From 24124441b135596cbf72257a15de7c4c2a533346 Mon Sep 17 00:00:00 2001 From: Matt Jia Date: Feb 07 2018 00:57:41 +0000 Subject: Dockerfile: running waiverdb with httpd + mod_wsgi --- diff --git a/Dockerfile b/Dockerfile index 05d6ba1..3f5f273 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:26 +FROM f26/httpd LABEL \ name="WaiverDB application" \ vendor="WaiverDB developers" \ @@ -9,12 +9,20 @@ ARG waiverdb_rpm ARG waiverdb_common_rpm COPY $waiverdb_rpm /tmp COPY $waiverdb_common_rpm /tmp +USER 0 RUN dnf -y install \ - python-gunicorn \ + mod_wsgi \ python-psycopg2 \ /tmp/$(basename $waiverdb_rpm) \ /tmp/$(basename $waiverdb_common_rpm) \ && dnf -y clean all +# SSL configuration +RUN mkdir -p /etc/pki/waiverdb/ +RUN ln -sfn /etc/pki/waiverdb/ssl/waiverdb.conf /etc/httpd/conf.d/waiverdb.conf +RUN ln -sfn /etc/pki/waiverdb/crt/waiverdb.crt /etc/pki/tls/certs/waiverdb.crt +RUN ln -sfn /etc/pki/waiverdb/key/waiverdb.key /etc/pki/tls/private/waiverdb.key +RUN ln -sfn /etc/pki/waiverdb/ca/ca.crt /etc/pki/tls/certs/ca.crt USER 1001 EXPOSE 8080 -ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- waiverdb.wsgi:app +EXPOSE 8443 +CMD ["/usr/bin/run-httpd"] diff --git a/conf/waiverdb.conf b/conf/waiverdb.conf new file mode 100644 index 0000000..7876e19 --- /dev/null +++ b/conf/waiverdb.conf @@ -0,0 +1,25 @@ +# Force SSL +#RewriteEngine On +#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + +WSGIDaemonProcess waiverdb user=apache group=apache threads=5 +WSGIScriptAlias / /usr/share/waiverdb/waiverdb.wsgi + +# By default, do not require SSL verification. +# SSLVerifyClient none +# SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + + + WSGIProcessGroup waiverdb + WSGIApplicationGroup %{GLOBAL} + + #SSLVerifyClient optional + #SSLVerifyDepth 10 + #SSLOptions +stdEnvVars + + + #Require ssl-verify-client + Require all granted + + + diff --git a/conf/waiverdb.wsgi b/conf/waiverdb.wsgi new file mode 100644 index 0000000..cd21a3d --- /dev/null +++ b/conf/waiverdb.wsgi @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0+ + +from waiverdb.app import create_app +application = create_app() diff --git a/waiverdb.spec b/waiverdb.spec index 5647a1f..783a9ba 100644 --- a/waiverdb.spec +++ b/waiverdb.spec @@ -153,6 +153,10 @@ install -m0644 \ conf/client.conf.example \ %{buildroot}%{_sysconfdir}/waiverdb/client.conf +# apache and wsgi settings +install -d %{buildroot}%{_datadir}/waiverdb/ +install -p -m0644 conf/waiverdb.wsgi %{buildroot}%{_datadir}/waiverdb/ + %check export PYTHONPATH=%{buildroot}/%{python2_sitelib} py.test tests/ @@ -163,6 +167,7 @@ py.test tests/ %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %attr(755,root,root) %{_bindir}/waiverdb +%attr(-,apache,root) %{_datadir}/waiverdb/waiverdb.wsgi %files common %license COPYING