From dd9cac97956296d6fd0c787ad231a98b8be82dee Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Tue, 31 Oct 2023 20:43:58 +0000 Subject: [PATCH 1/9] temp pull from main --- docker-compose.yml | 9 +++++---- etl/Dockerfile | 20 ++++++++++++++++---- init-letsencrypt.sh | 5 +++-- jupyterlab/Dockerfile | 2 +- nginx/etc/nginx/nginx.conf | 2 +- 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 34aefeb..db8d9cf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,20 +2,21 @@ version: '3.4' services: mongo: - image: mongo:3.6 + image: mongo:6.0.10 restart: unless-stopped container_name: mongo volumes: - /mnt/data1/bmeg/mongo-data:/data/db grip: - image: bmeg/grip + image: bmeg/grip:latest restart: unless-stopped # build: grip container_name: grip volumes: - - ./secrets/grip_config.yml:/config/grip_config.yml + - /mnt/data2/bmeg/deployment/secrets/grip_config.yml:/config/grip_config.yml entrypoint: ["grip", "server", "--config", "/config/grip_config.yml"] + #entrypoint: ["sleep", "3000"] ports: - 8201:8201 - 8202:8202 @@ -139,7 +140,7 @@ services: # see https://www.neteye-blog.com/2018/04/how-to-monitor-docker-containers-using-cadvisor-part-1/ cadvisor: container_name: cadvisor # The service will use this container name. - image: google/cadvisor:latest + image: gcr.io/cadvisor/cadvisor # old image replaced with newer image restart: unless-stopped volumes: - /:/rootfs:ro diff --git a/etl/Dockerfile b/etl/Dockerfile index 7a7c8de..0e69edf 100644 --- a/etl/Dockerfile +++ b/etl/Dockerfile @@ -6,14 +6,26 @@ FROM python:3.7.2 # Uses service_account_email argument and config/service_account.json # install mongo import -RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4 -RUN echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list + +RUN apt-get install gnupg curl + +RUN sed -i -e 's/deb.debian.org/archive.debian.org/g' \ + -e 's|security.debian.org|archive.debian.org/|g' \ + -e '/stretch-updates/d' /etc/apt/sources.list + +RUN curl -fsSL https://pgp.mongodb.com/server-4.4.asc | \ + gpg -o /usr/share/keyrings/mongodb-server-4.4.gpg \ + --dearmor + +RUN echo "deb [ signed-by=/usr/share/keyrings/mongodb-server-4.4.gpg ] http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list + RUN apt-get update RUN apt-get install -y mongodb-org-tools + # install go lang, silence wget and tar -RUN wget -q https://dl.google.com/go/go1.12.4.linux-amd64.tar.gz && \ - tar -xf go1.12.4.linux-amd64.tar.gz +RUN wget -q https://dl.google.com/go/go1.20.5.linux-amd64.tar.gz && \ + tar -xf go1.20.5.linux-amd64.tar.gz # install grip RUN mkdir -p /go/src/github.com/bmeg diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh index 2baa733..6d1f4f2 100755 --- a/init-letsencrypt.sh +++ b/init-letsencrypt.sh @@ -40,8 +40,8 @@ fi if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then echo "### Downloading recommended TLS parameters ..." mkdir -p "$data_path/conf" - curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" - curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" echo fi @@ -93,6 +93,7 @@ $DC run --rm --entrypoint "\ $email_arg \ $domain_args \ --rsa-key-size $rsa_key_size \ + -v \ --agree-tos --no-eff-email \ --force-renewal" certbot echo diff --git a/jupyterlab/Dockerfile b/jupyterlab/Dockerfile index c55d1bc..743829f 100644 --- a/jupyterlab/Dockerfile +++ b/jupyterlab/Dockerfile @@ -4,4 +4,4 @@ RUN pip install gripql USER root RUN apt-get update && apt-get install -y graphviz graphviz-dev gcc USER $NB_UID -RUN pip install pygraphviz +RUN pip install pygraphviz==1.5 diff --git a/nginx/etc/nginx/nginx.conf b/nginx/etc/nginx/nginx.conf index 0145766..c3fe2ce 100644 --- a/nginx/etc/nginx/nginx.conf +++ b/nginx/etc/nginx/nginx.conf @@ -50,7 +50,7 @@ http { ## # SSL Settings ## - # deprecated - see certbot + # deprecated - see certbot # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE # ssl_prefer_server_ciphers on; From 741748000821d4476cda9617441b6dc7b1b46bcc Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 14 Oct 2021 20:46:07 +0000 Subject: [PATCH 2/9] Removes TMP shiny app --- nginx/etc/nginx/sites-enabled/commons.bmeg.io | 23 ------------------- 1 file changed, 23 deletions(-) diff --git a/nginx/etc/nginx/sites-enabled/commons.bmeg.io b/nginx/etc/nginx/sites-enabled/commons.bmeg.io index ede4d69..e88eade 100644 --- a/nginx/etc/nginx/sites-enabled/commons.bmeg.io +++ b/nginx/etc/nginx/sites-enabled/commons.bmeg.io @@ -221,29 +221,6 @@ server { proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } - ## - # for TMP shiny app - ## - # uses existing authz - location /tmp/ { - auth_request /gen3-authz; - auth_request_set $authorization $upstream_http_authorization; - proxy_set_header Authorization $authorization; - proxy_pass_header Authorization; - auth_request_set $_remote_user $upstream_http_remote_user; - auth_request_set $_remote_roles $upstream_http_remote_roles; - proxy_set_header REMOTE_USER $_remote_user; - proxy_set_header REMOTE_ROLES $_remote_roles; - proxy_pass_header REMOTE_USER; - proxy_pass_header REMOTE_ROLES; - rewrite ^/tmp/(.*)$ /$1 break; - # proxy_pass http://tmp-service:3838/; - - # websocket headers - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - } ## # for voucher ## From 833f5f5694bb64156ceee15b867426a35214f44a Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 14 Oct 2021 20:50:36 +0000 Subject: [PATCH 3/9] Update bmeg/grip:0.7.0 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index db8d9cf..16a07d6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: - /mnt/data1/bmeg/mongo-data:/data/db grip: - image: bmeg/grip:latest + image: bmeg/grip:0.7.0 restart: unless-stopped # build: grip container_name: grip From 9f715671e67bc6e73705119f88893321e9e31428 Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 14 Oct 2021 23:47:28 +0000 Subject: [PATCH 4/9] Update to grip 0.7.1 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 16a07d6..635eed6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: - /mnt/data1/bmeg/mongo-data:/data/db grip: - image: bmeg/grip:0.7.0 + image: bmeg/grip:0.7.1 restart: unless-stopped # build: grip container_name: grip From f8305298f39240d6e561ca0959104be5b3168b67 Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 31 Mar 2022 03:54:06 +0000 Subject: [PATCH 5/9] Adds mongoload --- etl/load_database.sh | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/etl/load_database.sh b/etl/load_database.sh index 4d61476..deff3c6 100755 --- a/etl/load_database.sh +++ b/etl/load_database.sh @@ -34,23 +34,17 @@ done # ensure graph exists grip create $graph --host grip:8202 +echo "Created graph. " $graph -gofast="--numInsertionWorkers 24 --writeConcern 0 --bypassDocumentValidation --host=mongo" + +gofast="-n 24 --database grip --mongo-host mongodb://mongo" for f in $(cat $file_manifest | grep "Vertex"); do - if [[ $f =~ \.gz$ ]]; then - gunzip -c $f | mongoimport -d grip -c ${graph}_vertices --type json $gofast - else - mongoimport -d grip -c ${graph}_vertices --type json --file $f $gofast - fi + grip mongoload ${graph} $gofast --vertex $f done for f in $(cat $file_manifest | grep "Edge"); do - if [[ $f =~ \.gz$ ]]; then - gunzip -c $f | mongoimport -d grip -c ${graph}_edges --type json $gofast - else - mongoimport -d grip -c ${graph}_edges --type json --file $f $gofast - fi + grip mongoload ${graph} $gofast --edge $f done echo "removing soft link ./outputs" From 3f1e2e15398f10a80b1dadc121fa6fb70f776698 Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 7 Apr 2022 21:15:49 +0000 Subject: [PATCH 6/9] Adds explicit paths --- docker-compose.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 635eed6..7a15472 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,45 +36,45 @@ services: - 443:443 volumes: # content - - ./nginx/bmeg-site/bmegio.ohsu.edu/public:/usr/share/nginx/bmegio.ohsu.edu - - ./nginx/bmeg-site/bmeg.io/public:/usr/share/nginx/bmeg.io - - ./nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net + - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmegio.ohsu.edu/public:/usr/share/nginx/bmegio.ohsu.edu + - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmeg.io/public:/usr/share/nginx/bmeg.io + - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmegio.ohsu.edu.data - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmeg.io.data - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmegio.ohsu.edu.share - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmeg.io.share - /mnt/data2/recount/data:/usr/share/nginx/recount.bio.data - - ./nginx/usr/share/nginx/recount.bio:/usr/share/nginx/recount.bio + - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/recount.bio:/usr/share/nginx/recount.bio # config - - ./nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf - - ./nginx/etc/nginx/http.conf.d/env.conf:/etc/nginx/http.conf.d/env.conf - - ./nginx/etc/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf - - ./nginx/etc/nginx/protected.conf:/etc/nginx/protected.conf - - ./nginx/etc/nginx/grip-bmeg.io.conf:/etc/nginx/grip-bmeg.io.conf - - ./nginx/etc/nginx/grip-bmegio.ohsu.edu.conf:/etc/nginx/grip-bmegio.ohsu.edu.conf - - ./nginx/etc/nginx/lua/nginx-google-oauth/access.lua:/etc/nginx/lua/nginx-google-oauth/access.lua + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/http.conf.d/env.conf:/etc/nginx/http.conf.d/env.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/protected.conf:/etc/nginx/protected.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/grip-bmeg.io.conf:/etc/nginx/grip-bmeg.io.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/grip-bmegio.ohsu.edu.conf:/etc/nginx/grip-bmegio.ohsu.edu.conf + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/lua/nginx-google-oauth/access.lua:/etc/nginx/lua/nginx-google-oauth/access.lua # specific sites - - ./nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu:/etc/nginx/sites-enabled/bmegio.ohsu.edu:ro - - ./nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro - - ./nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro - - ./nginx/etc/nginx/sites-enabled/bmeg.io:/etc/nginx/sites-enabled/bmeg.io:ro - - ./nginx/etc/nginx/sites-enabled/recount.bio:/etc/nginx/sites-enabled/recount.bio:ro - - ./nginx/etc/nginx/sites-enabled/methylation.recount.bio:/etc/nginx/sites-enabled/methylation.recount.bio:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu:/etc/nginx/sites-enabled/bmegio.ohsu.edu:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg.io:/etc/nginx/sites-enabled/bmeg.io:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/recount.bio:/etc/nginx/sites-enabled/recount.bio:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/methylation.recount.bio:/etc/nginx/sites-enabled/methylation.recount.bio:ro # testing - - ./nginx/etc/nginx/sites-enabled/commons.bmeg.io:/etc/nginx/sites-enabled/commons.bmeg.io:ro + - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/commons.bmeg.io:/etc/nginx/sites-enabled/commons.bmeg.io:ro # - ./nginx/etc/nginx/sites-enabled/bmegio-test.ddns.net:/etc/nginx/sites-enabled/bmegio-test.ddns.net:ro # - ./nginx/bmeg-site/bmegio-test.ddns.net/public:/usr/share/nginx/bmegio-test.ddns.net # - ./nginx/etc/nginx/grip-bmegio-test.ddns.net.conf:/etc/nginx/grip-bmegio-test.ddns.net.conf # for letsencrypt - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot + - /mnt/data2/bmeg/deployment/data/certbot/conf:/etc/letsencrypt + - /mnt/data2/bmeg/deployment/data/certbot/www:/var/www/certbot # startup - - ./nginx/run.sh:/etc/nginx/run.sh + - /mnt/data2/bmeg/deployment/nginx/run.sh:/etc/nginx/run.sh depends_on: - grip From 5092faf3c4b5419c1b43396260821dc86247d94b Mon Sep 17 00:00:00 2001 From: Brian Walsh Date: Thu, 7 Apr 2022 21:16:26 +0000 Subject: [PATCH 7/9] Updates nginx version --- nginx/Dockerfile | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 2065e74..f4e42df 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1 +1,27 @@ -FROM cloudflare/nginx-google-oauth:1.1.1 +# FROM cloudflare/nginx-google-oauth:1.1.1 + +# https://github.com/cloudflare/nginx-google-oauth/blob/master/Dockerfile + +FROM debian:stable +# FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f + +RUN apt-get update && \ + apt-get install -y --no-install-recommends nginx-extras lua-cjson git ca-certificates && \ + rm -rf /var/lib/apt/lists/* && \ + git clone -c transfer.fsckobjects=true https://github.com/pintsized/lua-resty-http.git /tmp/lua-resty-http && \ + cd /tmp/lua-resty-http && \ + # https://github.com/pintsized/lua-resty-http/releases/tag/v0.07 v0.07 + git checkout 69695416d408f9cfdaae1ca47650ee4523667c3d && \ + mkdir -p /etc/nginx/lua && \ + cp -aR /tmp/lua-resty-http/lib/resty /etc/nginx/lua/resty && \ + rm -rf /tmp/lua-resty-http && \ + mkdir /etc/nginx/http.conf.d && \ + sed 's%http {%include /etc/nginx/http.conf.d/*.conf;\n\nhttp {%' -i /etc/nginx/nginx.conf + +# COPY ./access.lua /etc/nginx/lua/nginx-google-oauth/access.lua +# COPY ./docker/etc-nginx /etc/nginx +#COPY ./etc/nginx /etc/nginx +#COPY run.sh /etc/nginx/run.sh + +ENTRYPOINT ["/etc/nginx/run.sh"] + From dcdfb661a4c5a06549ebe88d7862ac7e460a7ae4 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Tue, 31 Oct 2023 20:43:58 +0000 Subject: [PATCH 8/9] temp pull from main --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7a15472..486b088 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: - /mnt/data1/bmeg/mongo-data:/data/db grip: - image: bmeg/grip:0.7.1 + image: bmeg/grip:latest restart: unless-stopped # build: grip container_name: grip From 3dc78d91254a3e57289826391573806c064c85f6 Mon Sep 17 00:00:00 2001 From: matthewpeterkort Date: Wed, 11 Dec 2024 19:29:55 +0000 Subject: [PATCH 9/9] Move existing bmeg deployment to new machine --- docker-compose.yml | 13 +++++------ nginx/Dockerfile | 22 +++++++++++++------ .../nginx/lua/nginx-google-oauth/access.lua | 2 +- nginx/etc/nginx/nginx.conf | 19 ++++++++-------- nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu | 2 +- .../sites-enabled/methylation.recount.bio | 3 ++- nginx/etc/nginx/sites-enabled/recount.bio | 3 ++- .../nginx/methylation.recount.bio/index.html | 1 + 8 files changed, 37 insertions(+), 28 deletions(-) create mode 100644 nginx/usr/share/nginx/methylation.recount.bio/index.html diff --git a/docker-compose.yml b/docker-compose.yml index 486b088..0f03d15 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,13 +38,13 @@ services: # content - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmegio.ohsu.edu/public:/usr/share/nginx/bmegio.ohsu.edu - /mnt/data2/bmeg/deployment/nginx/bmeg-site/bmeg.io/public:/usr/share/nginx/bmeg.io - - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net + #- /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/gen3-ohsu.ddns.net:/usr/share/nginx/gen3-ohsu.ddns.net - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmegio.ohsu.edu.data - /mnt/data2/bmeg/bmeg-data:/usr/share/nginx/bmeg.io.data - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmegio.ohsu.edu.share - /mnt/data2/bmeg/bmeg-share:/usr/share/nginx/bmeg.io.share - - /mnt/data2/recount/data:/usr/share/nginx/recount.bio.data - - /mnt/data2/bmeg/deployment/nginx/usr/share/nginx/recount.bio:/usr/share/nginx/recount.bio + - /mnt/data2/recount/data:/usr/share/nginx/recount.bio + - /mnt/data2/recount/data:/usr/share/nginx/methylation.recount.bio # config - /mnt/data2/bmeg/deployment/nginx/etc/nginx/nginx.conf:/etc/nginx/nginx.conf @@ -57,17 +57,14 @@ services: # specific sites - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu:/etc/nginx/sites-enabled/bmegio.ohsu.edu:ro - - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro - - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro + #- /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:/etc/nginx/sites-enabled/gen3-ohsu.ddns.net:ro + #- /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:/etc/nginx/sites-enabled/bmeg-jupyter.ddns.net:ro - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/bmeg.io:/etc/nginx/sites-enabled/bmeg.io:ro - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/recount.bio:/etc/nginx/sites-enabled/recount.bio:ro - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/methylation.recount.bio:/etc/nginx/sites-enabled/methylation.recount.bio:ro # testing - /mnt/data2/bmeg/deployment/nginx/etc/nginx/sites-enabled/commons.bmeg.io:/etc/nginx/sites-enabled/commons.bmeg.io:ro - # - ./nginx/etc/nginx/sites-enabled/bmegio-test.ddns.net:/etc/nginx/sites-enabled/bmegio-test.ddns.net:ro - # - ./nginx/bmeg-site/bmegio-test.ddns.net/public:/usr/share/nginx/bmegio-test.ddns.net - # - ./nginx/etc/nginx/grip-bmegio-test.ddns.net.conf:/etc/nginx/grip-bmegio-test.ddns.net.conf # for letsencrypt - /mnt/data2/bmeg/deployment/data/certbot/conf:/etc/letsencrypt diff --git a/nginx/Dockerfile b/nginx/Dockerfile index f4e42df..7fc3cad 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,25 +1,33 @@ -# FROM cloudflare/nginx-google-oauth:1.1.1 +#FROM cloudflare/nginx-google-oauth:1.1.1 # https://github.com/cloudflare/nginx-google-oauth/blob/master/Dockerfile -FROM debian:stable -# FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f +#FROM debian:stable +# using different image to avoid lua package import path nonsense +FROM openresty/openresty:latest +#FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f RUN apt-get update && \ - apt-get install -y --no-install-recommends nginx-extras lua-cjson git ca-certificates && \ + apt-get install -y --no-install-recommends nginx nginx-extras lua5.1 luarocks gcc wget git ca-certificates lua-cjson build-essential && \ rm -rf /var/lib/apt/lists/* && \ git clone -c transfer.fsckobjects=true https://github.com/pintsized/lua-resty-http.git /tmp/lua-resty-http && \ cd /tmp/lua-resty-http && \ # https://github.com/pintsized/lua-resty-http/releases/tag/v0.07 v0.07 - git checkout 69695416d408f9cfdaae1ca47650ee4523667c3d && \ + #git checkout 69695416d408f9cfdaae1ca47650ee4523667c3d && \ mkdir -p /etc/nginx/lua && \ cp -aR /tmp/lua-resty-http/lib/resty /etc/nginx/lua/resty && \ rm -rf /tmp/lua-resty-http && \ mkdir /etc/nginx/http.conf.d && \ sed 's%http {%include /etc/nginx/http.conf.d/*.conf;\n\nhttp {%' -i /etc/nginx/nginx.conf -# COPY ./access.lua /etc/nginx/lua/nginx-google-oauth/access.lua -# COPY ./docker/etc-nginx /etc/nginx + +RUN luarocks install lua-resty-string +RUN luarocks install lua-resty-http +RUN luarocks install lua-resty-core +RUN luarocks install lua-cjson + +#COPY ./access.lua /etc/nginx/lua/nginx-google-oauth/access.lua +#COPY ./docker/etc-nginx /etc/nginx #COPY ./etc/nginx /etc/nginx #COPY run.sh /etc/nginx/run.sh diff --git a/nginx/etc/nginx/lua/nginx-google-oauth/access.lua b/nginx/etc/nginx/lua/nginx-google-oauth/access.lua index f633519..2ad29cf 100644 --- a/nginx/etc/nginx/lua/nginx-google-oauth/access.lua +++ b/nginx/etc/nginx/lua/nginx-google-oauth/access.lua @@ -1,8 +1,8 @@ -- Copyright 2015-2016 CloudFlare -- Copyright 2014-2015 Aaron Westendorf -local json = require("cjson") local http = require("resty.http") +local json = require("cjson") local uri = ngx.var.uri local uri_args = ngx.req.get_uri_args() diff --git a/nginx/etc/nginx/nginx.conf b/nginx/etc/nginx/nginx.conf index c3fe2ce..cb6809e 100644 --- a/nginx/etc/nginx/nginx.conf +++ b/nginx/etc/nginx/nginx.conf @@ -26,8 +26,6 @@ http { ## # Basic Settings - ## - sendfile on; tcp_nopush on; tcp_nodelay on; @@ -84,7 +82,6 @@ http { include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - ## # increase timeouts to 10 minutes ## proxy_connect_timeout 600; @@ -96,15 +93,19 @@ http { # Virtual Host Configs ## - lua_package_path '/etc/nginx/lua/?.lua;'; + # using different image don't need these + #lua_package_path '/etc/nginx/lua/?.lua;/etc/nginx/library/?.lua;;/usr/local/share/lua/5.1/?.lua;;/usr/local/lib/lua/?.lua;;/etc/nginx/lua/resty/?.lua;;/etc/nginx/lua/nginx-google-oauth/access.lua;;'; + #lua_package_cpath "/usr/local/lib/lua/5.1/?.so;;"; + #lua_package_path '/etc/nginx/lua/?.lua;/usr/local/share/lua/5.1/?.lua;/etc/nginx/lua/nginx-google-oauth/?.lua;/usr/local/share/lua/5.1/resty/?.lua;' + #lua_package_cpath "/usr/local/lib/lua/5.1/?.so;;"; - include /etc/nginx/conf.d/*.conf; + + include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/bmeg.io; include /etc/nginx/sites-enabled/bmegio.ohsu.edu; - include /etc/nginx/sites-enabled/gen3-ohsu.ddns.net; - include /etc/nginx/sites-enabled/bmeg-jupyter.ddns.net; + #include /etc/nginx/sites-enabled/gen3-ohsu.ddns.net; + #include /etc/nginx/sites-enabled/bmeg-jupyter.ddns.net; include /etc/nginx/sites-enabled/recount.bio; - include /etc/nginx/sites-enabled/methylation.recount.bio; + include /etc/nginx/sites-enabled/methylation.recount.bio; include /etc/nginx/sites-enabled/commons.bmeg.io; - } diff --git a/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu b/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu index 6699e66..89872d8 100644 --- a/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu +++ b/nginx/etc/nginx/sites-enabled/bmegio.ohsu.edu @@ -11,7 +11,7 @@ server { listen [::]:443 ssl http2; server_name bmegio.ohsu.edu; - ssl_certificate /etc/letsencrypt/live/bmegio.ohsu.edu/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/bmegio.ohsu.edu/cert.pem; ssl_certificate_key /etc/letsencrypt/live/bmegio.ohsu.edu/privkey.pem; ssl_protocols TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/nginx/etc/nginx/sites-enabled/methylation.recount.bio b/nginx/etc/nginx/sites-enabled/methylation.recount.bio index 910be6d..02219ff 100644 --- a/nginx/etc/nginx/sites-enabled/methylation.recount.bio +++ b/nginx/etc/nginx/sites-enabled/methylation.recount.bio @@ -18,7 +18,8 @@ server { # data location / { - alias /usr/share/nginx/recount.bio.data/; # directory to list + # alias /usr/share/nginx/recount.bio.data/; # directory to list + alias /usr/share/nginx/methylation.recount.bio/; #directory to list autoindex on; } # for certbot challenge diff --git a/nginx/etc/nginx/sites-enabled/recount.bio b/nginx/etc/nginx/sites-enabled/recount.bio index f50c27e..1cca1d0 100644 --- a/nginx/etc/nginx/sites-enabled/recount.bio +++ b/nginx/etc/nginx/sites-enabled/recount.bio @@ -23,7 +23,8 @@ server { } # data location /data { - alias /usr/share/nginx/recount.bio.data/; # directory to list + #alias /usr/share/nginx/recount.bio.data/; # directory to list + alias /usr/share/nginx/recount.bio/; autoindex on; } # for certbot challenge diff --git a/nginx/usr/share/nginx/methylation.recount.bio/index.html b/nginx/usr/share/nginx/methylation.recount.bio/index.html new file mode 100644 index 0000000..83af371 --- /dev/null +++ b/nginx/usr/share/nginx/methylation.recount.bio/index.html @@ -0,0 +1 @@ +

methylation.recount.bio content goes here