Provide docker-compose setup for production (#1)

* chore: Add docker compose file for production * chore: Ignoring unnecessary files after initial docker-compose setup for production environment * chore: Switch to mariadb * chore: Enable ssl connection for mariadb * chore: Add ETHERPAD_PLUGINS and more env vars from the kitsteam * chore: Add config for etherpad plugin ep_delete_after_delay * chore: Finalize brnach * chore: Fix wrong chartset passed to etherpad and ueberdb2 config * docs: Add kits-specific documentation for database migration Co-authored-by: Gerardo Navarro <gerardo@b310.de>
2025-05-09 08:25:00 -04:00 · 2022-09-20 15:39:42 +02:00 · 2022-09-20 15:39:42 +02:00 · 1714ff6116
commit 1714ff6116
parent 80c9932008
6 changed files with 147 additions and 2 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -3,6 +3,12 @@
 .hg
 Dockerfile

+# Ignoring all docker compose files as they are not needed
+docker-compose*.yml
+
+# Ignoring all env files from the host machine to avoid unexpected side effects
+.env*
+
 # Remove the git objects, logs, etc. to make final image smaller.
 # Some files still need to be in the .git directory, because Etherpad at
 # startup uses them to discover its version number.
--- a/.env.prod.default
+++ b/.env.prod.default
@ -0,0 +1,12 @@
+# Please copy and rename this file.
+#
+# !Attention!
+# Always ensure to load the env variables in every terminal session.
+# Otherwise the env variables will not be available
+
+DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED=9001
+DOCKER_COMPOSE_APP_PROD_PORT_TARGET=9001
+
+DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE=
+DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD=
+DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER=
--- a/.gitignore
+++ b/.gitignore
@ -21,3 +21,16 @@ out/
 /src/bin/convertSettings.json
 /src/bin/etherpad-1.deb
 /src/bin/node.exe
+
+# Ignoring the dorectory that sortes the local ssl certificates
+ca
+
+# Extending gitignore to include also all .env files, e.g. .env.development.local, .env.test, etc.
+.env*
+!.env.default
+!.env.prod.default
+
+# Avoiding accidentally adding local docker-compose*.override file to version control that might contain secrets
+docker-compose-prod.override.yml
+docker-compose.override.yml
+docker-compose*.override.yml
--- a/README-KITS.md
+++ b/README-KITS.md
@ -0,0 +1,15 @@
+## Etherpad Lite for KITS
+
+## Maintenance
+
+### Restore MariaDB backup
+
+```bash
+docker compose -f docker-compose-prod.yml -f docker-compose-prod.override.yml --env-file .env.prod exec -T mariadb_prod mysql -u prod_database_user --password=prod_database_user_password -D prod_database_name < path_mysql_dump.sql
+```
+
+If you want to create a dump in a new database then you should execute the following command beforehand:
+
+```bash
+docker compose -f docker-compose-prod.yml -f docker-compose-prod.override.yml --env-file .env.prod exec -T mariadb_prod mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS prod_database_name; GRANT ALL PRIVILEGES ON prod_database_name.* TO prod_database_user@localhost"
+```
--- a/docker-compose-prod.yml
+++ b/docker-compose-prod.yml
@ -0,0 +1,76 @@
+version: "3.8"
+
+# Add this file to extend the docker-compose setup, e.g.:
+# docker-compose -f docker-compose-prod.yml -f docker-compose-prod.override.yml --env-file .env.prod build --no-cache
+# docker-compose -f docker-compose-prod.yml -f docker-compose-prod.override.yml --env-file .env.prod up -d --build --force-recreate
+
+services:
+  app_prod:
+    build:
+      context: .
+      args:
+        ETHERPAD_PLUGINS: >-
+          ep_comments_page
+          ep_image_upload
+          kitsteam/ep_push2delete
+          ep_embedded_hyperlinks2
+          ep_headings2
+          ep_align
+          ep_font_color
+          ep_delete_empty_pads
+          ep_delete_after_delay
+          ep_helmet
+          ep_font_size
+          ep_disable_imports
+        INSTALL_SOFFICE: 'true'
+    depends_on:
+      - mariadb_prod
+    environment:
+      DB_CHARSET: ${DOCKER_COMPOSE_APP_PROD_ENV_DB_CHARSET:-utf8mb4}
+      DB_HOST: mariadb_prod
+      DB_NAME: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE:?}
+      DB_PASS: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD:?}
+      DB_PORT: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PORT:-3306}
+      DB_TYPE: "mysql"
+      DB_USER: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER:?}
+      DEFAULT_PAD_TEXT: ${DOCKER_COMPOSE_APP_PROD_ENV_DEFAULT_PAD_TEXT}
+      DISABLE_IP_LOGGING: ${DOCKER_COMPOSE_APP_PROD_ENV_DISABLE_IP_LOGGING:-true}
+      SOFFICE: ${DOCKER_COMPOSE_APP_PROD_ENV_SOFFICE:-/usr/bin/soffice}
+      TRUST_PROXY: ${DOCKER_COMPOSE_APP_PROD_ENV_TRUST_PROXY:-true}
+    ports:
+      - "${DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED:-9001}:${DOCKER_COMPOSE_APP_PROD_PORT_TARGET:-9001}"
+
+  mariadb_prod:
+    image: mariadb
+    # Pass config parameters to the mysql server.
+    # Find more information below when you need to generate the ssl-relevant file your self
+    command:
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_bin
+      - --ssl_cert=/var/lib/mysql/server.crt
+      - --ssl_key=/var/lib/mysql/server.key
+    environment:
+      MARIADB_DATABASE: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE:?}
+      MARIADB_PASSWORD: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD:?}
+      MARIADB_PORT: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PORT:-3306}
+      MARIADB_RANDOM_ROOT_PASSWORD: 'yes'
+      MARIADB_USER: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER:?}
+    volumes:
+      # To setup an ssl-enabled mysql server locally, you need to generate a self-signed ssl certificate.
+      # 
+      # ```bash
+      # mkdir -p ./ca
+      # openssl req -new -text -passout pass:abcd -subj /CN=localhost -out ./ca/server.req -keyout ./ca/privkey.pem
+      # openssl rsa -in ./ca/privkey.pem -passin pass:abcd -out ./ca/server.key
+      # openssl req -x509 -in ./ca/server.req -text -key ./ca/server.key -out ./ca/server.crt
+      # chmod 600 ./ca/server.key
+      # test $(uname -s) = Linux && chown 70 ./ca/server.key
+      # ```
+      # 
+      # Afterwards, the ssl_cert_file and ssl_key_file are mounted into the docker container, see below
+      - ./ca/server.crt:/var/lib/mysql/server.crt
+      - ./ca/server.key:/var/lib/mysql/server.key
+      - mariadb_prod_data:/var/lib/mysql
+
+volumes:
+  mariadb_prod_data:
--- a/settings.json.docker
+++ b/settings.json.docker
@ -633,6 +633,29 @@
  /* Override any strings found in locale directories */
  "customLocaleStrings": {},

-  /* Disable Admin UI tests */
-  "enableAdminUITests": false
+  /*
+   * Allow only some file formats
+   */
+  "ep_disable_imports": {
+    "allow": ["etherpad", "docx", "odt", "txt", "rtf", "pdf"]
+  },
+
+  /*
+   * Delete pads after delay
+   */
+  "ep_delete_after_delay": {
+    "delay": 2592000, // thirty days, in seconds
+    "loop": true,
+    "loopDelay": 3600, // one hour, in seconds
+    "deleteAtStart": true,
+    "text": "The content of this pad has been deleted since it was older than the configured delay."
+  },
+
+  /*
+   * Configure image upload
+   */
+  "ep_image_upload": {
+    "fileTypes": ["jpeg", "jpg", "bmp", "gif", "png"],
+    "maxFileSize": 2000000
+  }
 }