diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,34 @@ +# Disclaimer: This file is only for development and testing purposes, Docker is +# not used in production environment for identity.kde.org. +version: "3" +services: + ldap: + image: osixia/openldap:1.2.4 + command: "--copy-service" + environment: + LDAP_ORGANISATION: KDE e.V. + LDAP_DOMAIN: kde.org + LDAP_ADMIN_PASSWORD: adminsecret + LDAP_RFC2307BIS_SCHEMA: "true" + volumes: + - ./protected/data/kde.schema:/container/service/slapd/assets/config/bootstrap/schema/kde.schema + - ./docker/ldap/initial-directory.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-directory.ldif + mysql: + image: mysql:8.0.16 + command: --default-authentication-plugin=mysql_native_password + environment: + MYSQL_DATABASE: solenadb + MYSQL_ROOT_PASSWORD: root-secret + MYSQL_USER: user + MYSQL_PASSWORD: secret + volumes: + - ./protected/data/database-schema.sql:/docker-entrypoint-initdb.d/database-schema.sql + app: + build: + context: ./ + dockerfile: ./docker/Dockerfile + depends_on: + - ldap + - mysql + ports: + - 9000:80 diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,16 @@ +FROM debian:8 + +RUN apt-get update +RUN apt-get install -y --no-install-recommends ca-certificates \ + php5-imagick php5-ldap php5-mysql php5-mcrypt php-pear php5-fpm \ + nginx + +RUN mkdir -p /var/www/html/assets /var/www/html/protected/runtime /var/www/html/protected/config +RUN chown www-data:www-data /var/www/html/assets /var/www/html/protected/runtime +COPY ./docker/nginx-default /etc/nginx/sites-available/default +COPY ./docker/config-main.php /var/www/html/protected/config/main.php + +WORKDIR /var/www/html +COPY . . + +CMD ["/bin/bash", "-c", "service php5-fpm start && service nginx start && sleep infinity"] diff --git a/docker/config-main.php b/docker/config-main.php new file mode 100644 --- /dev/null +++ b/docker/config-main.php @@ -0,0 +1,118 @@ + dirname(__FILE__) . DIRECTORY_SEPARATOR . '..', + 'name' => 'Solena', + + // preloading 'log' component + 'preload' => array('log', 'ldap'), + + // autoloading model and component classes + 'import' => array( + 'application.models.*', + 'application.components.*', + 'application.validators.*', + 'ext.ldapsuite.*', + 'ext.yii-mail.*', + 'application.vendors.PEAR.*', + ), + + 'modules' => array(), + + // application components + 'components' => array( + 'user' => array( + 'class' => 'WebUser', + 'autoUpdateFlash' => false, + ), + 'authManager' => array( + 'class' => 'PhpAuthManager', + ), + 'format' => array( + 'class' => 'application.components.Formatter', + 'dateFormat' => 'dd/MM/yyyy', + ), + 'request' => array( + 'enableCookieValidation' => true, + 'enableCsrfValidation' => true, + 'csrfCookie' => array('secure' => false, 'httpOnly' => false), + ), + 'securityManager' => array( + 'cryptAlgorithm' => 'rijndael-256', + ), + /* + 'urlManager'=>array( + 'urlFormat'=>'path', + 'rules'=>array( + '/'=>'/view', + '//'=>'/', + '/'=>'/', + ), + ), + */ + 'ldap' => array( + 'class' => 'SLdapServer', + 'baseDn' => 'dc=kde,dc=org', + 'bindDn' => 'cn=admin,dc=kde,dc=org', + 'bindPassword' => 'adminsecret', + 'operateAsUser' => false, + 'host' => 'ldap', + ), + 'db' => array( + 'connectionString' => 'mysql:host=mysql;dbname=solenadb', + 'emulatePrepare' => true, + 'username' => 'root', + 'password' => 'root-secret', + 'charset' => 'utf8', + ), + 'mail' => array( + 'class' => 'ext.yii-mail.YiiMail', + 'transportType' => 'php', + 'viewPath' => 'application.views.mail', + ), + 'tokenGrid' => array( + 'class' => 'application.components.TokenGridManager', + 'gridRows' => 10, + 'gridColumns' => 10, + 'tokenLength' => 4, + 'gridSalt' => '', + ), + 'errorHandler' => array( + 'errorAction' => 'site/error', + ), + 'log' => array( + 'class' => 'CLogRouter', + 'routes' => array( + array( + 'class' => 'CFileLogRoute', + 'levels' => 'error, warning', + ), + ), + ), + ), + + // application-level parameters + 'params' => array( + 'adminEmail' => 'webmaster@example.com', + 'registerNotify' => 'webmaster@example.com', + 'registrationUnit' => 'ou=people,dc=kde,dc=org', + 'defaultGroup' => 'users', + 'developerGroup' => 'developers', + 'disabledDeveloperGroup' => 'disabled-developers', + 'refererWhiteList' => array( + 'forum.kde.org', + 'projects.kde.org', + 'userbase.kde.org', + 'techbase.kde.org', + 'community.kde.org' + ), + + 'recaptcha-sitekey' => '6LdYAK4UAAAAAFg_gXp7xUZKlX57B7UYTihayCuL', + 'recaptcha-secret' => '6LdYAK4UAAAAAJ1xjsAbNq2AEceniL2HHYIevZBP', + ), +); diff --git a/docker/ldap/initial-directory.ldif b/docker/ldap/initial-directory.ldif new file mode 100644 --- /dev/null +++ b/docker/ldap/initial-directory.ldif @@ -0,0 +1,92 @@ +# people, kde.org +dn: ou=people,dc=kde,dc=org +objectClass: organizationalUnit +ou: people + +# site-admin, people, kde.org +dn: uid=site-admin,ou=people,dc=kde,dc=org +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: kdeAccount +uid: site-admin +givenName: Site +sn: Admin +cn: Site Admin +mail: sysadmin@kde.org +groupMember: sysadmins +userPassword: admin-password + +# groups, kde.org +dn: ou=groups,dc=kde,dc=org +objectClass: organizationalUnit +ou: groups + +# sysadmins, groups, kde.org +dn: cn=sysadmins,ou=groups,dc=kde,dc=org +gidNumber: 1000 +objectClass: top +objectClass: posixGroup +objectClass: groupOfNames +cn: sysadmins +description: Site Administrators +memberUid: site-admin +member: uid=site-admin,ou=people,dc=kde,dc=org + +# users, groups, kde.org +dn: cn=users,ou=groups,dc=kde,dc=org +gidNumber: 1001 +objectClass: top +objectClass: posixGroup +objectClass: groupOfNames +cn: users +description: Users +member: cn=users,ou=groups,dc=kde,dc=org + +# developers, groups, kde.org +dn: cn=developers,ou=groups,dc=kde,dc=org +gidNumber: 1002 +objectClass: top +objectClass: posixGroup +objectClass: groupOfNames +cn: developers +description: Developers +member: cn=developers,ou=groups,dc=kde,dc=org + +# disabled-developers, groups, kde.org +dn: cn=disabled-developers,ou=groups,dc=kde,dc=org +gidNumber: 1003 +objectClass: top +objectClass: posixGroup +objectClass: groupOfNames +cn: disabled-developers +description: Disabled Developers +member: cn=disabled-developers,ou=groups,dc=kde,dc=org + +# locked, kde.org +dn: ou=locked,dc=kde,dc=org +objectClass: organizationalUnit +ou: locked + +# passwordpolicy, kde.org +dn: cn=passwordpolicy,dc=kde,dc=org +objectClass: top +objectClass: organizationalRole +objectClass: pwdPolicy +cn: passwordpolicy +pwdAttribute: 2.5.4.35 +pwdAllowUserChange: TRUE +pwdLockout: TRUE +pwdLockoutDuration: 3600 +pwdMaxFailure: 5 + +# solena-service, kde.org +dn: cn=solena-service,dc=kde,dc=org +objectClass: top +objectClass: person +objectClass: inetOrgPerson +givenName: Solena +sn: Service +cn: Solena Service +userPassword: service-password diff --git a/docker/nginx-default b/docker/nginx-default new file mode 100644 --- /dev/null +++ b/docker/nginx-default @@ -0,0 +1,35 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.php; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass the PHP scripts to FastCGI server + location ~ \.php$ { + include snippets/fastcgi-php.conf; + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + } +}