diff --git a/README.md b/README.md index 7338068..9b6d4dc 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,11 @@ This repository contains files to bootstrap XNAT deployment. The build creates f ## Usage -1. Clone the [xnat-docker-compose](https://github.com/NrgXnat/xnat-docker-compose) repository. +1. Clone the [xnat-docker-compose](https://github.com/mbi-image/xnat-docker-compose) repository. 2. Configurations: The default configuration is sufficient to run the deployment. The following files can be modified if you want to change the default configuration - **docker-compose.yml**: How the different containers are deployed. + - **docker-compose.override.yml**: Overrides/extends default settings in docker-compose.yml(e.g: setting up SSL certificates) - **postgres/XNAT.sql**: Database configuration. Mainly used to customize the database user or password. See [Configuring PostgreSQL for XNAT](https://wiki.xnat.org/documentation/getting-started-with-xnat-1-7/installing-xnat-1-7/configuring-postgresql-for-xnat). - **tomcat/Dockerfile**: Builds the tomcat image, into which the XNAT war will be deployed. - **tomcat/setenv.sh**: Tomcat's launch arguments, set through the `JAVA_OPTS` environment variable. @@ -41,7 +42,7 @@ wget --quiet --no-cookies https://bintray.com/nrgxnat/applications/download_file ``` $ cd xnat-docker-compose -$ docker-compose up -d +$ docker-compose -f docker-compose.yml up -d ``` Note that at this point, if you go to `localhost/xnat` you won't see a working web application. It takes upwards of a minute @@ -74,6 +75,28 @@ xnat-web_1 | INFO: Server startup in 84925 ms Your XNAT will soon be available at http://localhost/xnat. +## Installing plugins and pipeline +Run add-plugins.sh script + +## Setting up SSL certificates for NginX +Bring down instance if already running +``` +docker-compose down +``` +Change working directory to `xnat-docker-compose/nginx/` + +Create a directory named as `certs` +``` +mkdir certs +``` +Copy SSL certificate file(with root and intermediate certificates as one file) to this directory and name it as `cert.crt` and copy key file to this directory and name it as `key.key` + + +Start the system +``` +docker-compose up -d + +``` ## Troubleshooting @@ -119,7 +142,14 @@ View a particular log, if you don't want to use docker-compose. ``` docker exec -it $NAME cat /opt/tomcat/logs/catalina.2017-10-24.log ``` +Logs are written on docker host for tomcat,nginx and postgres under following directories: + Postgres : xnat-docker-compose/postgres-data/logs + + Nginx : xnat-docker-compose/logs/nginx + + Tomcat : xnat-docker-compose/logs/tomcat + ### Controlling Instances #### Stop Instances diff --git a/add-plugins.sh b/add-plugins.sh new file mode 100755 index 0000000..9bb2b1d --- /dev/null +++ b/add-plugins.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +SIMPLE_UPLOAD_LATEST_RELEASE=$(curl -s https://api.github.com/repos/mbi-image/xnat-simple-upload-plugin/releases/latest | grep browser_download_url | cut -d '"' -f 4) +echo $SIMPLE_UPLOAD_LATEST_RELEASE +sudo wget --quiet --no-cookies $SIMPLE_UPLOAD_LATEST_RELEASE -O plugins/non-dicom-uploader.jar + +docker pull manishkumr/xnat-qc-pipeline diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..44a612a --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,7 @@ +version: '3' +services: + xnat-nginx: + volumes: + - ./nginx/certs/cert.crt:/etc/nginx/certs/cert.crt + - ./nginx/certs/key.key:/etc/nginx/certs/key.key + - ./nginx/nginx-ssl.conf:/etc/nginx/nginx.conf diff --git a/docker-compose.yml b/docker-compose.yml index 563fce6..008f324 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,13 +1,17 @@ -version: '2' +version: '3' services: xnat-web: build: ./tomcat ports: - "8081:8080" + - "8104:8104" volumes: - ./webapps:/opt/tomcat/webapps - ./plugins:/data/xnat/home/plugins - /var/run/docker.sock:/var/run/docker.sock + - ./logs/tomcat:/opt/tomcat/logs + - ./logs/xnat:/data/xnat/home/logs + - ./auth-provider.properties:/data/xnat/home/config/auth/auth-provider.properties expose: - "8080" links: @@ -22,10 +26,13 @@ services: build: ./nginx ports: - "80:80" + - "443:443" + volumes: + - ./logs/nginx:/var/log/nginx expose: - - "80" + - "80" links: - - xnat-web + - xnat-web prometheus: image: prom/prometheus diff --git a/nginx/nginx-ssl.conf b/nginx/nginx-ssl.conf new file mode 100644 index 0000000..76bc492 --- /dev/null +++ b/nginx/nginx-ssl.conf @@ -0,0 +1,84 @@ +#user www-data; +worker_processes auto; +events { + worker_connections 1024; + # multi_accept on; +} +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + #include /etc/nginx/mime.types; + default_type application/octet-stream; + ## + # SSL Settings + ## + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + #ssl_prefer_server_ciphers on; + ## + # Logging Settings + ## + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + ## + # Gzip Settings + ## + gzip on; + gzip_disable "msie6"; + ## + # Virtual Host Configs + ## + #include /etc/nginx/conf.d/*.conf; + #include /etc/nginx/sites-enabled/*; +# Redirect http requests to https +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name change.me; + return 301 https://$server_name$request_uri; +} + +server { +# see https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# to see why we hardwire the IP address + listen 443 ssl; + server_name change.me; + ssl on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + + + ssl_certificate /etc/nginx/certs/cert.crt; + ssl_certificate_key /etc/nginx/certs/key.key; + + root /var/lib/tomcat7/webapps/ROOT; + + location / { + + proxy_pass http://xnat-web:8080; + proxy_redirect http://xnat-web:8080 $scheme://localhost; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_connect_timeout 150; + proxy_send_timeout 100; + proxy_read_timeout 100; + proxy_buffers 4 32k; + client_max_body_size 0; + client_body_buffer_size 128k; + } + + access_log /var/log/nginx/customsite.access_ssl.log; + error_log /var/log/nginx/customsite.error_ssl.log; +} +} diff --git a/tomcat/Dockerfile b/tomcat/Dockerfile index fce3c5a..d450b6a 100644 --- a/tomcat/Dockerfile +++ b/tomcat/Dockerfile @@ -1,21 +1,35 @@ -FROM manishkumr/ubuntu_jdk7_image +FROM ubuntu:16.04 MAINTAINER Manish Kumar ENV TOMCAT_VERSION 7.0.79 -RUN apt-get -qq update && \ - apt-get -q -y upgrade && \ - apt-get install -y sudo curl wget locales +RUN \ +apt-get -qq update && \ +apt-get install -y sudo curl wget locales # Set locales RUN locale-gen en_AU.UTF-8 -ENV LANG en_AU.UTF-8 -ENV LANGUAGE en_AU.UTF-8 -ENV LC_ALL en_AU.UTF-8 +ENV LANG en_AU.UTF-8 +ENV LANGUAGE en_AU.UTF-8 +ENV LC_ALL en_AU.UTF-8 -# Fix sh -RUN rm /bin/sh && ln -s /bin/bash /bin/sh + +RUN \ +apt-get update && \ +apt-get install -y git build-essential curl wget software-properties-common + +#JDK 8 + +RUN \ +echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections && \ +add-apt-repository -y ppa:webupd8team/java && \ +apt-get update && \ +apt-get install -y oracle-java8-installer unzip tar && \ +rm -rf /var/lib/apt/lists/* && \ +rm -rf /var/cache/oracle-jdk8-installer + +ENV JAVA_HOME /usr/lib/jvm/java-8-oracle ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.82 @@ -79,5 +93,3 @@ CMD ["/opt/tomcat/bin/catalina.sh", "run"] #move xnat war to webapps #RUN mv /opt/tomcat/xnat-web-1.7.0.war /opt/tomcat/webapps - -