Commit 90797141 authored by godog's avatar godog

Merge branch 'docker' into 'master'

Docker

See merge request !1
parents 53ba5b70 e0d01084
Pipeline #1352 passed with stages
in 1 minute and 48 seconds
image: docker:latest
stages:
- build
- docker_build
- release
services:
- docker:dind
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
RELEASE_TAG: $CI_REGISTRY_IMAGE:latest
GIT_SUBMODULE_STRATEGY: recursive
build:
stage: build
image: "ai/build:stretch"
script:
- ./scripts/lint.sh
- ./scripts/update.sh
- tar -c -z -f site.tgz public index templates
artifacts:
paths:
- site.tgz
docker_build:
stage: docker_build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.git.autistici.org
- tar -x -z -f site.tgz -C docker
- docker build --build-arg ci_token=$CI_JOB_TOKEN --pull -t $IMAGE_TAG docker
- docker push $IMAGE_TAG
dependencies:
- build
release:
stage: release
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.git.autistici.org
- docker pull $IMAGE_TAG
- docker tag $IMAGE_TAG $RELEASE_TAG
- docker push $RELEASE_TAG
only:
- master
FROM registry.git.autistici.org/ai3/docker-apache2-base:master
COPY public /var/www/autistici.org
COPY index /var/lib/sitesearch/index
COPY templates /var/lib/sitesearch/templates
COPY conf /tmp/conf
COPY build.sh /tmp/build.sh
RUN /tmp/build.sh && rm /tmp/build.sh
ENTRYPOINT ["/usr/local/bin/chaperone"]
#!/bin/sh
#
# Install script for git.autistici.org/ai/website
# inside a Docker container.
#
# The installation procedure requires installing some
# dedicated packages, so we have split it out to a script
# for legibility.
# Packages that are only used to build the site. These will be
# removed once we're done.
BUILD_PACKAGES="rsync"
# Packages required to serve the website and run the services.
# We have to keep the python3 packages around in order to run
# chaperone (installed via pip).
PACKAGES="ai-webtools"
APACHE_MODULES_ENABLE="
headers
rewrite
negotiation
proxy
proxy_http
"
export APACHE_MODULES_ENABLE
APACHE_CONFIG_ENABLE="
"
export APACHE_CONFIG_ENABLE
APACHE_SITES="
main
"
export APACHE_SITES
# The default bitnami/minideb image defines an 'install_packages'
# command which is just a convenient helper. Define our own in
# case we are using some other Debian image.
if [ "x$(which install_packages)" = "x" ]; then
install_packages() {
env DEBIAN_FRONTEND=noninteractive apt-get install -qqy --no-install-recommends "$@"
}
fi
# Install the main A/I package repository.
install_packages curl gnupg
echo "deb http://deb.autistici.org/urepo stretch-ai/" > /etc/apt/sources.list.d/ai.list
curl -s http://deb.autistici.org/repo.key | apt-key add -
apt-get -q update
set -e
install_packages ${BUILD_PACKAGES} ${PACKAGES}
rsync -a /tmp/conf/ /etc/
/usr/local/bin/setup-apache.sh
# Make sure that files are readable.
chmod -R a+rX /var/lib/sitesearch
chmod -R a+rX /var/www/autistici.org
# Remove packages used for installation.
apt-get remove -y --purge ${BUILD_PACKAGES}
apt-get autoremove -y
apt-get clean
rm -fr /var/lib/apt/lists/*
rm -fr /tmp/conf
<VirtualHost *:${APACHE_PORT}>
ServerName www.autistici.org
ServerAlias www.inventati.org
ServerAlias autistici.org
ServerAlias inventati.org
DocumentRoot /var/www/autistici.org
<Directory "/var/www/autistici.org">
AllowOverride All
Options Indexes MultiViews FollowSymLinks
DirectoryIndex index
MultiViewsMatch Handlers Filters
Require all granted
</Directory>
#AddDefaultCharset utf-8
# Make the 'site_language' cookie override the Accept-Language header.
SetEnvIf Cookie "site_language=(.+)" prefer-language=$1
Header append Vary cookie
# Frame-busting headers and other miscellanea.
Header set X-Frame-Options SAMEORIGIN
Header set Strict-Transport-Security "max-age=2592000;"
# Configure negotiation.
LanguagePriority en it fr de es pt ca
ForceLanguagePriority Prefer Fallback
# Search engine.
ProxyPass /search http://127.0.0.1:3301
ProxyPassReverse /search http://127.0.0.1:3301
# Rewrite rules are used to preserve the old links.
RewriteEngine On
# Force HTTPS for all URLs, unless you are connecting
# to the hidden service.
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTP_HOST} !\.onion$
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1$2 [R,L]
# Remove the old language prefix from the URLs.
RewriteRule ^/(it|en|cat|de|es|pt|fr)/(.*)$ /$2 [R=301,L]
# Remove the man_ prefix from the old howto URLs.
RewriteRule ^/stuff/man_(.*)$ /docs/$1 [R=301,L]
# Rewrite URLs that only have a .html extension (no language),
# because we don't like them and they're ugly.
RewriteRule ^/(it|en|cat|de|es|pt|fr)/([^.]*)\.html$ /$2 [R=301,L]
</VirtualHost>
search.service: {
command: "/usr/sbin/sitesearch --index=/var/lib/sitesearch/index --templates=/var/lib/sitesearch/templates --http=127.0.0.1:3301",
restart: true,
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment