From c8bdf0e35a8c03e34e36d9eb23a3834ca408d274 Mon Sep 17 00:00:00 2001 From: Johann Frei Date: Mon, 12 Apr 2021 22:36:12 +0200 Subject: [PATCH] Support SSL --- offline_deployment/README.md | 23 +++++++++++++++ ...s.sh => offline_01_1_1-download_assets.sh} | 0 .../offline_01_1_2-optional_use_https.sh | 28 +++++++++++++++++++ .../offline_01_2-extract_Docker_images.sh | 4 +++ ... => offline_01_3-download_APT_packages.sh} | 0 5 files changed, 55 insertions(+) create mode 100644 offline_deployment/README.md rename offline_deployment/{offline_01_1-download_assets.sh => offline_01_1_1-download_assets.sh} (100%) create mode 100755 offline_deployment/offline_01_1_2-optional_use_https.sh rename offline_deployment/{offline_01_3-download_APT_packages copy.sh => offline_01_3-download_APT_packages.sh} (100%) diff --git a/offline_deployment/README.md b/offline_deployment/README.md new file mode 100644 index 00000000..a30ae34f --- /dev/null +++ b/offline_deployment/README.md @@ -0,0 +1,23 @@ +# Doccano Offline Deployment + +## Use Case +These offline deployment scripts are suited for deploying Doccano on an airgaped Ubuntu 18.04/20.04 virtual machine (VM 2) with no internet connectivity. + +The preparation requires another machine (VM 1) with internet access and `docker`/`docker-compose` preinstalled and running the same Ubuntu distribution as VM 2. + +The focus is primarily on the `docker-compose`-based production deployment. + +## Setup Steps + +Run the following steps on VM 1: +1. Clone this repository +2. Run the scripts `offline_01_*.sh` in ascending order + Skip OR modify and run the script `offline_01_1_2-optional_use_https` + +Now, move over to VM 2 + +3. Copy the repository folder to VM 2 +4. Run the scripts `offline_02_*.sh` in ascending order +5. Make minor changes on `docker-compose.prod.yml` to change the admin credentials +6. Run `docker-compose -f docker-compose.prod.yml up` or use the script `offline_03_*.sh` + diff --git a/offline_deployment/offline_01_1-download_assets.sh b/offline_deployment/offline_01_1_1-download_assets.sh similarity index 100% rename from offline_deployment/offline_01_1-download_assets.sh rename to offline_deployment/offline_01_1_1-download_assets.sh diff --git a/offline_deployment/offline_01_1_2-optional_use_https.sh b/offline_deployment/offline_01_1_2-optional_use_https.sh new file mode 100755 index 00000000..1099de69 --- /dev/null +++ b/offline_deployment/offline_01_1_2-optional_use_https.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +cd $DIR +cd .. +unset DIR + +# create certificate pair +sudo apt-get install openssl +openssl req -new -newkey rsa:4096 -sha256 -nodes -x509 -keyout ./nginx/cert.key -out ./nginx/cert.crt \ + -subj "/C=DE/ST=Bayern/L=Augsburg/O=Universität Augsburg/OU=Misit/CN=*.informatik.uni-augsburg.de" + +# define cert paths inside container +$ssl_cert="/certs/cert.crt" +$ssl_cert_key="/certs/cert.key" + +# edit nginx.conf +sed -i "s|listen 80;|listen 443 ssl;\n ssl_certificate $ssl_cert;\n ssl_certificate_key $ssl_cert_key;|g" nginx/nginx.conf + +# edit nginx Dockerfile +echo "RUN mkdir -p /certs/" >> nginx/Dockerfile +echo "COPY ./nginx/cert.key /certs/cert.key" >> nginx/Dockerfile +echo "COPY ./nginx/cert.crt /certs/cert.crt" >> nginx/Dockerfile + +# edit published port +sed -i "s|- 80:80|- 443:443|g" docker-compose.prod.yml + +echo "Switched to HTTPS" diff --git a/offline_deployment/offline_01_2-extract_Docker_images.sh b/offline_deployment/offline_01_2-extract_Docker_images.sh index 648000f2..955d60a0 100755 --- a/offline_deployment/offline_01_2-extract_Docker_images.sh +++ b/offline_deployment/offline_01_2-extract_Docker_images.sh @@ -4,6 +4,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cd $DIR unset DIR +# WORKAROUND: Downgrade docker-compose version to match Ubuntu 18.04 default compose package +echo "Patching docker-compose to match Ubuntu 18.04 compose package" +sed -i 's|version: "3.7"|version: "3.3"|g' ../docker-compose.prod.yml + sed -i 's^dockerfile: app/Dockerfile.prod^dockerfile: app/Dockerfile.prod\n image: doccano-app:custom^g' ../docker-compose.prod.yml sed -i 's^dockerfile: nginx/Dockerfile^dockerfile: nginx/Dockerfile\n image: doccano-nginx:custom^g' ../docker-compose.prod.yml diff --git a/offline_deployment/offline_01_3-download_APT_packages copy.sh b/offline_deployment/offline_01_3-download_APT_packages.sh similarity index 100% rename from offline_deployment/offline_01_3-download_APT_packages copy.sh rename to offline_deployment/offline_01_3-download_APT_packages.sh