Skip to content

Commit

Permalink
Merge pull request #639 from moqui/acme-docker-compose
Browse files Browse the repository at this point in the history
Acme docker compose
  • Loading branch information
acetousk authored Jul 31, 2024
2 parents 5edbd03 + 803f2ae commit f6e7025
Show file tree
Hide file tree
Showing 4 changed files with 203 additions and 3 deletions.
14 changes: 13 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

# gradle/build files
build
.gradle
Expand All @@ -13,7 +14,18 @@ build
/docker/runtime
/docker/db
/docker/elasticsearch/data/nodes
/docker/opensearch/data/nodes
/docker/opensearch/data/nodes/*
!/docker/opensearch/data/nodes/README
/docker/acme.sh
/docker/nginx/conf.d
/docker/nginx/vhost.d
/docker/nginx/html
## Do not want to accidentally commit production certificates https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/
/docker/certs
!/docker/certs/moqui1.local.*
!/docker/certs/moqui2.local.*
!/docker/certs/moqui.local.*
!/docker/certs/README

# IntelliJ IDEA files
.idea
Expand Down
187 changes: 187 additions & 0 deletions docker/moqui-acme-postgres.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
# A Docker Compose application with Moqui, Postgres, OpenSearch, OpenSearch Dashboards, and virtual hosting through
# nginx-proxy supporting multiple moqui instances on different hostnames.

# Run with something like this for detached mode:
# $ docker compose -f moqui-postgres-compose.yml -p moqui up -d
# Or to copy runtime directories for mounted volumes, set default settings, etc use something like this:
# $ ./compose-run.sh moqui-postgres-compose.yml
# This sets the project/app name to 'moqui' and the network will be 'moqui_default', to be used by external moqui containers

# Test locally by adding the virtual host to /etc/hosts or with something like:
# $ curl -H "Host: moqui.local" localhost/Login

# To run an additional instance of moqui run something like this (but with
# many more arguments for volume mapping, db setup, etc):
# $ docker run -e VIRTUAL_HOST=moqui2.local --name moqui2_local --network moqui_default moqui

# To import data from the docker host using port 5432 mapped for 127.0.0.1 only use something like this:
# $ psql -h 127.0.0.1 -p 5432 -U moqui -W moqui < pg-dump.sql

version: "2"
services:
nginx-proxy:
# For documentation on SSL and other settings see:
# https://github.com/nginxproxy/nginx-proxy
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
# note: .crt, .key, and .dhparam.pem files start with the domain name in VIRTUAL_HOST (ie 'acetousk.com.*') or use CERT_NAME env var
- ./certs:/etc/nginx/certs
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d
- ./nginx/html:/usr/share/nginx/html
environment:
# change this for the default host to use when accessing directly by IP, etc
- DEFAULT_HOST=moqui.local
# use SSL_POLICY to disable TLSv1.0, etc in nginx-proxy
- SSL_POLICY=AWS-TLS-1-1-2017-01
networks:
- proxy-tier

acme-companion:
image: nginxproxy/acme-companion
container_name: acme-companion
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
- ./certs:/etc/nginx/certs
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d
- ./nginx/html:/usr/share/nginx/html
- ./acme.sh:/etc/acme.sh
networks:
- proxy-tier
environment:
# TODO: For production change this to your email
- [email protected]
# TODO: For production change this to false
- LETSENCRYPT_TEST=true
depends_on:
- nginx-proxy

moqui-server:
image: moqui
container_name: moqui-server
command: conf=conf/MoquiProductionConf.xml no-run-es
restart: always
links:
- moqui-database
- moqui-search
volumes:
- /etc/localtime:/etc/localtime:ro
- ./runtime/conf:/opt/moqui/runtime/conf
- ./runtime/lib:/opt/moqui/runtime/lib
- ./runtime/classes:/opt/moqui/runtime/classes
- ./runtime/ecomponent:/opt/moqui/runtime/ecomponent
- ./runtime/log:/opt/moqui/runtime/log
- ./runtime/txlog:/opt/moqui/runtime/txlog
- ./runtime/sessions:/opt/moqui/runtime/sessions
# this one isn't needed when not using H2/etc:- ./runtime/db:/opt/moqui/runtime/db
environment:
- "JAVA_TOOL_OPTIONS=-Xms1024m -Xmx1024m"
- instance_purpose=production
- entity_ds_db_conf=postgres
- entity_ds_host=moqui-database
- entity_ds_port=5432
- entity_ds_database=moqui
- entity_ds_schema=public
- entity_ds_user=moqui
- entity_ds_password='MOQUI_CHANGE_ME!!!'
- entity_ds_crypt_pass='DEFAULT_CHANGE_ME!!!'
# configuration for ElasticFacade.ElasticClient, make sure the old moqui-elasticsearch component is NOT included in the Moqui build
- elasticsearch_url=https://moqui-search:9200
# prefix for index names, use something distinct and not 'moqui_' or 'mantle_' which match the beginning of OOTB index names
- elasticsearch_index_prefix=default_
- elasticsearch_user=admin
- elasticsearch_password=admin
# CHANGE ME - note that VIRTUAL_HOST is for nginx-proxy so it picks up this container as one it should reverse proxy
# this can be a comma separate list of hosts like 'example.com,www.example.com'
- VIRTUAL_HOST=moqui.local
- LETSENCRYPT_HOST=moqui.local
# moqui will accept traffic from other hosts but these are the values used for URL writing when specified:
# - webapp_http_host=moqui.local
- webapp_http_port=80
- webapp_https_port=443
- webapp_https_enabled=true
# nginx-proxy populates X-Real-IP with remote_addr by default, better option for outer proxy than X-Forwarded-For which defaults to proxy_add_x_forwarded_for
- webapp_client_ip_header=X-Real-IP
- default_locale=en_US
- default_time_zone=US/Pacific
networks:
- proxy-tier
- default

moqui-database:
image: postgres:14.5
container_name: moqui-database
restart: always
ports:
# change this as needed to bind to any address or even comment to not expose port outside containers
- 127.0.0.1:5432:5432
volumes:
- /etc/localtime:/etc/localtime:ro
# edit these as needed to map configuration and data storage
- ./db/postgres/data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=moqui
- POSTGRES_DB_SCHEMA=public
- POSTGRES_USER=moqui
- POSTGRES_PASSWORD='MOQUI_CHANGE_ME!!!'
# PGDATA, POSTGRES_INITDB_ARGS
networks:
default:

moqui-search:
image: opensearchproject/opensearch:2.4.0
container_name: moqui-search
restart: always
ports:
# change this as needed to bind to any address or even comment to not expose port outside containers
- 127.0.0.1:9200:9200
- 127.0.0.1:9300:9300
volumes:
- /etc/localtime:/etc/localtime:ro
# edit these as needed to map configuration and data storage
- ./opensearch/data/nodes:/usr/share/opensearch/data/nodes
# - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
# - ./opensearch/logs:/usr/share/opensearch/logs
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- discovery.type=single-node
- network.host=_site_
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
networks:
proxy-tier:

opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.4.0
container_name: opensearch-dashboards
volumes:
- /etc/localtime:/etc/localtime:ro
links:
- moqui-search
ports:
- 127.0.0.1:5601:5601
environment:
OPENSEARCH_HOSTS: '["https://moqui-search:9200"]'
networks:
default:
proxy-tier:

networks:
proxy-tier:
1 change: 1 addition & 0 deletions docker/opensearch/data/nodes/README
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This directory must exist for mapping otherwise created as root in container and opensearch cannot access it.
4 changes: 2 additions & 2 deletions docker/simple/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ ARG search_name=opensearch

RUN if [ -d runtime/opensearch/bin ]; then echo "Installing OpenSearch User"; \
search_name=opensearch; \
groupadd -g 1000 opensearch && \
useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch && \
groupadd -g 1000 opensearch 2>/dev/null || echo "group 1000 already exists" && \
useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch 2>/dev/null || echo "user 1000 already exists" && \
chmod 0775 /opt/moqui/runtime/opensearch && \
chown -R 1000:0 /opt/moqui/runtime/opensearch; \
elif [ -d runtime/elasticsearch/bin ]; then echo "Installing ElasticSearch User"; \
Expand Down

0 comments on commit f6e7025

Please sign in to comment.