Merge pull request #7755 from Budibase/jonny/ssh-for-aas
Azure App Service customisations
This commit is contained in:
commit
4bd43d6003
|
@ -9,7 +9,11 @@ if [[ "${TARGETBUILD}" = "aas" ]]; then
|
||||||
chown -R couchdb:couchdb $DATA_DIR/couch/
|
chown -R couchdb:couchdb $DATA_DIR/couch/
|
||||||
apt update
|
apt update
|
||||||
apt-get install -y openssh-server
|
apt-get install -y openssh-server
|
||||||
sed -i "s/#Port 22/Port 2222/" /etc/ssh/sshd_config
|
echo "root:Docker!" | chpasswd
|
||||||
|
mkdir -p /tmp
|
||||||
|
chmod +x /tmp/ssh_setup.sh \
|
||||||
|
&& (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
|
||||||
|
cp /etc/sshd_config /etc/ssh/sshd_config
|
||||||
/etc/init.d/ssh restart
|
/etc/init.d/ssh restart
|
||||||
sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
|
sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
|
||||||
sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
|
sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
|
||||||
|
|
|
@ -29,23 +29,8 @@ ENV TARGETBUILD $TARGETBUILD
|
||||||
COPY --from=build /app /app
|
COPY --from=build /app /app
|
||||||
COPY --from=build /worker /worker
|
COPY --from=build /worker /worker
|
||||||
|
|
||||||
ENV \
|
# ENV CUSTOM_DOMAIN=budi001.custom.com \
|
||||||
APP_PORT=4001 \
|
# See runner.sh for Env Vars
|
||||||
ARCHITECTURE=amd \
|
|
||||||
BUDIBASE_ENVIRONMENT=PRODUCTION \
|
|
||||||
CLUSTER_PORT=80 \
|
|
||||||
# CUSTOM_DOMAIN=budi001.custom.com \
|
|
||||||
DATA_DIR=/data \
|
|
||||||
DEPLOYMENT_ENVIRONMENT=docker \
|
|
||||||
MINIO_URL=http://localhost:9000 \
|
|
||||||
POSTHOG_TOKEN=phc_bIjZL7oh2GEUd2vqvTBH8WvrX0fWTFQMs6H5KQxiUxU \
|
|
||||||
REDIS_URL=localhost:6379 \
|
|
||||||
SELF_HOSTED=1 \
|
|
||||||
TARGETBUILD=$TARGETBUILD \
|
|
||||||
WORKER_PORT=4002 \
|
|
||||||
WORKER_URL=http://localhost:4002 \
|
|
||||||
APPS_URL=http://localhost:4001
|
|
||||||
|
|
||||||
# These secret env variables are generated by the runner at startup
|
# These secret env variables are generated by the runner at startup
|
||||||
# their values can be overriden by the user, they will be written
|
# their values can be overriden by the user, they will be written
|
||||||
# to the .env file in the /data directory for use later on
|
# to the .env file in the /data directory for use later on
|
||||||
|
@ -117,6 +102,8 @@ RUN chmod +x ./build-target-paths.sh
|
||||||
|
|
||||||
# Script below sets the path for storing data based on $DATA_DIR
|
# Script below sets the path for storing data based on $DATA_DIR
|
||||||
# For Azure App Service install SSH & point data locations to /home
|
# For Azure App Service install SSH & point data locations to /home
|
||||||
|
ADD hosting/single/ssh/sshd_config /etc/
|
||||||
|
ADD hosting/single/ssh/ssh_setup.sh /tmp
|
||||||
RUN /build-target-paths.sh
|
RUN /build-target-paths.sh
|
||||||
|
|
||||||
# cleanup cache
|
# cleanup cache
|
||||||
|
@ -124,6 +111,8 @@ RUN yarn cache clean -f
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 443
|
EXPOSE 443
|
||||||
|
# Expose port 2222 for SSH on Azure App Service build
|
||||||
|
EXPOSE 2222
|
||||||
VOLUME /data
|
VOLUME /data
|
||||||
|
|
||||||
# setup letsencrypt certificate
|
# setup letsencrypt certificate
|
||||||
|
|
|
@ -1,6 +1,21 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
declare -a ENV_VARS=("COUCHDB_USER" "COUCHDB_PASSWORD" "DATA_DIR" "MINIO_ACCESS_KEY" "MINIO_SECRET_KEY" "INTERNAL_API_KEY" "JWT_SECRET" "REDIS_PASSWORD")
|
declare -a ENV_VARS=("COUCHDB_USER" "COUCHDB_PASSWORD" "DATA_DIR" "MINIO_ACCESS_KEY" "MINIO_SECRET_KEY" "INTERNAL_API_KEY" "JWT_SECRET" "REDIS_PASSWORD")
|
||||||
|
declare -a DOCKER_VARS=("APP_PORT" "APPS_URL" "ARCHITECTURE" "BUDIBASE_ENVIRONMENT" "CLUSTER_PORT" "DEPLOYMENT_ENVIRONMENT" "MINIO_URL" "NODE_ENV" "POSTHOG_TOKEN" "REDIS_URL" "SELF_HOSTED" "WORKER_PORT" "WORKER_URL")
|
||||||
|
# Check the env vars set in Dockerfile have come through, AAS seems to drop them
|
||||||
|
[[ -z "${APP_PORT}" ]] && export APP_PORT=4001
|
||||||
|
[[ -z "${ARCHITECTURE}" ]] && export ARCHITECTURE=amd
|
||||||
|
[[ -z "${BUDIBASE_ENVIRONMENT}" ]] && export BUDIBASE_ENVIRONMENT=PRODUCTION
|
||||||
|
[[ -z "${CLUSTER_PORT}" ]] && export CLUSTER_PORT=80
|
||||||
|
[[ -z "${DEPLOYMENT_ENVIRONMENT}" ]] && export DEPLOYMENT_ENVIRONMENT=docker
|
||||||
|
[[ -z "${MINIO_URL}" ]] && export MINIO_URL=http://localhost:9000
|
||||||
|
[[ -z "${NODE_ENV}" ]] && export NODE_ENV=production
|
||||||
|
[[ -z "${POSTHOG_TOKEN}" ]] && export POSTHOG_TOKEN=phc_bIjZL7oh2GEUd2vqvTBH8WvrX0fWTFQMs6H5KQxiUxU
|
||||||
|
[[ -z "${REDIS_URL}" ]] && export REDIS_URL=localhost:6379
|
||||||
|
[[ -z "${SELF_HOSTED}" ]] && export SELF_HOSTED=1
|
||||||
|
[[ -z "${WORKER_PORT}" ]] && export WORKER_PORT=4002
|
||||||
|
[[ -z "${WORKER_URL}" ]] && export WORKER_URL=http://localhost:4002
|
||||||
|
[[ -z "${APPS_URL}" ]] && export APPS_URL=http://localhost:4001
|
||||||
|
# export CUSTOM_DOMAIN=budi001.custom.com
|
||||||
# Azure App Service customisations
|
# Azure App Service customisations
|
||||||
if [[ "${TARGETBUILD}" = "aas" ]]; then
|
if [[ "${TARGETBUILD}" = "aas" ]]; then
|
||||||
DATA_DIR=/home
|
DATA_DIR=/home
|
||||||
|
@ -10,9 +25,10 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "${DATA_DIR}/.env" ]; then
|
if [ -f "${DATA_DIR}/.env" ]; then
|
||||||
export $(cat ${DATA_DIR}/.env | xargs)
|
# Read in the .env file and export the variables
|
||||||
|
for LINE in $(cat ${DATA_DIR}/.env); do export $LINE; done
|
||||||
fi
|
fi
|
||||||
# first randomise any unset environment variables
|
# randomise any unset environment variables
|
||||||
for ENV_VAR in "${ENV_VARS[@]}"
|
for ENV_VAR in "${ENV_VARS[@]}"
|
||||||
do
|
do
|
||||||
temp=$(eval "echo \$$ENV_VAR")
|
temp=$(eval "echo \$$ENV_VAR")
|
||||||
|
@ -30,11 +46,18 @@ if [ ! -f "${DATA_DIR}/.env" ]; then
|
||||||
temp=$(eval "echo \$$ENV_VAR")
|
temp=$(eval "echo \$$ENV_VAR")
|
||||||
echo "$ENV_VAR=$temp" >> ${DATA_DIR}/.env
|
echo "$ENV_VAR=$temp" >> ${DATA_DIR}/.env
|
||||||
done
|
done
|
||||||
|
for ENV_VAR in "${DOCKER_VARS[@]}"
|
||||||
|
do
|
||||||
|
temp=$(eval "echo \$$ENV_VAR")
|
||||||
|
echo "$ENV_VAR=$temp" >> ${DATA_DIR}/.env
|
||||||
|
done
|
||||||
echo "COUCH_DB_URL=${COUCH_DB_URL}" >> ${DATA_DIR}/.env
|
echo "COUCH_DB_URL=${COUCH_DB_URL}" >> ${DATA_DIR}/.env
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export COUCH_DB_URL=http://$COUCHDB_USER:$COUCHDB_PASSWORD@localhost:5984
|
# Read in the .env file and export the variables
|
||||||
|
for LINE in $(cat ${DATA_DIR}/.env); do export $LINE; done
|
||||||
|
ln -s ${DATA_DIR}/.env /app/.env
|
||||||
|
ln -s ${DATA_DIR}/.env /worker/.env
|
||||||
# make these directories in runner, incase of mount
|
# make these directories in runner, incase of mount
|
||||||
mkdir -p ${DATA_DIR}/couch/{dbs,views}
|
mkdir -p ${DATA_DIR}/couch/{dbs,views}
|
||||||
mkdir -p ${DATA_DIR}/minio
|
mkdir -p ${DATA_DIR}/minio
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
ssh-keygen -A
|
||||||
|
|
||||||
|
#prepare run dir
|
||||||
|
if [ ! -d "/var/run/sshd" ]; then
|
||||||
|
mkdir -p /var/run/sshd
|
||||||
|
fi
|
|
@ -0,0 +1,12 @@
|
||||||
|
Port 2222
|
||||||
|
ListenAddress 0.0.0.0
|
||||||
|
LoginGraceTime 180
|
||||||
|
X11Forwarding yes
|
||||||
|
Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
|
||||||
|
MACs hmac-sha1,hmac-sha1-96
|
||||||
|
StrictModes yes
|
||||||
|
SyslogFacility DAEMON
|
||||||
|
PasswordAuthentication yes
|
||||||
|
PermitEmptyPasswords no
|
||||||
|
PermitRootLogin yes
|
||||||
|
Subsystem sftp internal-sftp
|
Loading…
Reference in New Issue