rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-28 09:24:24 +01:00
Code Issues Releases Activity

(setup) Ability to install behind a proxy

Browse Source
This commit is contained in:
Sylvain 2022-06-13 17:03:35 +02:00
parent 8a93160628
commit ffb5a1d9d2
5 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -3,6 +3,7 @@
## next deploy ## next deploy
- Documentation for installing behind a proxy - Documentation for installing behind a proxy
- Ability to install behind a proxy
- Improved docker image building time - Improved docker image building time
- Use relative paths in mount scripts - Use relative paths in mount scripts
- Run the docker image with the system user - Run the docker image with the system user

1
doc/proxy.md
View File

@ -51,3 +51,4 @@ export http_proxy="http://proxy.example.com:8080" https_proxy="https://proxy.exa
\curl -sSL setup.fab.mn | bash \curl -sSL setup.fab.mn | bash
``` ```
During the installation, if you have correctly exported the variable `http_proxy`, you will be prompted to enter your proxy CA certificate, if needed.

1
setup/proxy/.npmrc Normal file
View File

@ -0,0 +1 @@
cafile=/etc/ssl/certs/ca-cert-proxy.pem

2
setup/proxy/gitconfig Normal file
View File

@ -0,0 +1,2 @@
[http]
sslCAInfo = /etc/ssl/certs/ca-cert-proxy.pem

37
setup/setup.sh
View File

@ -128,6 +128,15 @@ read_email()
config() config()
{ {
SERVICE="fabmanager" SERVICE="fabmanager"
# http_proxy should have been exported externally
# shellcheck disable=SC2154
if [ "$http_proxy" != "" ]; then
read -rp "You seems to be behind a proxy. Do you want to configure a custom CA certificate? (Y/n) " confirm </dev/tty
if [[ "$confirm" != "n" ]]; then
echo "Paste the certificate below and terminate with an empty line:"
CERTIFICATE=$(sed '/^$/q')
fi
fi
echo 'We recommend nginx to serve the application over the network (internet). You can use your own solution or let this script install and configure nginx for Fab-manager.' echo 'We recommend nginx to serve the application over the network (internet). You can use your own solution or let this script install and configure nginx for Fab-manager.'
printf 'If you want to install Fab-manager behind a reverse proxy, you may not need to install the integrated nginx.\n' printf 'If you want to install Fab-manager behind a reverse proxy, you may not need to install the integrated nginx.\n'
read -rp 'Do you want install nginx? (Y/n) ' NGINX </dev/tty read -rp 'Do you want install nginx? (Y/n) ' NGINX </dev/tty
@ -213,6 +222,14 @@ prepare_files()
# docker-compose # docker-compose
\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/docker-compose.yml > "$FABMANAGER_PATH/docker-compose.yml" \curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/docker-compose.yml > "$FABMANAGER_PATH/docker-compose.yml"
# proxy
if [ "$CERTIFICATE" != "" ]; then
mkdir -p "$FABMANAGER_PATH/config/proxy"
echo "$CERTIFICATE" > "$FABMANAGER_PATH/config/proxy/certificate.pem"
\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/proxy/.npmrc > "$FABMANAGER_PATH/config/proxy/.npmrc"
\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/setup/proxy/gitconfig > "$FABMANAGER_PATH/config/proxy/gitconfig"
fi
} }
yq() { yq() {
@ -301,6 +318,14 @@ prepare_docker()
# set the current user in the docker-compose.yml, as the owner of the process # set the current user in the docker-compose.yml, as the owner of the process
sed -i.bak "s/USER_ID/$(id -u):$(id -g)/g" "$FABMANAGER_PATH/docker-compose.yml" sed -i.bak "s/USER_ID/$(id -u):$(id -g)/g" "$FABMANAGER_PATH/docker-compose.yml"
# if a certificate was provided, modify the docker-compose.yml file to use it
if [ "$CERTIFICATE" != "" ]; then
echo "Using the certificate provided..."
yq -i eval ".services.$SERVICE.volumes += [\"\./config/proxy/certificate.pem:/etc/ssl/certs/ca-cert-proxy.pem\"]" docker-compose.yml
yq -i eval ".services.$SERVICE.volumes += [\"\./config/proxy/.npmrc:/usr/src/app/.npmrc\"]" docker-compose.yml
yq -i eval ".services.$SERVICE.volumes += [\"\./config/proxy/gitconfig:/etc/gitconfig\"]" docker-compose.yml
fi
cd "$FABMANAGER_PATH" && docker-compose pull cd "$FABMANAGER_PATH" && docker-compose pull
} }
@ -353,7 +378,7 @@ configure_env_file()
fi fi
done done
# we automatically generate the SECRET_KEY_BASE # we automatically generate the SECRET_KEY_BASE
secret=$(docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake secret) secret=$(docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm "$SERVICE" bundle exec rake secret)
sed -i.bak "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$secret/g" "$FABMANAGER_PATH/config/env" sed -i.bak "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$secret/g" "$FABMANAGER_PATH/config/env"
# if DEFAULT_PROTOCOL was set to http, ALLOW_INSECURE_HTTP is probably required # if DEFAULT_PROTOCOL was set to http, ALLOW_INSECURE_HTTP is probably required
@ -393,22 +418,22 @@ setup_assets_and_databases()
read -rp "Continue? (Y/n) " confirm </dev/tty read -rp "Continue? (Y/n) " confirm </dev/tty
if [ "$confirm" = "n" ]; then return; fi if [ "$confirm" = "n" ]; then return; fi
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake db:create # create the database docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm "$SERVICE" bundle exec rake db:create # create the database
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake db:migrate # run all the migrations docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm "$SERVICE" bundle exec rake db:migrate # run all the migrations
# prompt default admin email/password # prompt default admin email/password
printf "\n\nWe will now create the default administrator of Fab-manager.\n" printf "\n\nWe will now create the default administrator of Fab-manager.\n"
read_email read_email
PASSWORD=$(read_password) PASSWORD=$(read_password)
printf "\nOK. We will fill the database now...\n" printf "\nOK. We will fill the database now...\n"
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm -e ADMIN_EMAIL="$EMAIL" -e ADMIN_PASSWORD="$PASSWORD" "$SERVICE" bundle exec rake db:seed # seed the database docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm -e ADMIN_EMAIL="$EMAIL" -e ADMIN_PASSWORD="$PASSWORD" "$SERVICE" bundle exec rake db:seed # seed the database
# now build the assets # now build the assets
if ! docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake assets:precompile; then if ! docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "0:0" --rm "$SERVICE" bundle exec rake assets:precompile; then
echo -e "\e[91m[ ❌ ] someting went wrong while compiling the assets, exiting...\e[39m" && exit 1 echo -e "\e[91m[ ❌ ] someting went wrong while compiling the assets, exiting...\e[39m" && exit 1
fi fi
# and prepare elasticsearch # and prepare elasticsearch
docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake fablab:es:build_stats docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --rm "$SERVICE" bundle exec rake fablab:es:build_stats
} }
stop() stop()