py collectstatic --noinput
69 | RUN gosu www-data bower install --config.interactive=false
70 | 
71 | COPY entrypoint.sh /entrypoint.sh
72 | RUN chmod +x /entrypoint.sh
73 | ENTRYPOINT ["/entrypoint.sh"]
74 | 
75 | VOLUME /code
76 | 
77 | CMD ["python", "manage.py", "runserver"]
78 | 


--------------------------------------------------------------------------------
/(legacy)/cos/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Data Containers
 2 | 
 3 | tmpdata:
 4 |   image: busybox:latest
 5 |   volumes:
 6 |     - /home
 7 |     - /Users/michael/.cos/cos/testing/local.py:/home/.cos/local.py
 8 |     - /Users/michael/.cos/cos/testing/uwsgi.ini:/etc/uwsgi/uwsgi.ini
 9 |     - /etc/uwsgi
10 |     - /tmp
11 | 
12 | 
13 | # Service Containers
14 | 
15 | postgres:
16 |   image: centerforopenscience/postgres:9.4
17 |   expose:
18 |     - 5432
19 |   volumes_from:
20 |     - tmpdata
21 | 
22 | memcached:
23 |   image: centerforopenscience/memcached:latest
24 |   expose:
25 |     - 11211
26 | 
27 | 
28 | # Server Containers
29 | 
30 | web:
31 |   # image: centerforopenscience/cos:latest
32 |   build: .
33 |   environment:
34 |     - SOURCE_BRANCH=master
35 |     # - SOURCE_REPO=https://github.com/ZobairAlijan/COS-Site.git
36 |     - SOURCE_REPO=https://github.com/icereval/cos-small.git
37 |   ports:
38 |     - 8000:8000
39 |   expose:
40 |     - 8000
41 |   links:
42 |     - postgres:postgres
43 |     - memcached:memcached
44 |   volumes_from:
45 |     - tmpdata
46 | 


--------------------------------------------------------------------------------
/(legacy)/cos/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
31 |         pip uninstall uritemplate.py --yes || true
32 |         pip install uritemplate.py==0.3.0
33 |         eval $UPDATE_CMD
34 |     fi
35 | fi
36 | echo "$commit_head" > /tmp/.commit
37 | 
38 | if [ "$1" = 'invoke' ]; then
39 |     echo "Starting: $@"
40 |     exec gosu www-data "$@"
41 | fi
42 | 
43 | exec gosu root "$@"
44 | 


--------------------------------------------------------------------------------
/(legacy)/dor/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.4
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |     && apt-get clean \
10 |     && apt-get autoremove -y \
11 |     && rm -rf /var/lib/apt/lists/*
12 | 
13 | # grab gosu for easy step-down from root
14 | ENV GOSU_VERSION 1.4
15 | RUN apt-get update \
16 |     && apt-get install -y \
17 |         curl \
18 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
19 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
20 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
21 |   	&& gpg --verify /usr/local/bin/gosu.asc \
22 |   	&& rm /usr/local/bin/gosu.asc \
23 |   	&& chmod +x /usr/local/bin/gosu \
24 |     && apt-get clean \
25 |     && apt-get autoremove -y \
26 |         curl \
27 |     && rm -rf /var/lib/apt/lists/*
28 | 
29 | # Node : https://registry.hub.docker.com/u/library/node/
30 | ENV NODE_VERSION 0.12.4
31 | ENV NPM_VERSION 2.10.1
32 | RUN apt-get update \
33 |     && apt-get install -y \
34 |         curl \
35 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D 114F43EE0176B71C7BC219DD50A3051F888C628D \
36 |     && curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \
37 |   	&& curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
38 |   	&& gpg --verify SHASUMS256.txt.asc \
39 |   	&& grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
40 |   	&& tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
41 |   	&& rm "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \
42 |   	&& npm install -g npm@"$NPM_VERSION" \
43 |   	&& npm cache clear \
44 |     && apt-get clean \
45 |     && apt-get autoremove -y \
46 |         curl \
47 |     && rm -rf /var/lib/apt/lists/*
48 | 
49 | RUN npm install -g bower
50 | 
51 | ENV SOURCE_BRANCH=master
52 | ENV SOURCE_REPO=https://github.com/mfraezz/DirectoryOfRepositories.git
53 | ENV UPDATE_CMD 'pip install -U -r requirements.txt && gosu www-data python manage.py collectstatic --noinput && gosu www-data bower install --config.interactive=false'
54 | 
55 | RUN pip install \
56 |       invoke \
57 |       uwsgi==2.0.10
58 | 
59 | WORKDIR /code
60 | 
61 | # perform an initial build to cache long running compilations
62 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
63 |     && cp RepoDir/settings/local-dist.py RepoDir/settings/local.py \
64 |     && chown -R www-data:www-data /code \
65 |     && git rev-parse HEAD > /tmp/.commit
66 | 
67 | RUN pip install -U -r requirements.txt
68 | RUN gosu www-data python manage.py collectstatic --noinput
69 | RUN gosu www-data bower install --config.interactive=false
70 | 
71 | COPY entrypoint.sh /entrypoint.sh
72 | RUN chmod +x /entrypoint.sh
73 | ENTRYPOINT ["/entrypoint.sh"]
74 | 
75 | VOLUME /code
76 | 
77 | CMD ["python", "manage.py", "runserver"]
78 | 


--------------------------------------------------------------------------------
/(legacy)/dor/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Data Containers
 2 | 
 3 | tmpdata:
 4 |   image: busybox:latest
 5 |   volumes:
 6 |     - /home
 7 |     - /home/.cos/local.py
 8 |     - /etc/uwsgi
 9 |     - /tmp
10 | 
11 | 
12 | # Service Containers
13 | 
14 | postgres:
15 |   image: centerforopenscience/postgres:9.4
16 |   expose:
17 |     - 5432
18 |   volumes_from:
19 |     - tmpdata
20 | 
21 | 
22 | # Server Containers
23 | 
24 | web:
25 |   # image: centerforopenscience/dor:latest
26 |   build: .
27 |   environment:
28 |     - SOURCE_BRANCH=develop
29 |     - SOURCE_REPO=https://github.com/erinspace/shareregistration.git
30 |   ports:
31 |     - 8000:8000
32 |   expose:
33 |     - 8000
34 |   links:
35 |     - postgres:postgres
36 |   volumes_from:
37 |     - tmpdata
38 | 


--------------------------------------------------------------------------------
/(legacy)/dor/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
31 |         pip uninstall uritemplate.py --yes || true
32 |         pip install uritemplate.py==0.3.0
33 |         eval $UPDATE_CMD
34 |     fi
35 | fi
36 | echo "$commit_head" > /tmp/.commit
37 | 
38 | if [ "$1" = 'invoke' ]; then
39 |     echo "Starting: $@"
40 |     exec gosu www-data "$@"
41 | fi
42 | 
43 | exec gosu root "$@"
44 | 


--------------------------------------------------------------------------------
/(legacy)/ember/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ruby:2.1
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |     # Next 2 needed for yarn
10 |     apt-transport-https \
11 |     ca-certificates \
12 |     && apt-get clean \
13 |     && apt-get autoremove -y \
14 |     && rm -rf /var/lib/apt/lists/*
15 | 
16 | RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
17 |     && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
18 |     && apt-get update \
19 |     && apt-get install -y \
20 |         yarn \
21 |     && apt-get clean \
22 |     && apt-get autoremove -y \
23 |     && rm -rf /var/lib/apt/lists/*lists
24 | 
25 | # grab gosu for easy step-down from root
26 | ENV GOSU_VERSION 1.4
27 | RUN apt-get update \
28 |     && apt-get install -y \
29 |         curl \
30 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
31 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
32 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
33 |   	&& gpg --verify /usr/local/bin/gosu.asc \
34 |   	&& rm /usr/local/bin/gosu.asc \
35 |   	&& chmod +x /usr/local/bin/gosu \
36 |     && apt-get clean \
37 |     && apt-get autoremove -y \
38 |         curl \
39 |     && rm -rf /var/lib/apt/lists/*
40 | 
41 | # gpg keys listed at https://github.com/nodejs/node
42 | RUN set -ex \
43 |     && for key in \
44 |       9554F04D7259F04124DE6B476D5A82AC7E37093B \
45 |       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
46 |       0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
47 |       FD3A5288F042B6850C66B31F09FE44734EB7990E \
48 |       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
49 |       DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
50 |       B9AE9905FFD7803F25714661B63B535A4C206CA9 \
51 |       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
52 |     ; do \
53 |       gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
54 |     done
55 | 
56 | ENV NODE_VERSION 8.4.0
57 | RUN buildDeps='xz-utils curl' \
58 |     && set -x \
59 |     && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
60 |     && rm -rf /var/lib/apt/lists/* \
61 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
62 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
63 |     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
64 |     && grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
65 |     && tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
66 |     && rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
67 |     && apt-get purge -y --auto-remove $buildDeps
68 | 
69 | ENV PACKAGE_MANAGER_CMD 'yarn --pure-lockfile --ignore-engines'
70 | ENV SOURCE_BRANCH '<CHANGE>'
71 | ENV SOURCE_REPO 'https://github.com/CenterForOpenScience/<CHANGE>'
72 | ENV UPDATE_CMD 'rm -rf dist && gosu www-data git submodule init && gosu www-data git submodule update && gosu www-data $PACKAGE_MANAGER_CMD && gosu www-data bower install --config.interactive=false'
73 | ENV WORKDIR '/<CHANGE>'
74 | 
75 | RUN gem install sass \
76 |     && npm install -g bower \
77 |     && npm install -g ember-cli
78 | 
79 | COPY entrypoint.sh /entrypoint.sh
80 | RUN chmod +x /entrypoint.sh
81 | ENTRYPOINT ["/entrypoint.sh"]
82 | 
83 | CMD ["gosu", "www-data", "ember", "build", "--env", "staging"]
84 | 


--------------------------------------------------------------------------------
/(legacy)/ember/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | mkdir -p $WORKDIR
 5 | cd $WORKDIR
 6 | 
 7 | chown -R www-data:www-data /home || true
 8 | chown -R www-data:www-data $WORKDIR || true
 9 | 
10 | if [ ! -d $WORKDIR/.git ]; then
11 |     gosu www-data git init
12 | fi
13 | 
14 | gosu www-data git remote rm origin || true
15 | gosu www-data git remote add origin $SOURCE_REPO
16 | gosu www-data git remote set-url origin $SOURCE_REPO
17 | gosu www-data git fetch
18 | gosu www-data git checkout $SOURCE_BRANCH
19 | gosu www-data git pull origin $SOURCE_BRANCH
20 | 
21 | # avoid running setup tasks on container restarts
22 | commit_head=$(git rev-parse HEAD)
23 | # ember builds use GIT_COMMIT for cache busting
24 | export GIT_COMMIT=$commit_head
25 | updated=false
26 | if [ -f "/tmp/.commit" ]; then
27 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
28 |         updated=true
29 |     fi
30 | else
31 |     updated=true
32 | fi
33 | if $updated; then
34 |     if [ "$UPDATE_CMD" != "" ]; then
35 |         echo "Updating: $UPDATE_CMD"
36 |         eval $UPDATE_CMD
37 |     fi
38 | fi
39 | echo "$commit_head" > /tmp/.commit
40 | 
41 | if [ "$1" = 'invoke' ]; then
42 |     echo "Starting: $@"
43 |     exec gosu www-data "$@"
44 | fi
45 | 
46 | exec gosu root "$@"
47 | 


--------------------------------------------------------------------------------
/(legacy)/experimenter/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ruby:2.1
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | 
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |         git \
10 |     && apt-get clean \
11 |     && apt-get autoremove -y \
12 |     && rm -rf /var/lib/apt/lists/*
13 | 
14 | # grab gosu for easy step-down from root
15 | ENV GOSU_VERSION 1.4
16 | RUN apt-get update \
17 |     && apt-get install -y \
18 |         curl \
19 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
20 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
21 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
22 |   	&& gpg --verify /usr/local/bin/gosu.asc \
23 |   	&& rm /usr/local/bin/gosu.asc \
24 |   	&& chmod +x /usr/local/bin/gosu \
25 |     && apt-get clean \
26 |     && apt-get autoremove -y \
27 |         curl \
28 |     && rm -rf /var/lib/apt/lists/*
29 | 
30 | # gpg keys listed at https://github.com/nodejs/node
31 | RUN set -ex \
32 |     && for key in \
33 |       9554F04D7259F04124DE6B476D5A82AC7E37093B \
34 |       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
35 |       0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
36 |       FD3A5288F042B6850C66B31F09FE44734EB7990E \
37 |       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
38 |       DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
39 |       B9AE9905FFD7803F25714661B63B535A4C206CA9 \
40 |       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
41 |     ; do \
42 |       gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
43 |     done
44 | 
45 | ENV NPM_VERSION 2.14.12
46 | ENV NODE_VERSION 4.3.2
47 | RUN buildDeps='xz-utils curl' \
48 |     && set -x \
49 |     && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
50 |     && rm -rf /var/lib/apt/lists/* \
51 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
52 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
53 |     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
54 |     && grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
55 |     && tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
56 |     && rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
57 |     && npm install -g npm@"$NPM_VERSION" \
58 |   	&& npm cache clear \
59 |     && apt-get purge -y --auto-remove $buildDeps
60 | 
61 | ENV SOURCE_BRANCH develop
62 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/experimenter.git
63 | ENV UPDATE_CMD 'rm -rf dist && gosu www-data git submodule init && gosu www-data git submodule update && gosu www-data npm install && gosu www-data bower install --config.interactive=false'
64 | ENV WORKDIR /experimenter
65 | 
66 | WORKDIR $WORKDIR
67 | 
68 | RUN gem install sass \
69 |     && npm install -g bower \
70 |     && npm install -g ember-cli
71 | 
72 | # perform an initial build to cache long running compilations
73 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
74 |     && chown -R www-data:www-data $WORKDIR
75 | 
76 | RUN gosu www-data git submodule init \
77 |     && gosu www-data git submodule update \
78 |     && gosu www-data npm install \
79 |     && gosu www-data bower install --config.interactive=false
80 | 
81 | COPY entrypoint.sh /entrypoint.sh
82 | RUN chmod +x /entrypoint.sh
83 | ENTRYPOINT ["/entrypoint.sh"]
84 | 
85 | VOLUME $WORKDIR
86 | 
87 | CMD ["gosu", "www-data", "ember", "build", "--env", "staging"]
88 | 


--------------------------------------------------------------------------------
/(legacy)/experimenter/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | elasticsearch:
 2 |   image: elasticsearch:1.7
 3 | 
 4 | mongo:
 5 |   image: mongo:3.2
 6 | 
 7 | jam:
 8 |   image: centerforopenscience/jam:latest
 9 |   expose:
10 |     - 1212
11 |   ports:
12 |     - 1212:1212
13 |   links:
14 |     - mongo:mongo
15 |     - elasticsearch:elasticsearch
16 | 
17 | experimenter:
18 |   build: .
19 |   links:
20 |     - jam:jam


--------------------------------------------------------------------------------
/(legacy)/experimenter/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data $WORKDIR || true
 6 | 
 7 | if [ ! -d $WORKDIR/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/fluentd/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ruby:2.0
 2 | 
 3 | # grab gosu for easy step-down from root
 4 | ENV GOSU_VERSION 1.4
 5 | RUN apt-get update \
 6 |     && apt-get install -y \
 7 |         curl \
 8 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 9 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
10 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
11 |   	&& gpg --verify /usr/local/bin/gosu.asc \
12 |   	&& rm /usr/local/bin/gosu.asc \
13 |   	&& chmod +x /usr/local/bin/gosu \
14 |     && apt-get clean \
15 |     && apt-get autoremove -y \
16 |         curl \
17 |     && rm -rf /var/lib/apt/lists/*
18 | 
19 | ENV FLUENTD_VERSION 0.12.12
20 | # ENV FLUENTD_GEMS "fluent-plugin-..."
21 | RUN apt-get update \
22 |     && apt-get install -y \
23 |         libcurl4-openssl-dev \
24 |         libjemalloc-dev \
25 |     && echo "gem: --no-document --no-ri --no-rdoc\n" >> ~/.gemrc \
26 |     && gem install fluentd:$FLUENTD_VERSION \
27 |     && fluentd --setup /etc/fluent \
28 |     && apt-get clean \
29 |     && apt-get autoremove -y \
30 |     && rm -rf /var/lib/apt/lists/*
31 | 
32 | # Use approved plugins
33 | RUN gem install specific_install \
34 |     && gem specific_install https://github.com/CenterForOpenScience/fluent-plugin-logentries.git master \
35 |     && gem specific_install https://github.com/CenterForOpenScience/fluent-plugin-docker-format.git master \
36 |     && fluent-gem install fluent-plugin-rewrite-tag-filter -v 1.5.5
37 | 
38 | ENV LD_PRELOAD /usr/lib/x86_64-linux-gnu/libjemalloc.so
39 | 
40 | VOLUME /etc/fluent
41 | 
42 | COPY entrypoint.sh /entrypoint.sh
43 | RUN chmod +x /entrypoint.sh
44 | ENTRYPOINT ["/entrypoint.sh"]
45 | 
46 | CMD ["fluentd", "-c", "/etc/fluent/fluent.conf"]
47 | 


--------------------------------------------------------------------------------
/(legacy)/fluentd/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | if [ "$FLUENTD_GEMS" != "" ]; then
5 |     fluent-gem install $FLUENTD_GEMS
6 | fi
7 | 
8 | exec gosu root "$@"
9 | 


--------------------------------------------------------------------------------
/(legacy)/haproxy/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM haproxy:1.6
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r haproxy && useradd -r -g haproxy haproxy
 5 | 
 6 | # Install dependancies
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |         rsyslog \
10 |         socat \
11 |     && apt-get clean \
12 |     && apt-get autoremove -y \
13 |     && rm -rf /var/lib/apt/lists/*
14 | 
15 | ADD rsyslog.conf /etc/rsyslog.conf
16 | 
17 | COPY command.sh /command.sh
18 | RUN chmod +x /command.sh
19 | CMD ["/command.sh"]
20 | 


--------------------------------------------------------------------------------
/(legacy)/haproxy/command.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Credit: https://github.com/discordianfish/haproxy-docker/
 3 | set -e
 4 | 
 5 | reload() {
 6 |   echo "Reloading config"
 7 |   haproxy -p /tmp/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg -sf $(cat /tmp/haproxy.pid)
 8 | }
 9 | trap reload SIGHUP
10 | 
11 | rm -f /tmp/rsyslogd.pid
12 | rsyslogd -i /tmp/rsyslogd.pid
13 | 
14 | rm -f /tmp/haproxy.pid
15 | haproxy -p /tmp/haproxy.pid -f /usr/local/etc/haproxy/haproxy.cfg
16 | 
17 | while true
18 | do
19 |   sleep infinity & # blocks forever but still make sure bash
20 |   wait || :        # executes reload trap. See:
21 | done               # http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_12_02.html#sect_12_02_02
22 | 


--------------------------------------------------------------------------------
/(legacy)/haproxy/rsyslog.conf:
--------------------------------------------------------------------------------
  1 | #  /etc/rsyslog.conf    Configuration file for rsyslog.
  2 | #
  3 | #                       For more information see
  4 | #                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
  5 | 
  6 | 
  7 | #################
  8 | #### MODULES ####
  9 | #################
 10 | 
 11 | $ModLoad imuxsock # provides support for local system logging
 12 | $ModLoad imklog   # provides kernel logging support
 13 | #$ModLoad immark  # provides --MARK-- message capability
 14 | 
 15 | # provides UDP syslog reception
 16 | $ModLoad imudp
 17 | $UDPServerRun 514
 18 | $UDPServerAddress 127.0.0.1
 19 | 
 20 | # provides TCP syslog reception
 21 | #$ModLoad imtcp
 22 | #$InputTCPServerRun 514
 23 | 
 24 | 
 25 | ###########################
 26 | #### GLOBAL DIRECTIVES ####
 27 | ###########################
 28 | 
 29 | #
 30 | # Use traditional timestamp format.
 31 | # To enable high precision timestamps, comment out the following line.
 32 | #
 33 | $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 34 | 
 35 | #
 36 | # Set the default permissions for all log files.
 37 | #
 38 | $FileOwner root
 39 | $FileGroup adm
 40 | $FileCreateMode 0640
 41 | $DirCreateMode 0755
 42 | $Umask 0022
 43 | 
 44 | #
 45 | # Where to place spool and state files
 46 | #
 47 | $WorkDirectory /var/spool/rsyslog
 48 | 
 49 | #
 50 | # Include all config files in /etc/rsyslog.d/
 51 | #
 52 | $IncludeConfig /etc/rsyslog.d/*.conf
 53 | 
 54 | 
 55 | ###############
 56 | #### RULES ####
 57 | ###############
 58 | 
 59 | #
 60 | # First some standard log files.  Log by facility.
 61 | #
 62 | #auth,authpriv.*                 /var/log/auth.log
 63 | #*.*;auth,authpriv.none          -/var/log/syslog
 64 | ##cron.*                         /var/log/cron.log
 65 | #daemon.*                        -/var/log/daemon.log
 66 | #kern.*                          -/var/log/kern.log
 67 | #lpr.*                           -/var/log/lpr.log
 68 | #mail.*                          -/var/log/mail.log
 69 | #user.*                          -/var/log/user.log
 70 | 
 71 | #
 72 | # Logging for the mail system.  Split it up so that
 73 | # it is easy to write scripts to parse these files.
 74 | #
 75 | #mail.info                       -/var/log/mail.info
 76 | #mail.warn                       -/var/log/mail.warn
 77 | #mail.err                        /var/log/mail.err
 78 | 
 79 | #
 80 | # Logging for INN news system.
 81 | #
 82 | #news.crit                       /var/log/news/news.crit
 83 | #news.err                        /var/log/news/news.err
 84 | #news.notice                     -/var/log/news/news.notice
 85 | 
 86 | #
 87 | # Some "catch-all" log files.
 88 | #
 89 | #*.=debug;\
 90 | #        auth,authpriv.none;\
 91 | #        news.none;mail.none     -/var/log/debug
 92 | #*.=info;*.=notice;*.=warn;\
 93 | #        auth,authpriv.none;\
 94 | #        cron,daemon.none;\
 95 | #        mail,news.none          -/var/log/messages
 96 | 
 97 | #
 98 | # Emergencies are sent to everybody logged in.
 99 | #
100 | #*.emerg                         :omusrmsg:*
101 | 
102 | #
103 | # I like to have messages displayed on the console, but only on a virtual
104 | # console I usually leave idle.
105 | #
106 | #daemon,mail.*;\
107 | #       news.=crit;news.=err;news.=notice;\
108 | #       *.=debug;*.=info;\
109 | #       *.=notice;*.=warn       /dev/tty8
110 | 
111 | # The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
112 | # you must invoke `xconsole' with the `-file' option:
113 | #
114 | #    $ xconsole -file /dev/xconsole [...]
115 | #
116 | # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
117 | #      busy site..
118 | #
119 | #daemon.*;mail.*;\
120 | #        news.err;\
121 | #        *.=debug;*.=info;\
122 | #        *.=notice;*.=warn       |/dev/xconsole
123 | 
124 | # HAProxy
125 | local2.* /dev/console
126 | 


--------------------------------------------------------------------------------
/(legacy)/jam/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.5-slim
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | RUN apt-get update \
 6 |     # jamdb dependencies
 7 |     && apt-get install -y \
 8 |         git \
 9 |         libevent-dev \
10 |         libxml2-dev \
11 |         libxslt1-dev \
12 |         zlib1g-dev \
13 |         build-essential \
14 |         libssl-dev \
15 |         libffi-dev \
16 |         python-dev \
17 |     && apt-get clean \
18 |     && apt-get autoremove -y \
19 |     && rm -rf /var/lib/apt/lists/*
20 | 
21 | # grab gosu for easy step-down from root
22 | ENV GOSU_VERSION 1.4
23 | RUN apt-get update \
24 |     && apt-get install -y \
25 |         curl \
26 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
27 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
28 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
29 |   	&& gpg --verify /usr/local/bin/gosu.asc \
30 |   	&& rm /usr/local/bin/gosu.asc \
31 |   	&& chmod +x /usr/local/bin/gosu \
32 |     && apt-get clean \
33 |     && apt-get autoremove -y \
34 |         curl \
35 |     && rm -rf /var/lib/apt/lists/*
36 | 
37 | ENV SOURCE_BRANCH develop
38 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/jamdb.git
39 | ENV UPDATE_CMD 'pip install -U -r requirements.txt && python setup.py develop'
40 | 
41 | # ensure unoconv can locate the uno library
42 | ENV PYTHONPATH=/usr/lib/python3/dist-packages
43 | 
44 | WORKDIR /code
45 | 
46 | # perform an initial build to cache long running compilations
47 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
48 |     && chown -R www-data:www-data /code
49 | 
50 | RUN pip install -U -r requirements.txt
51 | 
52 | COPY entrypoint.sh /entrypoint.sh
53 | RUN chmod +x /entrypoint.sh
54 | ENTRYPOINT ["/entrypoint.sh"]
55 | 
56 | EXPOSE 1212
57 | VOLUME /code
58 | 
59 | CMD ["gosu", "www-data", "jam", "server"]
60 | 


--------------------------------------------------------------------------------
/(legacy)/jam/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/jenkins/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM jenkins:1.625.1
 2 | 
 3 | USER root
 4 | 
 5 | RUN apt-get update \
 6 |     # jenkins dependencies
 7 |     && apt-get install -y \
 8 |         git \
 9 |         curl \
10 |         python-pip \
11 |         # docker (mount)
12 |         apparmor \
13 |         libsystemd-journal0 \
14 |     && apt-get clean \
15 |     && apt-get autoremove -y \
16 |     && rm -rf /var/lib/apt/lists/*
17 | 
18 | # grab gosu for easy step-down from root
19 | ENV GOSU_VERSION 1.4
20 | RUN apt-get update \
21 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
22 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
23 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
24 |   	&& gpg --verify /usr/local/bin/gosu.asc \
25 |   	&& rm /usr/local/bin/gosu.asc \
26 |   	&& chmod +x /usr/local/bin/gosu
27 | 
28 | # kubernetes
29 | ENV KUBERNETES_VERSION 1.3.3
30 | ENV KUBERNETES_SHA256 7ecb4ce0af38d847cdc4976f72530c73b4533a8b973489b92508363566dcfd61
31 | RUN curl -o /usr/local/bin/kubectl -SL "https://storage.googleapis.com/kubernetes-release/release/v$KUBERNETES_VERSION/bin/linux/amd64/kubectl" \
32 |     && echo "$KUBERNETES_SHA256  /usr/local/bin/kubectl" | sha256sum -c - \
33 |     && chmod +x /usr/local/bin/kubectl
34 | 
35 | RUN pip install invoke
36 | 
37 | COPY entrypoint.sh /entrypoint.sh
38 | RUN chmod +x /entrypoint.sh
39 | ENTRYPOINT ["/entrypoint.sh"]
40 | 
41 | CMD ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"]
42 | 


--------------------------------------------------------------------------------
/(legacy)/jenkins/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R jenkins:jenkins /var/jenkins_home || true
 5 | 
 6 | if [ "$1" = '/bin/tini' ]; then
 7 |     echo "Starting: $@"
 8 |     exec gosu jenkins "$@"
 9 | fi
10 | 
11 | exec gosu root "$@"
12 | 


--------------------------------------------------------------------------------
/(legacy)/lookit/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM ruby:2.1
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | 
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |         git \
10 |     && apt-get clean \
11 |     && apt-get autoremove -y \
12 |     && rm -rf /var/lib/apt/lists/*
13 | 
14 | # grab gosu for easy step-down from root
15 | ENV GOSU_VERSION 1.4
16 | RUN apt-get update \
17 |     && apt-get install -y \
18 |         curl \
19 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
20 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
21 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
22 |   	&& gpg --verify /usr/local/bin/gosu.asc \
23 |   	&& rm /usr/local/bin/gosu.asc \
24 |   	&& chmod +x /usr/local/bin/gosu \
25 |     && apt-get clean \
26 |     && apt-get autoremove -y \
27 |         curl \
28 |     && rm -rf /var/lib/apt/lists/*
29 | 
30 | # gpg keys listed at https://github.com/nodejs/node
31 | RUN set -ex \
32 |     && for key in \
33 |       9554F04D7259F04124DE6B476D5A82AC7E37093B \
34 |       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
35 |       0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
36 |       FD3A5288F042B6850C66B31F09FE44734EB7990E \
37 |       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
38 |       DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
39 |       B9AE9905FFD7803F25714661B63B535A4C206CA9 \
40 |       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
41 |     ; do \
42 |       gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
43 |     done
44 | 
45 | ENV NPM_VERSION 2.14.12
46 | ENV NODE_VERSION 4.3.2
47 | RUN buildDeps='xz-utils curl' \
48 |     && set -x \
49 |     && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
50 |     && rm -rf /var/lib/apt/lists/* \
51 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
52 |     && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
53 |     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
54 |     && grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
55 |     && tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
56 |     && rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
57 |     && npm install -g npm@"$NPM_VERSION" \
58 |   	&& npm cache clear \
59 |     && apt-get purge -y --auto-remove $buildDeps
60 | 
61 | ENV SOURCE_BRANCH develop
62 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/lookit.git
63 | ENV UPDATE_CMD 'rm -rf dist && gosu www-data git submodule init && gosu www-data git submodule update && gosu www-data npm install && gosu www-data bower install --config.interactive=false'
64 | ENV WORKDIR /lookit
65 | 
66 | WORKDIR $WORKDIR
67 | 
68 | RUN gem install sass \
69 |     && npm install -g bower \
70 |     && npm install -g ember-cli
71 | 
72 | # perform an initial build to cache long running compilations
73 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
74 |     && chown -R www-data:www-data $WORKDIR
75 | 
76 | RUN gosu www-data git submodule init \
77 |     && gosu www-data git submodule update \
78 |     && gosu www-data npm install \
79 |     && gosu www-data bower install --config.interactive=false
80 | 
81 | COPY entrypoint.sh /entrypoint.sh
82 | RUN chmod +x /entrypoint.sh
83 | ENTRYPOINT ["/entrypoint.sh"]
84 | 
85 | VOLUME $WORKDIR
86 | 
87 | CMD ["gosu", "www-data", "ember", "build", "--env", "staging"]
88 | 


--------------------------------------------------------------------------------
/(legacy)/lookit/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data $WORKDIR || true
 6 | 
 7 | if [ ! -d $WORKDIR/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/memcached/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM memcached:1
 2 | 
 3 | USER root
 4 | 
 5 | # grab gosu for easy step-down from root
 6 | ENV GOSU_VERSION 1.4
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |         curl \
10 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
11 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
12 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
13 |   	&& gpg --verify /usr/local/bin/gosu.asc \
14 |   	&& rm /usr/local/bin/gosu.asc \
15 |   	&& chmod +x /usr/local/bin/gosu \
16 |     && apt-get clean \
17 |     && apt-get autoremove -y \
18 |         curl \
19 |     && rm -rf /var/lib/apt/lists/*
20 | 
21 | EXPOSE 11211
22 | 
23 | CMD ["gosu", "memcache", "memcached", "-vv"]
24 | 


--------------------------------------------------------------------------------
/(legacy)/mfr/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.5-slim
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | RUN apt-get update \
 6 |     # mfr dependencies
 7 |     && apt-get install -y \
 8 |         git \
 9 |         make \
10 |         gcc \
11 |         build-essential \
12 |         gfortran \
13 |         r-base \
14 |         libblas-dev \
15 |         libevent-dev \
16 |         libfreetype6-dev \
17 |         libjpeg-dev \
18 |         libpng12-dev \
19 |         libxml2-dev \
20 |         libxslt1-dev \
21 |         zlib1g-dev \
22 |         # extended tiff support
23 |         libtiff5-dev \
24 |         # convert .step to jsc3d-compatible format
25 |         freecad \
26 |     # pspp dependencies
27 |     && apt-get install -y \
28 |         pspp \
29 |     && apt-get clean \
30 |     && apt-get autoremove -y \
31 |     && rm -rf /var/lib/apt/lists/*
32 | 
33 | # grab gosu for easy step-down from root
34 | ENV GOSU_VERSION 1.4
35 | RUN apt-get update \
36 |     && apt-get install -y \
37 |         curl \
38 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
39 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
40 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
41 |   	&& gpg --verify /usr/local/bin/gosu.asc \
42 |   	&& rm /usr/local/bin/gosu.asc \
43 |   	&& chmod +x /usr/local/bin/gosu \
44 |     && apt-get clean \
45 |     && apt-get autoremove -y \
46 |         curl \
47 |     && rm -rf /var/lib/apt/lists/*
48 | 
49 | ENV LIBREOFFICE_VERSION 6.0.2.1
50 | ENV LIBREOFFICE_ARCHIVE LibreOffice_6.0.2.1_Linux_x86-64_deb.tar.gz
51 | ENV LIBREOFFICE_MIRROR_URL https://downloadarchive.documentfoundation.org/libreoffice/old/
52 | RUN apt-get update \
53 |     && apt-get install -y \
54 |         curl \
55 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys AFEEAEA3 \
56 |     && curl -SL "$LIBREOFFICE_MIRROR_URL/$LIBREOFFICE_VERSION/deb/x86_64/$LIBREOFFICE_ARCHIVE" -o $LIBREOFFICE_ARCHIVE \
57 |     && curl -SL "$LIBREOFFICE_MIRROR_URL/$LIBREOFFICE_VERSION/deb/x86_64/$LIBREOFFICE_ARCHIVE.asc" -o $LIBREOFFICE_ARCHIVE.asc \
58 |     && gpg --verify "$LIBREOFFICE_ARCHIVE.asc" \
59 |     && mkdir /tmp/libreoffice \
60 |     && tar -xvf "$LIBREOFFICE_ARCHIVE" -C /tmp/libreoffice/ --strip-components=1 \
61 |     && dpkg -i /tmp/libreoffice/**/*.deb \
62 |     && rm $LIBREOFFICE_ARCHIVE* \
63 |     && rm -Rf /tmp/libreoffice \
64 |     && apt-get clean \
65 |     && apt-get autoremove -y \
66 |         curl \
67 |     && rm -rf /var/lib/apt/lists/*
68 | 
69 | RUN pip install unoconv==0.8.2
70 | 
71 | ENV SOURCE_BRANCH master
72 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/modular-file-renderer.git
73 | ENV WHEELHOUSE /home/.cache/wheelhouse
74 | ENV UPDATE_CMD 'invoke wheelhouse && invoke install'
75 | # ensure unoconv can locate the uno library
76 | ENV PYTHONPATH=/usr/lib/python3/dist-packages
77 | 
78 | RUN pip install -U wheel
79 | RUN pip install invoke==0.13.0 \
80 |     setuptools==30.4.0
81 | 
82 | WORKDIR /code
83 | 
84 | # perform an initial build to cache long running compilations
85 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
86 |     && chown -R www-data:www-data /code
87 | 
88 | RUN invoke wheelhouse
89 | RUN invoke install
90 | 
91 | COPY entrypoint.sh /entrypoint.sh
92 | RUN chmod +x /entrypoint.sh
93 | ENTRYPOINT ["/entrypoint.sh"]
94 | 
95 | EXPOSE 7778
96 | VOLUME /code
97 | 
98 | CMD ["invoke", "server"]
99 | 


--------------------------------------------------------------------------------
/(legacy)/mfr/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Local Development
 2 | # autossh -M 20000 -N docker@localhost -R 7777:localhost:7777 -L 7778:localhost:7778 -R 5000:localhost:5000 -i ~/.ssh/id_boot2docker -p $(boot2docker config 2>&1 | awk '/SSHPort/ {print $3}') -C
 3 | # docker-compose rm -f && docker-compose build && docker-compose up
 4 | # docker exec -it mfr_web_1 /bin/bash
 5 | # waterbutler, osf
 6 | 
 7 | # Data Containers
 8 | 
 9 | tmpdata:
10 |   image: busybox:latest
11 |   volumes:
12 |     - /unoconv
13 |     - /home/.cos
14 |     - /Users/michael/.cos/mfr-test.json:/home/.cos/mfr-test.json
15 |     - /tmp
16 | 
17 | 
18 | # Service Containers
19 | 
20 | unoconv:
21 |   # image: centerforopenscience/unoconv:latest
22 |   build: ../unoconv/
23 |   command: '/opt/libreoffice4.4/program/python -u /usr/bin/unoconv --listener --server=0.0.0.0 --port=2002 -vvv'
24 |   # expose:
25 |   #   - 2002
26 |   net: host
27 |   volumes:
28 |     - /tmp
29 |   volumes_from:
30 |     - tmpdata
31 | 
32 | 
33 | # Server Containers
34 | 
35 | web:
36 |   # image: centerforopenscience/mfr:latest
37 |   build: .
38 |   command: 'invoke server'
39 |   environment:
40 |     # - SOURCE_BRANCH=develop
41 |     # - SOURCE_REPO=https://github.com/CenterForOpenScience/modular-file-renderer.git
42 |     - SOURCE_BRANCH=feature/unoconv
43 |     - SOURCE_REPO=https://github.com/icereval/modular-file-renderer.git
44 |   # ports:
45 |   #   - 7778:7778
46 |   # expose:
47 |   #   - 7778
48 |   net: host
49 |   # links:
50 |   #   - unoconv:unoconv
51 |   volumes:
52 |     - /tmp
53 |   volumes_from:
54 |     - tmpdata
55 | 


--------------------------------------------------------------------------------
/(legacy)/mfr/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/newrelic/plugin-agent/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r newrelic && useradd -r -g newrelic newrelic
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | ENV GOSU_VERSION 1.4
 8 | RUN apt-get update \
 9 |     && apt-get install -y \
10 |         curl \
11 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
12 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
13 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
14 |   	&& gpg --verify /usr/local/bin/gosu.asc \
15 |   	&& rm /usr/local/bin/gosu.asc \
16 |   	&& chmod +x /usr/local/bin/gosu \
17 |     && apt-get clean \
18 |     && apt-get autoremove -y \
19 |         curl \
20 |     && rm -rf /var/lib/apt/lists/*
21 | 
22 | RUN pip install -U pip
23 | 
24 | RUN pip install \
25 |       newrelic-plugin-agent==1.3.0 \
26 |       pymongo==2.9.2 \
27 |       psycopg2==2.6.1
28 | 
29 | COPY newrelic-plugin-agent.cfg /etc/newrelic/newrelic-plugin-agent.cfg
30 | 
31 | COPY entrypoint.sh /entrypoint.sh
32 | RUN chmod +x /entrypoint.sh
33 | ENTRYPOINT ["/entrypoint.sh"]
34 | 
35 | CMD ["gosu", "newrelic", "newrelic-plugin-agent", "-f", "-c", "/etc/newrelic/newrelic-plugin-agent.cfg"]
36 | 


--------------------------------------------------------------------------------
/(legacy)/newrelic/plugin-agent/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | chown -R newrelic:newrelic /etc/newrelic || true
5 | 
6 | exec gosu root "$@"
7 | 


--------------------------------------------------------------------------------
/(legacy)/newrelic/plugin-agent/newrelic-plugin-agent.cfg:
--------------------------------------------------------------------------------
  1 | %YAML 1.2
  2 | ---
  3 | Application:
  4 |   license_key: REPLACE_WITH_REAL_KEY
  5 |   wake_interval: 60
  6 |   #newrelic_api_timeout: 10
  7 |   #proxy: http://localhost:8080
  8 | 
  9 |   #apache_httpd:
 10 |   #  name: hostname
 11 |   #  scheme: http
 12 |   #  host: localhost
 13 |   #  verify_ssl_cert: true
 14 |   #  port: 80
 15 |   #  path: /server-status
 16 | 
 17 |   #couchdb:
 18 |   #  name: localhost
 19 |   #  host: localhost
 20 |   #  verify_ssl_cert: true
 21 |   #  port: 5984
 22 |   #  username: foo
 23 |   #  password: bar
 24 | 
 25 |   #elasticsearch:
 26 |   #  name: Clustername
 27 |   #  host: localhost
 28 |   #  port: 9200
 29 |   #  scheme: http
 30 | 
 31 |   #haproxy:
 32 |   #  name: hostname
 33 |   #  scheme: http
 34 |   #  host: localhost
 35 |   #  port: 80
 36 |   #  verify_ssl_cert: true
 37 |   #  path: /haproxy?stats;csv
 38 | 
 39 |   #memcached:
 40 |   #  name: localhost
 41 |   #  host: localhost
 42 |   #  port: 11211
 43 |   #  path: /path/to/unix/socket
 44 | 
 45 |   #mongodb:
 46 |   #  name: hostname
 47 |   #  host: localhost
 48 |   #  port: 27017
 49 |   #  admin_username: user
 50 |   #  admin_password: pass
 51 |   #  ssl: False
 52 |   #  ssl_keyfile: /path/to/keyfile
 53 |   #  ssl_certfile: /path/to/certfile
 54 |   #  ssl_cert_reqs: 0  # Should be 0 for ssl.CERT_NONE, 1 for ssl.CERT_OPTIONAL, 2 for ssl.CERT_REQUIRED
 55 |   #  ssl_ca_certs: /path/to/cacerts file
 56 |   #  databases:
 57 |   #    - test
 58 |   #    - yourdbname
 59 | 
 60 |   #mongodb:  # Use when authentication is required
 61 |   #  name: hostname
 62 |   #  host: localhost
 63 |   #  port: 27017
 64 |   #  admin_username: user
 65 |   #  admin_password: pass
 66 |   #  ssl: False
 67 |   #  ssl_keyfile: /path/to/keyfile
 68 |   #  ssl_certfile: /path/to/certfile
 69 |   #  ssl_cert_reqs: 0  # Should be 0 for ssl.CERT_NONE, 1 for ssl.CERT_OPTIONAL, 2 for ssl.CERT_REQUIRED
 70 |   #  ssl_ca_certs: /path/to/cacerts file
 71 |   #  databases:
 72 |   #    test:
 73 |   #      username: user
 74 |   #      password: pass
 75 |   #    yourdbname:
 76 |   #      username: user
 77 |   #      password: pass
 78 | 
 79 |   #nginx:
 80 |   #  name: hostname
 81 |   #  scheme: http
 82 |   #  host: localhost
 83 |   #  port: 80
 84 |   #  verify_ssl_cert: true
 85 |   #  path: /nginx_stub_status
 86 | 
 87 |   #pgbouncer:
 88 |   #  host: localhost
 89 |   #  port: 6000
 90 |   #  user: stats
 91 | 
 92 |   #php_apc:
 93 |   #  name: hostname
 94 |   #  scheme: http
 95 |   #  host: localhost
 96 |   #  verify_ssl_cert: true
 97 |   #  port: 80
 98 |   #  path: /apc-nrp.php
 99 | 
100 |   #php_fpm:
101 |   #  - name: fpm-pool
102 |   #    scheme: https
103 |   #    host: localhost
104 |   #    port: 443
105 |   #    path: /fpm_status
106 |   #    query: json
107 | 
108 |   #postgresql:
109 |   #  host: localhost
110 |   #  port: 5432
111 |   #  user: postgres
112 |   #  dbname: postgres
113 |   #  superuser: False
114 | 
115 |   #rabbitmq:
116 |   #  name: rabbitmq@localhost
117 |   #  host: localhost
118 |   #  port: 15672
119 |   #  verify_ssl_cert: true
120 |   #  username: guest
121 |   #  password: guest
122 |   #  vhosts: # [OPTIONAL, track this vhosts' queues only]
123 |   #    production_vhost:
124 |   #      queues: [encode_video, ] # [OPTIONAL, track this queues only]
125 |   #    staging_vhost: # [track every queue for this vhost]
126 |   #
127 | 
128 |   #redis:
129 |   #  - name: localhost
130 |   #    host: localhost
131 |   #    port: 6379
132 |   #    db_count: 16
133 |   #    password: foo # [OPTIONAL]
134 |   #    #path: /var/run/redis/redis.sock
135 |   #  - name: localhost
136 |   #    host: localhost
137 |   #    port: 6380
138 |   #    db_count: 16
139 |   #    password: foo # [OPTIONAL]
140 |   #    #path: /var/run/redis/redis.sock
141 | 
142 |   #riak:
143 |   #  name: localhost
144 |   #  host: node0.riak0.scs.mtmeprod.net
145 |   #  verify_ssl_cert: true
146 |   #  port: 8098
147 | 
148 |   #uwsgi:
149 |   #  name: localhost
150 |   #  host: localhost
151 |   #  port: 1717
152 |   #  path: /path/to/unix/socket
153 | 
154 | # Logging:
155 | #   formatters:
156 | #     verbose:
157 | #       format: '%(levelname) -10s %(asctime)s %(process)-6d %(processName) -15s %(threadName)-10s %(name) -45s %(funcName) -25s L%(lineno)-6d: %(message)s'
158 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Original credit: https://github.com/jpetazzo/dockvpn, https://github.com/kylemanna/docker-openvpn
 2 | 
 3 | FROM debian:jessie
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         iptables \
 9 |         openvpn \
10 |     && apt-get clean \
11 |     && apt-get autoremove -y \
12 |     && rm -rf /var/lib/apt/lists/*
13 | 
14 | ENV EASYRSA_VERSION 3.0.0
15 | RUN apt-get update \
16 |     && apt-get install -y \
17 |         curl \
18 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 390D0D0E \
19 |     && curl -SLO "https://github.com/OpenVPN/easy-rsa/releases/download/$EASYRSA_VERSION/EasyRSA-$EASYRSA_VERSION.tgz" \
20 |     && curl -SLO "https://github.com/OpenVPN/easy-rsa/releases/download/$EASYRSA_VERSION/EasyRSA-$EASYRSA_VERSION.tgz.sig" \
21 |     && gpg --verify "EasyRSA-$EASYRSA_VERSION.tgz.sig" \
22 |     && mkdir -p /usr/local/share/easy-rsa \
23 |     && tar -xzf "EasyRSA-$EASYRSA_VERSION.tgz" -C /usr/local/share/easy-rsa --strip-components=1 \
24 |     && ln -s /usr/local/share/easy-rsa/easyrsa /usr/local/bin \
25 |     && rm "EasyRSA-$EASYRSA_VERSION.tgz" "EasyRSA-$EASYRSA_VERSION.tgz.sig" \
26 |     && apt-get clean \
27 |     && apt-get autoremove -y \
28 |         curl \
29 |     && rm -rf /var/lib/apt/lists/*
30 | 
31 | # Needed by scripts
32 | ENV OPENVPN /etc/openvpn
33 | ENV EASYRSA /usr/local/share/easy-rsa
34 | ENV EASYRSA_PKI $OPENVPN/pki
35 | ENV EASYRSA_VARS_FILE $OPENVPN/vars
36 | 
37 | VOLUME "/etc/openvpn"
38 | 
39 | EXPOSE 1194/udp
40 | 
41 | WORKDIR /etc/openvpn
42 | CMD "ovpn_run"
43 | 
44 | ADD ./bin /usr/local/bin
45 | RUN chmod a+x /usr/local/bin/*
46 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014 Kyle Manna
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/(legacy)/openvpn/README.md:
--------------------------------------------------------------------------------
1 | # OpenVPN for Docker
2 | 
3 | OpenVPN server in a Docker container complete with an EasyRSA PKI CA.
4 | 
5 | #### Upstream Links
6 | 
7 | * GitHub @ [kylemanna/docker-openvpn](https://github.com/kylemanna/docker-openvpn)
8 | * Docker Registry @ [kylemanna/openvpn](https://registry.hub.docker.com/u/kylemanna/openvpn)
9 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/easyrsa_vars:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # Import/export EasyRSA default settings
 5 | #
 6 | 
 7 | if [ "$DEBUG" == "1" ]; then
 8 |   set -x
 9 | fi
10 | 
11 | set -e
12 | 
13 | if [ $# -lt 1 ]; then
14 |     echo "No command provided"
15 |     echo
16 |     echo "$0 export > /path/to/file"
17 |     echo "$0 import < /path/to/file"
18 |     exit 1
19 | fi
20 | 
21 | cmd=$1
22 | shift
23 | 
24 | case "$cmd" in
25 |     export)
26 |         if [ -f "$EASYRSA_VARS_FILE" ]; then
27 |             cat "$EASYRSA_VARS_FILE"
28 |         else
29 |             cat "$EASYRSA/vars.example"
30 |         fi
31 |         ;;
32 |     import)
33 |         cat > "$EASYRSA_VARS_FILE"
34 |         ;;
35 |     *)
36 |         echo "Unknown cmd \"$cmd\""
37 |         exit 2
38 |         ;;
39 | esac
40 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_copy_server_files:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | ## @licence MIT <http://opensource.org/licenses/MIT>
 3 | ## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net>
 4 | 
 5 | set -e
 6 | 
 7 | if [ -z "$OPENVPN" ]; then
 8 |     export OPENVPN="$PWD"
 9 | fi
10 | if ! source "$OPENVPN/ovpn_env.sh"; then
11 |     echo "Could not source $OPENVPN/ovpn_env.sh."
12 |     exit 1
13 | fi
14 | 
15 | TARGET="$OPENVPN/server"
16 | if [ -n "$1" ]; then
17 |     TARGET="$1"
18 | fi
19 | mkdir -p "${TARGET}"
20 | 
21 | ## Ensure that no other keys then the one for the server is present.
22 | rm -rf "$TARGET/pki/private" "$TARGET/pki/issued"
23 | 
24 | FILES=(
25 |     "openvpn.conf"
26 |     "ovpn_env.sh"
27 |     "pki/private/${OVPN_CN}.key"
28 |     "pki/issued/${OVPN_CN}.crt"
29 |     "pki/dh.pem"
30 |     "pki/ta.key"
31 |     "pki/ca.crt"
32 | )
33 | 
34 | # rsync isn't available to keep size down
35 | # cp --parents isn't in busybox version
36 | # hack the directory structure with tar
37 | tar cf - -C "${OPENVPN}" "${FILES[@]}" | tar xvf - -C "${TARGET}"
38 | 
39 | mkdir -p "$TARGET/ccd"
40 | 
41 | echo "Created the openvpn configuration for the server: $TARGET"
42 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_getclient:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | #
  4 | # Get an OpenVPN client configuration file
  5 | #
  6 | 
  7 | if [ "$DEBUG" == "1" ]; then
  8 |     set -x
  9 | fi
 10 | 
 11 | set -e
 12 | 
 13 | if [ -z "$OPENVPN" ]; then
 14 |     export OPENVPN="$PWD"
 15 | fi
 16 | if ! source "$OPENVPN/ovpn_env.sh"; then
 17 |     echo "Could not source $OPENVPN/ovpn_env.sh."
 18 |     exit 1
 19 | fi
 20 | if [ -z "$EASYRSA_PKI" ]; then
 21 |     export EASYRSA_PKI="$OPENVPN/pki"
 22 | fi
 23 | 
 24 | cn="$1"
 25 | parm="$2"
 26 | 
 27 | if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
 28 |     echo "Unable to find \"${cn}\", please try again or generate the key first" >&2
 29 |     exit 1
 30 | fi
 31 | 
 32 | get_client_config() {
 33 |     mode="$1"
 34 |     echo "
 35 | client
 36 | nobind
 37 | dev $OVPN_DEVICE
 38 | remote-cert-tls server
 39 | 
 40 | remote $OVPN_CN $OVPN_PORT $OVPN_PROTO
 41 | "
 42 |     if [ "$mode" == "combined" ]; then
 43 |         echo "
 44 | <key>
 45 | $(cat $EASYRSA_PKI/private/${cn}.key)
 46 | </key>
 47 | <cert>
 48 | $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt)
 49 | </cert>
 50 | <ca>
 51 | $(cat $EASYRSA_PKI/ca.crt)
 52 | </ca>
 53 | <tls-auth>
 54 | $(cat $EASYRSA_PKI/ta.key)
 55 | </tls-auth>
 56 | key-direction 1
 57 | "
 58 |     elif [ "$mode" == "separated" ]; then
 59 |         echo "
 60 | key ${cn}.key
 61 | ca ca.crt
 62 | cert ${cn}.crt
 63 | tls-auth ta.key 1
 64 | $OVPN_ADDITIONAL_CLIENT_CONFIG
 65 | "
 66 |     fi
 67 | 
 68 |     if [ "$OVPN_DEFROUTE" != "0" ];then
 69 |         echo "redirect-gateway def1"
 70 |     fi
 71 | 
 72 |     if [ -n "$OVPN_MTU" ]; then
 73 |         echo "tun-mtu $OVPN_MTU"
 74 |     fi
 75 | 
 76 |     if [ -n "$OVPN_TLS_CIPHER" ]; then
 77 |         echo "tls-cipher $OVPN_TLS_CIPHER"
 78 |     fi
 79 | 
 80 |     if [ -n "$OVPN_CIPHER" ]; then
 81 |         echo "cipher $OVPN_CIPHER"
 82 |     fi
 83 | 
 84 |     if [ -n "$OVPN_AUTH" ]; then
 85 |         echo "auth $OVPN_AUTH"
 86 |     fi
 87 | }
 88 | 
 89 | dir="$OPENVPN/clients/$cn"
 90 | case "$parm" in
 91 |     "separated")
 92 |         mkdir -p "$dir"
 93 |         get_client_config "$parm" > "$dir/${cn}.ovpn"
 94 |         cp "$EASYRSA_PKI/private/${cn}.key" "$dir/${cn}.key"
 95 |         cp "$EASYRSA_PKI/ca.crt" "$dir/ca.crt"
 96 |         cp "$EASYRSA_PKI/issued/${cn}.crt" "$dir/${cn}.crt"
 97 |         cp "$EASYRSA_PKI/ta.key" "$dir/ta.key"
 98 |         ;;
 99 |     "" | "combined")
100 |         get_client_config "combined"
101 |         ;;
102 |     "combined-save")
103 |         get_client_config "combined" > "$dir/${cn}-combined.ovpn"
104 |         ;;
105 |     *)
106 |         echo "This script can produce the client configuration in to formats:" >&2
107 |         echo "    1. combined (default): All needed configuration and cryptographic material is in one file (Use \"combined-save\" to write the configuration file in the same path as the separated parameter does)." >&2
108 |         echo "    2. separated: Separated files." >&2
109 |         echo "Please specific one of those options as second parameter." >&2
110 |         ;;
111 | esac
112 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_getclient_all:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | ## @licence MIT <http://opensource.org/licenses/MIT>
 3 | ## @author Copyright (C) 2015 Robin Schneider <ypid@riseup.net>
 4 | 
 5 | if [ -z "$OPENVPN" ]; then
 6 |     export OPENVPN="$PWD"
 7 | fi
 8 | if ! source "$OPENVPN/ovpn_env.sh"; then
 9 |     echo "Could not source $OPENVPN/ovpn_env.sh."
10 |     exit 1
11 | fi
12 | if [ -z "$EASYRSA_PKI" ]; then
13 |     export EASYRSA_PKI="$OPENVPN/pki"
14 | fi
15 | 
16 | pushd "$EASYRSA_PKI"
17 | for name in issued/*.crt; do
18 |     name=${name%.crt}
19 |     name=${name#issued/}
20 |     if [ "$name" != "$OVPN_CN" ]; then
21 |         ovpn_getclient "$name" separated
22 |         ovpn_getclient "$name" combined-save
23 |     fi
24 | done
25 | popd
26 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_initpki:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #
 4 | # Initialize the EasyRSA PKI
 5 | #
 6 | 
 7 | if [ "$DEBUG" == "1" ]; then
 8 |   set -x
 9 | fi
10 | 
11 | set -e
12 | 
13 | source "$OPENVPN/ovpn_env.sh"
14 | 
15 | # Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
16 | nopass=$1
17 | 
18 | # Provides a sufficient warning before erasing pre-existing files
19 | easyrsa init-pki
20 | 
21 | # CA always has a password for protection in event server is compromised. The
22 | # password is only needed to sign client/server certificates.  No password is
23 | # needed for normal OpenVPN operation.
24 | easyrsa build-ca $nopass
25 | 
26 | easyrsa gen-dh
27 | openvpn --genkey --secret $OPENVPN/pki/ta.key
28 | 
29 | # Was nice to autoset, but probably a bad idea in practice, users should
30 | # have to explicitly specify the common name of their server
31 | #if [ -z "$cn"]; then
32 | #    #TODO: Handle IPv6 (when I get a VPS with IPv6)...
33 | #    ip4=$(dig +short myip.opendns.com @resolver1.opendns.com)
34 | #    ptr=$(dig +short -x $ip4 | sed -e 's:\.$::')
35 | #
36 | #    [ -n "$ptr" ] && cn=$ptr || cn=$ip4
37 | #fi
38 | 
39 | # For a server key with a password, manually init; this is autopilot
40 | easyrsa build-server-full "$OVPN_CN" nopass
41 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_run:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #
 4 | # Run the OpenVPN server normally
 5 | #
 6 | 
 7 | if [ "$DEBUG" == "1" ]; then
 8 |   set -x
 9 | fi
10 | 
11 | set -e
12 | 
13 | # Build runtime arguments array based on environment
14 | ARGS=("--config" "$OPENVPN/openvpn.conf")
15 | 
16 | source "$OPENVPN/ovpn_env.sh"
17 | 
18 | mkdir -p /dev/net
19 | if [ ! -c /dev/net/tun ]; then
20 |     mknod /dev/net/tun c 10 200
21 | fi
22 | 
23 | if [ -d "$OPENVPN/ccd" ]; then
24 |     ARGS+=("--client-config-dir" "$OPENVPN/ccd")
25 | fi
26 | 
27 | # When using --net=host, use this to specify nat device.
28 | [ -z "$OVPN_NATDEVICE" ] && OVPN_NATDEVICE=eth0
29 | 
30 | # Setup NAT forwarding if requested
31 | if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
32 |     iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
33 |       iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
34 |     }
35 |     for i in "${OVPN_ROUTES[@]}"; do
36 |         iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
37 |           iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
38 |         }
39 |     done
40 | fi
41 | 
42 | # Use a hacky hardlink as the CRL Needs to be readable by the user/group
43 | # OpenVPN is running as.  Only pass arguments to OpenVPN if it's found.
44 | if [ -r "$EASYRSA_PKI/crl.pem" ]; then
45 |     if [ ! -r "$OPENVPN/crl.pem" ]; then
46 |         ln "$EASYRSA_PKI/crl.pem" "$OPENVPN/crl.pem"
47 |         chmod 644 "$OPENVPN/crl.pem"
48 |     fi
49 |     ARGS+=("--crl-verify" "$OPENVPN/crl.pem")
50 | fi
51 | 
52 | ip -6 route show default 2>/dev/null
53 | if [ $? = 0 ]; then
54 |     echo "Enabling IPv6 Forwarding"
55 |     # If this fails, ensure the docker container is run with --privileged
56 |     # Could be side stepped with `ip netns` madness to drop privileged flag
57 | 
58 |     sysctl net.ipv6.conf.default.forwarding=1 || echo "Failed to enable IPv6 Forwarding default"
59 |     sysctl net.ipv6.conf.all.forwarding=1 || echo "Failed to enable IPv6 Forwarding"
60 | fi
61 | 
62 | if [ "$#" -gt 0 ]; then
63 |     exec openvpn "$@"
64 | else
65 |     exec openvpn ${ARGS[@]}
66 | fi
67 | 


--------------------------------------------------------------------------------
/(legacy)/openvpn/bin/ovpn_status:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | #
 4 | # Get OpenVPN server status
 5 | #
 6 | if [ "$DEBUG" == "1" ]; then
 7 |   set -x
 8 | fi
 9 | 
10 | set -e
11 | 
12 | tail -F /tmp/openvpn-status.log
13 | 


--------------------------------------------------------------------------------
/(legacy)/osf/admin/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
31 |         pip uninstall uritemplate.py --yes || true
32 |         pip install uritemplate.py==0.3.0
33 |         eval $UPDATE_CMD
34 |     fi
35 | fi
36 | echo "$commit_head" > /tmp/.commit
37 | 
38 | if [ "$1" = 'invoke' ]; then
39 |     echo "Starting: $@"
40 |     exec gosu www-data "$@"
41 | fi
42 | 
43 | exec gosu root "$@"
44 | 


--------------------------------------------------------------------------------
/(legacy)/osf/api/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM python:2.7
  2 | 
  3 | RUN usermod -d /home www-data && chown www-data:www-data /home
  4 | 
  5 | # Install dependancies
  6 | RUN apt-get update \
  7 |     && apt-get install -y \
  8 |         curl \
  9 |         git \
 10 |         libev4 \
 11 |         libev-dev \
 12 |         libevent-dev \
 13 |         libxml2-dev \
 14 |         libxslt1-dev \
 15 |         zlib1g-dev \
 16 |         # cryptography
 17 |         build-essential \
 18 |         libssl-dev \
 19 |         libffi-dev \
 20 |         python-dev \
 21 |     && apt-get clean \
 22 |     && apt-get autoremove -y \
 23 |     && rm -rf /var/lib/apt/lists/*
 24 | 
 25 | # grab gosu for easy step-down from root
 26 | ENV GOSU_VERSION 1.4
 27 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 28 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 29 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
 30 |   	&& gpg --verify /usr/local/bin/gosu.asc \
 31 |   	&& rm /usr/local/bin/gosu.asc \
 32 |   	&& chmod +x /usr/local/bin/gosu
 33 | 
 34 | # https://github.com/nodejs/docker-node/blob/9c25cbe93f9108fd1e506d14228afe4a3d04108f/8.2/Dockerfile
 35 | # gpg keys listed at https://github.com/nodejs/node#release-team
 36 | RUN set -ex \
 37 |   && for key in \
 38 |     9554F04D7259F04124DE6B476D5A82AC7E37093B \
 39 |     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
 40 |     FD3A5288F042B6850C66B31F09FE44734EB7990E \
 41 |     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
 42 |     DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
 43 |     B9AE9905FFD7803F25714661B63B535A4C206CA9 \
 44 |     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
 45 |     56730D5401028683275BD23C23EFEFE93C4CFFFE \
 46 |   ; do \
 47 |     gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
 48 |     gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
 49 |     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
 50 |   done
 51 | 
 52 | ENV NODE_ENV=production \
 53 |     NODE_VERSION=8.6.0 
 54 | 
 55 | RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
 56 |   && case "${dpkgArch##*-}" in \
 57 |     amd64) ARCH='x64';; \
 58 |     ppc64el) ARCH='ppc64le';; \
 59 |     *) echo "unsupported architecture"; exit 1 ;; \
 60 |   esac \
 61 |   && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
 62 |   && curl -SLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
 63 |   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
 64 |   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
 65 |   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 \
 66 |   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
 67 |   && ln -s /usr/local/bin/node /usr/local/bin/nodejs
 68 | 
 69 | ENV YARN_VERSION=1.1.0
 70 | 
 71 | RUN set -ex \
 72 |   && for key in \
 73 |     6A010C5166006599AA17F08146C2130DFD2497F5 \
 74 |   ; do \
 75 |     gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
 76 |     gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
 77 |     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
 78 |   done \
 79 |   && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
 80 |   && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
 81 |   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
 82 |   && mkdir -p /opt/yarn \
 83 |   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/yarn --strip-components=1 \
 84 |   && ln -s /opt/yarn/bin/yarn /usr/local/bin/yarn \
 85 |   && ln -s /opt/yarn/bin/yarn /usr/local/bin/yarnpkg \
 86 |   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz
 87 | 
 88 | ENV SOURCE_BRANCH develop
 89 | # ENV SOURCE_BRANCH master
 90 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/osf.io.git
 91 | ENV WHEELHOUSE /home/.cache/wheelhouse
 92 | ENV DJANGO_SETTINGS_MODULE api.base.settings
 93 | ENV UPDATE_CMD 'invoke clean && invoke wheelhouse --release && invoke requirements --release && gosu www-data invoke assets && gosu www-data python manage.py collectstatic --noinput'
 94 | 
 95 | RUN pip install -U pip
 96 | 
 97 | RUN pip install \
 98 |       invoke==0.13.0 \
 99 |       uwsgi==2.0.10
100 | 
101 | WORKDIR /code
102 | 
103 | # perform an initial build to cache long running compilations
104 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
105 |     && cp website/settings/local-dist.py website/settings/local.py \
106 |     && chown -R www-data:www-data /code
107 | 
108 | RUN invoke wheelhouse --release
109 | RUN invoke requirements --release
110 | 
111 | COPY entrypoint.sh /entrypoint.sh
112 | RUN chmod +x /entrypoint.sh
113 | ENTRYPOINT ["/entrypoint.sh"]
114 | 
115 | EXPOSE 8000
116 | VOLUME /code
117 | 
118 | CMD ["invoke", "apiserver"]
119 | 


--------------------------------------------------------------------------------
/(legacy)/osf/api/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
31 |         pip uninstall uritemplate.py --yes || true
32 |         pip install uritemplate.py==0.3.0
33 |         eval $UPDATE_CMD
34 |     fi
35 | fi
36 | echo "$commit_head" > /tmp/.commit
37 | 
38 | if [ "$1" = 'invoke' ]; then
39 |     echo "Starting: $@"
40 |     exec gosu www-data "$@"
41 | fi
42 | 
43 | exec gosu root "$@"
44 | 


--------------------------------------------------------------------------------
/(legacy)/osf/celery/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM python:2.7
  2 | 
  3 | RUN usermod -d /home www-data && chown www-data:www-data /home
  4 | 
  5 | # Install dependancies
  6 | RUN apt-get update \
  7 |     && apt-get install -y \
  8 |         curl \
  9 |         git \
 10 |         libev4 \
 11 |         libev-dev \
 12 |         libevent-dev \
 13 |         libxml2-dev \
 14 |         libxslt1-dev \
 15 |         zlib1g-dev \
 16 |         # cron (temporary for pre celery-beat jobs)
 17 |         cron \
 18 |         rsyslog \
 19 |         # matplotlib
 20 |         libfreetype6-dev \
 21 |         libxft-dev \
 22 |         # scipy
 23 |         gfortran \
 24 |         libopenblas-dev \
 25 |         liblapack-dev \
 26 |         # cryptography
 27 |         build-essential \
 28 |         libssl-dev \
 29 |         libffi-dev \
 30 |         python-dev \
 31 |         # par2
 32 |         par2 \
 33 |     && apt-get clean \
 34 |     && apt-get autoremove -y \
 35 |     && rm -rf /var/lib/apt/lists/*
 36 | 
 37 | RUN rm -rf /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/*
 38 | 
 39 | # grab gosu for easy step-down from root
 40 | ENV GOSU_VERSION 1.4
 41 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 42 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 43 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
 44 |   	&& gpg --verify /usr/local/bin/gosu.asc \
 45 |   	&& rm /usr/local/bin/gosu.asc \
 46 |   	&& chmod +x /usr/local/bin/gosu
 47 | 
 48 | # https://github.com/nodejs/docker-node/blob/9c25cbe93f9108fd1e506d14228afe4a3d04108f/8.2/Dockerfile
 49 | # gpg keys listed at https://github.com/nodejs/node#release-team
 50 | RUN set -ex \
 51 |   && for key in \
 52 |     9554F04D7259F04124DE6B476D5A82AC7E37093B \
 53 |     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
 54 |     FD3A5288F042B6850C66B31F09FE44734EB7990E \
 55 |     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
 56 |     DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
 57 |     B9AE9905FFD7803F25714661B63B535A4C206CA9 \
 58 |     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
 59 |     56730D5401028683275BD23C23EFEFE93C4CFFFE \
 60 |   ; do \
 61 |     gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
 62 |     gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
 63 |     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
 64 |   done
 65 | 
 66 | ENV NPM_CONFIG_LOGLEVEL info
 67 | ENV NODE_VERSION 8.2.1
 68 | 
 69 | RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
 70 |   && case "${dpkgArch##*-}" in \
 71 |     amd64) ARCH='x64';; \
 72 |     ppc64el) ARCH='ppc64le';; \
 73 |     *) echo "unsupported architecture"; exit 1 ;; \
 74 |   esac \
 75 |   && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
 76 |   && curl -SLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
 77 |   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
 78 |   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
 79 |   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 \
 80 |   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
 81 |   && ln -s /usr/local/bin/node /usr/local/bin/nodejs
 82 | 
 83 | ENV SOURCE_BRANCH develop
 84 | # ENV SOURCE_BRANCH master
 85 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/osf.io.git
 86 | ENV WHEELHOUSE /home/.cache/wheelhouse
 87 | ENV UPDATE_CMD 'invoke clean && invoke wheelhouse --release && invoke requirements --release'
 88 | 
 89 | RUN chmod 600 /etc/crontab
 90 | 
 91 | RUN pip install -U pip
 92 | 
 93 | RUN pip install \
 94 |       invoke==0.13.0 \
 95 |       uwsgi==2.0.10
 96 | 
 97 | WORKDIR /code
 98 | 
 99 | # perform an initial build to cache long running compilations
100 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
101 |     && cp website/settings/local-dist.py website/settings/local.py \
102 |     && chown -R www-data:www-data /code
103 | 
104 | # numpy is a pre-req to scipy
105 | RUN pip wheel numpy==1.8.0 --wheel-dir=/home/.cache/wheelhouse
106 | RUN pip install numpy==1.8.0
107 | RUN invoke wheelhouse --release
108 | RUN invoke requirements --release
109 | 
110 | COPY entrypoint.sh /entrypoint.sh
111 | RUN chmod +x /entrypoint.sh
112 | ENTRYPOINT ["/entrypoint.sh"]
113 | 
114 | VOLUME /code
115 | VOLUME /celery
116 | 
117 | CMD ["invoke", "celery_worker"]
118 | 


--------------------------------------------------------------------------------
/(legacy)/osf/celery/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | chown -R www-data:www-data /celery || true
 7 | 
 8 | if [ ! -d /code/.git ]; then
 9 |     gosu www-data git init
10 | fi
11 | 
12 | gosu www-data git remote rm origin || true
13 | gosu www-data git remote add origin $SOURCE_REPO
14 | gosu www-data git fetch -q
15 | gosu www-data git checkout $SOURCE_BRANCH
16 | gosu www-data git pull origin $SOURCE_BRANCH
17 | 
18 | # avoid running setup tasks on container restarts
19 | commit_head=$(git rev-parse HEAD)
20 | updated=false
21 | if [ -f "/tmp/.commit" ]; then
22 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
23 |         updated=true
24 |     fi
25 | else
26 |     updated=true
27 | fi
28 | if $updated; then
29 |     if [ "$UPDATE_CMD" != "" ]; then
30 |         echo "Updating: $UPDATE_CMD"
31 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
32 |         pip uninstall uritemplate.py --yes || true
33 |         pip install uritemplate.py==0.3.0
34 |         eval $UPDATE_CMD
35 |     fi
36 | fi
37 | echo "$commit_head" > /tmp/.commit
38 | 
39 | if [ "$1" = 'invoke' ]; then
40 |     echo "Starting: $@"
41 |     exec gosu www-data "$@"
42 | fi
43 | 
44 | exec gosu root "$@"
45 | 


--------------------------------------------------------------------------------
/(legacy)/osf/docker-compose.yml:
--------------------------------------------------------------------------------
  1 | 
  2 | # Storage Containers
  3 | 
  4 | storage:
  5 |  image: busybox:latest
  6 |  volumes:
  7 |    - /tmp
  8 |    - /code
  9 |    - /data/db
 10 | 
 11 | 
 12 | # # Service Containers
 13 | 
 14 | rabbitmq:
 15 |   image: rabbitmq:latest
 16 | 
 17 | elasticsearch:
 18 |   image: elasticsearch:latest
 19 | 
 20 | tokumx:
 21 |   image: centerforopenscience/tokumx:latest
 22 |   environment:
 23 |     - TOKU_HUGE_PAGES_OK=1
 24 |   expose:
 25 |     - 27017
 26 |   ports:
 27 |     - 27017:27017
 28 | 
 29 | 
 30 | # Server Containers
 31 | 
 32 | 
 33 | # cas:
 34 | #   image: centerforopenscience/cas
 35 | #   expose:
 36 | #     - 8080
 37 | #   ports:
 38 | #     - 8080:8080
 39 | #   links:
 40 | #     - tokumx:tokumx
 41 | 
 42 | api:
 43 |   tty: true
 44 |   # build: ./api
 45 |   image: centerforopenscience/osf:api
 46 |   command: invoke apiserver
 47 |   environment:
 48 |      - SOURCE_BRANCH=develop
 49 |      - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
 50 |      - UPDATE_CMD=invoke wheelhouse --dev --addons && invoke requirements --dev --addons && gosu www-data invoke assets && gosu www-data python manage.py collectstatic --noinput
 51 |   expose:
 52 |     - 8000
 53 |   ports:
 54 |     - 8000:8000
 55 |   links:
 56 |     - tokumx:tokumx
 57 |     - elasticsearch:elasticsearch
 58 |     - rabbitmq:rabbitmq
 59 |   volumes:
 60 |     - ./settings/local-docker.py:/code/website/settings/local.py
 61 |   volumes_from:
 62 |     - storage
 63 | 
 64 | web:
 65 |   tty: true
 66 |   # build: ./web
 67 |   image: centerforopenscience/osf:web
 68 |   command: invoke server --host 0.0.0.0 --port 5000
 69 |   environment:
 70 |      - SOURCE_BRANCH=develop
 71 |      - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
 72 |      - UPDATE_CMD=invoke wheelhouse --dev --addons && invoke requirements --dev --addons && gosu www-data invoke assets --dev
 73 |   expose:
 74 |     - 5000
 75 |   ports:
 76 |     - 5000:5000
 77 |   links:
 78 |     - tokumx:tokumx
 79 |     - elasticsearch:elasticsearch
 80 |     - rabbitmq:rabbitmq
 81 |   volumes:
 82 |     - ./settings/local-docker.py:/code/website/settings/local.py
 83 |   volumes_from:
 84 |     - storage
 85 | 
 86 | 
 87 | sharejs:
 88 | # build: ./sharejs
 89 |  image: centerforopenscience/osf:sharejs
 90 |  command: invoke sharejs --host 0.0.0.0 --port 7007
 91 |  environment:
 92 |    - SOURCE_BRANCH=develop
 93 |    - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
 94 |    - SHAREJS_SERVER_HOST=0.0.0.0
 95 |    - SHAREJS_SERVER_PORT=7007
 96 |    - SHAREJS_CORS_ALLOW_ORIGIN=http://localhost:5000
 97 |    - SHAREJS_DB_HOST=tokumx
 98 |    - SHAREJS_DB_PORT=27017
 99 |    - SHAREJS_DB_NAME=sharejs
100 |    - SHAREJS_DEBUG=false
101 |  expose:
102 |    - 7007
103 |  ports:
104 |    - 7007:7007
105 |  links:
106 |    - tokumx:tokumx
107 | 
108 | 
109 | celery:
110 |   tty: true
111 | #  build: ./web
112 |   image: centerforopenscience/osf:celery
113 |   command: 'invoke celery_worker'
114 |   environment:
115 |     - SOURCE_BRANCH=develop
116 |     - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
117 |   links:
118 |     - rabbitmq:rabbitmq
119 |     - tokumx:tokumx
120 |   volumes:
121 |     - ./settings/local-docker.py:/code/website/settings/local.py
122 |   volumes_from:
123 |     - storage
124 | 
125 | 
126 | #celery:
127 | #  tty: true
128 | ##  build: ./web
129 | #  image: centerforopenscience/osf:celery
130 | #  command: 'invoke celery_beat'
131 | #  environment:
132 | #    - SOURCE_BRANCH=develop
133 | #    - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
134 | #  links:
135 | #    - rabbitmq:rabbitmq
136 | #    - tokumx:tokumx
137 | #  volumes:
138 | #    - ./settings/local-docker.py:/code/website/settings/local.py
139 | #  volumes_from:
140 | #    - storage
141 | 
142 | 
143 | #admin:
144 | #  tty: true
145 | #  # build: ./admin
146 | #  image: centerforopenscience/osf:admin
147 | #  # command: invoke apiserver --host 0.0.0.0 --port 8000
148 | #  environment:
149 | #     - SOURCE_BRANCH=develop
150 | #     - SOURCE_REPO=https://github.com/CenterForOpenScience/osf.io.git
151 | #     - UPDATE_CMD=invoke clean && invoke wheelhouse --release && invoke requirements --release && gosu www-data invoke assets && gosu www-data invoke admin.assets && gosu www-data python manage.py collectstatic --noinput
152 | #  expose:
153 | #    - 7778
154 | #  ports:
155 | #    - 7778:7778
156 | #  links:
157 | #    - tokumx:tokumx
158 | #  volumes:
159 | #    - ./settings/local-docker.py:/code/website/settings/local.py
160 | #   volumes_from:
161 | #     - storage
162 | 


--------------------------------------------------------------------------------
/(legacy)/osf/settings/local-docker.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | '''Example settings/local.py file.
 3 | These settings override what's in website/settings/defaults.py
 4 | 
 5 | NOTE: local.py will not be added to source control.
 6 | '''
 7 | 
 8 | from . import defaults
 9 | 
10 | # DOMAIN = 'https://test.osf.io/''
11 | # API_DOMAIN = 'https://test-api.osf.io/'
12 | 
13 | DEV_MODE = True
14 | DEBUG_MODE = True  # Sets app to debug mode, turns off template caching, etc.
15 | 
16 | ELASTIC_URI = 'elasticsearch'
17 | SEARCH_ENGINE = 'elastic'
18 | ELASTIC_TIMEOUT = 10
19 | 
20 | DB_HOST = 'tokumx'
21 | 
22 | # LOG_PATH = '/log'
23 | 
24 | # Comment out to use SHARE in development
25 | USE_SHARE = False
26 | 
27 | # Comment out to use celery in development
28 | USE_CELERY = False
29 | 
30 | # Comment out to use GnuPG in development
31 | USE_GNUPG = False  # Changing this may require you to re-enter encrypted fields
32 | 
33 | # Email
34 | USE_EMAIL = False
35 | MAIL_SERVER = 'localhost:1025'  # For local testing
36 | MAIL_USERNAME = 'osf-smtp'
37 | MAIL_PASSWORD = 'CHANGEME'
38 | 
39 | # Mailchimp email subscriptions
40 | ENABLE_EMAIL_SUBSCRIPTIONS = False
41 | 
42 | # Session
43 | OSF_COOKIE_DOMAIN = None
44 | COOKIE_NAME = 'osf'
45 | SECRET_KEY = "CHANGEME"
46 | 
47 | # Uncomment if GPG was installed with homebrew
48 | # GNUPG_BINARY = '/usr/local/bin/gpg'
49 | 
50 | ##### Celery #####
51 | ## Default RabbitMQ broker
52 | BROKER_URL = 'amqp://rabbitmq'
53 | 
54 | # Default RabbitMQ backend
55 | CELERY_RESULT_BACKEND = 'amqp://rabbitmq'
56 | 
57 | USE_CDN_FOR_CLIENT_LIBS = False
58 | 
59 | # Example of extending default settings
60 | # defaults.IMG_FMTS += ["pdf"]
61 | 


--------------------------------------------------------------------------------
/(legacy)/osf/sharejs/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM quay.io/centerforopenscience/sharejs:master
2 | 


--------------------------------------------------------------------------------
/(legacy)/osf/web/Dockerfile:
--------------------------------------------------------------------------------
  1 | FROM python:2.7
  2 | 
  3 | RUN usermod -d /home www-data && chown www-data:www-data /home
  4 | 
  5 | # Install dependancies
  6 | RUN apt-get update \
  7 |     && apt-get install -y \
  8 |         curl \
  9 |         git \
 10 |         libev4 \
 11 |         libev-dev \
 12 |         libevent-dev \
 13 |         libxml2-dev \
 14 |         libxslt1-dev \
 15 |         zlib1g-dev \
 16 |         # cryptography
 17 |         build-essential \
 18 |         libssl-dev \
 19 |         libffi-dev \
 20 |         python-dev \
 21 |     && apt-get clean \
 22 |     && apt-get autoremove -y \
 23 |     && rm -rf /var/lib/apt/lists/*
 24 | 
 25 | # grab gosu for easy step-down from root
 26 | ENV GOSU_VERSION 1.4
 27 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
 28 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 29 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
 30 |   	&& gpg --verify /usr/local/bin/gosu.asc \
 31 |   	&& rm /usr/local/bin/gosu.asc \
 32 |   	&& chmod +x /usr/local/bin/gosu
 33 | 
 34 | # https://github.com/nodejs/docker-node/blob/9c25cbe93f9108fd1e506d14228afe4a3d04108f/8.2/Dockerfile
 35 | # gpg keys listed at https://github.com/nodejs/node#release-team
 36 | RUN set -ex \
 37 |   && for key in \
 38 |     9554F04D7259F04124DE6B476D5A82AC7E37093B \
 39 |     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
 40 |     FD3A5288F042B6850C66B31F09FE44734EB7990E \
 41 |     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
 42 |     DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
 43 |     B9AE9905FFD7803F25714661B63B535A4C206CA9 \
 44 |     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
 45 |     56730D5401028683275BD23C23EFEFE93C4CFFFE \
 46 |   ; do \
 47 |     gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
 48 |     gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
 49 |     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
 50 |   done
 51 | 
 52 | ENV NODE_ENV=production \
 53 |     NODE_VERSION=8.6.0 
 54 | 
 55 | RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
 56 |   && case "${dpkgArch##*-}" in \
 57 |     amd64) ARCH='x64';; \
 58 |     ppc64el) ARCH='ppc64le';; \
 59 |     *) echo "unsupported architecture"; exit 1 ;; \
 60 |   esac \
 61 |   && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
 62 |   && curl -SLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
 63 |   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
 64 |   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
 65 |   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 \
 66 |   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
 67 |   && ln -s /usr/local/bin/node /usr/local/bin/nodejs
 68 | 
 69 | ENV YARN_VERSION=1.1.0
 70 | 
 71 | RUN set -ex \
 72 |   && for key in \
 73 |     6A010C5166006599AA17F08146C2130DFD2497F5 \
 74 |   ; do \
 75 |     gpg --keyserver pgp.mit.edu --recv-keys "$key" || \
 76 |     gpg --keyserver keyserver.pgp.com --recv-keys "$key" || \
 77 |     gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" ; \
 78 |   done \
 79 |   && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \
 80 |   && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \
 81 |   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \
 82 |   && mkdir -p /opt/yarn \
 83 |   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/yarn --strip-components=1 \
 84 |   && ln -s /opt/yarn/bin/yarn /usr/local/bin/yarn \
 85 |   && ln -s /opt/yarn/bin/yarn /usr/local/bin/yarnpkg \
 86 |   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz
 87 | 
 88 | ENV SOURCE_BRANCH develop
 89 | # ENV SOURCE_BRANCH master
 90 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/osf.io.git
 91 | ENV WHEELHOUSE /home/.cache/wheelhouse
 92 | ENV UPDATE_CMD 'invoke clean && invoke wheelhouse --release && invoke requirements --release && gosu www-data invoke assets'
 93 | 
 94 | RUN pip install -U pip
 95 | 
 96 | RUN npm install -g bower \
 97 |     && pip install \
 98 |         invoke==0.13.0 \
 99 |         uwsgi==2.0.10
100 | 
101 | WORKDIR /code
102 | 
103 | # perform an initial build to cache long running compilations
104 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
105 |     && cp website/settings/local-dist.py website/settings/local.py \
106 |     && chown -R www-data:www-data /code
107 | 
108 | RUN invoke wheelhouse --release
109 | RUN invoke requirements --release
110 | 
111 | COPY entrypoint.sh /entrypoint.sh
112 | RUN chmod +x /entrypoint.sh
113 | ENTRYPOINT ["/entrypoint.sh"]
114 | 
115 | EXPOSE 5000
116 | VOLUME /code
117 | 
118 | CMD ["invoke", "server"]
119 | 


--------------------------------------------------------------------------------
/(legacy)/osf/web/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         # https://cosdev.readthedocs.org/en/latest/osf/common_problems.html#error-when-importing-uritemplate
31 |         pip uninstall uritemplate.py --yes || true
32 |         pip install uritemplate.py==0.3.0
33 |         eval $UPDATE_CMD
34 |     fi
35 | fi
36 | echo "$commit_head" > /tmp/.commit
37 | 
38 | if [ "$1" = 'invoke' ]; then
39 |     echo "Starting: $@"
40 |     exec gosu www-data "$@"
41 | fi
42 | 
43 | exec gosu root "$@"
44 | 


--------------------------------------------------------------------------------
/(legacy)/prerender/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |         libev4 \
10 |         libev-dev \
11 |         libevent-dev \
12 |         libxml2-dev \
13 |         libxslt1-dev \
14 |         zlib1g-dev \
15 |         # cryptography
16 |         build-essential \
17 |         libssl-dev \
18 |         libffi-dev \
19 |         python-dev \
20 |     && apt-get clean \
21 |     && apt-get autoremove -y \
22 |     && rm -rf /var/lib/apt/lists/*
23 | 
24 | # grab gosu for easy step-down from root
25 | ENV GOSU_VERSION 1.4
26 | RUN apt-get update \
27 |     && apt-get install -y \
28 |         curl \
29 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
30 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
31 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
32 |   	&& gpg --verify /usr/local/bin/gosu.asc \
33 |   	&& rm /usr/local/bin/gosu.asc \
34 |   	&& chmod +x /usr/local/bin/gosu \
35 |     && apt-get clean \
36 |     && apt-get autoremove -y \
37 |         curl \
38 |     && rm -rf /var/lib/apt/lists/*
39 | 
40 | ENV NODE_VERSION 0.12.4
41 | ENV NPM_VERSION 2.10.1
42 | RUN apt-get update \
43 |     && apt-get install -y \
44 |         curl \
45 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D 114F43EE0176B71C7BC219DD50A3051F888C628D \
46 |     && curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \
47 |   	&& curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
48 |   	&& gpg --verify SHASUMS256.txt.asc \
49 |   	&& grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
50 |   	&& tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
51 |   	&& rm "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \
52 |   	&& npm install -g npm@"$NPM_VERSION" \
53 |   	&& npm cache clear \
54 |     && apt-get clean \
55 |     && apt-get autoremove -y \
56 |         curl \
57 |     && rm -rf /var/lib/apt/lists/*
58 | 
59 | ENV SOURCE_BRANCH master
60 | ENV SOURCE_REPO https://github.com/prerender/prerender
61 | ENV SOURCE_COMMIT 7bfe6b95e901e231cbad6a96a6e5b3d4a395fbf1
62 | 
63 | WORKDIR /code
64 | 
65 | # perform an initial build to cache long running compilations
66 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
67 |     && git checkout $SOURCE_COMMIT . \
68 |     && chown -R www-data:www-data /code
69 | 
70 | COPY entrypoint.sh /entrypoint.sh
71 | RUN chmod +x /entrypoint.sh
72 | ENTRYPOINT ["/entrypoint.sh"]
73 | 
74 | RUN npm install
75 | RUN npm install prerender-redis-cache --save
76 | 
77 | EXPOSE 3000
78 | 
79 | CMD [ "gosu", "www-data", "node", "server.js" ]
80 | 


--------------------------------------------------------------------------------
/(legacy)/prerender/docker-compose.yml:
--------------------------------------------------------------------------------
1 | prerender:
2 |    build: .


--------------------------------------------------------------------------------
/(legacy)/prerender/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | chown -R www-data:www-data /home || true
5 | chown -R www-data:www-data /code || true
6 | 
7 | exec gosu root "$@"
8 | 


--------------------------------------------------------------------------------
/(legacy)/python/2.7/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r python && useradd -r -g python python -d /home/python -m
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
 8 | RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* \
 9 | 	&& curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \
10 | 	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \
11 | 	&& gpg --verify /usr/local/bin/gosu.asc \
12 | 	&& rm /usr/local/bin/gosu.asc \
13 | 	&& chmod +x /usr/local/bin/gosu \
14 | 	&& apt-get purge -y --auto-remove curl
15 | 
16 | WORKDIR /code
17 | 
18 | COPY entrypoint.sh /
19 | RUN chmod +x /entrypoint.sh
20 | ENTRYPOINT ["/entrypoint.sh"]
21 | 
22 | CMD ["python app.py"]
23 | 


--------------------------------------------------------------------------------
/(legacy)/python/2.7/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | export HOME=/home/python
 5 | 
 6 | if [ "$1" = 'python' ]; then
 7 |     chown -R python /code
 8 | fi
 9 | 
10 | exec gosu python "$@"
11 | 


--------------------------------------------------------------------------------
/(legacy)/python/2.7/slim/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7-slim
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r python && useradd -r -g python python -d /home/python -m
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
 8 | RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* \
 9 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \
10 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \
11 |     && gpg --verify /usr/local/bin/gosu.asc \
12 |     && rm /usr/local/bin/gosu.asc \
13 |     && chmod +x /usr/local/bin/gosu \
14 |     && apt-get purge -y --auto-remove curl
15 | 
16 | WORKDIR /code
17 | 
18 | COPY entrypoint.sh /
19 | RUN chmod +x /entrypoint.sh
20 | ENTRYPOINT ["/entrypoint.sh"]
21 | 
22 | CMD ["python app.py"]
23 | 


--------------------------------------------------------------------------------
/(legacy)/python/2.7/slim/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | export HOME=/home/python
 5 | 
 6 | if [ "$1" = 'python' ]; then
 7 |     chown -R python /code
 8 | fi
 9 | 
10 | exec gosu python "$@"
11 | 


--------------------------------------------------------------------------------
/(legacy)/python/3.4/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.4
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r python && useradd -r -g python python -d /home/python -m
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
 8 | RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* \
 9 | 	&& curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \
10 | 	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \
11 | 	&& gpg --verify /usr/local/bin/gosu.asc \
12 | 	&& rm /usr/local/bin/gosu.asc \
13 | 	&& chmod +x /usr/local/bin/gosu \
14 | 	&& apt-get purge -y --auto-remove curl
15 | 
16 | WORKDIR /code
17 | 
18 | COPY entrypoint.sh /
19 | RUN chmod +x /entrypoint.sh
20 | ENTRYPOINT ["/entrypoint.sh"]
21 | 
22 | CMD ["python app.py"]
23 | 


--------------------------------------------------------------------------------
/(legacy)/python/3.4/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | export HOME=/home/python
 5 | 
 6 | if [ "$1" = 'python' ]; then
 7 |     chown -R python /code
 8 | fi
 9 | 
10 | exec gosu python "$@"
11 | 


--------------------------------------------------------------------------------
/(legacy)/python/3.4/slim/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.4-slim
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r python && useradd -r -g python python -d /home/python -m
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
 8 | RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* \
 9 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture)" \
10 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/1.4/gosu-$(dpkg --print-architecture).asc" \
11 |     && gpg --verify /usr/local/bin/gosu.asc \
12 |     && rm /usr/local/bin/gosu.asc \
13 |     && chmod +x /usr/local/bin/gosu \
14 |     && apt-get purge -y --auto-remove curl
15 | 
16 | WORKDIR /code
17 | 
18 | COPY entrypoint.sh /
19 | RUN chmod +x /entrypoint.sh
20 | ENTRYPOINT ["/entrypoint.sh"]
21 | 
22 | CMD ["python app.py"]
23 | 


--------------------------------------------------------------------------------
/(legacy)/python/3.4/slim/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | export HOME=/home/python
 5 | 
 6 | if [ "$1" = 'python' ]; then
 7 |     chown -R python /code
 8 | fi
 9 | 
10 | exec gosu python "$@"
11 | 


--------------------------------------------------------------------------------
/(legacy)/rsyslog/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:wheezy
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r rsyslog && useradd -r -g rsyslog rsyslog
 5 | 
 6 | # Install dependancies
 7 | RUN apt-get update \
 8 |   && apt-get install -y \
 9 |     rsyslog \
10 |   && rm -rf /var/lib/apt/lists/*
11 | 
12 | # Allow tcp/udp port 514
13 | RUN sed 's/#$ModLoad imudp/$ModLoad imudp/' -i /etc/rsyslog.conf
14 | RUN sed 's/#$UDPServerRun 514/$UDPServerRun 514/' -i /etc/rsyslog.conf
15 | RUN sed 's/#$ModLoad imtcp/$ModLoad imtcp/' -i /etc/rsyslog.conf
16 | RUN sed 's/#$InputTCPServerRun 514/$InputTCPServerRun 514/' -i /etc/rsyslog.conf
17 | 
18 | # Set the default permissions for all log files.
19 | RUN sed 's/$FileOwner root/$FileOwner rsyslog/' -i /etc/rsyslog.conf
20 | RUN sed 's/$Umask 0022/$Umask 0022\n$PrivDropToUser rsyslog\n$PrivDropToGroup rsyslog/' -i /etc/rsyslog.conf
21 | 
22 | EXPOSE 514
23 | EXPOSE 514/udp
24 | 
25 | CMD ["/usr/sbin/rsyslogd", "-n"]
26 | 


--------------------------------------------------------------------------------
/(legacy)/scrapi/2.7/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:2.7
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |         libev4 \
10 |         libev-dev \
11 |         libevent-dev \
12 |         libxml2-dev \
13 |         libxslt1-dev \
14 |         zlib1g-dev \
15 |     && apt-get clean \
16 |     && apt-get autoremove -y \
17 |     && rm -rf /var/lib/apt/lists/*
18 | 
19 | # grab gosu for easy step-down from root
20 | ENV GOSU_VERSION 1.4
21 | RUN apt-get update \
22 |     && apt-get install -y \
23 |         curl \
24 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
25 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
26 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
27 |   	&& gpg --verify /usr/local/bin/gosu.asc \
28 |   	&& rm /usr/local/bin/gosu.asc \
29 |   	&& chmod +x /usr/local/bin/gosu \
30 |     && apt-get clean \
31 |     && apt-get autoremove -y \
32 |         curl \
33 |     && rm -rf /var/lib/apt/lists/*
34 | 
35 | ENV SOURCE_BRANCH=master
36 | ENV SOURCE_REPO=https://github.com/CenterForOpenScience/scrapi.git
37 | ENV WHEELHOUSE /home/.cache/wheelhouse
38 | ENV UPDATE_CMD 'invoke wheelhouse && invoke requirements'
39 | 
40 | RUN pip install -U \
41 |       invoke \
42 |       wheel \
43 |       uwsgi==2.0.10
44 | 
45 | WORKDIR /code
46 | 
47 | # perform an initial build to cache long running compilations
48 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
49 |     && chown -R www-data:www-data /code
50 | 
51 | RUN invoke wheelhouse
52 | RUN invoke requirements
53 | 
54 | COPY entrypoint.sh /entrypoint.sh
55 | RUN chmod +x /entrypoint.sh
56 | ENTRYPOINT ["/entrypoint.sh"]
57 | 
58 | VOLUME /code
59 | 
60 | CMD ["/bin/bash"]
61 | 


--------------------------------------------------------------------------------
/(legacy)/scrapi/2.7/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/scrapi/3.5/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.5
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |         libev4 \
10 |         libev-dev \
11 |         libevent-dev \
12 |         libxml2-dev \
13 |         libxslt1-dev \
14 |         zlib1g-dev \
15 |     && apt-get clean \
16 |     && apt-get autoremove -y \
17 |     && rm -rf /var/lib/apt/lists/*
18 | 
19 | # grab gosu for easy step-down from root
20 | ENV GOSU_VERSION 1.4
21 | RUN apt-get update \
22 |     && apt-get install -y \
23 |         curl \
24 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
25 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
26 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
27 |   	&& gpg --verify /usr/local/bin/gosu.asc \
28 |   	&& rm /usr/local/bin/gosu.asc \
29 |   	&& chmod +x /usr/local/bin/gosu \
30 |     && apt-get clean \
31 |     && apt-get autoremove -y \
32 |         curl \
33 |     && rm -rf /var/lib/apt/lists/*
34 | 
35 | ENV SOURCE_BRANCH=master
36 | ENV SOURCE_REPO=https://github.com/CenterForOpenScience/scrapi.git
37 | ENV WHEELHOUSE /home/.cache/wheelhouse
38 | ENV UPDATE_CMD 'invoke wheelhouse && invoke requirements'
39 | 
40 | RUN pip install -U \
41 |       invoke \
42 |       wheel \
43 |       uwsgi==2.0.10
44 | 
45 | WORKDIR /code
46 | 
47 | # perform an initial build to cache long running compilations
48 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
49 |     && chown -R www-data:www-data /code
50 | 
51 | RUN invoke wheelhouse
52 | RUN invoke requirements
53 | 
54 | COPY entrypoint.sh /entrypoint.sh
55 | RUN chmod +x /entrypoint.sh
56 | ENTRYPOINT ["/entrypoint.sh"]
57 | 
58 | VOLUME /code
59 | 
60 | CMD ["/bin/bash"]
61 | 


--------------------------------------------------------------------------------
/(legacy)/scrapi/3.5/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/share-reg/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM centerforopenscience/uwsgi:2.7
 2 | 
 3 | # Install dependancies
 4 | RUN apt-get update \
 5 |     && apt-get install -y \
 6 |         git \
 7 |         libev4 \
 8 |         libev-dev \
 9 |         libevent-dev \
10 |         libxml2-dev \
11 |         libxslt1-dev \
12 |         zlib1g-dev \
13 |     && apt-get clean \
14 |     && apt-get autoremove -y \
15 |     && rm -rf /var/lib/apt/lists/*
16 | 
17 | # grab gosu for easy step-down from root
18 | ENV GOSU_VERSION 1.4
19 | RUN apt-get update \
20 |     && apt-get install -y \
21 |         curl \
22 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
23 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
24 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
25 |   	&& gpg --verify /usr/local/bin/gosu.asc \
26 |   	&& rm /usr/local/bin/gosu.asc \
27 |   	&& chmod +x /usr/local/bin/gosu \
28 |     && apt-get clean \
29 |     && apt-get autoremove -y \
30 |         curl \
31 |     && rm -rf /var/lib/apt/lists/*
32 | 
33 | # Node : https://registry.hub.docker.com/u/library/node/
34 | ENV NODE_VERSION 0.12.4
35 | ENV NPM_VERSION 2.10.1
36 | RUN apt-get update \
37 |     && apt-get install -y \
38 |         curl \
39 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 7937DFD2AB06298B2293C3187D33FF9D0246406D 114F43EE0176B71C7BC219DD50A3051F888C628D \
40 |     && curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz" \
41 |   	&& curl -SLO "http://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
42 |   	&& gpg --verify SHASUMS256.txt.asc \
43 |   	&& grep " node-v$NODE_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
44 |   	&& tar -xzf "node-v$NODE_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
45 |   	&& rm "node-v$NODE_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \
46 |   	&& npm install -g npm@"$NPM_VERSION" \
47 |   	&& npm cache clear \
48 |     && apt-get clean \
49 |     && apt-get autoremove -y \
50 |         curl \
51 |     && rm -rf /var/lib/apt/lists/*
52 | 
53 | RUN npm install -g bower
54 | 
55 | ENV SOURCE_BRANCH=develop
56 | ENV SOURCE_REPO=https://github.com/erinspace/shareregistration.git
57 | 
58 | # perform an initial build to cache long running compilations
59 | RUN mkdir /code \
60 |     && cd /code \
61 |     && git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
62 |     && pip install -U -r requirements.txt \
63 |     && rm -Rf /code
64 | 
65 | COPY entrypoint.sh /entrypoint.sh
66 | RUN chmod +x /entrypoint.sh
67 | ENTRYPOINT ["/entrypoint.sh"]
68 | 
69 | WORKDIR /code
70 | 
71 | VOLUME /code
72 | 
73 | CMD ["uwsgi", "--ini", "/etc/uwsgi/uwsgi.ini"]
74 | 


--------------------------------------------------------------------------------
/(legacy)/share-reg/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Data Containers
 2 | 
 3 | tmpdata:
 4 |   image: busybox:latest
 5 |   volumes:
 6 |     - /home
 7 |     - /home/.cos/local.py
 8 |     - /etc/uwsgi
 9 |     - /tmp
10 | 
11 | 
12 | # Service Containers
13 | 
14 | postgres:
15 |   image: centerforopenscience/postgres:9.4
16 |   expose:
17 |     - 5432
18 |   volumes_from:
19 |     - tmpdata
20 | 
21 | 
22 | # Server Containers
23 | 
24 | web:
25 |   # image: centerforopenscience/share-reg:latest
26 |   build: .
27 |   environment:
28 |     - SOURCE_BRANCH=develop
29 |     - SOURCE_REPO=https://github.com/mfraezz/DirectoryOfRepositories.git
30 |   ports:
31 |     - 8000:8000
32 |   expose:
33 |     - 8000
34 |   links:
35 |     - postgres:postgres
36 |   volumes_from:
37 |     - tmpdata
38 | 


--------------------------------------------------------------------------------
/(legacy)/share-reg/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home
 5 | 
 6 | if [[ $(stat -c '%U' /code) != www-data ]]; then
 7 |     chown -R www-data:www-data /code
 8 |     gosu www-data git clone -b $SOURCE_BRANCH $SOURCE_REPO .
 9 |     gosu www-data ln -s /home/.cos/local.py /code/shareregistration/settings/local.py
10 | fi
11 | 
12 | gosu www-data git pull
13 | pip install -U -r requirements.txt
14 | gosu www-data npm install --production
15 | gosu www-data bower install --config.interactive=false
16 | gosu www-data python manage.py collectstatic --noinput
17 | 
18 | exec gosu root "$@"
19 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:jessie
 2 | 
 3 | # Based on: https://hub.docker.com/r/jtgasper3/debian-shibboleth-sp/
 4 | 
 5 | ENV APACHE2_VERSION 2.4.10-10+deb8u11
 6 | ENV SHIBBOLETH_SP_VERSION 2.5.3+dfsg-2+deb8u1
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |       apache2=$APACHE2_VERSION \
10 |       libapache2-mod-shib2=$SHIBBOLETH_SP_VERSION \
11 |     && apt-get clean \
12 |     && apt-get autoremove -y \
13 |     && rm -rf /var/lib/apt/lists/*
14 | 
15 | RUN rm /etc/apache2/sites-enabled/*
16 | 
17 | ADD ./shibboleth /etc/shibboleth
18 | ADD ./apache2 /etc/apache2
19 | 
20 | RUN a2enmod headers \
21 |     && a2enmod env \
22 |     && a2enmod proxy_http \
23 |     && a2enmod ssl \
24 |     && a2enmod rewrite \
25 |     && sed -ri 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g;' /etc/apache2/apache2.conf \
26 |     && sed -ri 's!^(\s*CustomLog)\s+\S+\s+(.*$)!\1 /proc/self/fd/1 \2 env=\!dontlog!g;' /etc/apache2/conf-available/other-vhosts-access-log.conf \
27 |     && echo "ServerSignature Off" >> /etc/apache2/apache2.conf \
28 |     && echo "ServerTokens Prod" >> /etc/apache2/apache2.conf
29 | 
30 | EXPOSE 8080
31 | EXPOSE 8443
32 | 
33 | COPY httpd-foreground /usr/local/bin/
34 | RUN chmod +x /usr/local/bin/httpd-foreground
35 | 
36 | CMD ["httpd-foreground"]
37 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/apache2/ports.conf:
--------------------------------------------------------------------------------
 1 | # If you just change the port or add more ports here, you will likely also
 2 | # have to change the VirtualHost statement in
 3 | # /etc/apache2/sites-enabled/000-default.conf
 4 | 
 5 | Listen 80
 6 | 
 7 | <IfModule ssl_module>
 8 |         Listen 443
 9 | </IfModule>
10 | 
11 | <IfModule mod_gnutls.c>
12 |         Listen 443
13 | </IfModule>
14 | 
15 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
16 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/apache2/sites-enabled/default.conf:
--------------------------------------------------------------------------------
 1 | <VirtualHost *:80>
 2 |   ServerName accounts.dev.osf.io
 3 |   ServerAdmin admin@dev.osf.io
 4 | 
 5 |   ProxyRequests off
 6 | 
 7 |   <Location />
 8 |     # ShibDisable on
 9 | 
10 |     ProxyPass http://localhost:8080/
11 |     ProxyPassReverse http://localhost:8080/
12 |   </Location>
13 | 
14 |   <Location /login>
15 |     AuthType shibboleth
16 |     # ShibRequestSetting requireSession 0
17 |     Require shibboleth
18 | 
19 |     # https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking
20 |     # - Jetty 9 drops AJP Support (https://bugs.eclipse.org/bugs/show_bug.cgi?id=425244)
21 |     ShibUseEnvironment off
22 |     ShibUseHeaders on
23 | 
24 |     ProxyPass http://localhost:8080/login
25 |     ProxyPassReverse http://localhost:8080/login
26 |   </Location>
27 | 
28 |   <Location /Shibboleth.sso>
29 |     ProxyPass !
30 |     SetHandler shib
31 |   </Location>
32 | </VirtualHost>
33 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/httpd-foreground:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | mkdir -p '/var/run/shibboleth' '/var/log/shibboleth'
 5 | chown -Rh _shibd '/var/run/shibboleth' '/var/log/shibboleth'
 6 | 
 7 | shibd -F -f -w 30 -u _shibd -c /etc/shibboleth/shibboleth2.xml &
 8 | 
 9 | # Apache gets grumpy about PID files pre-existing
10 | rm -f /var/run/apache2/apache2.pid
11 | 
12 | exec apachectl -DFOREGROUND
13 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/shibboleth/attribute-policy.xml:
--------------------------------------------------------------------------------
 1 | <afp:AttributeFilterPolicyGroup
 2 |     xmlns="urn:mace:shibboleth:2.0:afp:mf:basic"
 3 |     xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
 4 |     xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
 5 |     xmlns:afp="urn:mace:shibboleth:2.0:afp"
 6 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 7 | 
 8 |     <!-- Shared rule for affiliation values. -->
 9 |     <afp:PermitValueRule id="eduPersonAffiliationValues" xsi:type="OR">
10 |         <Rule xsi:type="AttributeValueString" value="faculty"/>
11 |         <Rule xsi:type="AttributeValueString" value="student"/>
12 |         <Rule xsi:type="AttributeValueString" value="staff"/>
13 |         <Rule xsi:type="AttributeValueString" value="alum"/>
14 |         <Rule xsi:type="AttributeValueString" value="member"/>
15 |         <Rule xsi:type="AttributeValueString" value="affiliate"/>
16 |         <Rule xsi:type="AttributeValueString" value="employee"/>
17 |         <Rule xsi:type="AttributeValueString" value="library-walk-in"/>
18 |     </afp:PermitValueRule>
19 | 
20 |     <!--
21 |     Shared rule for all "scoped" attributes, but you'll have to manually apply it inside
22 |     an AttributeRule for each attribute you want to check.
23 |     -->
24 |     <afp:PermitValueRule id="ScopingRules" xsi:type="AND">
25 |         <Rule xsi:type="NOT">
26 |             <Rule xsi:type="AttributeValueRegex" regex="@"/>
27 |         </Rule>
28 |         <Rule xsi:type="saml:AttributeScopeMatchesShibMDScope"/>
29 |     </afp:PermitValueRule>
30 | 
31 |     <afp:AttributeFilterPolicy>
32 |         <!-- This policy is in effect in all cases. -->
33 |         <afp:PolicyRequirementRule xsi:type="ANY"/>
34 | 
35 |         <!-- Filter out undefined affiliations and ensure only one primary. -->
36 |         <afp:AttributeRule attributeID="affiliation">
37 |             <afp:PermitValueRule xsi:type="AND">
38 |                 <RuleReference ref="eduPersonAffiliationValues"/>
39 |                 <RuleReference ref="ScopingRules"/>
40 |             </afp:PermitValueRule>
41 |         </afp:AttributeRule>
42 |         <afp:AttributeRule attributeID="unscoped-affiliation">
43 |             <afp:PermitValueRuleReference ref="eduPersonAffiliationValues"/>
44 |         </afp:AttributeRule>
45 |         <afp:AttributeRule attributeID="primary-affiliation">
46 |             <afp:PermitValueRuleReference ref="eduPersonAffiliationValues"/>
47 |         </afp:AttributeRule>
48 | 
49 |         <afp:AttributeRule attributeID="eppn">
50 |             <afp:PermitValueRuleReference ref="ScopingRules"/>
51 |         </afp:AttributeRule>
52 | 
53 |         <afp:AttributeRule attributeID="targeted-id">
54 |             <afp:PermitValueRuleReference ref="ScopingRules"/>
55 |         </afp:AttributeRule>
56 | 
57 |         <!-- Require NameQualifier/SPNameQualifier match IdP and SP entityID respectively. -->
58 |         <afp:AttributeRule attributeID="persistent-id">
59 |             <afp:PermitValueRule xsi:type="saml:NameIDQualifierString"/>
60 |         </afp:AttributeRule>
61 | 
62 |         <!-- Catch-all that passes everything else through unmolested. -->
63 |         <afp:AttributeRule attributeID="*">
64 |             <afp:PermitValueRule xsi:type="ANY"/>
65 |         </afp:AttributeRule>
66 | 
67 |     </afp:AttributeFilterPolicy>
68 | 
69 | </afp:AttributeFilterPolicyGroup>
70 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/shibboleth/native.logger:
--------------------------------------------------------------------------------
 1 | # set overall behavior
 2 | #
 3 | # Debian: remove warn_log.  All logs go to syslog, so there's no need to
 4 | # have multiple log destinations differentiated only by log threshold.
 5 | #log4j.rootCategory=INFO, native_log, warn_log
 6 | log4j.rootCategory=INFO, native_log
 7 | 
 8 | # fairly verbose for DEBUG, so generally leave at INFO
 9 | log4j.category.XMLTooling.XMLObject=INFO
10 | log4j.category.XMLTooling.KeyInfoResolver=INFO
11 | log4j.category.Shibboleth.IPRange=INFO
12 | log4j.category.Shibboleth.PropertySet=INFO
13 | 
14 | # raise for low-level tracing of SOAP client HTTP/SSL behavior
15 | log4j.category.XMLTooling.libcurl=INFO
16 | 
17 | # useful categories to tune independently:
18 | #
19 | # tracing of SAML messages and security policies
20 | #log4j.category.OpenSAML.MessageDecoder=DEBUG
21 | #log4j.category.OpenSAML.MessageEncoder=DEBUG
22 | #log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
23 | # interprocess message remoting
24 | #log4j.category.Shibboleth.Listener=DEBUG
25 | # mapping of requests to applicationId
26 | #log4j.category.Shibboleth.RequestMapper=DEBUG
27 | # high level session cache operations
28 | #log4j.category.Shibboleth.SessionCache=DEBUG
29 | # persistent storage and caching
30 | #log4j.category.XMLTooling.StorageService=DEBUG
31 | 
32 | # define the appender
33 | 
34 | # This is the default, but it's essentially useless under normal
35 | # circumstances since Apache doesn't have access to write to that
36 | # directory.
37 | #log4j.appender.native_log=org.apache.log4j.RollingFileAppender
38 | #log4j.appender.native_log.fileName=/var/log/apache2/native.log
39 | #log4j.appender.native_log.maxFileSize=1000000
40 | #log4j.appender.native_log.maxBackupIndex=10
41 | #log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
42 | #log4j.appender.native_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
43 | #log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
44 | #log4j.appender.warn_log.fileName=/var/log/apache2/native_warn.log
45 | #log4j.appender.warn_log.maxFileSize=1000000
46 | #log4j.appender.warn_log.maxBackupIndex=10
47 | #log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
48 | #log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
49 | #log4j.appender.warn_log.threshold=WARN
50 | 
51 | # Use syslog instead, since then at least the messages will go somewhere.
52 | # That facility is LOG_DAEMON, since log4cpp apparently doesn't recognize
53 | # symbolic log facilities.
54 | #
55 | # This is a Debian-specific change.
56 | # log4j.appender.native_log=org.apache.log4j.LocalSyslogAppender
57 | # log4j.appender.native_log.syslogName=shibboleth-sp
58 | # log4j.appender.native_log.facility=3
59 | log4j.appender.native_log=org.apache.log4j.ConsoleAppender
60 | log4j.appender.native_log.layout=org.apache.log4j.BasicLayout
61 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/shibboleth/shibd.logger:
--------------------------------------------------------------------------------
 1 | # set overall behavior
 2 | log4j.rootCategory=INFO, shibd_log, warn_log
 3 | 
 4 | # fairly verbose for DEBUG, so generally leave at INFO
 5 | log4j.category.XMLTooling.XMLObject=INFO
 6 | log4j.category.XMLTooling.KeyInfoResolver=INFO
 7 | log4j.category.Shibboleth.IPRange=INFO
 8 | log4j.category.Shibboleth.PropertySet=INFO
 9 | 
10 | # raise for low-level tracing of SOAP client HTTP/SSL behavior
11 | log4j.category.XMLTooling.libcurl=INFO
12 | 
13 | # useful categories to tune independently:
14 | #
15 | # tracing of SAML messages and security policies
16 | #log4j.category.OpenSAML.MessageDecoder=DEBUG
17 | #log4j.category.OpenSAML.MessageEncoder=DEBUG
18 | #log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
19 | #log4j.category.XMLTooling.SOAPClient=DEBUG
20 | # interprocess message remoting
21 | #log4j.category.Shibboleth.Listener=DEBUG
22 | # mapping of requests to applicationId
23 | #log4j.category.Shibboleth.RequestMapper=DEBUG
24 | # high level session cache operations
25 | #log4j.category.Shibboleth.SessionCache=DEBUG
26 | # persistent storage and caching
27 | #log4j.category.XMLTooling.StorageService=DEBUG
28 | 
29 | # logs XML being signed or verified if set to DEBUG
30 | log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
31 | log4j.additivity.XMLTooling.Signature.Debugger=false
32 | 
33 | # the tran log blocks the "default" appender(s) at runtime
34 | # Level should be left at INFO for this category
35 | log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
36 | log4j.additivity.Shibboleth-TRANSACTION=false
37 | # uncomment to suppress particular event types
38 | #log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
39 | #log4j.category.Shibboleth-TRANSACTION.Login=WARN
40 | #log4j.category.Shibboleth-TRANSACTION.Logout=WARN
41 | 
42 | # define the appenders
43 | 
44 | # log4j.appender.shibd_log=org.apache.log4j.RollingFileAppender
45 | # log4j.appender.shibd_log.fileName=/var/log/shibboleth/shibd.log
46 | # log4j.appender.shibd_log.maxFileSize=1000000
47 | # log4j.appender.shibd_log.maxBackupIndex=10
48 | log4j.appender.shibd_log=org.apache.log4j.ConsoleAppender
49 | log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
50 | log4j.appender.shibd_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
51 | 
52 | # log4j.appender.warn_log=org.apache.log4j.RollingFileAppender
53 | # log4j.appender.warn_log.fileName=/var/log/shibboleth/shibd_warn.log
54 | # log4j.appender.warn_log.maxFileSize=1000000
55 | # log4j.appender.warn_log.maxBackupIndex=10
56 | log4j.appender.warn_log=org.apache.log4j.ConsoleAppender
57 | log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
58 | log4j.appender.warn_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
59 | log4j.appender.warn_log.threshold=WARN
60 | 
61 | # log4j.appender.tran_log=org.apache.log4j.RollingFileAppender
62 | # log4j.appender.tran_log.fileName=/var/log/shibboleth/transaction.log
63 | # log4j.appender.tran_log.maxFileSize=1000000
64 | # log4j.appender.tran_log.maxBackupIndex=20
65 | log4j.appender.tran_log=org.apache.log4j.ConsoleAppender
66 | log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
67 | log4j.appender.tran_log.layout.ConversionPattern=%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
68 | 
69 | # log4j.appender.sig_log=org.apache.log4j.FileAppender
70 | # log4j.appender.sig_log.fileName=/var/log/shibboleth/signature.log
71 | log4j.appender.sig_log=org.apache.log4j.ConsoleAppender
72 | log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
73 | log4j.appender.sig_log.layout.ConversionPattern=%m
74 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/shibboleth/sp-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIC6zCCAdOgAwIBAgIJAOtPE/KVhfCGMA0GCSqGSIb3DQEBBQUAMBcxFTATBgNV
 3 | BAMTDGZjZGIwYjUxMzQxMTAeFw0xNTExMDcyMTM4MjhaFw0yNTExMDQyMTM4Mjha
 4 | MBcxFTATBgNVBAMTDGZjZGIwYjUxMzQxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 5 | ADCCAQoCggEBAMJRDaANHbZrNSMazVHR1m0ZBgW1WrXYnZjOF6QtiOXrpNqGsxOZ
 6 | jWN7U6tyoqV06dwqx4fiGgz8TIqSnJpZlWOQa/bKLJscby4wIFRDniavBhUeFJlJ
 7 | C/34dXV1Wl/rM+vjwb4GNtNxCEmQ5MCJH0ESy4DSORGo10UT2Fcnr/0Zy9tK+UBK
 8 | GxU/TeAadl8LzueBzok5MxW6WpOoEyCit7sDSkSV+RFUqNrtVCGwung66arO630Z
 9 | F9RETM4NziMzxvO9294zysSDqd19EfYQ28hqwpaOLiHBGbJoQ0Kptt+m3QzmfiLK
10 | +/0QHh62iDfUKoVGeIDW5YmYGLJaRF1+8eMCAwEAAaM6MDgwFwYDVR0RBBAwDoIM
11 | ZmNkYjBiNTEzNDExMB0GA1UdDgQWBBSIpSXmw+VcDrKNQ40nIHNh3NjzGTANBgkq
12 | hkiG9w0BAQUFAAOCAQEAEIxGbn32w3FT2LIs5jEa9Y+tftyzUVPZAAbJk5SvXyII
13 | Ho84BvQ2sJklXHMhVwQChnXGNXLSVVV3AwdtiFjuX0Skjn0a6LJMfI2vC+oE925N
14 | eE2QXeGFGxkh8HcimQqzxC11nWuVoG9ZphiYrsDEpcK9fNiPDaihJZRaqTGxJKki
15 | p+KH0Wmum3TuL9g0ZzGiIROVsHrO5jTi2UveVdEZaZuYAgEnDtgmwSIFeEo3RbUf
16 | BsHQzXK2Wt36Dqr86JglxMy0yH5zTJihThoBdTDiU/kFZ7QeReyDRPCG+zIfX2UI
17 | spsDYrxzjTsFCyhD1CQPtE+5cAQ8dOtAlh3f1Lx6pg==
18 | -----END CERTIFICATE-----
19 | 


--------------------------------------------------------------------------------
/(legacy)/shibboleth/shibboleth/sp-key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN PRIVATE KEY-----
 2 | MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCUQ2gDR22azUj
 3 | Gs1R0dZtGQYFtVq12J2YzhekLYjl66TahrMTmY1je1OrcqKldOncKseH4hoM/EyK
 4 | kpyaWZVjkGv2yiybHG8uMCBUQ54mrwYVHhSZSQv9+HV1dVpf6zPr48G+BjbTcQhJ
 5 | kOTAiR9BEsuA0jkRqNdFE9hXJ6/9GcvbSvlAShsVP03gGnZfC87ngc6JOTMVulqT
 6 | qBMgore7A0pElfkRVKja7VQhsLp4Oumqzut9GRfUREzODc4jM8bzvdveM8rEg6nd
 7 | fRH2ENvIasKWji4hwRmyaENCqbbfpt0M5n4iyvv9EB4etog31CqFRniA1uWJmBiy
 8 | WkRdfvHjAgMBAAECggEBALJDn4dUYQzH/4CMBw5nvhpqGX9FJ8mpxrK3ZzLj3zJm
 9 | 4t7jMgfqF67LJjAkQ5gc0Kp9yH0dbR66mxGJfQeQ5Z7okFNgmFlYVZr+5bnIKp98
10 | c80NwoH5ZHoC5Obz2Qwj/4cJc+T7WHLTwHGU7na/lR+iuXUd5uMPjSW/Ffqm2yoK
11 | UzNUTWGKpiiuGFL6uulPazzCNUtgZULXOBg21gGNwysEUHBCoQ8PUGG4R5f6Jv5U
12 | QAqMgleVnecsDJ+PRqmkPBKZbDA/94Dtx4gSc1V55ueTHEMZ0dfHTZvXOO9sEkwj
13 | D7gO97BTxFnJB18jlEUju6GCxSBKOaFVqMgbLcONBGkCgYEA+2dEp6XWfMob3Pxa
14 | MoKSzD4YZBczZjuazhz9Vf7XYpVQoGaioGf5isIPxFdWgecH4lodh1CUOoLG+RK1
15 | OdgHx1JPDQUmr6+Nl4a2lNR2lWNphESzUWPeyvjZtRamSTrhRi91iQYmX4GyqZhS
16 | 83wXeGjzPyvMMQ6aqQtZOStO0hUCgYEAxd6U6gEM/8GdTrGfQg0qQevTQDm3jboj
17 | y0vMXw4zQd0u5CWvCxvZrKPVTvdsfNY/0EcoNaN0xqVMextMj/sPKBCPBBT9UYL0
18 | j/c+jFLqxQlPYsRMp+k0IoojDUkhD3uTIztPDo1DdqkZE4dGXHy4N6WlaYcMv8hq
19 | Q6f1QQnwShcCgYAvGGBXG4z7oYzor+lhru47DqLZFTOOwjm0xN98XZoRoLES60cp
20 | z3CC2unDOS0+dn4WnBUOBT1PXLJTdHq4lEyYvUWLxdxCaxuWOCk55jc0swPQQGJr
21 | K89PrKBz+QM7kqki0b8t5RYJLC3A8YUQkb1/1AFFYzoEMp0sb7DOMdu5JQKBgQCH
22 | nEkLJ7U1BAlACdRQfJ1dmLar6eK3K7+kcUqcSysuFN0yV/Fj965z98UV3dVoqZ4K
23 | rPoN6Pz7uAZ2yPrsIvD8UHz0Gz6SQuJCWP1xRtLIP908n7S5z8Z/dZUYYepapiLt
24 | npRMMNzv0mzxSWEbug63dLutW3WNa1oJDG+2J42b+QKBgQDOxu+RtaEXWh85/FKm
25 | fYBL6LtJRRfAaRYbOzdd2vUoqhYlqGDkPxYXiK9/9sLJnlftBNM+Vym419SMi4qE
26 | PLE1gQqOwCGGSpNXemGVNwom7vJYY1v5v17FwP6zIDU4kw+gjRF0gL34E8K/PeY/
27 | fwVmU5UW9/xnbxVIFmlyEPDyVA==
28 | -----END PRIVATE KEY-----
29 | 


--------------------------------------------------------------------------------
/(legacy)/tokumx/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:wheezy
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r tokumx && useradd -r -g tokumx tokumx
 5 | 
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         numactl \
 9 |     && apt-get clean \
10 |     && apt-get autoremove -y \
11 |     && rm -rf /var/lib/apt/lists/*
12 | 
13 | # grab gosu for easy step-down from root
14 | ENV GOSU_VERSION 1.4
15 | RUN apt-get update \
16 |     && apt-get install -y \
17 |         curl \
18 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
19 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
20 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
21 |   	&& gpg --verify /usr/local/bin/gosu.asc \
22 |   	&& rm /usr/local/bin/gosu.asc \
23 |   	&& chmod +x /usr/local/bin/gosu \
24 |     && apt-get clean \
25 |     && apt-get autoremove -y \
26 |         curl \
27 |     && rm -rf /var/lib/apt/lists/*
28 | 
29 | ENV TOKUMX_VERSION 2.0.1-1
30 | RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 505A7412 \
31 |     && echo "deb [arch=amd64] http://s3.amazonaws.com/tokumx-debs wheezy main" > /etc/apt/sources.list.d/tokumx.list \
32 |     && apt-get update \
33 |     && apt-get install -y \
34 |         tokumx=$TOKUMX_VERSION \
35 |     && rm -rf /var/lib/tokumx \
36 |   	&& mv /etc/tokumx.conf /etc/tokumx.conf.orig \
37 |     && mkdir -p /data/db \
38 |     && chown -R tokumx:tokumx /data/db \
39 |     && apt-get clean \
40 |     && apt-get autoremove -y \
41 |     && rm -rf /var/lib/apt/lists/*
42 | 
43 | COPY entrypoint.sh /entrypoint.sh
44 | RUN chmod +x /entrypoint.sh
45 | ENTRYPOINT ["/entrypoint.sh"]
46 | 
47 | VOLUME /data/db
48 | 
49 | EXPOSE 27017
50 | EXPOSE 28017
51 | 
52 | # NOTE: While testing the docker container you can override toku's hard requirement
53 | # for transparent huge page sharing by setting the following environment variable.
54 | #
55 | # TOKU_HUGE_PAGES_OK=1
56 | #
57 | # Production systems see the following guide detailing how to disable this setting at boot.
58 | # http://docs.mongodb.org/manual/tutorial/transparent-huge-pages/#in-etc-rc-local-alternate
59 | 
60 | CMD ["mongod"]
61 | 


--------------------------------------------------------------------------------
/(legacy)/tokumx/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | if [ -f "/etc/tokumx-keyfile" ]; then
 5 |   if [[ $(stat -c '%U' /etc/tokumx-keyfile) != tokumx ]]; then
 6 |       chown tokumx:tokumx /etc/tokumx-keyfile
 7 |   fi
 8 | fi
 9 | 
10 | if [ "${1:0:1}" = '-' ]; then
11 | 	set -- mongod "$@"
12 | fi
13 | 
14 | if [ "$1" = 'mongod' ]; then
15 | 	chown -R tokumx /data/db
16 | 
17 | 	numa='numactl --interleave=all'
18 | 	if $numa true &> /dev/null; then
19 | 		set -- $numa "$@"
20 | 	fi
21 | 
22 | 	exec gosu tokumx "$@"
23 | fi
24 | 
25 | exec "$@"
26 | 


--------------------------------------------------------------------------------
/(legacy)/uwsgi/2.7/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:2.7
2 | 
3 | RUN usermod -d /home www-data \
4 |     && chown www-data:www-data /home
5 | 
6 | RUN pip install uwsgi==2.0.10
7 | 
8 | CMD ["uwsgi", "--ini", "/etc/uwsgi/uwsgi.ini"]
9 | 


--------------------------------------------------------------------------------
/(legacy)/uwsgi/3.4/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.4
2 | 
3 | RUN usermod -d /home www-data \
4 |     && chown www-data:www-data /home
5 | 
6 | RUN pip install uwsgi==2.0.10
7 | 
8 | CMD ["uwsgi", "--ini", "/etc/uwsgi/uwsgi.ini"]
9 | 


--------------------------------------------------------------------------------
/(legacy)/varnish/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:jessie
 2 | 
 3 | ENV VARNISH_VERSION 4.1
 4 | RUN apt-get update \
 5 |     && apt-get install -y \
 6 |         curl \
 7 |         automake \
 8 |         git \
 9 |         libtool \
10 |         make \
11 |         python-docutils \
12 |     && curl "http://repo.varnish-cache.org/GPG-key.txt" | apt-key add -- \
13 |     && echo "deb http://repo.varnish-cache.org/debian/ jessie varnish-$VARNISH_VERSION" >> /etc/apt/sources.list.d/varnish-cache.list \
14 |     && apt-get update \
15 |     && apt-get install -y \
16 |         varnish \
17 |         libvarnishapi-dev \
18 |     && apt-get clean \
19 |     && apt-get autoremove -y \
20 |         curl \
21 |     && rm -rf /var/lib/apt/lists/*
22 | 
23 | RUN cd /tmp \
24 |     && git clone https://github.com/varnish/libvmod-rtstatus.git \
25 |     && cd libvmod-rtstatus \
26 |     && git checkout $VARNISH_VERSION \
27 |     && ./autogen.sh \
28 |     && ./configure VARNISHSRC=/usr/include/varnish \
29 |     && make \
30 |     && make install
31 | 
32 | VOLUME '/var/lib/varnish'
33 | 
34 | CMD ['varnishd', '-F', '-f', '/etc/varnish/default.vcl']
35 | 


--------------------------------------------------------------------------------
/(legacy)/waterbutler/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.5-slim
 2 | 
 3 | RUN usermod -d /home www-data && chown www-data:www-data /home
 4 | 
 5 | # Install dependancies
 6 | RUN apt-get update \
 7 |     && apt-get install -y \
 8 |         git \
 9 |         par2 \
10 |         libevent-dev \
11 |         libxml2-dev \
12 |         libxslt1-dev \
13 |         zlib1g-dev \
14 |         # cryptography
15 |         build-essential \
16 |         libssl-dev \
17 |         libffi-dev \
18 |         python-dev \
19 |     && apt-get clean \
20 |     && apt-get autoremove -y \
21 |     && rm -rf /var/lib/apt/lists/*
22 | 
23 | # grab gosu for easy step-down from root
24 | ENV GOSU_VERSION 1.4
25 | RUN apt-get update \
26 |     && apt-get install -y \
27 |         curl \
28 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
29 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
30 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
31 |   	&& gpg --verify /usr/local/bin/gosu.asc \
32 |   	&& rm /usr/local/bin/gosu.asc \
33 |   	&& chmod +x /usr/local/bin/gosu \
34 |     && apt-get clean \
35 |     && apt-get autoremove -y \
36 |         curl \
37 |     && rm -rf /var/lib/apt/lists/*
38 | 
39 | ENV SOURCE_BRANCH master
40 | ENV SOURCE_REPO https://github.com/CenterForOpenScience/waterbutler.git
41 | ENV WHEELHOUSE /home/.cache/wheelhouse
42 | ENV UPDATE_CMD 'invoke wheelhouse && invoke install'
43 | 
44 | RUN pip install -U wheel
45 | 
46 | RUN pip install \
47 |       invoke==0.13.0 \
48 |       setuptools==30.4.0
49 | 
50 | WORKDIR /code
51 | 
52 | # perform an initial build to cache long running compilations
53 | RUN git clone -b $SOURCE_BRANCH $SOURCE_REPO . \
54 |     && chown -R www-data:www-data /code
55 | 
56 | RUN invoke wheelhouse
57 | RUN invoke install
58 | 
59 | COPY entrypoint.sh /entrypoint.sh
60 | RUN chmod +x /entrypoint.sh
61 | ENTRYPOINT ["/entrypoint.sh"]
62 | 
63 | EXPOSE 7777
64 | VOLUME /code
65 | 
66 | CMD ["invoke", "server"]
67 | 


--------------------------------------------------------------------------------
/(legacy)/waterbutler/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # Data Containers
 2 | 
 3 | tmpdata:
 4 |   image: busybox:latest
 5 |   volumes:
 6 |     - /tmp
 7 |     - /home/.cos
 8 | 
 9 | 
10 | # Service Containers
11 | 
12 | rabbitmq:
13 |   image: rabbitmq:latest
14 | 
15 | 
16 | # Server Containers
17 | 
18 | web:
19 |   build: .
20 |   command: 'invoke server'
21 |   environment:
22 |     - SOURCE_BRANCH=develop
23 |     - SOURCE_REPO=https://github.com/CenterForOpenScience/waterbutler
24 |   ports:
25 |     - 7777:7777
26 |   expose:
27 |     - 7777
28 |   links:
29 |     - rabbitmq:rabbitmq
30 |   volumes_from:
31 |     - tmpdata
32 | 
33 | celery:
34 |   build: .
35 |   command: 'invoke celery'
36 |   environment:
37 |     - SOURCE_BRANCH=develop
38 |     - SOURCE_REPO=https://github.com/CenterForOpenScience/waterbutler
39 |   links:
40 |     - rabbitmq:rabbitmq
41 |   volumes_from:
42 |     - tmpdata
43 | 


--------------------------------------------------------------------------------
/(legacy)/waterbutler/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | chown -R www-data:www-data /home || true
 5 | chown -R www-data:www-data /code || true
 6 | 
 7 | if [ ! -d /code/.git ]; then
 8 |     gosu www-data git init
 9 | fi
10 | 
11 | gosu www-data git remote rm origin || true
12 | gosu www-data git remote add origin $SOURCE_REPO
13 | gosu www-data git fetch -q
14 | gosu www-data git checkout $SOURCE_BRANCH
15 | gosu www-data git pull origin $SOURCE_BRANCH
16 | 
17 | # avoid running setup tasks on container restarts
18 | commit_head=$(git rev-parse HEAD)
19 | updated=false
20 | if [ -f "/tmp/.commit" ]; then
21 |     if ! grep -Fxq "$commit_head" /tmp/.commit; then
22 |         updated=true
23 |     fi
24 | else
25 |     updated=true
26 | fi
27 | if $updated; then
28 |     if [ "$UPDATE_CMD" != "" ]; then
29 |         echo "Updating: $UPDATE_CMD"
30 |         eval $UPDATE_CMD
31 |     fi
32 | fi
33 | echo "$commit_head" > /tmp/.commit
34 | 
35 | if [ "$1" = 'invoke' ]; then
36 |     echo "Starting: $@"
37 |     exec gosu www-data "$@"
38 | fi
39 | 
40 | exec gosu root "$@"
41 | 


--------------------------------------------------------------------------------
/(legacy)/wowza/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | Wowza:
 2 |   image: wowzamedia/wowza-streaming-engine-linux:4.7.1
 3 |   entrypoint: /sbin/entrypoint.sh
 4 |   ports:
 5 |     - "1935:1935"
 6 |     - "8086:8086"
 7 |     - "8087:8087"
 8 |     - "8088:8088"
 9 |     - "443:443"
10 |   volumes:
11 |     - /opt/wowza/conf:/usr/local/WowzaStreamingEngine/conf
12 |     - /opt/wowza/applications:/usr/local/WowzaStreamingEngine/applications
13 |     - /opt/wowza/lib:/usr/local/WowzaStreamingEngine/lib
14 |     - /opt/wowza/content:/usr/local/WowzaStreamingEngine/content
15 |     - /opt/wowza/logs/wowza:/usr/local/WowzaStreamingEngine/logs
16 |     - /opt/wowza/logs/manager:/usr/local/WowzaStreamingEngine/manager/logs
17 |     - /opt/wowza/logs/supervisor:/supervisor/supervisord.log
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .env
2 | **/settings/local.py
3 | **/.data
4 | **/.pyc
5 | *~
6 | npm-debug.log
7 | **/Nessus*.deb
8 | 


--------------------------------------------------------------------------------
/ansible/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3-alpine
 2 | 
 3 | MAINTAINER Michael Haselton <michael@cos.io>
 4 | 
 5 | ARG VCS_REF
 6 | ARG BUILD_DATE
 7 | 
 8 | # Metadata
 9 | LABEL org.label-schema.vcs-ref=$VCS_REF \
10 |       org.label-schema.vcs-url="https://github.com/centerforopenscience/docker-library/ansible" \
11 |       org.label-schema.build-date=$BUILD_DATE \
12 |       org.label-schema.docker.dockerfile="/Dockerfile"
13 | 
14 | ENV ANSIBLE_VERSION="2.3.2"
15 | 
16 | RUN apk add --update ca-certificates \
17 |  && apk add --update make gcc musl-dev python3-dev libffi-dev openssl-dev \
18 |  && pip install cryptography \
19 |  && pip install ansible==${ANSIBLE_VERSION} \
20 |  && apk del make gcc musl-dev python3-dev libffi-dev openssl-dev \
21 |  # && apk del --purge deps \
22 |  && rm /var/cache/apk/*
23 | 
24 | ENTRYPOINT ["ansible"]
25 | CMD ["--help"]
26 | 


--------------------------------------------------------------------------------
/cerebro/0.6/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM openjdk:8-jre
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r cerebro && useradd -r -g cerebro cerebro
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | ENV GOSU_VERSION 1.7
 8 | RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 9 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
10 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
11 |     && gpg --verify /usr/local/bin/gosu.asc \
12 |     && rm /usr/local/bin/gosu.asc \
13 |     && chmod +x /usr/local/bin/gosu \
14 | 	&& gosu nobody true
15 | 
16 | ENV CEREBRO_VERSION 0.6.5
17 | ENV CEREBRO_SHA256 e0fab203496c3216561070df0b2dbd90ade83dfa0dc2fb380a88369958dc1e28
18 | RUN cd /tmp \
19 |     && curl -o cerebro-${CEREBRO_VERSION}.tgz -SL "https://github.com/lmenezes/cerebro/releases/download/v${CEREBRO_VERSION}/cerebro-${CEREBRO_VERSION}.tgz" \
20 |     && echo "$CEREBRO_SHA256  /tmp/cerebro-${CEREBRO_VERSION}.tgz" | sha256sum -c - \
21 |     && tar zxvf /tmp/cerebro-${CEREBRO_VERSION}.tgz \
22 |     && mkdir /tmp/cerebro-${CEREBRO_VERSION}/logs \
23 |     && mv /tmp/cerebro-${CEREBRO_VERSION} /opt/cerebro \
24 |     && rm /tmp/cerebro-${CEREBRO_VERSION}.tgz
25 | 
26 | WORKDIR /opt/cerebro
27 | 
28 | COPY docker-entrypoint.sh /docker-entrypoint.sh
29 | RUN chmod +x /docker-entrypoint.sh
30 | ENTRYPOINT ["/docker-entrypoint.sh"]
31 | 
32 | EXPOSE 9000
33 | 
34 | VOLUME ["/opt/cerebro/conf", "/opt/cerebro/logs"]
35 | 
36 | CMD ["bin/cerebro"]
37 | 


--------------------------------------------------------------------------------
/cerebro/0.6/docker-entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Add cerebro as command if needed
 6 | if [ "${1:0:1}" = '-' ]; then
 7 | 	set -- /opt/cerebro/bin/cerebro "$@"
 8 | fi
 9 | 
10 | # Drop root privileges if we are running cerebro
11 | # allow the container to be started with `--user`
12 | if [ "$1" = 'bin/cerebro' -a "$(id -u)" = '0' ]; then
13 | 	# Change the ownership of user-mutable directories to cerebro
14 | 	for path in \
15 | 		/opt/cerebro \
16 | 	; do
17 | 		chown -R cerebro:cerebro "$path" || true
18 | 	done
19 | 
20 | 	set -- gosu cerebro "$@"
21 | fi
22 | 
23 | # As argument is not related to cerebro,
24 | # then assume that user wants to run his own process,
25 | # for example a `bash` shell to explore this image
26 | exec "$@"


--------------------------------------------------------------------------------
/cerebro/0.7/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM openjdk:8-jre
 2 | 
 3 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 4 | RUN groupadd -r cerebro && useradd -r -g cerebro cerebro
 5 | 
 6 | # grab gosu for easy step-down from root
 7 | ENV GOSU_VERSION 1.7
 8 | RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
 9 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
10 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
11 |     && gpg --verify /usr/local/bin/gosu.asc \
12 |     && rm /usr/local/bin/gosu.asc \
13 |     && chmod +x /usr/local/bin/gosu \
14 | 	&& gosu nobody true
15 | 
16 | ENV CEREBRO_VERSION 0.7.3
17 | ENV CEREBRO_SHA256 4123019aa75d401b0b27ae1f6bd29c93a10dd52d80f398a18480969b20759dac
18 | RUN cd /tmp \
19 |     && curl -o cerebro-${CEREBRO_VERSION}.tgz -SL "https://github.com/lmenezes/cerebro/releases/download/v${CEREBRO_VERSION}/cerebro-${CEREBRO_VERSION}.tgz" \
20 |     && echo "$CEREBRO_SHA256  /tmp/cerebro-${CEREBRO_VERSION}.tgz" | sha256sum -c - \
21 |     && tar zxvf /tmp/cerebro-${CEREBRO_VERSION}.tgz \
22 |     && mkdir /tmp/cerebro-${CEREBRO_VERSION}/logs \
23 |     && mv /tmp/cerebro-${CEREBRO_VERSION} /opt/cerebro \
24 |     && rm /tmp/cerebro-${CEREBRO_VERSION}.tgz
25 | 
26 | WORKDIR /opt/cerebro
27 | 
28 | COPY docker-entrypoint.sh /docker-entrypoint.sh
29 | RUN chmod +x /docker-entrypoint.sh
30 | ENTRYPOINT ["/docker-entrypoint.sh"]
31 | 
32 | EXPOSE 9000
33 | 
34 | VOLUME ["/opt/cerebro/conf", "/opt/cerebro/logs"]
35 | 
36 | CMD ["bin/cerebro"]
37 | 


--------------------------------------------------------------------------------
/cerebro/0.7/docker-entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Add cerebro as command if needed
 6 | if [ "${1:0:1}" = '-' ]; then
 7 | 	set -- /opt/cerebro/bin/cerebro "$@"
 8 | fi
 9 | 
10 | # Drop root privileges if we are running cerebro
11 | # allow the container to be started with `--user`
12 | if [ "$1" = 'bin/cerebro' -a "$(id -u)" = '0' ]; then
13 | 	# Change the ownership of user-mutable directories to cerebro
14 | 	for path in \
15 | 		/opt/cerebro \
16 | 	; do
17 | 		chown -R cerebro:cerebro "$path" || true
18 | 	done
19 | 
20 | 	set -- gosu cerebro "$@"
21 | fi
22 | 
23 | # As argument is not related to cerebro,
24 | # then assume that user wants to run his own process,
25 | # for example a `bash` shell to explore this image
26 | exec "$@"


--------------------------------------------------------------------------------
/cerebro/custom/Dockerfile:
--------------------------------------------------------------------------------
 1 | ### App code
 2 | FROM openjdk:8-jdk AS app
 3 | 
 4 | ENV SBT_VERSION 1.1.6
 5 | RUN curl -L -o sbt-$SBT_VERSION.deb http://dl.bintray.com/sbt/debian/sbt-$SBT_VERSION.deb \
 6 |     && dpkg -i sbt-$SBT_VERSION.deb \
 7 |     && rm sbt-$SBT_VERSION.deb \
 8 |     && apt-get update \
 9 |     && apt-get install sbt \
10 |     && sbt sbtVersion
11 | 
12 | WORKDIR /src
13 | 
14 | ENV CEREBRO_VERSION 0.7.3
15 | RUN && git clone -b v${CEREBRO_VERSION} https://github.com/lmenezes/cerebro.git . \
16 |     && sbt universal:packageZipTarball \
17 |     && mv /src/target/universal/cerebro-${CEREBRO_VERSION}.tgz /src/target/universal/cerebro.tgz
18 | 
19 | 
20 | ### Dist
21 | FROM openjdk:8-jre AS dist
22 | 
23 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
24 | RUN groupadd -r cerebro && useradd -r -g cerebro cerebro
25 | 
26 | # grab gosu for easy step-down from root
27 | ENV GOSU_VERSION 1.7
28 | RUN curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
29 |     && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
30 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
31 |     && gpg --verify /usr/local/bin/gosu.asc \
32 |     && rm /usr/local/bin/gosu.asc \
33 |     && chmod +x /usr/local/bin/gosu \
34 | 	&& gosu nobody true
35 | 
36 | COPY --from=app /src/target/universal/cerebro.tgz /tmp
37 | 
38 | RUN mkdir /tmp/cerebro \
39 |     && cd /tmp/cerebro \
40 |     && tar zxvf /tmp/cerebro.tgz --strip 1 \
41 |     && mkdir /tmp/cerebro/logs \
42 |     && mv /tmp/cerebro /opt/cerebro \
43 |     && rm /tmp/cerebro.tgz
44 | 
45 | COPY docker-entrypoint.sh /docker-entrypoint.sh
46 | RUN chmod +x /docker-entrypoint.sh
47 | ENTRYPOINT ["/docker-entrypoint.sh"]
48 | 
49 | WORKDIR /opt/cerebro
50 | 
51 | EXPOSE 9000
52 | 
53 | VOLUME ["/opt/cerebro/conf", "/opt/cerebro/logs"]
54 | 
55 | CMD ["bin/cerebro"]
56 | 
57 | 
58 | ### Dev
59 | FROM app AS dev
60 | 
61 | EXPOSE 9000
62 | 
63 | CMD ["sbt", "run"]
64 | 
65 | 


--------------------------------------------------------------------------------
/cerebro/custom/docker-entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | # Add cerebro as command if needed
 6 | if [ "${1:0:1}" = '-' ]; then
 7 | 	set -- /opt/cerebro/bin/cerebro "$@"
 8 | fi
 9 | 
10 | # Drop root privileges if we are running cerebro
11 | # allow the container to be started with `--user`
12 | if [ "$1" = 'bin/cerebro' -a "$(id -u)" = '0' ]; then
13 | 	# Change the ownership of user-mutable directories to cerebro
14 | 	for path in \
15 | 		/opt/cerebro \
16 | 	; do
17 | 		chown -R cerebro:cerebro "$path" || true
18 | 	done
19 | 
20 | 	set -- gosu cerebro "$@"
21 | fi
22 | 
23 | # As argument is not related to cerebro,
24 | # then assume that user wants to run his own process,
25 | # for example a `bash` shell to explore this image
26 | exec "$@"


--------------------------------------------------------------------------------
/commands.sh:
--------------------------------------------------------------------------------
 1 | A few notes to quickly get strated with docker.
 2 | 
 3 | 
 4 | --- Docker ---
 5 | 
 6 | docker run -d -p 5672:5672 -p 15672:15672 -v <log-dir>:/data/log -v <data-dir>:/data/mnesia dockerfile/rabbitmq
 7 | docker exec -it waterbutler_tornado_1 /bin/bash (bash shell on running container)
 8 | 
 9 | 
10 | --- Docker Compose ---
11 | 
12 | docker run \
13 |     -d \
14 |     -it \
15 |     --name waterbutler_data_1 \
16 |     waterbutler_data
17 | 
18 | docker-compose build
19 | docker-compose up
20 | docker-compose run -d data
21 | 
22 | 
23 | --- ZSH Shortcuts ---
24 | 
25 | https://github.com/icereval/dotfiles/blob/master/zsh/.zprezto/modules/docker/init.zsh
26 | 
27 | dsa (docker stop all containers)
28 | drma (docker remove all containers)
29 | drmi (docker remove all images)
30 | drmin (docker remove all images w/o a tag, e.g. <none>)
31 | 
32 | 
33 | --- Boot2Docker & VirtualBox Port Forwarding ---
34 | 
35 | VBoxManage modifyvm "boot2docker-vm" --natpf1 "tcp-port7777,tcp,,7777,,77777"
36 | 
37 | 
38 | --- VirtualBox Port Forwarding (Vagrant) ---
39 | 
40 | ## forward 7777 to local host for a specific virtual machine
41 | VBoxManage controlvm boot2docker-vm natpf1 "waterbutler_tornado,tcp,127.0.0.1,7777,,7777"
42 | 
43 | 
44 | --- VMware Fusion Port Forwarding (Vagrant) ---
45 | 
46 | https://github.com/icereval/dotfiles/blob/master/zsh/.zprezto/modules/vmware/init.zsh
47 | 
48 | vmnet-cli (networking cli)
49 | vmnet-restart (restart the networking daemon)
50 | vmnet-nat (shortcut to editing the nat.conf file)
51 | 


--------------------------------------------------------------------------------
/elasticsearch/2.3/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM elasticsearch:2.3.5
 2 | 
 3 | RUN bin/plugin install io.fabric8/elasticsearch-cloud-kubernetes/2.3.5
 4 | RUN bin/plugin install lmenezes/elasticsearch-kopf/2.1.2
 5 | 
 6 | ENV BOOTSTRAP_MLOCKALL=false
 7 | ENV JAVA_OPTS=-Djava.net.preferIPv4Stack=true
 8 | 
 9 | # common dependencies
10 | RUN apt-get update && apt-get install -y \
11 |         jq \
12 |         curl \
13 |     && rm -rf /var/lib/apt/lists/*
14 | 
15 | ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
16 | 


--------------------------------------------------------------------------------
/elasticsearch/2.3/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | node.data: ${NODE_DATA:true}
 2 | node.master: ${NODE_MASTER:true}
 3 | node.name: ${HOSTNAME}
 4 | 
 5 | bootstrap.mlockall: ${BOOTSTRAP_MLOCKALL}
 6 | 
 7 | network.host: 0.0.0.0
 8 | 
 9 | path:
10 |   plugins: /usr/share/elasticsearch/plugins
11 | 
12 | processors: ${PROCESSORS:}
13 | 


--------------------------------------------------------------------------------
/elasticsearch/2.4/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM elasticsearch:2.4.5
 2 | 
 3 | RUN bin/plugin install io.fabric8/elasticsearch-cloud-kubernetes/2.4.5_01
 4 | RUN bin/plugin install lmenezes/elasticsearch-kopf/2.1.2
 5 | 
 6 | ENV BOOTSTRAP_MLOCKALL=false
 7 | ENV JAVA_OPTS=-Djava.net.preferIPv4Stack=true
 8 | 
 9 | # common dependencies
10 | RUN apt-get update && apt-get install -y \
11 |         jq \
12 |         curl \
13 |     && rm -rf /var/lib/apt/lists/*
14 | 
15 | ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
16 | 


--------------------------------------------------------------------------------
/elasticsearch/2.4/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | node.data: ${NODE_DATA:true}
 2 | node.master: ${NODE_MASTER:true}
 3 | node.name: ${HOSTNAME}
 4 | 
 5 | bootstrap.mlockall: ${BOOTSTRAP_MLOCKALL}
 6 | 
 7 | network.host: 0.0.0.0
 8 | 
 9 | path:
10 |   plugins: /usr/share/elasticsearch/plugins
11 | 
12 | processors: ${PROCESSORS:}
13 | 


--------------------------------------------------------------------------------
/elasticsearch/2.4/tls/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM elasticsearch:2.4.5
 2 | 
 3 | RUN bin/plugin install io.fabric8/elasticsearch-cloud-kubernetes/2.4.5_01
 4 | RUN bin/plugin install lmenezes/elasticsearch-kopf/2.1.2
 5 | RUN bin/plugin install com.floragunn/search-guard-ssl/2.4.5.21
 6 | 
 7 | ENV BOOTSTRAP_MLOCKALL=false
 8 | ENV JAVA_OPTS=-Djava.net.preferIPv4Stack=true
 9 | 
10 | # common dependencies
11 | RUN apt-get update && apt-get install -y \
12 |         jq \
13 |         curl \
14 |     && rm -rf /var/lib/apt/lists/*
15 | 
16 | ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
17 | 


--------------------------------------------------------------------------------
/elasticsearch/2.4/tls/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | node.data: ${NODE_DATA:true}
 2 | node.master: ${NODE_MASTER:true}
 3 | node.name: ${HOSTNAME}
 4 | 
 5 | bootstrap.mlockall: ${BOOTSTRAP_MLOCKALL}
 6 | 
 7 | network.host: 0.0.0.0
 8 | 
 9 | path:
10 |   plugins: /usr/share/elasticsearch/plugins
11 | 
12 | processors: ${PROCESSORS:}
13 | 
14 | # see https://github.com/floragunncom/search-guard-ssl/blob/master/src/main/java/com/floragunn/searchguard/ssl/util/SSLConfigConstants.java#L28
15 | searchguard.ssl.transport.enabled: ${SEARCHGUARD_SSL_TRANSPORT_ENABLED:false}
16 | searchguard.ssl.http.enabled: ${SEARCHGUARD_SSL_HTTP_ENABLED:false}
17 | 


--------------------------------------------------------------------------------
/elasticsearch/5.3/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM elasticsearch:5.3.1
 2 | 
 3 | RUN bin/elasticsearch-plugin install io.fabric8:elasticsearch-cloud-kubernetes:5.3.1
 4 | 
 5 | ENV BOOTSTRAP_MEMORY_LOCK=false
 6 | ENV ES_JAVA_OPTS=-Djava.net.preferIPv4Stack=true
 7 | 
 8 | # common dependencies
 9 | RUN apt-get update && apt-get install -y \
10 |         jq \
11 |         curl \
12 |     && rm -rf /var/lib/apt/lists/*
13 | 
14 | ADD elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
15 | 


--------------------------------------------------------------------------------
/elasticsearch/5.3/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | node.data: ${NODE_DATA:true}
 2 | node.master: ${NODE_MASTER:true}
 3 | node.ingest: ${NODE_INGEST:true}
 4 | node.name: ${HOSTNAME}
 5 | 
 6 | bootstrap.memory_lock: ${BOOTSTRAP_MEMORY_LOCK}
 7 | 
 8 | network.host: 0.0.0.0
 9 | 
10 | processors: ${PROCESSORS:}
11 | 


--------------------------------------------------------------------------------
/elasticsearch/5.4/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:5.4.2
 2 | 
 3 | USER root
 4 | 
 5 | ENV JQ_VERSION 1.5
 6 | ENV JQ_SHA256 c6b3a7d7d3e7b70c6f51b706a3b90bd01833846c54d32ca32f0027f00226ff6d
 7 | RUN cd /tmp \
 8 |     && curl -o /usr/bin/jq -SL "https://github.com/stedolan/jq/releases/download/jq-$JQ_VERSION/jq-linux64" \
 9 |     && echo "$JQ_SHA256  /usr/bin/jq" | sha256sum -c - \
10 |     && chmod +x /usr/bin/jq
11 | 
12 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
13 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
14 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
15 | 
16 | USER elasticsearch
17 | 
18 | RUN bin/elasticsearch-plugin install io.fabric8:elasticsearch-cloud-kubernetes:5.4.2
19 | 


--------------------------------------------------------------------------------
/elasticsearch/5.4/elasticsearch.yml:
--------------------------------------------------------------------------------
1 | network.host: 0.0.0.0
2 | 
3 | processors: ${PROCESSORS:}
4 | 
5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
6 | # set to 1 to allow single node clusters
7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
8 | discovery.zen.minimum_master_nodes: 1
9 | 


--------------------------------------------------------------------------------
/elasticsearch/5.5/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:5.5.2
 2 | 
 3 | USER root
 4 | 
 5 | ENV JQ_VERSION 1.5
 6 | ENV JQ_SHA256 c6b3a7d7d3e7b70c6f51b706a3b90bd01833846c54d32ca32f0027f00226ff6d
 7 | RUN cd /tmp \
 8 |     && curl -o /usr/bin/jq -SL "https://github.com/stedolan/jq/releases/download/jq-$JQ_VERSION/jq-linux64" \
 9 |     && echo "$JQ_SHA256  /usr/bin/jq" | sha256sum -c - \
10 |     && chmod +x /usr/bin/jq
11 | 
12 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
13 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
14 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
15 | 
16 | USER elasticsearch
17 | 
18 | RUN bin/elasticsearch-plugin install io.fabric8:elasticsearch-cloud-kubernetes:5.5.2
19 | 


--------------------------------------------------------------------------------
/elasticsearch/5.5/elasticsearch.yml:
--------------------------------------------------------------------------------
1 | network.host: 0.0.0.0
2 | 
3 | processors: ${PROCESSORS:}
4 | 
5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
6 | # set to 1 to allow single node clusters
7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
8 | discovery.zen.minimum_master_nodes: 1
9 | 


--------------------------------------------------------------------------------
/elasticsearch/5.5/tls/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:5.5.2
 2 | 
 3 | USER root
 4 | 
 5 | ENV JQ_VERSION 1.5
 6 | ENV JQ_SHA256 c6b3a7d7d3e7b70c6f51b706a3b90bd01833846c54d32ca32f0027f00226ff6d
 7 | RUN cd /tmp \
 8 |     && curl -o /usr/bin/jq -SL "https://github.com/stedolan/jq/releases/download/jq-$JQ_VERSION/jq-linux64" \
 9 |     && echo "$JQ_SHA256  /usr/bin/jq" | sha256sum -c - \
10 |     && chmod +x /usr/bin/jq
11 | 
12 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
13 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
14 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
15 | 
16 | USER elasticsearch
17 | 
18 | RUN bin/elasticsearch-plugin install io.fabric8:elasticsearch-cloud-kubernetes:5.5.2
19 | RUN bin/elasticsearch-plugin install -b com.floragunn:search-guard-ssl:5.5.2-23
20 | 
21 | 


--------------------------------------------------------------------------------
/elasticsearch/5.5/tls/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | network.host: 0.0.0.0
 2 | 
 3 | processors: ${PROCESSORS:}
 4 | 
 5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
 6 | # set to 1 to allow single node clusters
 7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
 8 | discovery.zen.minimum_master_nodes: 1
 9 | 
10 | # see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
11 | xpack.ml.enabled: ${XPACK_ML_ENABLED:false}
12 | xpack.monitoring.enabled: ${XPACK_MONITORING_ENABLED:false}
13 | xpack.security.enabled: ${XPACK_SECURITY_ENABLED:false}
14 | xpack.watcher.enabled: ${XPACK_WATCHER_ENABLED:false}
15 | 
16 | # see https://github.com/floragunncom/search-guard-ssl/blob/master/src/main/java/com/floragunn/searchguard/ssl/util/SSLConfigConstants.java#L28
17 | searchguard.ssl.transport.enabled: ${SEARCHGUARD_SSL_TRANSPORT_ENABLED:false}
18 | searchguard.ssl.http.enabled: ${SEARCHGUARD_SSL_HTTP_ENABLED:false}
19 | 


--------------------------------------------------------------------------------
/elasticsearch/6.1/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:6.1.1
 2 | 
 3 | USER root
 4 | 
 5 | ENV JQ_VERSION 1.5
 6 | ENV JQ_SHA256 c6b3a7d7d3e7b70c6f51b706a3b90bd01833846c54d32ca32f0027f00226ff6d
 7 | RUN cd /tmp \
 8 |     && curl -o /usr/bin/jq -SL "https://github.com/stedolan/jq/releases/download/jq-$JQ_VERSION/jq-linux64" \
 9 |     && echo "$JQ_SHA256  /usr/bin/jq" | sha256sum -c - \
10 |     && chmod +x /usr/bin/jq
11 | 
12 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
13 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
14 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
15 | 
16 | USER elasticsearch
17 | 


--------------------------------------------------------------------------------
/elasticsearch/6.1/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | network.host: 0.0.0.0
 2 | 
 3 | processors: ${PROCESSORS:}
 4 | 
 5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
 6 | # set to 1 to allow single node clusters
 7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
 8 | discovery.zen.minimum_master_nodes: 1
 9 | 
10 | # see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
11 | xpack.ml.enabled: ${XPACK_ML_ENABLED:false}
12 | xpack.monitoring.enabled: ${XPACK_MONITORING_ENABLED:false}
13 | xpack.security.enabled: ${XPACK_SECURITY_ENABLED:false}
14 | xpack.watcher.enabled: ${XPACK_WATCHER_ENABLED:false}
15 | 
16 | 


--------------------------------------------------------------------------------
/elasticsearch/6.1/tls/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:6.1.1
 2 | 
 3 | USER root
 4 | 
 5 | ENV JQ_VERSION 1.5
 6 | ENV JQ_SHA256 c6b3a7d7d3e7b70c6f51b706a3b90bd01833846c54d32ca32f0027f00226ff6d
 7 | RUN cd /tmp \
 8 |     && curl -o /usr/bin/jq -SL "https://github.com/stedolan/jq/releases/download/jq-$JQ_VERSION/jq-linux64" \
 9 |     && echo "$JQ_SHA256  /usr/bin/jq" | sha256sum -c - \
10 |     && chmod +x /usr/bin/jq
11 | 
12 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
13 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
14 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
15 | 
16 | USER elasticsearch
17 | 
18 | RUN bin/elasticsearch-plugin install -b com.floragunn:search-guard-ssl:6.1.1-25.0
19 | 
20 | 


--------------------------------------------------------------------------------
/elasticsearch/6.1/tls/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | network.host: 0.0.0.0
 2 | 
 3 | processors: ${PROCESSORS:}
 4 | 
 5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
 6 | # set to 1 to allow single node clusters
 7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
 8 | discovery.zen.minimum_master_nodes: 1
 9 | 
10 | # see https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
11 | xpack.ml.enabled: ${XPACK_ML_ENABLED:false}
12 | xpack.monitoring.enabled: ${XPACK_MONITORING_ENABLED:false}
13 | xpack.security.enabled: ${XPACK_SECURITY_ENABLED:false}
14 | xpack.watcher.enabled: ${XPACK_WATCHER_ENABLED:false}
15 | 
16 | # see https://github.com/floragunncom/search-guard-ssl/blob/master/src/main/java/com/floragunn/searchguard/ssl/util/SSLConfigConstants.java#L28
17 | searchguard.ssl.transport.enabled: ${SEARCHGUARD_SSL_TRANSPORT_ENABLED:false}
18 | searchguard.ssl.http.enabled: ${SEARCHGUARD_SSL_HTTP_ENABLED:false}
19 | 


--------------------------------------------------------------------------------
/elasticsearch/6.4/tls/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM docker.elastic.co/elasticsearch/elasticsearch:6.4.1
 2 | 
 3 | USER root
 4 | 
 5 | # https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image
 6 | ADD elasticsearch.yml /usr/share/elasticsearch/config/
 7 | RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
 8 | 
 9 | USER elasticsearch
10 | 
11 | RUN bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.1-23.1
12 | 


--------------------------------------------------------------------------------
/elasticsearch/6.4/tls/elasticsearch.yml:
--------------------------------------------------------------------------------
 1 | network.host: 0.0.0.0
 2 | 
 3 | processors: ${PROCESSORS:}
 4 | 
 5 | # minimum_master_nodes need to be explicitly set when bound on a public IP
 6 | # set to 1 to allow single node clusters
 7 | # Details: https://github.com/elastic/elasticsearch/pull/17288
 8 | discovery.zen.minimum_master_nodes: ${DISCOVERY_ZEN_MINIMUM_MASTER_NODES:1}
 9 | 
10 | # XPack - https://www.elastic.co/guide/en/x-pack/current/xpack-settings.html
11 | xpack.ml.enabled: ${XPACK_ML_ENABLED:false}
12 | xpack.monitoring.enabled: ${XPACK_MONITORING_ENABLED:false}
13 | xpack.security.enabled: ${XPACK_SECURITY_ENABLED:false}
14 | xpack.watcher.enabled: ${XPACK_WATCHER_ENABLED:false}
15 | 
16 | # SearchGuard Community Edition - https://docs.search-guard.com/latest/search-guard-community-edition.html
17 | searchguard.enterprise_modules_enabled: ${SEARCHGUARD_ENTERPRISE_MODULES_ENABLED:false}
18 | 
19 | # see https://github.com/floragunncom/search-guard-ssl/blob/master/src/main/java/com/floragunn/searchguard/ssl/util/SSLConfigConstants.java#L28
20 | searchguard.ssl.transport.enabled: ${SEARCHGUARD_SSL_TRANSPORT_ENABLED:false}
21 | searchguard.ssl.http.enabled: ${SEARCHGUARD_SSL_HTTP_ENABLED:false}
22 | 


--------------------------------------------------------------------------------
/ember-base-10/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:10
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         apt-transport-https \
 6 |         ca-certificates \
 7 |     && curl -sS https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
 8 |     && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google-chrome.list \
 9 |     && apt-get update \
10 |     && apt-get install -y \
11 |         google-chrome-stable \
12 |         libdbus-glib-1-2 \
13 |         libpango1.0-0 \
14 |         "gtk+3.0" \
15 |         build-essential \
16 |         automake \
17 |         autoconf \
18 |         python-dev \
19 |     && curl -sLo /tmp/firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" \
20 |     && tar -C /opt -xjf /tmp/firefox.tar.bz2 \
21 |     && rm /tmp/firefox.tar.bz2 \
22 |     && ln -fs /opt/firefox/firefox /usr/bin/firefox \
23 |     && export WATCHMAN_VERSION=4.9.0 \
24 |     && git clone --branch v${WATCHMAN_VERSION} --single-branch https://github.com/facebook/watchman.git /tmp/watchman \
25 |     && cd /tmp/watchman \
26 |     && ./autogen.sh \
27 |     && ./configure --enable-statedir=/tmp \
28 |     && make \
29 |     && make install \
30 |     && mv watchman /usr/local/bin/watchman \
31 |     && rm -Rf /tmp/watchman \
32 |     && apt-get clean \
33 |     && apt-get autoremove -y \
34 |         build-essential \
35 |         automake \
36 |         autoconf \
37 |         python-dev \
38 |     && rm -rf /var/lib/apt/lists/* \
39 |     && mkdir -p /code
40 | 
41 | WORKDIR /code
42 | 


--------------------------------------------------------------------------------
/ember-base-14/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:14
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         apt-transport-https \
 6 |         ca-certificates \
 7 |     && curl -sS https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
 8 |     && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google-chrome.list \
 9 |     && apt-get update \
10 |     && apt-get install -y \
11 |         google-chrome-stable \
12 |         libdbus-glib-1-2 \
13 |         libpango1.0-0 \
14 |         "gtk+3.0" \
15 |         build-essential \
16 |         automake \
17 |         autoconf \
18 |         python-dev \
19 |     && curl -sLo /tmp/firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" \
20 |     && tar -C /opt -xjf /tmp/firefox.tar.bz2 \
21 |     && rm /tmp/firefox.tar.bz2 \
22 |     && ln -fs /opt/firefox/firefox /usr/bin/firefox \
23 |     && apt-get clean \
24 |     && apt-get autoremove -y \
25 |     build-essential \
26 |     automake \
27 |     autoconf \
28 |     python-dev \
29 |     && rm -rf /var/lib/apt/lists/* \
30 |     && mkdir -p /code
31 | 
32 | WORKDIR /code
33 | 


--------------------------------------------------------------------------------
/ember-base/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM node:8
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         apt-transport-https \
 6 |         ca-certificates \
 7 |     && curl -sS https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
 8 |     && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google-chrome.list \
 9 |     && apt-get update \
10 |     && apt-get install -y \
11 |         google-chrome-stable \
12 |         libdbus-glib-1-2 \
13 |         libpango1.0-0 \
14 |         "gtk+3.0" \
15 |         build-essential \
16 |         automake \
17 |         autoconf \
18 |         python-dev \
19 |     && curl -sLo /tmp/firefox.tar.bz2 "https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US" \
20 |     && tar -C /opt -xjf /tmp/firefox.tar.bz2 \
21 |     && rm /tmp/firefox.tar.bz2 \
22 |     && ln -fs /opt/firefox/firefox /usr/bin/firefox \
23 |     && export WATCHMAN_VERSION=4.9.0 \
24 |     && git clone --branch v${WATCHMAN_VERSION} --single-branch https://github.com/facebook/watchman.git /tmp/watchman \
25 |     && cd /tmp/watchman \
26 |     && ./autogen.sh \
27 |     && ./configure --enable-statedir=/tmp \
28 |     && make \
29 |     && make install \
30 |     && mv watchman /usr/local/bin/watchman \
31 |     && rm -Rf /tmp/watchman \
32 |     && apt-get clean \
33 |     && apt-get autoremove -y \
34 |         build-essential \
35 |         automake \
36 |         autoconf \
37 |         python-dev \
38 |     && rm -rf /var/lib/apt/lists/* \
39 |     && mkdir -p /code
40 | 
41 | WORKDIR /code
42 | 


--------------------------------------------------------------------------------
/gcloud/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Source: https://github.com/GoogleCloudPlatform/cloud-builders/blob/master/gcloud/Dockerfile
 2 | 
 3 | FROM launcher.gcr.io/google/ubuntu16_04
 4 | 
 5 | RUN apt-get -y update && \
 6 |     apt-get -y install gcc python2.7 python-dev python-setuptools wget ca-certificates \
 7 |        # These are necessary for add-apt-respository
 8 |        software-properties-common python-software-properties && \
 9 | 
10 |     # Install Git >2.0.1
11 |     add-apt-repository ppa:git-core/ppa && \
12 |     apt-get -y update && \
13 |     apt-get -y install git && \
14 | 
15 |     # Setup Google Cloud SDK (latest)
16 |     mkdir -p /builder && \
17 |     wget -qO- https://dl.google.com/dl/cloudsdk/release/google-cloud-sdk.tar.gz | tar zxv -C /builder && \
18 |     CLOUDSDK_PYTHON="python2.7" /builder/google-cloud-sdk/install.sh --usage-reporting=false \
19 |         --bash-completion=false \
20 |         --disable-installation-options && \
21 | 
22 |     # Install additional components
23 |     /builder/google-cloud-sdk/bin/gcloud -q components install \
24 |         alpha beta kubectl && \
25 |     /builder/google-cloud-sdk/bin/gcloud -q components update && \
26 | 
27 |     # install crcmod: https://cloud.google.com/storage/docs/gsutil/addlhelp/CRC32CandInstallingcrcmod
28 |     easy_install -U pip && \
29 |     pip install -U crcmod && \
30 | 
31 |     # TODO(jasonhall): These lines pin gcloud to a particular version.
32 |     /builder/google-cloud-sdk/bin/gcloud components update --version 184.0.0 && \
33 |     /builder/google-cloud-sdk/bin/gcloud config set component_manager/disable_update_check 1 && \
34 |     /builder/google-cloud-sdk/bin/gcloud -q components update && \
35 | 
36 |     # Clean up
37 |     apt-get -y remove gcc python-dev python-setuptools wget && \
38 |     rm -rf /var/lib/apt/lists/* && \
39 |     rm -rf ~/.config/gcloud
40 | 
41 | ENV PATH=/builder/google-cloud-sdk/bin/:$PATH
42 | 
43 | ENTRYPOINT ["gcloud"]
44 | 


--------------------------------------------------------------------------------
/nessus/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:stretch-slim
 2 | 
 3 | # Based On: https://github.com/mikenowak/docker-nessus/blob/master/Dockerfile
 4 | 
 5 | RUN apt-get update \
 6 |     && apt-get install -y \
 7 |         curl \
 8 |         gpg \
 9 |     && apt-get clean \
10 |     && apt-get autoremove -y \
11 |     && rm -rf /var/lib/apt/lists/*
12 | 
13 | COPY Nessus-7.1.2-debian6_amd64.deb /tmp/nessus.deb
14 | 
15 | RUN curl -o /tmp/RPM-GPG-Key-Tenable -SL "https://static.tenable.com/marketing/RPM-GPG-KEY-Tenable" \
16 |     && gpg --import /tmp/RPM-GPG-Key-Tenable \
17 |     && dpkg -i /tmp/nessus.deb \
18 |     && rm /tmp/nessus.deb \
19 |     && rm /tmp/RPM-GPG-Key-Tenable
20 | 
21 | VOLUME ["/opt/nessus"]
22 | 
23 | EXPOSE 8834
24 | 
25 | CMD ["/opt/nessus/sbin/nessus-service"]
26 | 


--------------------------------------------------------------------------------
/nginx/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | nginx:
 2 |   build: .
 3 |   volumes:
 4 |    - ./files/conf/nginx.conf:/etc/nginx/nginx.conf
 5 |    - ./files/conf/conf.d/:/etc/nginx/conf.d/
 6 |    - ./files/modsec_includes.conf:/etc/nginx/modsec_includes.conf
 7 |    - ./files/modsec_custom.conf:/etc/nginx/modsec_custom.conf
 8 |    - ./files/modsecurity.conf:/etc/nginx/modsecurity.conf
 9 |    - ./files/crs-setup.conf:/etc/nginx/rules/crs-setup.conf
10 |   environment:
11 |    - NGINX_HOST=foobar.com
12 |    - NGINX_PORT=80
13 |   ports:
14 |     - 8888:80
15 |   expose:
16 |     - 8888
17 | 


--------------------------------------------------------------------------------
/nginx/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -eu
 3 | 
 4 | function reload_nginx() {
 5 |     while true; do
 6 |         inotifywait -e close_write /etc/hosts 2> /dev/null
 7 |         service nginx reload
 8 |     done
 9 | }
10 | 
11 | reload_nginx &
12 | 
13 | exec "$@"
14 | 


--------------------------------------------------------------------------------
/nginx/files/conf/conf.d/site.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |   listen       80;
 3 |   server_name  localhost;
 4 | 
 5 |   # modsecurity on;
 6 |   # modsecurity_rules_file /etc/nginx/modsec_includes.conf;
 7 |   # location / {
 8 |     
 9 |   #  }
10 | }
11 | 


--------------------------------------------------------------------------------
/nginx/files/conf/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www-data;
 2 | worker_processes  auto;
 3 | 
 4 | error_log  /var/log/nginx/error.log warn;
 5 | pid        /var/run/nginx.pid;
 6 | 
 7 | load_module /usr/lib/nginx/modules/ngx_http_geoip_module.so;
 8 | 
 9 | events {
10 |     worker_connections  1024;
11 | }
12 | 
13 | http {
14 |     include       /etc/nginx/mime.types;
15 |     default_type  application/octet-stream;
16 | 
17 |     log_format  main  '$remote_addr - $upstream_cache_status $remote_user [$time_local] "$request" '
18 |                       '$status $body_bytes_sent "$http_referer" '
19 |                       '"$http_user_agent" "$http_x_forwarded_for"';
20 | 
21 |     access_log  /var/log/nginx/access.log  main;
22 | 
23 |     sendfile on;
24 |     tcp_nopush on;
25 |     tcp_nodelay on;
26 |     keepalive_timeout 65;
27 |     types_hash_max_size 2048;
28 |     server_tokens off;
29 | 
30 |     gzip on;
31 |     gzip_disable "msie6";
32 |     gzip_min_length 1400;
33 |     gzip_comp_level 2;
34 |     gzip_buffers 4 32k;
35 |     gzip_types text/plain text/css image/png image/gif image/jpeg application/javascript application/x-javascript text/xml text/javascript application/json;
36 | 
37 |     include /etc/nginx/conf.d/*.conf;
38 | }
39 | 


--------------------------------------------------------------------------------
/nginx/files/geoip/GeoIP.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CenterForOpenScience/docker-library/76e42dbd1e7ae09fd8dd1f2a1cb5dc4f7a3bb59b/nginx/files/geoip/GeoIP.dat


--------------------------------------------------------------------------------
/nginx/files/geoip/GeoIPASNum.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CenterForOpenScience/docker-library/76e42dbd1e7ae09fd8dd1f2a1cb5dc4f7a3bb59b/nginx/files/geoip/GeoIPASNum.dat


--------------------------------------------------------------------------------
/nginx/files/geoip/GeoLiteCity.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CenterForOpenScience/docker-library/76e42dbd1e7ae09fd8dd1f2a1cb5dc4f7a3bb59b/nginx/files/geoip/GeoLiteCity.dat


--------------------------------------------------------------------------------
/nginx/files/modsec_custom.conf:
--------------------------------------------------------------------------------
1 | # Test SecRule: http://localhost:8888/?<script>
2 | SecRule REQUEST_URI "@contains script" "id:1,phase:1,t:none,deny,status:403,msg:'Denied'"
3 | #SecRule REQUEST_URI "@rx test/script" "id:1,phase:1,t:none,deny,status:403,msg:'Denied'"
4 | #SecRule REQUEST_URI "@rx /[a-zA-Z0-9]{5,}/registrations" "id:1,phase:1,t:none,deny,status:403,msg:'Denied'"
5 | 


--------------------------------------------------------------------------------
/nginx/files/modsec_includes.conf:
--------------------------------------------------------------------------------
 1 | include modsecurity.conf
 2 | include modsec_custom.conf
 3 | include rules/crs-setup.conf
 4 | include rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
 5 | include rules/REQUEST-901-INITIALIZATION.conf
 6 | include rules/REQUEST-905-COMMON-EXCEPTIONS.conf
 7 | include rules/REQUEST-910-IP-REPUTATION.conf
 8 | include rules/REQUEST-911-METHOD-ENFORCEMENT.conf
 9 | include rules/REQUEST-912-DOS-PROTECTION.conf
10 | include rules/REQUEST-913-SCANNER-DETECTION.conf
11 | include rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
12 | include rules/REQUEST-921-PROTOCOL-ATTACK.conf
13 | include rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
14 | include rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
15 | include rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
16 | include rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
17 | include rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
18 | include rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
19 | include rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
20 | include rules/REQUEST-949-BLOCKING-EVALUATION.conf
21 | include rules/RESPONSE-950-DATA-LEAKAGES.conf
22 | include rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
23 | include rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
24 | include rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
25 | include rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
26 | include rules/RESPONSE-959-BLOCKING-EVALUATION.conf
27 | include rules/RESPONSE-980-CORRELATION.conf
28 | include rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
29 | 


--------------------------------------------------------------------------------
/pgbouncer/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:3.7
 2 | 
 3 | ENV PGBOUNCER_VERSION=1.8.1 \
 4 |     PGBOUNCER_SHA256=fa8bde2a2d2c8c80d53a859f8e48bc6713cf127e31c77d8f787bbc1d673e8dc8
 5 | 
 6 | RUN addgroup -S pgbouncer \
 7 |     && adduser -D -S -s /sbin/nologin -G pgbouncer pgbouncer \
 8 |     && apk add --no-cache --virtual .run-deps \
 9 |       c-ares \
10 |       libevent \
11 |       libressl
12 | 
13 | RUN apk add --no-cache --virtual .build-deps \
14 |       build-base \
15 |       autoconf \
16 |       wget \
17 |       c-ares-dev \
18 |       libevent-dev \
19 |       libressl-dev \
20 |     && wget https://pgbouncer.github.io/downloads/files/$PGBOUNCER_VERSION/pgbouncer-$PGBOUNCER_VERSION.tar.gz \
21 |     && echo "$PGBOUNCER_SHA256  /pgbouncer-$PGBOUNCER_VERSION.tar.gz" | sha256sum -c - \
22 |     && tar -xzvf pgbouncer-$PGBOUNCER_VERSION.tar.gz \
23 |     && cd pgbouncer-$PGBOUNCER_VERSION \
24 |     && ./configure --prefix=/usr --disable-debug \
25 |     && make \
26 |     && make install \
27 |     && mkdir /etc/pgbouncer \
28 |     && cp ./etc/pgbouncer.ini /etc/pgbouncer/ \
29 |     && touch /etc/pgbouncer/userlist.txt \
30 |     && sed -i \
31 |       -e "s|logfile = |#logfile = |" \
32 |       -e "s|pidfile = |#pidfile = |" \
33 |       -e "s|listen_addr = .*|listen_addr = 0.0.0.0|" \
34 |       -e "s|auth_type = .*|auth_type = md5|" \
35 |       /etc/pgbouncer/pgbouncer.ini \
36 |     && cd .. \
37 |     && rm pgbouncer-$PGBOUNCER_VERSION.tar.gz \
38 |     && rm -rf pgbouncer-$PGBOUNCER_VERSION \
39 |     && apk del .build-deps
40 | 
41 | CMD ["pgbouncer", "-u", "pgbouncer", "/etc/pgbouncer/pgbouncer.ini"]
42 | 


--------------------------------------------------------------------------------
/postgres/15.5/barman/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:15.5
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         barman \
 6 |         cron \
 7 |         rsyslog \
 8 |     && apt-get clean \
 9 |     && apt-get autoremove -y \
10 |     && rm -rf /var/lib/apt/lists/*
11 | 
12 | COPY barman.conf /etc/barman.conf
13 | COPY crontab /var/spool/cron/crontabs/barman
14 | RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
15 | 
16 | COPY entrypoint.sh /entrypoint.sh
17 | RUN chmod +x /entrypoint.sh
18 | ENTRYPOINT ["/entrypoint.sh"]
19 | 
20 | VOLUME /var/lib/barman
21 | 
22 | CMD ["/bin/bash", "-c", "rsyslogd && chown barman:crontab /var/spool/cron/crontabs/barman && chmod 0600 /var/spool/cron/crontabs/barman && cron && touch /var/log/syslog /var/log/barman/barman.log && chown barman:barman /var/log/barman/barman.log && tail -n 0 -f /var/log/syslog /var/log/barman/barman.log"]
23 | 


--------------------------------------------------------------------------------
/postgres/15.5/barman/barman.conf:
--------------------------------------------------------------------------------
 1 | ; Barman, Backup and Recovery Manager for PostgreSQL
 2 | ; http://www.pgbarman.org/ - http://www.2ndQuadrant.com/
 3 | ;
 4 | ; Main configuration file
 5 | 
 6 | [barman]
 7 | ; System user
 8 | barman_user = barman
 9 | 
10 | ; Directory of configuration files. Place your sections in separate files with .conf extension
11 | ; For example place the 'main' server section in /etc/barman.d/main.conf
12 | configuration_files_directory = /etc/barman.d
13 | 
14 | ; Main directory
15 | barman_home = /var/lib/barman
16 | 
17 | ; Locks directory - default: %(barman_home)s
18 | ;barman_lock_directory = /var/run/barman
19 | 
20 | ; Log location
21 | log_file = /var/log/barman/barman.log
22 | 
23 | ; Log level (see https://docs.python.org/3/library/logging.html#levels)
24 | log_level = INFO
25 | 
26 | ; Default compression level: possible values are None (default), bzip2, gzip, pigz, pygzip or pybzip2
27 | ;compression = gzip
28 | 
29 | ; Pre/post backup hook scripts
30 | ;pre_backup_script = env | grep ^BARMAN
31 | ;pre_backup_retry_script = env | grep ^BARMAN
32 | ;post_backup_retry_script = env | grep ^BARMAN
33 | ;post_backup_script = env | grep ^BARMAN
34 | 
35 | ; Pre/post archive hook scripts
36 | ;pre_archive_script = env | grep ^BARMAN
37 | ;pre_archive_retry_script = env | grep ^BARMAN
38 | ;post_archive_retry_script = env | grep ^BARMAN
39 | ;post_archive_script = env | grep ^BARMAN
40 | 
41 | ; Global retention policy (REDUNDANCY or RECOVERY WINDOW) - default empty
42 | ;retention_policy =
43 | 
44 | ; Global bandwidth limit in KBPS - default 0 (meaning no limit)
45 | ;bandwidth_limit = 4000
46 | 
47 | ; Immediate checkpoint for backup command - default false
48 | ;immediate_checkpoint = false
49 | 
50 | ; Enable network compression for data transfers - default false
51 | ;network_compression = false
52 | 
53 | ; Number of retries of data copy during base backup after an error - default 0
54 | ;basebackup_retry_times = 0
55 | 
56 | ; Number of seconds of wait after a failed copy, before retrying - default 30
57 | ;basebackup_retry_sleep = 30
58 | 
59 | ; Maximum execution time, in seconds, per server
60 | ; for a barman check command - default 30
61 | ;check_timeout = 30
62 | 
63 | ; Time frame that must contain the latest backup date.
64 | ; If the latest backup is older than the time frame, barman check
65 | ; command will report an error to the user.
66 | ; If empty, the latest backup is always considered valid.
67 | ; Syntax for this option is: "i (DAYS | WEEKS | MONTHS)" where i is an
68 | ; integer > 0 which identifies the number of days | weeks | months of
69 | ; validity of the latest backup for this check. Also known as 'smelly backup'.
70 | ;last_backup_maximum_age =
71 | 
72 | ; Minimum number of required backups (redundancy)
73 | ;minimum_redundancy = 1
74 | 
75 | ; Examples of retention policies
76 | ; Retention policy (disabled)
77 | ;retention_policy =
78 | ; Retention policy (based on redundancy)
79 | ;retention_policy = REDUNDANCY 2
80 | ; Retention policy (based on recovery window)
81 | ;retention_policy = RECOVERY WINDOW OF 4 WEEKS
82 | 


--------------------------------------------------------------------------------
/postgres/15.5/barman/crontab:
--------------------------------------------------------------------------------
 1 | # Edit this file to introduce tasks to be run by cron.
 2 | #
 3 | # Each task to run has to be defined through a single line
 4 | # indicating with different fields when the task will be run
 5 | # and what command to run for the task
 6 | #
 7 | # To define the time you can provide concrete values for
 8 | # minute (m), hour (h), day of month (dom), month (mon),
 9 | # and day of week (dow) or use '*' in these fields (for 'any').#
10 | # Notice that tasks will be started based on the cron's system
11 | # daemon's notion of time and timezones.
12 | #
13 | # Output of the crontab jobs (including errors) is sent through
14 | # email to the user the crontab file belongs to (unless redirected).
15 | #
16 | # For example, you can run a backup of all your user accounts
17 | # at 5 a.m every week with:
18 | # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
19 | #
20 | # For more information see the manual pages of crontab(5) and cron(8)
21 | #
22 | # m h  dom mon dow   command
23 | 
24 | # * * * * * /usr/bin/barman cron <- included in debian package
25 | # 30 23 * * * /usr/bin/barman backup main-db-server <- example full backup
26 | 


--------------------------------------------------------------------------------
/postgres/15.5/barman/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | chown -R barman:barman /var/lib/barman || true
5 | 
6 | exec "$@"
7 | 


--------------------------------------------------------------------------------
/postgres/9.4/repmgr/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.4
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         supervisor \
 6 |     && apt-get clean \
 7 |     && apt-get autoremove -y \
 8 |     && rm -rf /var/lib/apt/lists/*
 9 | 
10 | # repmgr
11 | ENV REPMGR_VERSION 3.0.2
12 | RUN apt-get update \
13 |     && apt-get install -y \
14 |         curl \
15 |         make \
16 |         gcc \
17 |         # dependencies
18 |         libxslt-dev \
19 |         libxml2-dev \
20 |         libpam-dev \
21 |         libedit-dev \
22 |         postgresql-server-dev-9.4 \
23 |         libselinux-dev \
24 |     # download and verify
25 |     && cd /tmp \
26 |     && curl -O -SL "http://repmgr.org/download/repmgr-$REPMGR_VERSION.tar.gz" \
27 |     && curl -O -SL "http://repmgr.org/download/repmgr-$REPMGR_VERSION.tar.gz.asc" \
28 |     && gpg --keyserver pool.sks-keyservers.net --recv-keys 297F1DCC \
29 |     && gpg --verify /tmp/repmgr-$REPMGR_VERSION.tar.gz.asc \
30 |     && rm /tmp/repmgr-$REPMGR_VERSION.tar.gz.asc \
31 |     # make and install
32 |     && tar xvf /tmp/repmgr-$REPMGR_VERSION.tar.gz \
33 |     && cd /tmp/repmgr-$REPMGR_VERSION \
34 |     && make USE_PGXS=1 install \
35 |     # configuration
36 |     && mkdir -p /etc/repmgr \
37 |     && cp /tmp/repmgr-$REPMGR_VERSION/repmgr.conf.sample /etc/repmgr/ \
38 |     # cleanup
39 |     && rm -Rf /tmp/repmgr-$REPMGR_VERSION* \
40 |     && apt-get clean \
41 |     && apt-get autoremove -y \
42 |         curl \
43 |         make \
44 |         gcc \
45 |     && rm -rf /var/lib/apt/lists/*
46 | 
47 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
48 | 
49 | CMD ["/usr/bin/supervisord"]
50 | 


--------------------------------------------------------------------------------
/postgres/9.4/repmgr/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | nodaemon=true
 3 | 
 4 | [program:postgres]
 5 | command=/docker-entrypoint.sh postgres
 6 | stderr_logfile=/dev/stderr
 7 | stderr_logfile_maxbytes=0
 8 | stdout_logfile=/dev/stdout
 9 | stdout_logfile_maxbytes=0
10 | 
11 | [program:repmgrd]
12 | user=postgres
13 | command=/usr/lib/postgresql/9.4/bin/repmgrd -f /etc/repmgr/repmgr.conf
14 | stderr_logfile=/dev/stderr
15 | stderr_logfile_maxbytes=0
16 | stdout_logfile=/dev/stdout
17 | stdout_logfile_maxbytes=0
18 | 


--------------------------------------------------------------------------------
/postgres/9.4/udr/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.4
 2 | 
 3 | RUN echo "deb http://packages.2ndquadrant.com/bdr/apt/ wheezy-2ndquadrant main" > /etc/apt/sources.list.d/pgdg-bdr.list
 4 | 
 5 | RUN apt-get update \
 6 |     && apt-get install -y curl \
 7 |     && rm -rf /var/lib/apt/lists/*
 8 | 
 9 | RUN curl -SL "http://packages.2ndquadrant.com/bdr/apt/AA7A6805.asc" | apt-key add -
10 | 
11 | RUN apt-get update \
12 |     && apt-get install -y postgresql-9.4-udr-plugin \
13 |     && rm -rf /var/lib/apt/lists/* \
14 |     && apt-get purge -y --auto-remove curl
15 | 


--------------------------------------------------------------------------------
/postgres/9.4/vacuumlo/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.4
 2 | 
 3 | # Install dependancies
 4 | RUN apt-get update \
 5 |     && apt-get install -y \
 6 |         # cron (temporary for pre celery-beat jobs)
 7 |         cron \
 8 |         rsyslog \
 9 |     && apt-get clean \
10 |     && apt-get autoremove -y \
11 |     && rm -rf /var/lib/apt/lists/*
12 | 
13 | RUN rm -rf /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/*
14 | 
15 | ENV SCHEDULE "0 2 * * *"
16 | # ENV DB_HOST "127.0.0.1"
17 | # ENV DB_PORT "5432"
18 | # ENV DB_USER "repmgr"
19 | # ENV DB_PASSWORD "change_me"
20 | ENV DB_NAME "postgres"
21 | 
22 | RUN chmod 600 /etc/crontab
23 | 
24 | COPY entrypoint.sh /entrypoint.sh
25 | RUN chmod +x /entrypoint.sh
26 | ENTRYPOINT ["/entrypoint.sh"]
27 | 
28 | CMD ["/bin/bash", "-c", "touch /var/log/cron.log && rsyslogd && cron && tail -f /var/log/syslog /var/log/cron.log"]
29 | 


--------------------------------------------------------------------------------
/postgres/9.4/vacuumlo/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | CRON_TASK="$SCHEDULE bash vacuumlo"
 5 | 
 6 | if [ ! -z "$DB_HOST" ]; then
 7 |     CRON_TASK="$CRON_TASK -h $DB_HOST"
 8 | fi
 9 | 
10 | if [ ! -z "$DB_PORT" ]; then
11 |     CRON_TASK="$CRON_TASK -p $DB_PORT"
12 | fi
13 | 
14 | if [ ! -z "$DB_USER" ]; then
15 |     CRON_TASK="$CRON_TASK -U $DB_USER"
16 | fi
17 | 
18 | if [ ! -z "$DB_PASSWORD" ]; then
19 |     CRON_TASK="$CRON_TASK -w"
20 |     echo "*:*:*:*:$DB_PASSWORD" > ~/.pgpass
21 |     chmod 600 ~/.pgpass
22 | fi
23 | 
24 | CRON_TASK="$CRON_TASK $DB_NAME"
25 | 
26 | echo "$CRON_TASK" | crontab -
27 | 
28 | exec "$@"
29 | 


--------------------------------------------------------------------------------
/postgres/9.6/barman/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.6
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         barman \
 6 |         cron \
 7 |         rsyslog \
 8 |     && apt-get clean \
 9 |     && apt-get autoremove -y \
10 |     && rm -rf /var/lib/apt/lists/*
11 | 
12 | COPY barman.conf /etc/barman.conf
13 | COPY crontab /var/spool/cron/crontabs/barman
14 | 
15 | COPY entrypoint.sh /entrypoint.sh
16 | RUN chmod +x /entrypoint.sh
17 | ENTRYPOINT ["/entrypoint.sh"]
18 | 
19 | VOLUME /var/lib/barman
20 | 
21 | CMD ["/bin/bash", "-c", "rsyslogd && chown barman:crontab /var/spool/cron/crontabs/barman && chmod 0600 /var/spool/cron/crontabs/barman && cron && tail -n 0 -f /var/log/syslog /var/log/barman/barman.log"]
22 | 


--------------------------------------------------------------------------------
/postgres/9.6/barman/barman.conf:
--------------------------------------------------------------------------------
 1 | ; Barman, Backup and Recovery Manager for PostgreSQL
 2 | ; http://www.pgbarman.org/ - http://www.2ndQuadrant.com/
 3 | ;
 4 | ; Main configuration file
 5 | 
 6 | [barman]
 7 | ; System user
 8 | barman_user = barman
 9 | 
10 | ; Directory of configuration files. Place your sections in separate files with .conf extension
11 | ; For example place the 'main' server section in /etc/barman.d/main.conf
12 | configuration_files_directory = /etc/barman.d
13 | 
14 | ; Main directory
15 | barman_home = /var/lib/barman
16 | 
17 | ; Locks directory - default: %(barman_home)s
18 | ;barman_lock_directory = /var/run/barman
19 | 
20 | ; Log location
21 | log_file = /var/log/barman/barman.log
22 | 
23 | ; Log level (see https://docs.python.org/3/library/logging.html#levels)
24 | log_level = INFO
25 | 
26 | ; Default compression level: possible values are None (default), bzip2, gzip, pigz, pygzip or pybzip2
27 | ;compression = gzip
28 | 
29 | ; Pre/post backup hook scripts
30 | ;pre_backup_script = env | grep ^BARMAN
31 | ;pre_backup_retry_script = env | grep ^BARMAN
32 | ;post_backup_retry_script = env | grep ^BARMAN
33 | ;post_backup_script = env | grep ^BARMAN
34 | 
35 | ; Pre/post archive hook scripts
36 | ;pre_archive_script = env | grep ^BARMAN
37 | ;pre_archive_retry_script = env | grep ^BARMAN
38 | ;post_archive_retry_script = env | grep ^BARMAN
39 | ;post_archive_script = env | grep ^BARMAN
40 | 
41 | ; Global retention policy (REDUNDANCY or RECOVERY WINDOW) - default empty
42 | ;retention_policy =
43 | 
44 | ; Global bandwidth limit in KBPS - default 0 (meaning no limit)
45 | ;bandwidth_limit = 4000
46 | 
47 | ; Immediate checkpoint for backup command - default false
48 | ;immediate_checkpoint = false
49 | 
50 | ; Enable network compression for data transfers - default false
51 | ;network_compression = false
52 | 
53 | ; Number of retries of data copy during base backup after an error - default 0
54 | ;basebackup_retry_times = 0
55 | 
56 | ; Number of seconds of wait after a failed copy, before retrying - default 30
57 | ;basebackup_retry_sleep = 30
58 | 
59 | ; Maximum execution time, in seconds, per server
60 | ; for a barman check command - default 30
61 | ;check_timeout = 30
62 | 
63 | ; Time frame that must contain the latest backup date.
64 | ; If the latest backup is older than the time frame, barman check
65 | ; command will report an error to the user.
66 | ; If empty, the latest backup is always considered valid.
67 | ; Syntax for this option is: "i (DAYS | WEEKS | MONTHS)" where i is an
68 | ; integer > 0 which identifies the number of days | weeks | months of
69 | ; validity of the latest backup for this check. Also known as 'smelly backup'.
70 | ;last_backup_maximum_age =
71 | 
72 | ; Minimum number of required backups (redundancy)
73 | ;minimum_redundancy = 1
74 | 
75 | ; Examples of retention policies
76 | ; Retention policy (disabled)
77 | ;retention_policy =
78 | ; Retention policy (based on redundancy)
79 | ;retention_policy = REDUNDANCY 2
80 | ; Retention policy (based on recovery window)
81 | ;retention_policy = RECOVERY WINDOW OF 4 WEEKS
82 | 


--------------------------------------------------------------------------------
/postgres/9.6/barman/crontab:
--------------------------------------------------------------------------------
 1 | # Edit this file to introduce tasks to be run by cron.
 2 | #
 3 | # Each task to run has to be defined through a single line
 4 | # indicating with different fields when the task will be run
 5 | # and what command to run for the task
 6 | #
 7 | # To define the time you can provide concrete values for
 8 | # minute (m), hour (h), day of month (dom), month (mon),
 9 | # and day of week (dow) or use '*' in these fields (for 'any').#
10 | # Notice that tasks will be started based on the cron's system
11 | # daemon's notion of time and timezones.
12 | #
13 | # Output of the crontab jobs (including errors) is sent through
14 | # email to the user the crontab file belongs to (unless redirected).
15 | #
16 | # For example, you can run a backup of all your user accounts
17 | # at 5 a.m every week with:
18 | # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
19 | #
20 | # For more information see the manual pages of crontab(5) and cron(8)
21 | #
22 | # m h  dom mon dow   command
23 | 
24 | # * * * * * /usr/bin/barman cron <- included in debian package
25 | # 30 23 * * * /usr/bin/barman backup main-db-server <- example full backup
26 | 


--------------------------------------------------------------------------------
/postgres/9.6/barman/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | chown -R barman:barman /var/lib/barman || true
5 | 
6 | exec "$@"
7 | 


--------------------------------------------------------------------------------
/postgres/9.6/repmgr/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.6
 2 | 
 3 | RUN apt-get update \
 4 |     && apt-get install -y \
 5 |         supervisor \
 6 |         postgresql-9.6-repmgr \
 7 |     && apt-get clean \
 8 |     && apt-get autoremove -y \
 9 |     && rm -rf /var/lib/apt/lists/*
10 | 
11 | COPY repmgr.conf /etc/repmgr.conf
12 | COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
13 | 
14 | CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]
15 | 


--------------------------------------------------------------------------------
/postgres/9.6/repmgr/supervisord.conf:
--------------------------------------------------------------------------------
 1 | [supervisord]
 2 | nodaemon=true
 3 | 
 4 | [program:postgres]
 5 | priority=1
 6 | command=/docker-entrypoint.sh postgres
 7 | stderr_logfile=/dev/stderr
 8 | stderr_logfile_maxbytes=0
 9 | stdout_logfile=/dev/stdout
10 | stdout_logfile_maxbytes=0
11 | 
12 | [program:repmgrd]
13 | priority=2
14 | user=postgres
15 | command=/usr/lib/postgresql/9.6/bin/repmgrd -f /etc/repmgr/repmgr.conf
16 | stderr_logfile=/dev/stderr
17 | stderr_logfile_maxbytes=0
18 | stdout_logfile=/dev/stdout
19 | stdout_logfile_maxbytes=0
20 | 


--------------------------------------------------------------------------------
/postgres/9.6/vacuumlo/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM postgres:9.6
 2 | 
 3 | # Install dependancies
 4 | RUN apt-get update \
 5 |     && apt-get install -y \
 6 |         cron \
 7 |         rsyslog \
 8 |     && apt-get clean \
 9 |     && apt-get autoremove -y \
10 |     && rm -rf /var/lib/apt/lists/*
11 | 
12 | ENV SCHEDULE "0 2 * * *"
13 | # ENV DB_HOST "127.0.0.1"
14 | # ENV DB_PORT "5432"
15 | # ENV DB_USER "repmgr"
16 | # ENV DB_PASSWORD "change_me"
17 | ENV DB_NAME "postgres"
18 | 
19 | COPY entrypoint.sh /entrypoint.sh
20 | RUN chmod +x /entrypoint.sh
21 | ENTRYPOINT ["/entrypoint.sh"]
22 | 
23 | CMD ["/bin/bash", "-c", "rsyslogd && cron && tail -n 0 -f /var/log/syslog"]
24 | 


--------------------------------------------------------------------------------
/postgres/9.6/vacuumlo/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | CRON_TASK="$SCHEDULE vacuumlo"
 5 | 
 6 | if [ ! -z "$DB_HOST" ]; then
 7 |     CRON_TASK="$CRON_TASK -h $DB_HOST"
 8 | fi
 9 | 
10 | if [ ! -z "$DB_PORT" ]; then
11 |     CRON_TASK="$CRON_TASK -p $DB_PORT"
12 | fi
13 | 
14 | if [ ! -z "$DB_USER" ]; then
15 |     CRON_TASK="$CRON_TASK -U $DB_USER"
16 | fi
17 | 
18 | if [ ! -z "$DB_PASSWORD" ]; then
19 |     CRON_TASK="$CRON_TASK -w"
20 |     echo "*:*:*:*:$DB_PASSWORD" > ~/.pgpass
21 |     chmod 600 ~/.pgpass
22 | fi
23 | 
24 | CRON_TASK="$CRON_TASK $DB_NAME"
25 | 
26 | echo "$CRON_TASK" | crontab -
27 | 
28 | exec "$@"
29 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | docker-compose
2 | 


--------------------------------------------------------------------------------
/sentry/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM sentry:8.22
2 | 
3 | ADD ./append-sentry.conf.py /etc/sentry/
4 | 
5 | RUN pip install https://github.com/getsentry/sentry-auth-google/archive/52020f577f587595fea55f5d05520f1473deaad1.zip \
6 |     && cd /etc/sentry \
7 |     && cat append-sentry.conf.py >> sentry.conf.py \
8 |     && rm append-sentry.conf.py
9 | 


--------------------------------------------------------------------------------
/sentry/append-sentry.conf.py:
--------------------------------------------------------------------------------
 1 | 
 2 | if 'GOOGLE_CLIENT_ID' in os.environ:
 3 |     GOOGLE_CLIENT_ID = env('GOOGLE_CLIENT_ID')
 4 |     GOOGLE_CLIENT_SECRET = env('GOOGLE_CLIENT_SECRET')
 5 | 
 6 | if 'SENTRY_WEB_OPTIONS' in os.environ:
 7 |     import json
 8 | 
 9 |     options = json.loads(env('SENTRY_WEB_OPTIONS'))
10 |     SENTRY_WEB_OPTIONS.update(options)
11 | 


--------------------------------------------------------------------------------
/sentry/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | redis:
 2 |   image: redis
 3 | 
 4 | postgres:
 5 |   image: postgres:9.4
 6 |   environment:
 7 |     - POSTGRES_PASSWORD=sentry
 8 |     - POSTGRES_USER=sentry
 9 | 
10 | sentry:
11 |   image: centerforopenscience/sentry
12 |   environment:
13 |     - SENTRY_SECRET_KEY=generate-secret-key
14 |   links:
15 |     - redis
16 |     - postgres
17 |   ports:
18 |     - "8081:9000"
19 | 
20 | celery-beat:
21 |   image: centerforopenscience/sentry
22 |   environment:
23 |     - SENTRY_SECRET_KEY=generate-secret-key
24 |   links:
25 |     - redis
26 |     - postgres
27 |   command: sentry run cron
28 | 
29 | celery-worker:
30 | #  image: centerforopenscience/sentry
31 |   image: sentry-test
32 |   environment:
33 |     - SENTRY_SECRET_KEY=generate-secret-key
34 |     - C_FORCE_ROOT=TRUE
35 |   links:
36 |     - redis
37 |     - postgres
38 |   command: sentry run worker
39 | 


--------------------------------------------------------------------------------
/shibboleth-sp/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM centos:centos7
 2 | 
 3 | # Based on: https://github.com/jtgasper3/docker-images/blob/master/centos-shib-sp/Dockerfile
 4 | 
 5 | ENV APACHE_VERSION 2.4.6-67.el7.centos.6
 6 | ENV SHIBBOLETH_VERSION 2.6.1-3.1
 7 | RUN yum -y update \
 8 |     && yum -y install wget \
 9 |     && wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo -P /etc/yum.repos.d \
10 |     && sed -i -e "s/download\./\downloadcontent\./" /etc/yum.repos.d/security\:shibboleth.repo \
11 |     && yum -y install httpd-${APACHE_VERSION} mod_ssl shibboleth-${SHIBBOLETH_VERSION} \
12 |     && yum -y clean all
13 | 
14 | RUN echo "export LD_LIBRARY_PATH=/opt/shibboleth/lib64:$LD_LIBRARY_PATH" >> /etc/sysconfig/shibd \
15 |     && echo "export SHIBD_USER=shibd" >> /etc/sysconfig/shibd \
16 |     && sed -i \
17 |         -e "s|log4j.appender.shibd_log=.*$|log4j.appender.shibd_log=org.apache.log4j.ConsoleAppender|" \
18 |         -e "s|log4j.appender.warn_log=.*$|log4j.appender.warn_log=org.apache.log4j.ConsoleAppender|" \
19 |         -e "s|log4j.appender.tran_log=.*$|log4j.appender.tran_log=org.apache.log4j.ConsoleAppender|" \
20 |         -e "s|log4j.appender.sig_log=.*$|log4j.appender.sig_log=org.apache.log4j.ConsoleAppender|" \
21 |         /etc/shibboleth/shibd.logger
22 | 
23 | RUN sed -i -r \
24 |         -e "s|^(\s*ErrorLog)\s+\S+|\1 /dev/stderr|" \
25 |         -e 's|^(\s*CustomLog)\s+\S+\s+(.*$)|\1 /dev/stdout \2 env=\!dontlog|' \
26 |         /etc/httpd/conf/httpd.conf \
27 |     && echo "ServerSignature Off" >> /etc/httpd/conf/httpd.conf \
28 |     && echo "ServerTokens Prod" >> /etc/httpd/conf/httpd.conf \
29 |     && rm -f /etc/httpd/conf.d/{autoindex.conf,welcome.conf}
30 | 
31 | COPY httpd-shibd-foreground /usr/local/bin/
32 | RUN chmod +x /usr/local/bin/httpd-shibd-foreground
33 | 
34 | EXPOSE 80 443
35 | 
36 | CMD ["httpd-shibd-foreground"]
37 | 


--------------------------------------------------------------------------------
/shibboleth-sp/httpd-shibd-foreground:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -e
 3 | 
 4 | # Based on: /etc/shibboleth/shibd-redhat
 5 | 
 6 | shibd="/usr/sbin/shibd"
 7 | SHIBD_USER=root
 8 | SHIBD_WAIT=30
 9 | prog=shibd
10 | 
11 | [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
12 | 
13 | # Make sure package run directory exists.
14 | [ -d /var/run/shibboleth ] || mkdir /var/run/shibboleth
15 | 
16 | # Handle transition from root to non-root packages.
17 | chown -R $SHIBD_USER:$SHIBD_USER /var/run/shibboleth /var/cache/shibboleth 2>/dev/null || :
18 | $shibd -F -f -w $SHIBD_WAIT -u $SHIBD_USER &
19 | 
20 | # Apache gets grumpy about PID files pre-existing
21 | rm -f /var/run/apache2/apache2.pid
22 | exec apachectl -DFOREGROUND
23 | 


--------------------------------------------------------------------------------
/unoconv/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM python:3.7-slim-buster
 2 | 
 3 | RUN apt-get update \
 4 |     # -slim images strip man dirs, but java won't install unless this dir exists.
 5 |     && mkdir -p /usr/share/man/man1 \
 6 |     && apt-get install -y \
 7 |         git \
 8 |         imagemagick \
 9 |         libreoffice-script-provider-python \
10 |         libreoffice \
11 |     && apt-get clean \
12 |     && apt-get autoremove -y \
13 |     && rm -rf /var/lib/apt/lists/* \
14 |     && pip install unoconv==0.8.2
15 | 
16 | # additional fonts
17 | RUN echo "deb http://httpredir.debian.org/debian buster main contrib non-free" > /etc/apt/sources.list \
18 |     && echo "deb http://httpredir.debian.org/debian buster-updates main contrib non-free" >> /etc/apt/sources.list \
19 |     && echo "deb http://security.debian.org/ buster/updates main contrib non-free" >> /etc/apt/sources.list \
20 |     && echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections \
21 |     && apt-get update \
22 |     && apt-get install -y \
23 |         fonts-arphic-ukai \
24 |         fonts-arphic-uming \
25 |         fonts-ipafont-mincho \
26 |         fonts-ipafont-gothic \
27 |         fonts-unfonts-core \
28 |         ttf-wqy-zenhei \
29 |         ttf-mscorefonts-installer \
30 |     && apt-get clean \
31 |     && apt-get autoremove -y \
32 |     && rm -rf /var/lib/apt/lists/*
33 | 
34 | # grab gosu for easy step-down from root
35 | ENV GOSU_VERSION 1.4
36 | RUN apt-get update \
37 |     && apt-get install -y \
38 |         curl \
39 |         gnupg2 \
40 |     && mkdir ~/.gnupg && chmod 600 ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
41 |     && for server in hkp://ipv4.pool.sks-keyservers.net:80 \
42 |                      hkp://ha.pool.sks-keyservers.net:80 \
43 |                      hkp://pgp.mit.edu:80 \
44 |                      hkp://keyserver.pgp.com:80 \
45 |     ; do \
46 |       gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || echo "Trying new server..." \
47 |     ; done \
48 |     && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
49 |   	&& curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
50 |   	&& gpg --verify /usr/local/bin/gosu.asc \
51 |   	&& rm /usr/local/bin/gosu.asc \
52 |   	&& chmod +x /usr/local/bin/gosu \
53 |     && apt-get clean \
54 |     && apt-get autoremove -y \
55 |         curl \
56 |         gnupg2 \
57 |     && rm -rf /var/lib/apt/lists/*
58 | 
59 | RUN usermod -d /home www-data \
60 |     && chown www-data:www-data /home
61 | 
62 | ENV UNO_PATH /usr/lib/libreoffice
63 | 
64 | COPY entrypoint.sh /entrypoint.sh
65 | RUN chmod +x /entrypoint.sh
66 | ENTRYPOINT ["/entrypoint.sh"]
67 | 
68 | EXPOSE 2002
69 | 
70 | CMD ["gosu", "www-data", "/usr/bin/python3.7", "/usr/local/bin/unoconv", "--listener", "--server=0.0.0.0", "--port=2002", "-vvv"]
71 | 


--------------------------------------------------------------------------------
/unoconv/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | chown -R www-data:www-data /home
5 | 
6 | exec "$@"
7 | 


--------------------------------------------------------------------------------