Compare commits
No commits in common. "master" and "central-auth" have entirely different histories.
master
...
central-au
13 changed files with 28 additions and 164 deletions
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -5,6 +5,3 @@
|
|||
[submodule "rss-bridge"]
|
||||
path = rss-bridge
|
||||
url = https://git.lattuga.net/blallo/rss-bridge.git
|
||||
[submodule "panel"]
|
||||
path = panel
|
||||
url = https://git.lattuga.net/blallo/feedpanel
|
||||
|
|
46
doc/DB.rst
46
doc/DB.rst
|
@ -1,46 +0,0 @@
|
|||
Database(s) structure
|
||||
=====================
|
||||
|
||||
We have a single postgres instance on ``db`` container. ``tt-rss`` has its own
|
||||
database ``tt-rss`` (?). There will be another one for the app that keeps all
|
||||
together.
|
||||
|
||||
feedati
|
||||
-------
|
||||
|
||||
The db structure is, right now, the following:
|
||||
|
||||
======== ======= ======= =========
|
||||
Schema Name Type Owner
|
||||
======== ======= ======= =========
|
||||
public users table postgres
|
||||
======== ======= ======= =========
|
||||
|
||||
The following statements create the db and the table:
|
||||
|
||||
.. code:: sql
|
||||
|
||||
CREATE DATABASE feedati WITH ENCODING=UTF8 OWNER=postgres;
|
||||
|
||||
Then create the table:
|
||||
|
||||
.. code:: sql
|
||||
|
||||
CREATE EXTENSION IF NOT EXIST "uuid-ossp";
|
||||
CREATE TABLE users
|
||||
(
|
||||
uuid uuid NOT NULL DEFAULT uuid_generate_v1(),
|
||||
email text NOT NULL,
|
||||
pass_hash varchar(512) NOT NULL,
|
||||
CONSTRAINT users_pkey PRIMARY KEY (uuid)
|
||||
);
|
||||
|
||||
Example table content:
|
||||
|
||||
====================================== ============= ==============================================================
|
||||
uuid email pass_hash
|
||||
====================================== ============= ==============================================================
|
||||
b0abc42e-be71-11e8-a054-0242ac110002 me@domin.io $2a$10$8z35dF9/U6VJzpwDt2.Hm.QT78izNZI.IYSZFYCFQmBykEwWUNajq
|
||||
cff36cba-be71-11e8-a054-0242ac110002 luke@dom.it $2a$10$J7slNiXjQexMJXNgaEkeAeUtw7ERwNciM1KVMGwM3X.P/GUk8o7.C
|
||||
====================================== ============= ==============================================================
|
||||
|
|
@ -2,14 +2,14 @@ version: "3.6"
|
|||
|
||||
services:
|
||||
db:
|
||||
image: postgres:10-alpine
|
||||
image: postgres:10
|
||||
container_name: feedati_db
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_USER=superadmin
|
||||
- POSTGRES_PASSWORD=superpass
|
||||
- POSTGRES_DB=feeds
|
||||
- POSTGRES_USER=ttrss
|
||||
- POSTGRES_PASSWORD=password-dev
|
||||
- POSTGRES_DB=ttrss
|
||||
ports:
|
||||
- 5432:5432
|
||||
|
||||
|
@ -37,7 +37,7 @@ services:
|
|||
environment:
|
||||
- PHP_DISPLAY_ERRORS=stdout
|
||||
- PHP_DISPLAY_STARTUP_ERROR=1
|
||||
entrypoint: 'env PGHOST=db PGDATABASE=feeds PGUSER=ttrss PGPASSWORD=ttpass wait-db php7 /app/public/tt-rss/update.php --daemon'
|
||||
entrypoint: 'wait-db php7 /app/public/tt-rss/update.php --daemon'
|
||||
ports: []
|
||||
depends_on:
|
||||
- db
|
||||
|
@ -56,14 +56,11 @@ services:
|
|||
- APACHE_SERVER_NAME=rss-bridge
|
||||
|
||||
feedati-fe:
|
||||
image: feedati/frontend
|
||||
build:
|
||||
context: .
|
||||
dockerfile: ./docker/Dockerfile-frontend
|
||||
image: httpd:2.4-alpine
|
||||
container_name: feedati_webserver
|
||||
volumes:
|
||||
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
|
||||
# - ./docker/frontend-apache/:/etc/apache2/:ro
|
||||
- ./docker/frontend-apache/:/etc/apache2/:ro
|
||||
- ./docker/frontend-login/:/var/www/login/:ro
|
||||
ports:
|
||||
- 80:80
|
||||
|
@ -75,12 +72,5 @@ services:
|
|||
image: jumanjiman/rsyslog:latest
|
||||
container_name: feedati_syslog
|
||||
|
||||
panel:
|
||||
image: feedati/feedspanel:latest
|
||||
build:
|
||||
context:
|
||||
./panel/
|
||||
container_name: feedati_panel
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
FROM httpd:2.4-alpine
|
||||
|
||||
RUN apk --no-cache add apr-util-dbd_pgsql
|
||||
|
||||
# vim: set ft=dockerfile:
|
|
@ -1,6 +0,0 @@
|
|||
-- these commands must be given AFTER `panelcli setup` has been run
|
||||
-- and ttrss has created its tables
|
||||
-- having a 'ALTER DEFAULT PRIVILEGES IN SCHEMA public' might be a little cleaner than this
|
||||
GRANT USAGE ON SCHEMA users TO apache;
|
||||
GRANT SELECT ON TABLE users.users TO apache;
|
||||
GRANT SELECT ON ALL TABLES IN SCHEMA public TO panel;
|
|
@ -1,6 +0,0 @@
|
|||
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
||||
CREATE USER ttrss WITH PASSWORD 'ttpass';
|
||||
CREATE USER panel WITH PASSWORD 'panelpass';
|
||||
GRANT CREATE ON DATABASE feeds TO panel;
|
||||
GRANT CREATE ON DATABASE feeds TO ttrss;
|
||||
CREATE USER apache WITH PASSWORD 'apachepass';
|
|
@ -16,8 +16,8 @@ LoadModule headers_module modules/mod_headers.so
|
|||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule proxy_http_module modules/mod_proxy_http.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
#LoadModule status_module modules/mod_status.so
|
||||
#LoadModule autoindex_module modules/mod_autoindex.so
|
||||
LoadModule status_module modules/mod_status.so
|
||||
LoadModule autoindex_module modules/mod_autoindex.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule alias_module modules/mod_alias.so
|
||||
|
||||
|
@ -27,8 +27,8 @@ LoadModule session_cookie_module modules/mod_session_cookie.so
|
|||
LoadModule request_module modules/mod_request.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
LoadModule auth_form_module modules/mod_auth_form.so
|
||||
LoadModule authn_dbd_module modules/mod_authn_dbd.so
|
||||
LoadModule dbd_module modules/mod_dbd.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
# LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
||||
|
||||
LoadModule macro_module modules/mod_macro.so
|
||||
LoadModule rewrite_module modules/mod_rewrite.so
|
||||
|
@ -50,14 +50,13 @@ ServerAdmin you@example.com
|
|||
|
||||
ServerName feedati-fe:80
|
||||
|
||||
DBDriver pgsql
|
||||
DBDParams "host=db dbname=feeds user=apache password=apachepass"
|
||||
|
||||
<Macro Auth>
|
||||
AuthFormLoginRequiredLocation "/login/"
|
||||
AuthFormLoginRequiredLocation "/login/"
|
||||
AuthFormProvider file
|
||||
# authn
|
||||
AuthFormProvider dbd
|
||||
AuthDBDUserPWQuery "SELECT password FROM users.users WHERE username = %s"
|
||||
AuthFormProvider file
|
||||
AuthUserFile /etc/apache2/passwords.txt
|
||||
# form
|
||||
AuthType form
|
||||
AuthName "authenticationform"
|
||||
|
@ -70,7 +69,7 @@ DBDParams "host=db dbname=feeds user=apache password=apachepass"
|
|||
<Location "/login/do">
|
||||
SetHandler form-login-handler
|
||||
Use Auth
|
||||
AuthFormLoginSuccessLocation "/panel/"
|
||||
AuthFormLoginSuccessLocation "/tt-rss/"
|
||||
</Location>
|
||||
|
||||
<Directory />
|
||||
|
@ -189,8 +188,6 @@ LogLevel warn
|
|||
#AddOutputFilter INCLUDES .shtml
|
||||
</IfModule>
|
||||
|
||||
Redirect permanent "/tt-rss" "/tt-rss/"
|
||||
|
||||
ProxyPreserveHost On
|
||||
<Location /tt-rss/>
|
||||
ProxyPass http://tt-rss/tt-rss/
|
||||
|
@ -202,22 +199,10 @@ RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
|
|||
RequestHeader set X-Forwarded-User %{RU}e
|
||||
</Location>
|
||||
|
||||
Redirect permanent "/rss-bridge" "/rss-bridge/"
|
||||
|
||||
<Location /rss-bridge/>
|
||||
ProxyPass http://rss-bridge/
|
||||
ProxyPassReverse http://rss-bridge/
|
||||
Require all granted
|
||||
</Location>
|
||||
|
||||
<Location /panel/>
|
||||
ProxyPass http://panel:8000/panel/
|
||||
ProxyPassReverse http://panel:8000/panel/
|
||||
Use Auth
|
||||
Require valid-user
|
||||
RewriteEngine on
|
||||
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER},NS]
|
||||
RequestHeader set X-Forwarded-User %{RU}e
|
||||
</Location>
|
||||
|
||||
# vim: set ft=apache bkc=yes:
|
||||
|
|
1
docker/frontend-apache/passwords.txt
Normal file
1
docker/frontend-apache/passwords.txt
Normal file
|
@ -0,0 +1 @@
|
|||
admin:$2y$05$tPaBuT/mWQCvfk1C12PmV.0Dz8kt0cY1jcD53OGCN26Y8dX2kRPs.
|
|
@ -6,8 +6,8 @@
|
|||
define('DB_TYPE', 'pgsql');
|
||||
define('DB_HOST', 'db');
|
||||
define('DB_USER', 'ttrss');
|
||||
define('DB_NAME', 'feeds');
|
||||
define('DB_PASS', 'ttpass');
|
||||
define('DB_NAME', 'ttrss');
|
||||
define('DB_PASS', 'password-dev');
|
||||
define('DB_PORT', '5432');
|
||||
|
||||
define('MYSQL_CHARSET', 'UTF8');
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
#!/bin/bash
|
||||
### psql configuration parameters must be received as environ vars
|
||||
### (PGHOST, PGDATABASE, PGUSER, PGPASSWORD)
|
||||
timeout=60
|
||||
for _ in $(seq 1 "$timeout"); do
|
||||
if psql -w -c "" -q 2> /dev/null; then
|
||||
if env PGPASSWORD=password-dev psql -h db -U ttrss -w ttrss -c "" -q 2> /dev/null; then
|
||||
echo "DB ready"
|
||||
exec "$@"
|
||||
fi
|
||||
|
|
57
dodo.py
57
dodo.py
|
@ -1,6 +1,5 @@
|
|||
import subprocess
|
||||
import os
|
||||
import sys
|
||||
|
||||
from doit.tools import LongRunning
|
||||
|
||||
|
@ -9,7 +8,7 @@ from dodo_utils import wait_net_service, wait_pgsql_db, \
|
|||
run_task_func, scan_dir
|
||||
|
||||
COMPOSE = 'docker-compose -p feedati'
|
||||
DOIT_CONFIG = {'default_tasks': ['up'], 'backend': 'sqlite3'}
|
||||
DOIT_CONFIG = {'default_tasks': ['up']}
|
||||
|
||||
|
||||
def task_build():
|
||||
|
@ -18,7 +17,6 @@ def task_build():
|
|||
'uptodate': [up2date_anyimages],
|
||||
'file_dep': ['docker-compose.yml',
|
||||
'rss-bridge/Dockerfile',
|
||||
'panel/Dockerfile',
|
||||
] + list(scan_dir('docker')),
|
||||
'actions': [COMPOSE + ' build'],
|
||||
'clean': [run_task_func(task__build_rm),
|
||||
|
@ -67,24 +65,17 @@ def stop():
|
|||
|
||||
|
||||
def task_dbprepare():
|
||||
'''applica il dump sql al container del db'''
|
||||
panelcli = 'docker-compose -p feedati exec -T panel ./panelcli -db-pass panelpass -db-addr db:5432 '
|
||||
psql = r'docker exec -i $(docker ps -aqf name=feedati_db) env PGPASSWORD=superpass psql -h 127.0.0.1 -f - -d feeds superadmin '
|
||||
'''applica il dump sql al container del db'''
|
||||
return {
|
||||
'setup': ['_dbprepare_clean', 'build'],
|
||||
'file_dep': list(scan_dir('docker', '*.sql')),
|
||||
'file_dep': ['docker/ttrss.sql'],
|
||||
'actions': [
|
||||
(COMPOSE + ' up -d db panel').split(),
|
||||
(COMPOSE + ' up -d db').split(),
|
||||
(wait_net_service, ('localhost', 5432, 300)),
|
||||
(wait_pgsql_db, ('feedati_db', 'feeds', 'superadmin')),
|
||||
(wait_pgsql_db, ('feedati_db', 'ttrss', 'ttrss')),
|
||||
'echo LOADING DB',
|
||||
# dbconf.sql would be better put in /docker-entrypoint-initdb.d/init-user-db.sh
|
||||
# (see https://hub.docker.com/r/library/postgres/ )
|
||||
psql + ' < docker/dbconf.sql',
|
||||
psql + ' < docker/ttrss.sql',
|
||||
panelcli + 'setup',
|
||||
panelcli + 'adduser -password password admin ad@m.in',
|
||||
psql + ' < docker/dbconf-perms.sql',
|
||||
r'docker exec -i $(docker ps -aqf name=feedati_db) '
|
||||
'psql -h 127.0.0.1 -f - -d ttrss ttrss < docker/ttrss.sql',
|
||||
'echo DB RESTORED',
|
||||
],
|
||||
'teardown': [(stop, [])],
|
||||
|
@ -113,40 +104,6 @@ def task_up():
|
|||
}
|
||||
|
||||
|
||||
def _get_valid_services():
|
||||
srv = subprocess.check_output((COMPOSE + ' config --services').split())
|
||||
return srv.decode('utf-8').strip().split()
|
||||
|
||||
|
||||
def restart(services):
|
||||
'''This actually restart the container(s).'''
|
||||
valid = _get_valid_services()
|
||||
err = False
|
||||
for service in services:
|
||||
if service not in valid:
|
||||
print('ERROR: invalid service %s' % service, file=sys.stderr)
|
||||
err = True
|
||||
if err or not services:
|
||||
print('Valid services are: ' + ', '.join(valid), file=sys.stderr)
|
||||
return False
|
||||
for service in services:
|
||||
subprocess.check_call((COMPOSE + ' restart %s' % service).split())
|
||||
return True
|
||||
|
||||
|
||||
def task_restart():
|
||||
'''Restarts a container specified via commandline.'''
|
||||
return {
|
||||
'params': [{'name': 'services',
|
||||
'short': 's',
|
||||
'long': 'service',
|
||||
'type': list,
|
||||
'default': [],
|
||||
'help': "the list of services to be restarted"}],
|
||||
'actions': [(restart, )],
|
||||
}
|
||||
|
||||
|
||||
def task__cleanall():
|
||||
'''clean everything there is to clean'''
|
||||
return {
|
||||
|
|
1
panel
1
panel
|
@ -1 +0,0 @@
|
|||
Subproject commit 6605001ad948259e55de8e6625b77f6402cfff0a
|
|
@ -1 +1 @@
|
|||
Subproject commit 3821ca9737eeafe6ef69ab57d980c233e6b2a00c
|
||||
Subproject commit c1494adace180fae50d1476fcdec3648423f8ea2
|
Loading…
Reference in a new issue