Supporting oidc plugin

README.md

@@ -19,10 +19,11 @@ This repository contains files to bootstrap XNAT deployment. The build creates f
 ## Usage
 
 
-1. Clone the [xnat-docker-compose](https://github.com/NrgXnat/xnat-docker-compose) repository.
+1. Clone the [xnat-docker-compose](https://github.com/mbi-image/xnat-docker-compose) repository.
 2. Configurations: The default configuration is sufficient to run the deployment. The following files can be modified if you want to change the default configuration
 
     - **docker-compose.yml**: How the different containers are deployed.
+    - **docker-compose.override.yml**: Overrides/extends default settings in docker-compose.yml(e.g: setting up SSL certificates)
     - **postgres/XNAT.sql**: Database configuration. Mainly used to customize the database user or password. See [Configuring PostgreSQL for XNAT](https://wiki.xnat.org/documentation/getting-started-with-xnat-1-7/installing-xnat-1-7/configuring-postgresql-for-xnat).
     - **tomcat/Dockerfile**: Builds the tomcat image, into which the XNAT war will be deployed.
     - **tomcat/setenv.sh**: Tomcat's launch arguments, set through the `JAVA_OPTS` environment variable.
@@ -41,7 +42,7 @@ wget --quiet --no-cookies https://bintray.com/nrgxnat/applications/download_file
 
 ```
 $ cd xnat-docker-compose
-$ docker-compose up -d
+$ docker-compose -f docker-compose.yml up -d
 ```
 
 Note that at this point, if you go to `localhost/xnat` you won't see a working web application. It takes upwards of a minute
@@ -74,6 +75,28 @@ xnat-web_1    | INFO: Server startup in 84925 ms
 
 Your XNAT will soon be available at http://localhost/xnat.
 
+## Installing plugins and pipeline
+Run add-plugins.sh script
+
+## Setting up SSL certificates for NginX
+Bring down instance if already running
+```
+docker-compose down
+```
+Change working directory to `xnat-docker-compose/nginx/`
+
+Create a directory named as `certs`
+```
+mkdir certs
+```
+Copy SSL certificate file(with root and intermediate certificates as one file) to this directory and name it as `cert.crt` and copy key file to this directory and name it as `key.key`
+
+
+Start the system
+```
+docker-compose up -d 
+
+```
 
 ## Troubleshooting
 
@@ -119,7 +142,14 @@ View a particular log, if you don't want to use docker-compose.
 ```
 docker exec -it $NAME cat /opt/tomcat/logs/catalina.2017-10-24.log
 ```
+Logs are written on docker host for tomcat,nginx and postgres under following directories:
 
+	Postgres : xnat-docker-compose/postgres-data/logs
+
+	Nginx : xnat-docker-compose/logs/nginx
+
+	Tomcat : xnat-docker-compose/logs/tomcat
+
 ### Controlling Instances
 
 #### Stop Instances

add-plugins.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+SIMPLE_UPLOAD_LATEST_RELEASE=$(curl -s https://api.github.com/repos/mbi-image/xnat-simple-upload-plugin/releases/latest | grep browser_download_url | cut -d '"' -f 4)
+echo $SIMPLE_UPLOAD_LATEST_RELEASE
+sudo wget --quiet --no-cookies $SIMPLE_UPLOAD_LATEST_RELEASE -O plugins/non-dicom-uploader.jar
+
+docker pull manishkumr/xnat-qc-pipeline

docker-compose.override.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+    xnat-nginx:
+       volumes:
+          - ./nginx/certs/cert.crt:/etc/nginx/certs/cert.crt
+          - ./nginx/certs/key.key:/etc/nginx/certs/key.key
+          - ./nginx/nginx-ssl.conf:/etc/nginx/nginx.conf

docker-compose.yml

@@ -1,13 +1,17 @@
-version: '2'
+version: '3'
 services: 
     xnat-web:
        build: ./tomcat
        ports:
         - "8081:8080"
+        - "8104:8104"
        volumes:
          - ./webapps:/opt/tomcat/webapps
          - ./plugins:/data/xnat/home/plugins
          - /var/run/docker.sock:/var/run/docker.sock
+         - ./logs/tomcat:/opt/tomcat/logs
+         - ./logs/xnat:/data/xnat/home/logs
+         - ./auth-provider.properties:/data/xnat/home/config/auth/auth-provider.properties
        expose:
         - "8080"
        links:
@@ -22,10 +26,13 @@ services:
        build: ./nginx
        ports:
         - "80:80"
+        - "443:443"
+       volumes:
+          - ./logs/nginx:/var/log/nginx
        expose: 
-        - "80"
+          - "80"
        links:
-         - xnat-web
+          - xnat-web
 
     prometheus:
        image: prom/prometheus

nginx/nginx-ssl.conf

@@ -0,0 +1,84 @@
+#user www-data;
+worker_processes auto;
+events {
+  worker_connections 1024;
+  # multi_accept on;
+}
+http {
+  ##
+  # Basic Settings
+  ##
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  # server_tokens off;
+  # server_names_hash_bucket_size 64;
+  # server_name_in_redirect off;
+  #include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+  ##
+  # SSL Settings
+  ##
+  #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+  #ssl_prefer_server_ciphers on;
+  ##
+  # Logging Settings
+  ##
+  access_log /var/log/nginx/access.log;
+  error_log /var/log/nginx/error.log;
+  ##
+  # Gzip Settings
+  ##
+  gzip on;
+  gzip_disable "msie6";
+  ##
+  # Virtual Host Configs
+  ##
+  #include /etc/nginx/conf.d/*.conf;
+  #include /etc/nginx/sites-enabled/*;
+# Redirect http requests to https
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  server_name change.me;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+# see https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# to see why we hardwire the IP address
+    listen 443 ssl;  
+    server_name change.me;
+    ssl on;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+
+    ssl_certificate /etc/nginx/certs/cert.crt;
+    ssl_certificate_key /etc/nginx/certs/key.key;
+
+    root /var/lib/tomcat7/webapps/ROOT;
+
+    location / {
+
+      proxy_pass http://xnat-web:8080;
+      proxy_redirect http://xnat-web:8080 $scheme://localhost;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Host $host;
+      proxy_set_header X-Forwarded-Server $host;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto  $scheme;
+      proxy_connect_timeout 150;
+      proxy_send_timeout 100;
+      proxy_read_timeout 100;
+      proxy_buffers 4 32k;
+      client_max_body_size 0;
+      client_body_buffer_size 128k;
+    }
+
+    access_log /var/log/nginx/customsite.access_ssl.log;
+    error_log /var/log/nginx/customsite.error_ssl.log;
+}
+}

tomcat/Dockerfile

@@ -1,21 +1,35 @@
-FROM manishkumr/ubuntu_jdk7_image
+FROM ubuntu:16.04
 
 MAINTAINER Manish Kumar <rishimanish123@gmail.com>
 
 ENV TOMCAT_VERSION 7.0.79
 
-RUN apt-get -qq update && \
-    apt-get -q -y upgrade && \
-    apt-get install -y sudo curl wget locales
+RUN \
+apt-get -qq update && \
+apt-get install -y sudo curl wget locales
 
 # Set locales
 RUN locale-gen en_AU.UTF-8
-ENV LANG en_AU.UTF-8  
-ENV LANGUAGE en_AU.UTF-8  
-ENV LC_ALL en_AU.UTF-8 
+ENV LANG en_AU.UTF-8
+ENV LANGUAGE en_AU.UTF-8
+ENV LC_ALL en_AU.UTF-8
 
-# Fix sh
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+RUN \
+apt-get update && \
+apt-get install -y git build-essential curl wget software-properties-common
+
+#JDK 8
+
+RUN  \
+echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections && \ 
+add-apt-repository -y ppa:webupd8team/java && \
+apt-get update && \
+apt-get install -y oracle-java8-installer unzip tar && \
+rm -rf /var/lib/apt/lists/* && \
+rm -rf /var/cache/oracle-jdk8-installer
+
+ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
 
 ENV TOMCAT_MAJOR 7
 ENV TOMCAT_VERSION 7.0.82
@@ -79,5 +93,3 @@ CMD ["/opt/tomcat/bin/catalina.sh", "run"]
 
 #move xnat war to webapps 
 #RUN mv /opt/tomcat/xnat-web-1.7.0.war /opt/tomcat/webapps
-
-