Merge branch 'db-refactoring'
user storage moved to postgresql; a draft of a userpanel is ready, together with CLI to admin users
This commit is contained in:
commit
0c0158b048
11 changed files with 77 additions and 26 deletions
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -5,3 +5,6 @@
|
||||||
[submodule "rss-bridge"]
|
[submodule "rss-bridge"]
|
||||||
path = rss-bridge
|
path = rss-bridge
|
||||||
url = https://git.lattuga.net/blallo/rss-bridge.git
|
url = https://git.lattuga.net/blallo/rss-bridge.git
|
||||||
|
[submodule "panel"]
|
||||||
|
path = panel
|
||||||
|
url = https://git.lattuga.net/blallo/feedpanel
|
||||||
|
|
|
@ -2,14 +2,14 @@ version: "3.6"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
image: postgres:10
|
image: postgres:10-alpine
|
||||||
container_name: feedati_db
|
container_name: feedati_db
|
||||||
volumes:
|
volumes:
|
||||||
- postgres_data:/var/lib/postgresql/data
|
- postgres_data:/var/lib/postgresql/data
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_USER=ttrss
|
- POSTGRES_USER=superadmin
|
||||||
- POSTGRES_PASSWORD=password-dev
|
- POSTGRES_PASSWORD=superpass
|
||||||
- POSTGRES_DB=ttrss
|
- POSTGRES_DB=feeds
|
||||||
ports:
|
ports:
|
||||||
- 5432:5432
|
- 5432:5432
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- PHP_DISPLAY_ERRORS=stdout
|
- PHP_DISPLAY_ERRORS=stdout
|
||||||
- PHP_DISPLAY_STARTUP_ERROR=1
|
- PHP_DISPLAY_STARTUP_ERROR=1
|
||||||
entrypoint: 'wait-db php7 /app/public/tt-rss/update.php --daemon'
|
entrypoint: 'env PGHOST=db PGDATABASE=feeds PGUSER=ttrss PGPASSWORD=ttpass wait-db php7 /app/public/tt-rss/update.php --daemon'
|
||||||
ports: []
|
ports: []
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
|
@ -56,11 +56,14 @@ services:
|
||||||
- APACHE_SERVER_NAME=rss-bridge
|
- APACHE_SERVER_NAME=rss-bridge
|
||||||
|
|
||||||
feedati-fe:
|
feedati-fe:
|
||||||
image: httpd:2.4-alpine
|
image: feedati/frontend
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: ./docker/Dockerfile-frontend
|
||||||
container_name: feedati_webserver
|
container_name: feedati_webserver
|
||||||
volumes:
|
volumes:
|
||||||
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
|
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
|
||||||
- ./docker/frontend-apache/:/etc/apache2/:ro
|
# - ./docker/frontend-apache/:/etc/apache2/:ro
|
||||||
- ./docker/frontend-login/:/var/www/login/:ro
|
- ./docker/frontend-login/:/var/www/login/:ro
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
|
@ -72,5 +75,12 @@ services:
|
||||||
image: jumanjiman/rsyslog:latest
|
image: jumanjiman/rsyslog:latest
|
||||||
container_name: feedati_syslog
|
container_name: feedati_syslog
|
||||||
|
|
||||||
|
panel:
|
||||||
|
image: feedati/feedspanel:latest
|
||||||
|
build:
|
||||||
|
context:
|
||||||
|
./panel/
|
||||||
|
container_name: feedati_panel
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgres_data:
|
postgres_data:
|
||||||
|
|
5
docker/Dockerfile-frontend
Normal file
5
docker/Dockerfile-frontend
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
FROM httpd:2.4-alpine
|
||||||
|
|
||||||
|
RUN apk --no-cache add apr-util-dbd_pgsql
|
||||||
|
|
||||||
|
# vim: set ft=dockerfile:
|
6
docker/dbconf-perms.sql
Normal file
6
docker/dbconf-perms.sql
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
-- these commands must be given AFTER `panelcli setup` has been run
|
||||||
|
-- and ttrss has created its tables
|
||||||
|
-- having a 'ALTER DEFAULT PRIVILEGES IN SCHEMA public' might be a little cleaner than this
|
||||||
|
GRANT USAGE ON SCHEMA users TO apache;
|
||||||
|
GRANT SELECT ON TABLE users.users TO apache;
|
||||||
|
GRANT SELECT ON ALL TABLES IN SCHEMA public TO panel;
|
6
docker/dbconf.sql
Normal file
6
docker/dbconf.sql
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
||||||
|
CREATE USER ttrss WITH PASSWORD 'ttpass';
|
||||||
|
CREATE USER panel WITH PASSWORD 'panelpass';
|
||||||
|
GRANT CREATE ON DATABASE feeds TO panel;
|
||||||
|
GRANT CREATE ON DATABASE feeds TO ttrss;
|
||||||
|
CREATE USER apache WITH PASSWORD 'apachepass';
|
|
@ -16,8 +16,8 @@ LoadModule headers_module modules/mod_headers.so
|
||||||
LoadModule proxy_module modules/mod_proxy.so
|
LoadModule proxy_module modules/mod_proxy.so
|
||||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||||
LoadModule unixd_module modules/mod_unixd.so
|
LoadModule unixd_module modules/mod_unixd.so
|
||||||
LoadModule status_module modules/mod_status.so
|
#LoadModule status_module modules/mod_status.so
|
||||||
LoadModule autoindex_module modules/mod_autoindex.so
|
#LoadModule autoindex_module modules/mod_autoindex.so
|
||||||
LoadModule dir_module modules/mod_dir.so
|
LoadModule dir_module modules/mod_dir.so
|
||||||
LoadModule alias_module modules/mod_alias.so
|
LoadModule alias_module modules/mod_alias.so
|
||||||
|
|
||||||
|
@ -27,8 +27,8 @@ LoadModule session_cookie_module modules/mod_session_cookie.so
|
||||||
LoadModule request_module modules/mod_request.so
|
LoadModule request_module modules/mod_request.so
|
||||||
LoadModule authz_user_module modules/mod_authz_user.so
|
LoadModule authz_user_module modules/mod_authz_user.so
|
||||||
LoadModule auth_form_module modules/mod_auth_form.so
|
LoadModule auth_form_module modules/mod_auth_form.so
|
||||||
LoadModule authn_file_module modules/mod_authn_file.so
|
LoadModule authn_dbd_module modules/mod_authn_dbd.so
|
||||||
# LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
LoadModule dbd_module modules/mod_dbd.so
|
||||||
|
|
||||||
LoadModule macro_module modules/mod_macro.so
|
LoadModule macro_module modules/mod_macro.so
|
||||||
LoadModule rewrite_module modules/mod_rewrite.so
|
LoadModule rewrite_module modules/mod_rewrite.so
|
||||||
|
@ -50,13 +50,14 @@ ServerAdmin you@example.com
|
||||||
|
|
||||||
ServerName feedati-fe:80
|
ServerName feedati-fe:80
|
||||||
|
|
||||||
|
DBDriver pgsql
|
||||||
|
DBDParams "host=db dbname=feeds user=apache password=apachepass"
|
||||||
|
|
||||||
<Macro Auth>
|
<Macro Auth>
|
||||||
AuthFormLoginRequiredLocation "/login/"
|
AuthFormLoginRequiredLocation "/login/"
|
||||||
AuthFormLoginRequiredLocation "/login/"
|
|
||||||
AuthFormProvider file
|
|
||||||
# authn
|
# authn
|
||||||
AuthFormProvider file
|
AuthFormProvider dbd
|
||||||
AuthUserFile /etc/apache2/passwords.txt
|
AuthDBDUserPWQuery "SELECT password FROM users.users WHERE username = %s"
|
||||||
# form
|
# form
|
||||||
AuthType form
|
AuthType form
|
||||||
AuthName "authenticationform"
|
AuthName "authenticationform"
|
||||||
|
@ -69,7 +70,7 @@ ServerName feedati-fe:80
|
||||||
<Location "/login/do">
|
<Location "/login/do">
|
||||||
SetHandler form-login-handler
|
SetHandler form-login-handler
|
||||||
Use Auth
|
Use Auth
|
||||||
AuthFormLoginSuccessLocation "/tt-rss/"
|
AuthFormLoginSuccessLocation "/panel/"
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
<Directory />
|
<Directory />
|
||||||
|
@ -209,4 +210,14 @@ ProxyPassReverse http://rss-bridge/
|
||||||
Require all granted
|
Require all granted
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
|
<Location /panel/>
|
||||||
|
ProxyPass http://panel:8000/panel/
|
||||||
|
ProxyPassReverse http://panel:8000/panel/
|
||||||
|
Use Auth
|
||||||
|
Require valid-user
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
|
||||||
|
RequestHeader set X-Forwarded-User %{RU}e
|
||||||
|
</Location>
|
||||||
|
|
||||||
# vim: set ft=apache bkc=yes:
|
# vim: set ft=apache bkc=yes:
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
admin:$2y$05$tPaBuT/mWQCvfk1C12PmV.0Dz8kt0cY1jcD53OGCN26Y8dX2kRPs.
|
|
|
@ -6,8 +6,8 @@
|
||||||
define('DB_TYPE', 'pgsql');
|
define('DB_TYPE', 'pgsql');
|
||||||
define('DB_HOST', 'db');
|
define('DB_HOST', 'db');
|
||||||
define('DB_USER', 'ttrss');
|
define('DB_USER', 'ttrss');
|
||||||
define('DB_NAME', 'ttrss');
|
define('DB_NAME', 'feeds');
|
||||||
define('DB_PASS', 'password-dev');
|
define('DB_PASS', 'ttpass');
|
||||||
define('DB_PORT', '5432');
|
define('DB_PORT', '5432');
|
||||||
|
|
||||||
define('MYSQL_CHARSET', 'UTF8');
|
define('MYSQL_CHARSET', 'UTF8');
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
### psql configuration parameters must be received as environ vars
|
||||||
|
### (PGHOST, PGDATABASE, PGUSER, PGPASSWORD)
|
||||||
timeout=60
|
timeout=60
|
||||||
for _ in $(seq 1 "$timeout"); do
|
for _ in $(seq 1 "$timeout"); do
|
||||||
if env PGPASSWORD=password-dev psql -h db -U ttrss -w ttrss -c "" -q 2> /dev/null; then
|
if psql -w -c "" -q 2> /dev/null; then
|
||||||
echo "DB ready"
|
echo "DB ready"
|
||||||
exec "$@"
|
exec "$@"
|
||||||
fi
|
fi
|
||||||
|
|
18
dodo.py
18
dodo.py
|
@ -18,6 +18,7 @@ def task_build():
|
||||||
'uptodate': [up2date_anyimages],
|
'uptodate': [up2date_anyimages],
|
||||||
'file_dep': ['docker-compose.yml',
|
'file_dep': ['docker-compose.yml',
|
||||||
'rss-bridge/Dockerfile',
|
'rss-bridge/Dockerfile',
|
||||||
|
'panel/Dockerfile',
|
||||||
] + list(scan_dir('docker')),
|
] + list(scan_dir('docker')),
|
||||||
'actions': [COMPOSE + ' build'],
|
'actions': [COMPOSE + ' build'],
|
||||||
'clean': [run_task_func(task__build_rm),
|
'clean': [run_task_func(task__build_rm),
|
||||||
|
@ -67,16 +68,23 @@ def stop():
|
||||||
|
|
||||||
def task_dbprepare():
|
def task_dbprepare():
|
||||||
'''applica il dump sql al container del db'''
|
'''applica il dump sql al container del db'''
|
||||||
|
panelcli = 'docker-compose -p feedati exec -T panel ./panelcli -db-pass panelpass -db-addr db:5432 '
|
||||||
|
psql = r'docker exec -i $(docker ps -aqf name=feedati_db) env PGPASSWORD=superpass psql -h 127.0.0.1 -f - -d feeds superadmin '
|
||||||
return {
|
return {
|
||||||
'setup': ['_dbprepare_clean', 'build'],
|
'setup': ['_dbprepare_clean', 'build'],
|
||||||
'file_dep': ['docker/ttrss.sql'],
|
'file_dep': list(scan_dir('docker', '*.sql')),
|
||||||
'actions': [
|
'actions': [
|
||||||
(COMPOSE + ' up -d db').split(),
|
(COMPOSE + ' up -d db panel').split(),
|
||||||
(wait_net_service, ('localhost', 5432, 300)),
|
(wait_net_service, ('localhost', 5432, 300)),
|
||||||
(wait_pgsql_db, ('feedati_db', 'ttrss', 'ttrss')),
|
(wait_pgsql_db, ('feedati_db', 'feeds', 'superadmin')),
|
||||||
'echo LOADING DB',
|
'echo LOADING DB',
|
||||||
r'docker exec -i $(docker ps -aqf name=feedati_db) '
|
# dbconf.sql would be better put in /docker-entrypoint-initdb.d/init-user-db.sh
|
||||||
'psql -h 127.0.0.1 -f - -d ttrss ttrss < docker/ttrss.sql',
|
# (see https://hub.docker.com/r/library/postgres/ )
|
||||||
|
psql + ' < docker/dbconf.sql',
|
||||||
|
psql + ' < docker/ttrss.sql',
|
||||||
|
panelcli + 'setup',
|
||||||
|
panelcli + 'adduser -password password admin ad@m.in',
|
||||||
|
psql + ' < docker/dbconf-perms.sql',
|
||||||
'echo DB RESTORED',
|
'echo DB RESTORED',
|
||||||
],
|
],
|
||||||
'teardown': [(stop, [])],
|
'teardown': [(stop, [])],
|
||||||
|
|
1
panel
Submodule
1
panel
Submodule
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 5abac50fca9b5ce0bfc7dddbed88d48f184900cc
|
Loading…
Reference in a new issue