🐳 ✨ Add production containers

backend-docker/Dockerfile

@@ -0,0 +1,108 @@
+FROM ubuntu:xenial
+LABEL maintainer="Andrey Antukh <niwi@niwi.nz>"
+
+RUN apt-get update && \
+    apt-get install -yq \
+        locales \
+        ca-certificates \
+        wget \
+    ; \
+    rm -rf /var/lib/apt/lists/*; \
+    apt-get update -yq &&  \
+    apt-get install -yq \
+        bash \
+        git \
+        vim \
+        openjdk-8-jdk \
+        rlwrap \
+        build-essential \
+        imagemagick \
+        webp \
+        sudo \
+    ; \
+    mkdir -p /etc/resolvconf/resolv.conf.d; \
+    echo "nameserver 8.8.8.8" > /etc/resolvconf/resolv.conf.d/tail; \
+    apt-get update -yq; \
+    apt-get install -yq \
+        libbz2-dev liblzma-dev zlib1g-dev libfftw3-dev \
+        libfreetype6-dev libfontconfig1-dev libxt-dev \
+        libexif-dev libjpeg-dev libpng-dev libtiff-dev \
+        libwmf-dev libpango1.0-dev librsvg2-bin librsvg2-dev \
+        libxml2-dev libwebp-dev webp autoconf \
+    ; \
+    git clone https://github.com/ImageMagick/ImageMagick.git imagemagick && \
+    cd imagemagick && \
+    git checkout -f 7.0.5-0 && \
+    ./configure --prefix=/opt/img && \
+    make -j2 && \
+    make install && \
+    cd .. && \
+    rm -rf ./imagemagick; \
+    git clone https://github.com/creationix/nvm.git .nvm; \
+    bash -c "source .nvm/nvm.sh && nvm install v7.7.1"; \
+    bash -c "source .nvm/nvm.sh && nvm alias default v7.7.1"; \
+    useradd -m -g users -s /bin/bash uxbox; \
+    passwd uxbox -d; \
+    echo "uxbox ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+USER uxbox
+WORKDIR /home/uxbox
+
+COPY ../backend/scripts/lein /home/uxbox/.local/bin/lein
+RUN bash -c "/home/uxbox/.local/bin/lein version"
+
+# Copy backend source and build release
+COPY ../backend /home/uxbox/backend
+RUN /home/uxbox/backend/scripts/dist
+
+
+
+# Once application has been built, prepare production image
+FROM openjdk:8-alpine
+
+LABEL maintainer="mathieu.brunot at monogramm dot io"
+
+RUN useradd -m -g users -s /bin/bash uxbox; \
+    passwd uxbox -d; \
+    echo "uxbox ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+USER uxbox
+WORKDIR /home/uxbox
+
+# Add uxbox as provided by builder
+COPY --from=0 /home/uxbox/backend/dist/uxbox-backend.jar /home/uxbox
+
+RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen; \
+    locale-gen && update-locale LANG=en_US.UTF-8 LC_ALL=C.UTF-8
+
+
+ENV \
+    # Locale setup
+    LANG=en_US.UTF-8 LC_ALL=C.UTF-8 \
+    # Security setup
+    UXBOX_SECRET=youshouldoverwritethiswithsomethingelse \
+    # Debug setup
+    UXBOX_DEBUG=false \
+    # STMP setup
+    UXBOX_SMTP_HOST=localhost \
+    UXBOX_SMTP_PORT=25 \
+    UXBOX_SMTP_USER=uxbox \
+    UXBOX_SMTP_PASSWORD=youshouldoverwritethiswithsomethingelse \
+    UXBOX_SMTP_SSL=false \
+    UXBOX_SMTP_TLS=false \
+    UXBOX_SMTP_ENABLED=false \
+    # Mail setup
+    UXBOX_MAIL_REPLY=no-reply@uxbox.io \
+    UXBOX_MAIL_FROM=no-reply@uxbox.io \
+    # Database setup
+    UXBOX_DB_TYPE=postgresql \
+    UXBOX_DB_USER=uxbox \
+    UXBOX_DB_PASSWORD=youshouldoverwritethiswithsomethingelse \
+    UXBOX_DB_NAME=uxbox \
+    UXBOX_DB_HOST=localhost \
+    UXBOX_DB_PORT=5432
+
+EXPOSE 6060
+
+COPY entrypoint.sh .start.sh
+CMD .start.sh

backend-docker/entrypoint.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+echo 'UXBOX backend'
+
+cd uxbox/backend
+
+echo 'Backend configuration'
+sed -i \
+    -e "s/:secret .*/:secret \"${UXBOX_SECRET}\"/g" \
+    \
+    -e "s/:host .*/:host \"${UXBOX_DEBUG}\"/g" \
+    \
+    -e "s/:host .*/:host \"${UXBOX_SMTP_HOST}\"/g" \
+    -e "s/:port .*/:port \"${UXBOX_SMTP_PORT}\"/g" \
+    -e "s/:user .*/:user \"${UXBOX_SMTP_USER}\"/g" \
+    -e "s/:pass .*/:pass \"${UXBOX_SMTP_PASSWORD}\"/g" \
+    -e "s/:ssl .*/:ssl \"${UXBOX_SMTP_SSL}\"/g" \
+    -e "s/:tls .*/:tls \"${UXBOX_SMTP_TLS}\"/g" \
+    -e "s/:enabled .*/:enabled \"${UXBOX_SMTP_ENABLED}\"/g" \
+    \
+    -e "s/:host .*/:host \"${UXBOX_MAIL_REPLY}\"/g" \
+    -e "s/:port .*/:port \"${UXBOX_MAIL_FROM}\"/g" \
+    \
+    -e "s/:adapter .*/:adapter \"${UXBOX_DB_TYPE}\"/g" \
+    -e "s/:username .*/:username \"${UXBOX_DB_USER}\"/g" \
+    -e "s/:password .*/:password \"${UXBOX_DB_PASSWORD}\"/g" \
+    -e "s/:database-name .*/:database-name \"${UXBOX_DB_NAME}\"/g" \
+    -e "s/:server-name .*/:server-name \"${UXBOX_DB_HOST}\"/g" \
+    -e "s/:port-number .*/:port-number \"${UXBOX_DB_PORT}\"/g" \
+    ./config/default.edn
+
+echo 'Running backend'
+java -jar /home/uxbox/uxbox-backend.jar

docker-compose.yml

@@ -0,0 +1,62 @@
+version: '2'
+
+volumes:
+  uxbox_front:
+  uxbox_back:
+  uxbox_db:
+
+services:
+    uxbox_postgres:
+        image: postgres:latest
+        restart: always
+        ports:
+            - "5432:5432"
+        environment:
+            - "POSTGRES_DB=uxbox"
+            - "POSTGRES_USER=uxbox"
+            - "POSTGRES_PASSWORD=youshouldoverwritethiswithsomethingelse"
+        volumes:
+            - uxbox_db:/var/lib/postgresql/data
+
+    uxbox_backend:
+        build: ./backend-docker
+        #image: Monogramm/uxbox-backend
+        restart: always
+        depends_on:
+            - uxbox_postgres
+        ports:
+            - "6060:6060"
+        environment:
+            # Security setup
+            - "UXBOX_SECRET=youshouldoverwritethiswithsomethingelse"
+            # Debug setup
+            - "UXBOX_DEBUG=false"
+            # STMP setup
+            - "UXBOX_SMTP_HOST=localhost"
+            - "UXBOX_SMTP_PORT=25"
+            - "UXBOX_SMTP_USER=uxbox"
+            - "UXBOX_SMTP_PASSWORD=youshouldoverwritethiswithsomethingelse"
+            - "UXBOX_SMTP_SSL=false"
+            - "UXBOX_SMTP_TLS=false"
+            - "UXBOX_SMTP_ENABLED=false"
+            # Mail setup
+            - "UXBOX_MAIL_REPLY=no-reply@uxbox.io"
+            - "UXBOX_MAIL_FROM=no-reply@uxbox.io"
+            # Database setup
+            - "UXBOX_DB_TYPE=postgresql"
+            - "UXBOX_DB_USER=uxbox"
+            - "UXBOX_DB_PASSWORD=youshouldoverwritethiswithsomethingelse"
+            - "UXBOX_DB_NAME=uxbox"
+            - "UXBOX_DB_HOST=uxbox-postgres"
+            - "UXBOX_DB_PORT=5432"
+
+    uxbox_frontend:
+        build: ./frontend-docker
+        #image: Monogramm/uxbox-frontend
+        restart: always
+        depends_on:
+            - uxbox_backend
+        ports:
+            - 80:80
+        environment:
+            - "API_URL=http://127.0.0.1:6060/api"

frontend-docker/Dockerfile

@@ -0,0 +1,87 @@
+FROM ubuntu:xenial
+LABEL maintainer="Andrey Antukh <niwi@niwi.nz>"
+
+RUN apt-get update && \
+    apt-get install -yq \
+        locales \
+        ca-certificates \
+        wget \
+    ; \
+    rm -rf /var/lib/apt/lists/*; \
+    apt-get update -yq &&  \
+    apt-get install -yq \
+        bash \
+        git \
+        vim \
+        openjdk-8-jdk \
+        rlwrap \
+        build-essential \
+        imagemagick \
+        webp \
+        sudo \
+    ; \
+    mkdir -p /etc/resolvconf/resolv.conf.d; \
+    echo "nameserver 8.8.8.8" > /etc/resolvconf/resolv.conf.d/tail; \
+    apt-get update -yq; \
+    apt-get install -yq \
+        libbz2-dev liblzma-dev zlib1g-dev libfftw3-dev \
+        libfreetype6-dev libfontconfig1-dev libxt-dev \
+        libexif-dev libjpeg-dev libpng-dev libtiff-dev \
+        libwmf-dev libpango1.0-dev librsvg2-bin librsvg2-dev \
+        libxml2-dev libwebp-dev webp autoconf \
+    ; \
+    git clone https://github.com/ImageMagick/ImageMagick.git imagemagick && \
+    cd imagemagick && \
+    git checkout -f 7.0.5-0 && \
+    ./configure --prefix=/opt/img && \
+    make -j2 && \
+    make install && \
+    cd .. && \
+    rm -rf ./imagemagick; \
+    git clone https://github.com/creationix/nvm.git .nvm; \
+    bash -c "source .nvm/nvm.sh && nvm install v7.7.1"; \
+    bash -c "source .nvm/nvm.sh && nvm alias default v7.7.1"; \
+    useradd -m -g users -s /bin/bash uxbox; \
+    passwd uxbox -d; \
+    echo "uxbox ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+USER uxbox
+WORKDIR /home/uxbox
+
+COPY ../frontend/scripts/lein /home/uxbox/.local/bin/lein
+RUN bash -c "/home/uxbox/.local/bin/lein version"
+
+ENV API_URL http://127.0.0.1:6060/api
+
+# Copy frontend source and build release
+COPY ../frontend /home/uxbox/frontend
+RUN cd /home/uxbox/frontend; \
+    sed -i \
+        -e 's/"uxbox.config.url" ".*"/"uxbox.config.url" "${API_URL}/api"/g' \
+        scripts/figwheel.clj; \
+    npm install; \
+    npm run dist; \
+    rm -rf ./dist/**/*.gz ./dist/**/*.br
+
+
+
+# Once application has been built, prepare production image
+FROM nginx:alpine
+
+LABEL maintainer="mathieu.brunot at monogramm dot io"
+
+# Copy built app to wwwroot
+COPY --from=0 /home/uxbox/frontend/dist /usr/share/nginx/html
+
+RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen; \
+    locale-gen && update-locale LANG=en_US.UTF-8 LC_ALL=C.UTF-8
+
+
+ENV \
+    # Locale setup
+    LANG=en_US.UTF-8 LC_ALL=C.UTF-8 \
+    # Backend setup
+    API_URL=http://127.0.0.1:6060/api
+
+# NGINX configurations
+COPY ./nginx/conf.d /etc/nginx/conf.d

frontend-docker/nginx/README.md

@@ -0,0 +1,40 @@
+# Setting up NGNIX
+
+You will need to complete the following tasks to setup your dockerized proxy server:
+
+1. Include/Create SSL keys
+2. Alter your backend upstream
+3. Confirm your backend's path
+
+## Include/Create SSL Keys
+
+Have your key and csr in the nginx/keys directory as server.key and server.crt. These are copied into the docker image on build and used to serve your website or proxy your services.
+
+### Generate your own self signed certificate
+```bash
+openssl req \
+       -newkey rsa:2048 -nodes -keyout nginx/keys/server.key \
+       -x509 -out nginx/keys/server.crt
+```
+
+This command from your project root will create the keys needed to start docker with self signed certificates. Note that if you are going to deploy this site for production you will want to replace these and rebuild your image with valid (purchased) SSL certificates. All the fields are optional. Do not set any challenge passwords.
+
+If you want validated certificates but are not looking to purchase them; then checkout [Let's Encrypt](https://letsencrypt.org) which is a free SSL certification service.
+
+## Alter your backend upstream
+
+The upstream is a block used to load balance different destinations important to your proxy. In this example the upstream is used to proxy requests to your backend without worrying about XSS configurations.
+
+We have preloaded some examples of what this looks like in the `nginx/conf.d/default.conf` file. You can certainly only specify one server in the block if that is your only server.
+
+## Confirm your backend's path
+
+Assuming your website uses a backend collection of APIs, you can setup your nginx service to reverse proxy to them avoiding any XSS configuration needs. The provided default.conf includes a `/api/` location block to serve as an example. You can replace api in `/api/` with any path you want to have forwarded to your backend.
+
+There is only one setting you need to adjust in this block and that is the `proxy_cookie_domain`. Assuming you have a production domain you would change `my.uxbox.com` to be your domain. If you do not have a production domain it is safe to leave this as is or delete.
+
+## Extending the configuration
+
+You can include more servers or configuration settings by adding any named file in `nginx/conf.d`. These files are automatically consumed by nginx on startup.
+
+[Visit NGINX's beginnner's guide](http://nginx.org/en/docs/beginners_guide.html) for additional help.

frontend-docker/nginx/conf.d/default.conf

@@ -0,0 +1,51 @@
+# This will load balance your backend to one or more destinations.
+upstream backend {
+  # server api1.my.uxbox.com:3000;
+  # server api1.my.uxbox.com:3001;
+  # server api2.my.uxbox.com:3000;
+  server uxbox_backend:6060; # This is a circular reference that allows docker to start as the example project, it is not recommended to use this in actual development.
+}
+
+server {
+
+  listen 80 default_server;
+  listen [::]:80 default_server;
+
+  #listen 443 ssl http2 default_server;
+  #listen [::]:443 ssl http2 default_server;
+
+  #ssl_certificate           /etc/nginx/keys/server.crt;
+  #ssl_certificate_key       /etc/nginx/keys/server.key;
+
+  #ssl                         on;
+  #ssl_session_cache           builtin:1000  shared:SSL:10m;
+  #ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+  #ssl_ciphers                 "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+  #ssl_prefer_server_ciphers   on;
+
+  # Reverse Proxy to Backend (Avoids XSS concerns) --Update api to be whatever your site uses to access your backend
+  location /api/ {
+    proxy_pass http://backend;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection 'upgrade';
+    proxy_set_header Host $host;
+    proxy_cache_bypass $http_upgrade;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+    # IMPORTANT: Update my.uxbox.com to your production site. This will allow cookies to work as expected when using your deployment locally
+    proxy_cookie_domain localhost my.uxbox.com;
+  }
+
+  # Application
+  location / {
+    root /usr/share/nginx/html/;
+
+    try_files $uri /index.html;
+    gzip on;
+    gzip_types text/css text/javascript application/x-javascript application/javascript application/json;
+
+		add_header Cache-Control "max-age=15552000" always;
+  }
+}

frontend-docker/nginx/conf.d/http-redirect.conf

@@ -0,0 +1,4 @@
+server {
+  listen *:80;
+  return 301 https://$host$request_uri;
+}

frontend-docker/nginx/conf.d/misc.conf

@@ -0,0 +1,3 @@
+log_format gzip '[$time_local] ' '"$request" $status $bytes_sent';
+access_log /dev/stdout;
+charset utf-8;