From b1cf2fe0a1e22fa9980b5d83dcd47de8c0f6fe16 Mon Sep 17 00:00:00 2001 From: Jeff Fredrickson Date: Thu, 13 Jul 2023 14:57:14 -0600 Subject: [PATCH] enable SSL on local dev DB; clean up local dev stack --- Dockerfile | 5 ---- README.md | 4 +-- dev/db/Dockerfile | 6 +++++ dev/db/generate-cert.sh | 14 ++++++++++ Dockerfile.uaadev => dev/uaa/Dockerfile | 0 uaadev.yml => dev/uaa/uaa.yml | 0 docker-compose.yaml | 34 ++++++++++--------------- 7 files changed, 34 insertions(+), 29 deletions(-) delete mode 100644 Dockerfile create mode 100644 dev/db/Dockerfile create mode 100755 dev/db/generate-cert.sh rename Dockerfile.uaadev => dev/uaa/Dockerfile (100%) rename uaadev.yml => dev/uaa/uaa.yml (100%) diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index cb28e26d..00000000 --- a/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM python:3.10 -WORKDIR /usr/src/app -COPY requirements*.txt . -RUN pip install --no-cache-dir -r requirements.dev.txt -r requirements.txt -CMD ["uvicorn", "training.main:app", "--host", "0.0.0.0", "--reload"] diff --git a/README.md b/README.md index f20eb67d..f871793d 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,9 @@ npm run build:frontend ### Service dependencies -This app depends on Redis to support the temporary tokens used for verification emails. It also uses PostgreSQL as a main data store. For administrator logins, the app requires an OAuth server. To start up local services: +This app depends on a few services. For local development, these services have been neatly packaged into a Docker Compose stack. First, optionally edit `dev/uaa/uaa.yml` to create your own test user accounts (see the `scim.users` section of that file). Then to run the services: ```sh -docker-compose up -# Or to run them in the background: docker-compose up -d ``` diff --git a/dev/db/Dockerfile b/dev/db/Dockerfile new file mode 100644 index 00000000..1ec4cf1f --- /dev/null +++ b/dev/db/Dockerfile @@ -0,0 +1,6 @@ +# For best results, match version in use by cloud.gov RDS +FROM postgres:12 + +ADD generate-cert.sh /tmp/generate-cert.sh + +RUN /tmp/generate-cert.sh diff --git a/dev/db/generate-cert.sh b/dev/db/generate-cert.sh new file mode 100755 index 00000000..1df62419 --- /dev/null +++ b/dev/db/generate-cert.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +echo "Generating SSL certificate..." + +set -euo pipefail + +openssl req \ + -new -x509 -days 3650 -nodes \ + -subj /CN=localhost \ + -out /var/lib/postgresql/server.crt \ + -keyout /var/lib/postgresql/server.key + +chown postgres:postgres /var/lib/postgresql/server.{crt,key} +chmod 600 /var/lib/postgresql/server.{crt,key} diff --git a/Dockerfile.uaadev b/dev/uaa/Dockerfile similarity index 100% rename from Dockerfile.uaadev rename to dev/uaa/Dockerfile diff --git a/uaadev.yml b/dev/uaa/uaa.yml similarity index 100% rename from uaadev.yml rename to dev/uaa/uaa.yml diff --git a/docker-compose.yaml b/docker-compose.yaml index dea5d2ff..15bf7c8f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,43 +1,35 @@ version: '3.8' + services: + redis: image: redis:6.2-alpine ports: - "6379:6379" + db: - image: postgres:12 # For best results, match version in use by cloud.gov RDS + build: + context: ./dev/db + command: > + -c ssl=on + -c ssl_cert_file=/var/lib/postgresql/server.crt + -c ssl_key_file=/var/lib/postgresql/server.key ports: - "5432:5432" environment: - POSTGRES_PASSWORD=postgres + adminer: image: adminer ports: - "8432:8080" depends_on: - db + uaa: build: - context: . - dockerfile: Dockerfile.uaadev + context: ./dev/uaa ports: - "8080:8080" volumes: - - ./uaadev.yml:/tmp/uaa/uaa/src/main/resources/uaa.yml:ro - # api: - # build: - # context: . - # ports: - # - "8000:8000" - # volumes: - # - ./:/usr/src/app - # depends_on: - # - redis - # - db - # web: - # build: - # context: ./training-front-end - # ports: - # - "3000:3000" - # volumes: - # - ./training-front-end:/usr/src/app + - ./dev/uaa/uaa.yml:/tmp/uaa/uaa/src/main/resources/uaa.yml:ro