webportal / compose

Download as
Browse Code »

Commit ee0b095433229183bc45e78be51a315571bed3e3

Authored by Олександр Басенко
0 parents
Exists in master

init

Showing 12 changed files with 380 additions and 0 deletions Inline Diff

File was created 1 sudo ./install.sh
File was created 1 version: '2'
2 services:
3 postgres:
4 image: 2bas/postgres
5 container_name: db
6 restart: always
7 volumes:
8 - postgres_pgdata_foss:/var/lib/postgresql/data
9 environment:
10 - POSTGRES_USER=webportal
11 - POSTGRES_PASSWORD=XrUXlw1YlASdJgID
12
13 odoo:
14 build: ./odoo
15 image: odoo/webportal
16 container_name: odoo
17 restart: always
18 links:
19 - postgres:db
20 depends_on:
21 - postgres
22 volumes:
23 - odoo_repo_foss:/opt/odoo
24 - odoo_lib_foss:/var/lib/odoo
25 - odoo_etc_foss:/etc/odoo
26 - odoo_backup_foss:/backup
27
28 nginx:
29 build: ./nginx
30 image: nginx/webportal
31 container_name: nginx
32 restart: always
33 links:
34 - odoo:odoo
35 ports:
36 - "80:80"
37 - "443:443"
38 depends_on:
39 - odoo
40
41 volumes:
42 odoo_repo_foss:
43 external: true
44 odoo_lib_foss:
45 external: true
46 odoo_etc_foss:
47 external: true
48 odoo_backup_foss:
49 external: true
50 postgres_pgdata_foss:
51 external: true
File was created 1 #!/bin/bash
2
3 export COMPANY="foss"
4
5 function write_data()
6 {
7 if [ -f data/"$1".tar.gz ]; then
8 docker run -it --rm -v "$1":/webportal -v $(pwd)/data:/backup busybox tar zxvf /backup/"$1".tar.gz -C / webportal
9 fi
10 }
11
12 function create_volume()
13 {
14 IS_EXIST_VOLUME="$(docker volume ls -q -f name="^${1}$")"
15
16 if [ -z "${IS_EXIST_VOLUME}" ];then
17 echo "create volume: ${1}"
18 docker volume create --name "$1"
19 write_data "$1"
20 else
21 while true; do
22 read -p "Volume ${1} already exist. Overwrite (no\yes)?" ny
23 case $ny in
24 [Yy]* ) docker volume rm "$1";
25 docker volume create --name "$1";
26 write_data "$1"
27 break;;
28 [Nn]* ) break;;
29 * ) echo "Please answer yes or no.";;
30 esac
31 done
32 fi
33 }
34
35 export ODOO_REPO="odoo_repo_"$COMPANY""
36 export ODOO_LIB="odoo_lib_"$COMPANY""
37 export ODOO_ETC="odoo_etc_"$COMPANY""
38 export ODOO_BACKUP="odoo_backup_"$COMPANY""
39 export POSTGRES_PGDATA="postgres_pgdata_"$COMPANY""
40
41 create_volume $ODOO_REPO
42
43 REPO_IMAGE_NAME="repo/webportal"
44 IS_EXIST_REPO="$(docker images | grep ^\\b${REPO_IMAGE_NAME})"
45 if [ -z "${IS_EXIST_REPO}" ];then
46 echo "Build ${REPO_IMAGE_NAME}:"
47 docker build -t ${REPO_IMAGE_NAME} -f repo/Dockerfile ./repo/.
48 else
49 echo "${REPO_IMAGE_NAME} already exist"
50 fi
51 docker run -it --rm -v "$ODOO_REPO":/webportal -w /webportal "$REPO_IMAGE_NAME" /bin/bash "-c" "git pull; exit;"
52
53 create_volume $ODOO_LIB
54 create_volume $ODOO_ETC
55 create_volume $ODOO_BACKUP
56 create_volume $POSTGRES_PGDATA
57
58 rm -rf docker-compose.yml;
59 envsubst < "template.yml" > "docker-compose.yml";
60
61 docker-compose up -d --build
62 docker-compose logs -f
63
64
65
66
File was created 1
2 FROM nginx:1.11
3
4 COPY conf.d /etc/nginx/conf.d
5
6
nginx/conf.d/default.conf
Diff comments   View file @ ee0b095
File was created 1
2
3 #user nobody;
4 #worker_processes 1;
5
6 #error_log /var/log/nginx/error.log warn;
7 #pid /var/run/nginx.pid;
8
9 #events {
10 # worker_connections 1024;
11 #}
12
13 #http {
14 # redirect all http traffic to https
15 server {
16 listen 80;
17 server_name webportal.com www.webportal.com;
18 client_max_body_size 100m;
19 return 301 https://$host$request_uri;
20 }
21
22 upstream odoo8 {
23 server odoo:8069;
24 }
25
26 upstream odoo8-im {
27 server odoo:8072;
28 }
29
30 # don't send the nginx version number in error pages and Server header
31 server_tokens off;
32
33 # config to don't allow the browser to render the page inside an frame or iframe
34 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
35 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
36 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
37 add_header X-Frame-Options SAMEORIGIN;
38
39 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
40 # to disable content-type sniffing on some browsers.
41 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
42 # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
43 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
44 # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
45 add_header X-Content-Type-Options nosniff;
46
47 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
48 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
49 # this particular website if it was disabled by the user.
50 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
51 add_header X-XSS-Protection "1; mode=block";
52
53 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
54 # you can tell the browser that it can only download content from the domains you explicitly allow
55 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
56 # https://www.owasp.org/index.php/Content_Security_Policy
57 # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
58 # directives for css and js(if you have inline css or js, you will need to keep it too).
59 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
60 add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
61
62 server {
63 listen 443 ssl;
64 server_name webportal.com www.webportal.com;
65
66 client_max_body_size 100m;
67
68 ssl_certificate /etc/nginx/conf.d/ssl/crt.crt;
69 ssl_certificate_key /etc/nginx/conf.d/ssl/key.key;
70
71 # enable session resumption to improve https performance
72 # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
73 ssl_session_cache shared:SSL:50m;
74 ssl_session_timeout 5m;
75
76 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
77 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
78
79 # enables server-side protection from BEAST attacks
80 # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
81 ssl_prefer_server_ciphers on;
82
83 # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
84 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
85
86 # ciphers chosen for forward secrecy and compatibility
87 # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
88 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
89
90 # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
91 # http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
92 resolver 8.8.8.8;
93 ssl_stapling on;
94 #ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt;
95
96 # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
97 # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
98 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
99
100 # ... the rest of your configuration
101 #access_log /var/log/nginx/odoo.access.log;
102 #error_log /var/log/nginx/odoo.error.log;
103
104 location / {
105 proxy_read_timeout 300000;
106 proxy_pass http://odoo8;
107
108 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
109 proxy_redirect off;
110
111 # set headers
112 proxy_set_header Host $host;
113 proxy_set_header X-Real-IP $remote_addr;
114 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
115 proxy_set_header X-Forwarded-Proto https;
116 }
117
118 location /longpolling {
119 proxy_read_timeout 300000;
120 proxy_pass http://odoo8-im;
121
122 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
123 proxy_redirect off;
124
125 # set headers
126 proxy_set_header Host $host;
127 proxy_set_header X-Real-IP $remote_addr;
128 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
129 proxy_set_header X-Forwarded-Proto https;
130 }
131
132 # cache some static data in memory for 60mins.
133 # under heavy load this should relieve stress on the OpenERP web interface a bit.
134 location /web/static/ {
135 proxy_cache_valid 200 60m;
136 proxy_buffering on;
137 expires 864000;
138 proxy_pass http://odoo8;
139 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
140 proxy_redirect off;
141
142 # set headers
143 proxy_set_header Host $host;
144 proxy_set_header X-Real-IP $remote_addr;
145 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
146 proxy_set_header X-Forwarded-Proto https;
147 }
148 }
149 #}
File was created 1 FROM 2bas/odoo
2
3 COPY ./openerp-server.conf /etc/odoo/openerp-server.conf
4
5 ENTRYPOINT ["/opt/odoo/odoo.py", "--without-demo=True"]
6
odoo/openerp-server.conf
Diff comments   View file @ ee0b095
File was created 1 [options]
2 addons_path = /opt/odoo/openerp/addons,/opt/odoo/addons,/mnt/extra-addons
3 data_dir = /var/lib/odoo
4 auto_reload = False
5 admin_passwd = ysLiGMPkey64bef0uPElsM8Xix77GpgB
6 csv_internal_sep = ,
7 db_host = db
8 db_maxconn = 64
9 db_name = webportal
10 db_template = template1
11 db_user = webportal
12 db_password = XrUXlw1YlASdJgID
13 ;dbfilter = *
14 debug_mode = False
15 demo = {}
16 email_from = False
17 import_partial =
18 limit_memory_hard = 2684354560
19 limit_memory_soft = 2147483648
20 limit_request = 8192
21 limit_time_cpu = 60
22 limit_time_real = 120
23 list_db = True
24 log_db = False
25 log_db_level = warning
26 log_handler = :DEBUG
27 log_level = info
28 logfile = /var/log/odoo/odoo.log
29 logrotate = False
30 longpolling_port = 8072
31 max_cron_threads = 2
32 osv_memory_age_limit = 1.0
33 osv_memory_count_limit = False
34 pidfile = False
35 proxy_mode = False
36 reportgz = False
37 ;
38 ;secure_cert_file = server.cert
39 ;secure_pkey_file = server.pkey
40 ;
41 ;server_wide_modules = None
42 ; smtp_password = False
43 ; smtp_port = 25
44 ; smtp_server = localhost
45 ; smtp_ssl = False
46 ; smtp_user = False
47 ; workers = 0
48 ;xmlrpc = True
49 ; xmlrpc_interface =
50 ;xmlrpc_port = 8069
51 ;xmlrpcs = True
52 ; xmlrpcs_interface =
53 ;xmlrpcs_port = 8071
File was created 1 version: '2'
2 services:
3 postgres:
4 image: 2bas/postgres
5 container_name: db
6 restart: always
7 volumes:
8 - ${POSTGRES_PGDATA}:/var/lib/postgresql/data
9 environment:
10 - POSTGRES_USER=webportal
11 - POSTGRES_PASSWORD=XrUXlw1YlASdJgID
12
13 odoo:
14 build: ./odoo
15 image: odoo/webportal
16 container_name: odoo
17 restart: always
18 links:
19 - postgres:db
20 depends_on:
21 - postgres
22 volumes:
23 - ${ODOO_REPO}:/opt/odoo
24 - ${ODOO_LIB}:/var/lib/odoo
25 - ${ODOO_ETC}:/etc/odoo
26 - ${ODOO_BACKUP}:/backup
27
28 nginx:
29 build: ./nginx
30 image: nginx/webportal
31 container_name: nginx
32 restart: always
33 links:
34 - odoo:odoo
35 ports:
36 - "80:80"
37 - "443:443"
38 depends_on:
39 - odoo
40
41 volumes:
42 ${ODOO_REPO}:
43 external: true
44 ${ODOO_LIB}:
45 external: true
46 ${ODOO_ETC}:
47 external: true
48 ${ODOO_BACKUP}:
49 external: true
50 ${POSTGRES_PGDATA}:
51 external: true