From 818f8082be0743e7e1e968524cb9f7fcebff7167 Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Thu, 25 Jan 2024 18:11:47 +0530 Subject: [PATCH 01/10] initial commit for full install scripts --- docker-compose/full-install/.env | 1 + docker-compose/full-install/.gitignore | 3 + docker-compose/full-install/README.md | 56 ++++++++++++ .../full-install/bin/nginx_reload.sh | 1 + .../full-install/bin/nginx_start.sh | 12 +++ .../full-install/docker-compose.yml | 91 +++++++++++++++++++ docker-compose/full-install/install.sh | 53 +++++++++++ .../full-install/nginx/conf.d/backends.conf | 5 + .../full-install/nginx/conf.d/default.conf | 28 ++++++ .../full-install/nginx/conf.d/fe_artf.conf | 0 .../full-install/nginx/conf/nginx.conf | 7 ++ docker-compose/full-install/pre-req-check.sh | 61 +++++++++++++ docker-compose/full-install/prepare_env.sh | 41 +++++++++ .../full-install/sbin/install_vars.sh | 3 + docker-compose/full-install/sbin/util.sh | 19 ++++ 15 files changed, 381 insertions(+) create mode 100644 docker-compose/full-install/.env create mode 100644 docker-compose/full-install/.gitignore create mode 100644 docker-compose/full-install/README.md create mode 100755 docker-compose/full-install/bin/nginx_reload.sh create mode 100755 docker-compose/full-install/bin/nginx_start.sh create mode 100644 docker-compose/full-install/docker-compose.yml create mode 100755 docker-compose/full-install/install.sh create mode 100644 docker-compose/full-install/nginx/conf.d/backends.conf create mode 100644 docker-compose/full-install/nginx/conf.d/default.conf create mode 100644 docker-compose/full-install/nginx/conf.d/fe_artf.conf create mode 100644 docker-compose/full-install/nginx/conf/nginx.conf create mode 100755 docker-compose/full-install/pre-req-check.sh create mode 100755 docker-compose/full-install/prepare_env.sh create mode 100644 docker-compose/full-install/sbin/install_vars.sh create mode 100644 docker-compose/full-install/sbin/util.sh diff --git a/docker-compose/full-install/.env b/docker-compose/full-install/.env new file mode 100644 index 0000000000..1123d935eb --- /dev/null +++ b/docker-compose/full-install/.env @@ -0,0 +1 @@ +NC_INSTALL_ROOT=./ \ No newline at end of file diff --git a/docker-compose/full-install/.gitignore b/docker-compose/full-install/.gitignore new file mode 100644 index 0000000000..ba66d36ff4 --- /dev/null +++ b/docker-compose/full-install/.gitignore @@ -0,0 +1,3 @@ +conf +data +logs \ No newline at end of file diff --git a/docker-compose/full-install/README.md b/docker-compose/full-install/README.md new file mode 100644 index 0000000000..192308cf2f --- /dev/null +++ b/docker-compose/full-install/README.md @@ -0,0 +1,56 @@ +# Install full stack nocodb with Docker (compose) + +This page provides instructions to install nocodb full stack using Docker. The installation will run multiple contianers in single node. + +## Prerequisites +Before you begin, ensure you have the following prerequisites: + +- Docker (version 20.10.7 or later) +- Docker-Compose (version 2.17.3 or later) +- Ports 80 and 443 are available + +TIP: you could simply run ./pre-req-check.sh from this directory which will check. + +## Install +Run install.sh, This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`. +Note: For most cases where any external integration is not required. The defaults properties are just fine. +``` +./install.sh +``` +* At this point, your installation is completed and you should be able to access your nocodb instance * + + +### An example output will be like below. +``` +``` + + +## Data and Conf directories +This directory acts as the NC_INSTALL_ROOT by default and it will have data, conf directories which are `.gitingore` to avoid accidentlly exposing to git. + +``` +. +├── conf +│ └── nc_properties.env +├── data +│ ├── nginx +│ ├── nocodb +│ ├── postgres +│ └── redis +├── docker +│ └── docker-compose.yml +``` + + +## Read below, if you wish to understand what does install.sh do +install script performs the following steps +1. pre-req-check.sh and warns if there is anything missing which could potentially cause issues at later stage. However it will let you proceed if you wish to. +2. create application properties file under conf dir which will then be used for future upgrades etc. +3. runs docker-compose up -d + +## + + + + + diff --git a/docker-compose/full-install/bin/nginx_reload.sh b/docker-compose/full-install/bin/nginx_reload.sh new file mode 100755 index 0000000000..27d4d71c41 --- /dev/null +++ b/docker-compose/full-install/bin/nginx_reload.sh @@ -0,0 +1 @@ +docker exec -it nginx /etc/init.d/nginx reload \ No newline at end of file diff --git a/docker-compose/full-install/bin/nginx_start.sh b/docker-compose/full-install/bin/nginx_start.sh new file mode 100755 index 0000000000..fda4984120 --- /dev/null +++ b/docker-compose/full-install/bin/nginx_start.sh @@ -0,0 +1,12 @@ +#!/bin/bash +# starts the docker containers configured in this components +# docker compose dir +# +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +COMPONENT_DIR=${SCRIPT_DIR}/../ +cd ${COMPONENT_DIR}/docker +mkdir -p ${COMPONENT_DIR}/data +chmod -R 777 ${COMPONENT_DIR}/data +docker-compose restart nginx + diff --git a/docker-compose/full-install/docker-compose.yml b/docker-compose/full-install/docker-compose.yml new file mode 100644 index 0000000000..d266ec4007 --- /dev/null +++ b/docker-compose/full-install/docker-compose.yml @@ -0,0 +1,91 @@ +version: '3.8' + +networks: + nocodb-001: + # external: true + +services: + redis: + image: redis:latest + container_name: redis + restart: unless-stopped + env_file: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nc_properties.env + expose: + - "6379" + volumes: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/redis:/data + networks: + - nocodb-001 + deploy: + resources: + limits: + cpus: '0.5' + memory: 1000M + + postgres: + image: postgres:14.7 + container_name: postgres + restart: unless-stopped + env_file: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nc_properties.env + expose: + - "5432" + volumes: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/postgres:/var/lib/postgresql/data + networks: + - nocodb-001 + deploy: + resources: + limits: + cpus: '1' + memory: 1000M + + nocodb: + depends_on: + - postgres + - redis + image: nocodb/nocodb:latest + container_name: nocodb + restart: unless-stopped + env_file: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nc_properties.env + expose: + - "8080" + volumes: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/nocodb:/usr/app/data/ + networks: + - nocodb-001 + deploy: + resources: + limits: + cpus: '1' + memory: 1000M + + nginx: + container_name: nginx + depends_on: + - nocodb + image: nginx + restart: unless-stopped + env_file: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nc_properties.env + volumes: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf.d:/etc/nginx/conf.d:ro + - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf:/opt/nocohub/nginx/conf + - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro + - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/nginx:/opt/nocohub/nginx/data + # - ../nginx/conf/ssl:/etc/nginx/ssl/:ro + expose: + - "80" + - "443" + ports: + - "80:80" + - "443:443" + networks: + - nocodb-001 + deploy: + resources: + limits: + cpus: '1' + memory: 1000M diff --git a/docker-compose/full-install/install.sh b/docker-compose/full-install/install.sh new file mode 100755 index 0000000000..eb62002352 --- /dev/null +++ b/docker-compose/full-install/install.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Performs Initial setup and System Requirements Check + +## 1. validate system requirements +# a. docker, docker-compose, jq installed +# b. port mapping check +# - port 80,443 are free or being used by nginx container +# - port 8080 is open if used for multi-instance setup +# - port 6379 for redis access +# - port 9001 for minio access +# c. docker repo accessiblity quay.io/minio/minio:RELEASE.2023-12-09T18-17-51Z, redis:latest, postgres:14.7, nocodb/nocodb:latest, nginx +# d. licence check (tbd) + + +## utility functions +asksure() { +echo -n "Are you sure (Y/N)? " +while read -r -n 1 -s answer; do + if [[ $answer = [YyNn] ]]; then + [[ $answer = [Yy] ]] && retval=0 + [[ $answer = [Nn] ]] && retval=1 + break + fi +done + +echo # just a final linefeed, optics... + +return $retval +} + +# -- main line code starts here +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + + +${SCRIPT_DIR}/pre-req-check.sh +PRE_REQ_SUCCESS=$? +if [[ ${PRE_REQ_SUCCESS} != 0 ]] +then + echo "Few pre-requisites are failing.\n Recommend to resolve and proceed.\n However you could still proceed to install" >&2 +else + echo "All pre-requistites are taken care of. Proceed to install.." +fi + +if asksure; then + echo "Preparing environment file before install.." + ${SCRIPT_DIR}/prepare_env.sh + echo "Installing docker containers" + docker-compose -f ${SCRIPT_DIR}/docker-compose.yml up -d + else + echo "Exiting without install. You can install using docker-compose -f ${SCRIPT_DIR}/docker-compose.yml up -d " +fi + + diff --git a/docker-compose/full-install/nginx/conf.d/backends.conf b/docker-compose/full-install/nginx/conf.d/backends.conf new file mode 100644 index 0000000000..2090cbe544 --- /dev/null +++ b/docker-compose/full-install/nginx/conf.d/backends.conf @@ -0,0 +1,5 @@ +upstream nocodb_backend { + server nocodb:8080; + # server nocodb-1:8080; + # server nocodb-2:8080; +} \ No newline at end of file diff --git a/docker-compose/full-install/nginx/conf.d/default.conf b/docker-compose/full-install/nginx/conf.d/default.conf new file mode 100644 index 0000000000..992b1cbc81 --- /dev/null +++ b/docker-compose/full-install/nginx/conf.d/default.conf @@ -0,0 +1,28 @@ +server { + + listen 80; + listen [::]:80; + server_name localhost; + # server_name my.nocodb.com; + # listen 443 default_server ssl; + # listen [::]:443 ssl ; + # ssl_certificate /etc/nginx/ssl/live/status.nocodb.com/fullchain.pem; + # ssl_certificate_key /etc/nginx/ssl/live/status.nocodb.com/privkey.pem; + + location / { + proxy_pass http://nocodb_backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_intercept_errors on; + error_page 404 = @handle404; + } + + location @handle404 { + rewrite ^ /dashboard permanent; + } +} \ No newline at end of file diff --git a/docker-compose/full-install/nginx/conf.d/fe_artf.conf b/docker-compose/full-install/nginx/conf.d/fe_artf.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docker-compose/full-install/nginx/conf/nginx.conf b/docker-compose/full-install/nginx/conf/nginx.conf new file mode 100644 index 0000000000..2809470ffb --- /dev/null +++ b/docker-compose/full-install/nginx/conf/nginx.conf @@ -0,0 +1,7 @@ +events { + worker_connections 1024; +} + +http { + include /etc/nginx/conf.d/*.conf; + } \ No newline at end of file diff --git a/docker-compose/full-install/pre-req-check.sh b/docker-compose/full-install/pre-req-check.sh new file mode 100755 index 0000000000..ba2cd45d98 --- /dev/null +++ b/docker-compose/full-install/pre-req-check.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Performs Initial setup and System Requirements Check + +## 1. validate system requirements +# a. docker, docker-compose, jq installed +# b. port mapping check +# - port 80,443 are free or being used by nginx container +# - port 8080 is open if used for multi-instance setup +# - port 6379 for redis access +# - port 9001 for minio access +# c. docker repo accessiblity quay.io/minio/minio:RELEASE.2023-12-09T18-17-51Z, redis:latest, postgres:14.7, nocodb/nocodb:latest, nginx +# d. licence check (tbd) + + +# -- main line code starts here +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source ${SCRIPT_DIR}/sbin/util.sh +source ${SCRIPT_DIR}/sbin/install_vars.sh +echo "Performing nocodb system check and setup. This step may require sudo permissions to" +echo "Check if ports are accessible" +PRE_REQ=0 + +# d. Check if required tools are installed +echo "Checking if required tools (docker, docker-compose, jq, lsof) are installed..." +for tool in docker docker-compose lsof; do + if ! command -v "$tool" &> /dev/null; then + echo "Error: $tool is not installed. Please install it before proceeding." + exit 1 + fi +done + +# e. Check if NocoDB is already installed and its expected version +# echo "Checking if NocoDB is already installed and its expected version..." +# Replace the following command with the actual command to check NocoDB installation and version +# Example: nocodb_version=$(command_to_get_nocodb_version) +# echo "NocoDB version: $nocodb_install_version" + +# f. Port mapping check +echo "Checking port accessibility..." +for port in "${REQUIRED_PORTS[@]}"; do + if lsof -Pi :$port -sTCP:LISTEN -t >/dev/null; then + echo "Port $port is in use. Please make sure it is free." >&2 + PRE_REQ=1 + else + echo "Port $port is free." + fi +done + +# # g. Docker repository accessibility check +# echo "Checking Docker repository accessibility..." +# for image in "${DOCKER_IMAGES[@]}"; do +# if docker pull "$image" &> /dev/null; then +# echo "Docker image $image is accessible." +# else +# echo "Error: Docker image $image is not accessible. Please check the repository or internet connection." +# PRE_REQ=1 +# fi +# done + +echo "System check completed successfully." +exit $PRE_REQ \ No newline at end of file diff --git a/docker-compose/full-install/prepare_env.sh b/docker-compose/full-install/prepare_env.sh new file mode 100755 index 0000000000..d8b51e9c48 --- /dev/null +++ b/docker-compose/full-install/prepare_env.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# prepares env file with all the required env variables. +# + +# -- main line code starts here -- +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +ENV_FILE=${SCRIPT_DIR}/conf/nc_properties.env +bkp_file=${ENV_FILE}-$(date +%s).bak +# Source existing nc_envs.env file to get current values +if [ -f ${ENV_FILE} ]; then + source ${ENV_FILE} + echo "backing up previous ${ENV_FILE} file to ${bkp_file}" + cp ${ENV_FILE} ${bkp_file} +fi + +# Array of properties with default values +properties=("NC_INSTALL_ROOT=${SCRIPT_DIR}" "MINIO_ROOT_USER=minioadmin" "MINIO_ROOT_PASSWORD=minioadmin" "POSTGRES_USER=postgres" "POSTGRES_PASSWORD=test123" "POSTGRES_DB=nocodb" "NC_REDIS_URL=redis://redis:6379/4" 'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "NO_COLOR=NEST_JS_LOG_MESSAGE_NO_COLOR_SET_NON_NULL_VALUE" "LOKI_ENDPOINT=http://localhost:3100") + +echo "Update or confirm the values to be set" +# Iterate over the properties array and prompt user for input +for prop in "${properties[@]}"; do + key=$(echo "$prop" | cut -d'=' -f1) + default_value="${prop#*=}" + prev_value_or_default=${!key:-${default_value}} + + read -p "Enter value for $key (default: ${prev_value_or_default}): " user_input + + # Use user input or default value if empty + value=${user_input:-$prev_value_or_default} + + # Store key-value pair in a variable + userValues="${userValues}${key}=${value}\n" +done + +# Write key-value pairs to nc_envs.env file +echo -e "# Environment Variables\n$userValues" > ${ENV_FILE} + +echo "Environment variables written to ${ENV_FILE} file." + +echo "creating data conf, data and log directories" +mkdir -p ${INSTALL_ROOT}/conf ${INSTALL_ROOT}/data ${INSTALL_ROOT}/logs diff --git a/docker-compose/full-install/sbin/install_vars.sh b/docker-compose/full-install/sbin/install_vars.sh new file mode 100644 index 0000000000..a4709b286f --- /dev/null +++ b/docker-compose/full-install/sbin/install_vars.sh @@ -0,0 +1,3 @@ +nocodb_install_version="1.0.0" # Replace with actual version +REQUIRED_PORTS=(80 443) +DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx") \ No newline at end of file diff --git a/docker-compose/full-install/sbin/util.sh b/docker-compose/full-install/sbin/util.sh new file mode 100644 index 0000000000..566817f1f7 --- /dev/null +++ b/docker-compose/full-install/sbin/util.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# this file contains the utility functions +# used during installation +# + +asksure() { +echo -n "Are you sure (Y/N)? " +while read -r -n 1 -s answer; do + if [[ $answer = [YyNn] ]]; then + [[ $answer = [Yy] ]] && retval=0 + [[ $answer = [Nn] ]] && retval=1 + break + fi +done + +echo # just a final linefeed, optics... + +return $retval +} \ No newline at end of file From ea8662a4e17cc87920d791531ec7fe696f76684b Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 26 Jan 2024 15:26:51 +0530 Subject: [PATCH 02/10] full-install: add letsencrypt cert gen script --- docker-compose/full-install/.env | 3 +- docker-compose/full-install/advanced.md | 23 +++++++++++ .../full-install/bin/nginx_start.sh | 2 +- .../full-install/docker-compose.yml | 10 ++++- .../conf-templates/certbot_conf.template | 15 +++++++ .../ssl_server_name_conf.template | 41 +++++++++++++++++++ .../full-install/nginx/conf.d/default.conf | 5 --- .../full-install/nginx/conf/nginx.conf | 3 +- docker-compose/full-install/prepare_env.sh | 6 +-- .../full-install/sbin/gen_letsencrypt_cert.sh | 32 +++++++++++++++ .../full-install/sbin/install_vars.sh | 6 ++- docker-compose/full-install/security.md | 1 + 12 files changed, 134 insertions(+), 13 deletions(-) create mode 100644 docker-compose/full-install/advanced.md create mode 100644 docker-compose/full-install/nginx/conf-templates/certbot_conf.template create mode 100644 docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template create mode 100755 docker-compose/full-install/sbin/gen_letsencrypt_cert.sh create mode 100644 docker-compose/full-install/security.md diff --git a/docker-compose/full-install/.env b/docker-compose/full-install/.env index 1123d935eb..e992e1f60e 100644 --- a/docker-compose/full-install/.env +++ b/docker-compose/full-install/.env @@ -1 +1,2 @@ -NC_INSTALL_ROOT=./ \ No newline at end of file +NC_INSTALL_ROOT=./ +NO_COLOR=NEST_JS_LOG_MESSAGE_NO_COLOR_SET_NON_NULL_VALUE \ No newline at end of file diff --git a/docker-compose/full-install/advanced.md b/docker-compose/full-install/advanced.md new file mode 100644 index 0000000000..f6cd5120dd --- /dev/null +++ b/docker-compose/full-install/advanced.md @@ -0,0 +1,23 @@ +# Advanced operations + + +## Restarting containers + +## Upgrade nocodb instance + +## Enable SSL +In order to enable SSL for incoming https requests, you will need to have certs which is +private-key public-key pair +### letsencrypt for generating certificates +### Bring your own certificates +### self signed certificates + +## Database pasword rotation + +## nginx configurations + +## Add Node + +## Minio integration for resources + +## Enable scheduled backups to run nightly on all your instances. \ No newline at end of file diff --git a/docker-compose/full-install/bin/nginx_start.sh b/docker-compose/full-install/bin/nginx_start.sh index fda4984120..24b2292837 100755 --- a/docker-compose/full-install/bin/nginx_start.sh +++ b/docker-compose/full-install/bin/nginx_start.sh @@ -5,7 +5,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) COMPONENT_DIR=${SCRIPT_DIR}/../ -cd ${COMPONENT_DIR}/docker +cd ${COMPONENT_DIR} mkdir -p ${COMPONENT_DIR}/data chmod -R 777 ${COMPONENT_DIR}/data docker-compose restart nginx diff --git a/docker-compose/full-install/docker-compose.yml b/docker-compose/full-install/docker-compose.yml index d266ec4007..5ba5593488 100644 --- a/docker-compose/full-install/docker-compose.yml +++ b/docker-compose/full-install/docker-compose.yml @@ -72,9 +72,12 @@ services: - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nc_properties.env volumes: - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf.d:/etc/nginx/conf.d:ro + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/conf.d:/etc/nginx/custom-conf.d:ro - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf:/opt/nocohub/nginx/conf - ${NC_INSTALL_ROOT:-/opt/nocodb}/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/nginx:/opt/nocohub/nginx/data + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/certbot/www:/var/www/certbot/:ro + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/certbot/conf/:/etc/nginx/ssl/:ro # - ../nginx/conf/ssl:/etc/nginx/ssl/:ro expose: - "80" @@ -88,4 +91,9 @@ services: resources: limits: cpus: '1' - memory: 1000M + memory: 1000M + certbot: + image: certbot/certbot:latest + volumes: + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/certbot/www:/var/www/certbot/:rw + - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/certbot/conf/:/etc/letsencrypt/:rw diff --git a/docker-compose/full-install/nginx/conf-templates/certbot_conf.template b/docker-compose/full-install/nginx/conf-templates/certbot_conf.template new file mode 100644 index 0000000000..63b8609c96 --- /dev/null +++ b/docker-compose/full-install/nginx/conf-templates/certbot_conf.template @@ -0,0 +1,15 @@ +server { + listen 80; + listen [::]:80; + + # chantge server_name while generating cert + server_name ; + + #access_log /var/log/nginx/host.access.log main; + + # this is required for cert generation. + # change server_name as well with cname of required cert + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } +} \ No newline at end of file diff --git a/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template b/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template new file mode 100644 index 0000000000..9caa19d950 --- /dev/null +++ b/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template @@ -0,0 +1,41 @@ +server { + listen 80; + listen [::]:80 ; + listen 443 default_server ssl; + listen [::]:443 ssl ; + # chantge server_name while generating cert + server_name ; + + # force https-redirects + if ($scheme = http) { + return 301 https://$server_name$request_uri; + } + + ssl_certificate /etc/nginx/ssl/live//fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live//privkey.pem; + + #access_log /var/log/nginx/host.access.log main; + location / { + include /etc/nginx/mime.types; + root /opt/nocohub/nginx/data//; + index index.html index.htm; + auth_basic "Restricted Access"; + auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd; + } + + location /proxy { + proxy_pass http://nocohub-001:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + auth_basic "Restricted Access"; + auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + location ~ /\.ht { + deny all; + } +} \ No newline at end of file diff --git a/docker-compose/full-install/nginx/conf.d/default.conf b/docker-compose/full-install/nginx/conf.d/default.conf index 992b1cbc81..f9a78f3a6c 100644 --- a/docker-compose/full-install/nginx/conf.d/default.conf +++ b/docker-compose/full-install/nginx/conf.d/default.conf @@ -3,11 +3,6 @@ server { listen 80; listen [::]:80; server_name localhost; - # server_name my.nocodb.com; - # listen 443 default_server ssl; - # listen [::]:443 ssl ; - # ssl_certificate /etc/nginx/ssl/live/status.nocodb.com/fullchain.pem; - # ssl_certificate_key /etc/nginx/ssl/live/status.nocodb.com/privkey.pem; location / { proxy_pass http://nocodb_backend; diff --git a/docker-compose/full-install/nginx/conf/nginx.conf b/docker-compose/full-install/nginx/conf/nginx.conf index 2809470ffb..f6a3a2da04 100644 --- a/docker-compose/full-install/nginx/conf/nginx.conf +++ b/docker-compose/full-install/nginx/conf/nginx.conf @@ -4,4 +4,5 @@ events { http { include /etc/nginx/conf.d/*.conf; - } \ No newline at end of file + include /etc/nginx/custom-conf.d/*.conf; +} \ No newline at end of file diff --git a/docker-compose/full-install/prepare_env.sh b/docker-compose/full-install/prepare_env.sh index d8b51e9c48..d725642b0c 100755 --- a/docker-compose/full-install/prepare_env.sh +++ b/docker-compose/full-install/prepare_env.sh @@ -4,6 +4,9 @@ # -- main line code starts here -- SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source ${SCRIPT_DIR}/sbin/util.sh +source ${SCRIPT_DIR}/sbin/install_vars.sh + ENV_FILE=${SCRIPT_DIR}/conf/nc_properties.env bkp_file=${ENV_FILE}-$(date +%s).bak # Source existing nc_envs.env file to get current values @@ -13,9 +16,6 @@ if [ -f ${ENV_FILE} ]; then cp ${ENV_FILE} ${bkp_file} fi -# Array of properties with default values -properties=("NC_INSTALL_ROOT=${SCRIPT_DIR}" "MINIO_ROOT_USER=minioadmin" "MINIO_ROOT_PASSWORD=minioadmin" "POSTGRES_USER=postgres" "POSTGRES_PASSWORD=test123" "POSTGRES_DB=nocodb" "NC_REDIS_URL=redis://redis:6379/4" 'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "NO_COLOR=NEST_JS_LOG_MESSAGE_NO_COLOR_SET_NON_NULL_VALUE" "LOKI_ENDPOINT=http://localhost:3100") - echo "Update or confirm the values to be set" # Iterate over the properties array and prompt user for input for prop in "${properties[@]}"; do diff --git a/docker-compose/full-install/sbin/gen_letsencrypt_cert.sh b/docker-compose/full-install/sbin/gen_letsencrypt_cert.sh new file mode 100755 index 0000000000..5959cd8cac --- /dev/null +++ b/docker-compose/full-install/sbin/gen_letsencrypt_cert.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# expects nginx to be up and running with conf.d/certbot.conf +# dns to be mapped to the machine where cert is generated +# + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +SERVER_NAME=${1} +if [[ -z "$SERVER_NAME" ]] +then + echo "required argument servername" + echo "usage ex: ./gen_certs my.nocodb.com" + exit 1 +fi + +echo "Creating configs for SERVER_NAME: ${SERVER_NAME}" +cd ${SCRIPT_DIR}/../conf/nginx/conf.d +sed "s,,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/certbot_conf.template > certbot.conf + +cd ${SCRIPT_DIR}/../bin +./nginx_start.sh +./nginx_reload.sh + +echo "Triggering certbot to create ssl configs: ${SERVER_NAME}" +cd ${SCRIPT_DIR}/.. +docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d ${SERVER_NAME} + + +echo "Now reload nginx with new ssl configs for your site : ${SERVER_NAME}" +cd ${SCRIPT_DIR}/../conf/nginx/conf.d +sed "s,,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/ssl_server_name_conf.template > ${SERVER_NAME}.conf +${SCRIPT_DIR}/../bin/nginx_reload.sh diff --git a/docker-compose/full-install/sbin/install_vars.sh b/docker-compose/full-install/sbin/install_vars.sh index a4709b286f..17135fefb7 100644 --- a/docker-compose/full-install/sbin/install_vars.sh +++ b/docker-compose/full-install/sbin/install_vars.sh @@ -1,3 +1,7 @@ nocodb_install_version="1.0.0" # Replace with actual version REQUIRED_PORTS=(80 443) -DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx") \ No newline at end of file +DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx" "certbot/certbot:latest" ) + +# Array of properties with default values +properties=( "POSTGRES_USER=postgres" "POSTGRES_PASSWORD=test123" "POSTGRES_DB=nocodb" "NC_REDIS_URL=redis://redis:6379/4" 'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' ) +# "NC_INSTALL_ROOT=${SCRIPT_DIR}" "MINIO_ROOT_USER=minioadmin" "MINIO_ROOT_PASSWORD=minioadmin" \ No newline at end of file diff --git a/docker-compose/full-install/security.md b/docker-compose/full-install/security.md new file mode 100644 index 0000000000..2afe829dfb --- /dev/null +++ b/docker-compose/full-install/security.md @@ -0,0 +1 @@ +Security \ No newline at end of file From bd95775dbaa404249e2e49f5eb0e53e90657a33b Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 26 Jan 2024 15:38:24 +0530 Subject: [PATCH 03/10] full_install: add lets encrypt renew cert script --- docker-compose/full-install/sbin/renew_certs.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 docker-compose/full-install/sbin/renew_certs.sh diff --git a/docker-compose/full-install/sbin/renew_certs.sh b/docker-compose/full-install/sbin/renew_certs.sh new file mode 100755 index 0000000000..7e9de5b2da --- /dev/null +++ b/docker-compose/full-install/sbin/renew_certs.sh @@ -0,0 +1,3 @@ +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd ${SCRIPT_DIR}/../ +sudo docker-compose run --rm certbot renew -q \ No newline at end of file From 1c273c2a75c538b1ea8d3fa99692cbceb87830cb Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Mon, 29 Jan 2024 22:53:38 +0530 Subject: [PATCH 04/10] refactor to aio and add all env variables prompt --- docker-compose/{full-install => aio}/.env | 0 .../{full-install => aio}/.gitignore | 0 .../{full-install => aio}/README.md | 0 docker-compose/aio/advanced.md | 46 ++++++++++++ docker-compose/aio/bin/nginx_reload.sh | 2 + .../{full-install => aio}/bin/nginx_start.sh | 0 docker-compose/aio/conf/nc_properties.env | 16 +++++ .../{full-install => aio}/docker-compose.yml | 5 ++ .../{full-install => aio}/install.sh | 0 .../conf-templates/certbot_conf.template | 0 .../ssl_server_name_conf.template | 0 .../nginx/conf.d/backends.conf | 0 .../nginx/conf.d/default.conf | 0 .../nginx/conf.d/fe_artf.conf | 0 .../nginx/conf/nginx.conf | 0 .../{full-install => aio}/pre-req-check.sh | 0 docker-compose/aio/prepare_env.sh | 70 +++++++++++++++++++ .../sbin/gen_letsencrypt_cert.sh | 0 docker-compose/aio/sbin/install_vars.sh | 15 ++++ .../{full-install => aio}/sbin/renew_certs.sh | 0 .../{full-install => aio}/sbin/util.sh | 0 .../{full-install => aio}/security.md | 0 docker-compose/full-install/advanced.md | 23 ------ .../full-install/bin/nginx_reload.sh | 1 - docker-compose/full-install/prepare_env.sh | 41 ----------- .../full-install/sbin/install_vars.sh | 7 -- 26 files changed, 154 insertions(+), 72 deletions(-) rename docker-compose/{full-install => aio}/.env (100%) rename docker-compose/{full-install => aio}/.gitignore (100%) rename docker-compose/{full-install => aio}/README.md (100%) create mode 100644 docker-compose/aio/advanced.md create mode 100755 docker-compose/aio/bin/nginx_reload.sh rename docker-compose/{full-install => aio}/bin/nginx_start.sh (100%) create mode 100644 docker-compose/aio/conf/nc_properties.env rename docker-compose/{full-install => aio}/docker-compose.yml (94%) rename docker-compose/{full-install => aio}/install.sh (100%) rename docker-compose/{full-install => aio}/nginx/conf-templates/certbot_conf.template (100%) rename docker-compose/{full-install => aio}/nginx/conf-templates/ssl_server_name_conf.template (100%) rename docker-compose/{full-install => aio}/nginx/conf.d/backends.conf (100%) rename docker-compose/{full-install => aio}/nginx/conf.d/default.conf (100%) rename docker-compose/{full-install => aio}/nginx/conf.d/fe_artf.conf (100%) rename docker-compose/{full-install => aio}/nginx/conf/nginx.conf (100%) rename docker-compose/{full-install => aio}/pre-req-check.sh (100%) create mode 100755 docker-compose/aio/prepare_env.sh rename docker-compose/{full-install => aio}/sbin/gen_letsencrypt_cert.sh (100%) create mode 100644 docker-compose/aio/sbin/install_vars.sh rename docker-compose/{full-install => aio}/sbin/renew_certs.sh (100%) rename docker-compose/{full-install => aio}/sbin/util.sh (100%) rename docker-compose/{full-install => aio}/security.md (100%) delete mode 100644 docker-compose/full-install/advanced.md delete mode 100755 docker-compose/full-install/bin/nginx_reload.sh delete mode 100755 docker-compose/full-install/prepare_env.sh delete mode 100644 docker-compose/full-install/sbin/install_vars.sh diff --git a/docker-compose/full-install/.env b/docker-compose/aio/.env similarity index 100% rename from docker-compose/full-install/.env rename to docker-compose/aio/.env diff --git a/docker-compose/full-install/.gitignore b/docker-compose/aio/.gitignore similarity index 100% rename from docker-compose/full-install/.gitignore rename to docker-compose/aio/.gitignore diff --git a/docker-compose/full-install/README.md b/docker-compose/aio/README.md similarity index 100% rename from docker-compose/full-install/README.md rename to docker-compose/aio/README.md diff --git a/docker-compose/aio/advanced.md b/docker-compose/aio/advanced.md new file mode 100644 index 0000000000..3c6bbb93ed --- /dev/null +++ b/docker-compose/aio/advanced.md @@ -0,0 +1,46 @@ +# Advanced operations + +## Restarting containers +There are atleast 4 main containers which are running as part of this installation through same docker-compose. The same docker-compose can be leveraged to restart any or all of these containers. + +Use below command to restart all containers\ +``` docker compose restart ``` + +To restart individual containers with name ( names: nocodb, nginx, postgres, redis)\ +ex: to restart nginx\ +``` docker compose restart nginx ``` + +## reload nginx +use utility script at [./bin/nginx_reload.sh](./bin/nginx_reload.sh) + +## Upgrade nocodb instance + +## Enable SSL +To enable SSL for incoming https requests, nginx should be configured with combination of a public certificate and a private key. The SSL private key is kept secret on the server. It will be used to encrypt content sent to clients. +Below are different approaches to get and configure certificates. Make your choice +### letsencrypt for generating certificates +Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [https://www.abetterinternet.org/donate/](donate) for their service. + +### Bring your own certificates +If you already have the certificates, either self signed or generated by any other means, you will need to configure them with nginx. Below are the steps +TBD +### self signed certificates +One of the pre-requisite is that your server should be associated with the domain name. In the absence of that you could use self signed certificates which does ecrypt but browsers show warning. + +## Database password rotation +As a security measure, It is best practice to rotate the database credentials periodically. Assuming you would have created new credentials in postgres database. The db credentials are persisted on filesystem as part of initial install and it will be available at +[./conf/nc_properties.env](./conf/nc_properties.env)\ +update properties POSTGRES_USER, POSTGRES_PASSWORD with new credentials and [restarting nocodb](#restarting-containers) with\ +```docker compose restart nocodb``` + +## nginx configurations +There are two main directories where nginx configurations are maintained +- nocodb team managed configurations at [nginx/conf.d](./conf/nginx/conf.d). +- self managed (you) [conf/nginx/conf.d](./conf/nginx/conf.d) + + +## Add Node + +## Minio integration for resources + +## Enable scheduled backups to run nightly on all your instances. \ No newline at end of file diff --git a/docker-compose/aio/bin/nginx_reload.sh b/docker-compose/aio/bin/nginx_reload.sh new file mode 100755 index 0000000000..3e591ee95b --- /dev/null +++ b/docker-compose/aio/bin/nginx_reload.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker exec -it nginx /etc/init.d/nginx reload \ No newline at end of file diff --git a/docker-compose/full-install/bin/nginx_start.sh b/docker-compose/aio/bin/nginx_start.sh similarity index 100% rename from docker-compose/full-install/bin/nginx_start.sh rename to docker-compose/aio/bin/nginx_start.sh diff --git a/docker-compose/aio/conf/nc_properties.env b/docker-compose/aio/conf/nc_properties.env new file mode 100644 index 0000000000..848cb06df3 --- /dev/null +++ b/docker-compose/aio/conf/nc_properties.env @@ -0,0 +1,16 @@ +# Environment Variables +POSTGRES_USER=postgres +POSTGRES_PASSWORD=test123 +POSTGRES_DB=nocodb +NC_REDIS_URL=redis://redis:6379/4 +NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres +NC_PUBLIC_URL=rajanishs-MacBook-Pro.local +NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false +NC_INVITE_ONLY_SIGNUP=false +NC_ADMIN_EMAIL=false +NC_ADMIN_PASSWORD=false +NC_S3_BUCKET_NAME=asdf +NC_S3_REGION=asd +NC_S3_ACCESS_KEY=sda +NC_S3_ACCESS_SECRET=adsfa + diff --git a/docker-compose/full-install/docker-compose.yml b/docker-compose/aio/docker-compose.yml similarity index 94% rename from docker-compose/full-install/docker-compose.yml rename to docker-compose/aio/docker-compose.yml index 5ba5593488..f0b69d7e01 100644 --- a/docker-compose/full-install/docker-compose.yml +++ b/docker-compose/aio/docker-compose.yml @@ -35,6 +35,11 @@ services: - ${NC_INSTALL_ROOT:-/opt/nocodb}/data/postgres:/var/lib/postgresql/data networks: - nocodb-001 + healthcheck: + interval: 10s + retries: 10 + test: "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" + timeout: 2s deploy: resources: limits: diff --git a/docker-compose/full-install/install.sh b/docker-compose/aio/install.sh similarity index 100% rename from docker-compose/full-install/install.sh rename to docker-compose/aio/install.sh diff --git a/docker-compose/full-install/nginx/conf-templates/certbot_conf.template b/docker-compose/aio/nginx/conf-templates/certbot_conf.template similarity index 100% rename from docker-compose/full-install/nginx/conf-templates/certbot_conf.template rename to docker-compose/aio/nginx/conf-templates/certbot_conf.template diff --git a/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template b/docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template similarity index 100% rename from docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template rename to docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template diff --git a/docker-compose/full-install/nginx/conf.d/backends.conf b/docker-compose/aio/nginx/conf.d/backends.conf similarity index 100% rename from docker-compose/full-install/nginx/conf.d/backends.conf rename to docker-compose/aio/nginx/conf.d/backends.conf diff --git a/docker-compose/full-install/nginx/conf.d/default.conf b/docker-compose/aio/nginx/conf.d/default.conf similarity index 100% rename from docker-compose/full-install/nginx/conf.d/default.conf rename to docker-compose/aio/nginx/conf.d/default.conf diff --git a/docker-compose/full-install/nginx/conf.d/fe_artf.conf b/docker-compose/aio/nginx/conf.d/fe_artf.conf similarity index 100% rename from docker-compose/full-install/nginx/conf.d/fe_artf.conf rename to docker-compose/aio/nginx/conf.d/fe_artf.conf diff --git a/docker-compose/full-install/nginx/conf/nginx.conf b/docker-compose/aio/nginx/conf/nginx.conf similarity index 100% rename from docker-compose/full-install/nginx/conf/nginx.conf rename to docker-compose/aio/nginx/conf/nginx.conf diff --git a/docker-compose/full-install/pre-req-check.sh b/docker-compose/aio/pre-req-check.sh similarity index 100% rename from docker-compose/full-install/pre-req-check.sh rename to docker-compose/aio/pre-req-check.sh diff --git a/docker-compose/aio/prepare_env.sh b/docker-compose/aio/prepare_env.sh new file mode 100755 index 0000000000..d574267298 --- /dev/null +++ b/docker-compose/aio/prepare_env.sh @@ -0,0 +1,70 @@ +#!/bin/bash +# prepares env file with all the required env variables. +# + +# -- main line code starts here -- +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source ${SCRIPT_DIR}/sbin/util.sh +source ${SCRIPT_DIR}/sbin/install_vars.sh + +ENV_FILE=${SCRIPT_DIR}/conf/nc_properties.env +bkp_file=${ENV_FILE}-$(date +%s).bak +# Source existing nc_envs.env file to get current values +if [ -f ${ENV_FILE} ]; then + source ${ENV_FILE} + echo "backing up previous ${ENV_FILE} file to ${bkp_file}" + cp ${ENV_FILE} ${bkp_file} +fi + +function acceptProperty(){ + local varDetail="$1" + prompt=$(echo "$varDetail" | cut -d '|' -f1) + prop=$(echo "$varDetail" | cut -d '|' -f2) + key=$(echo "$prop" | cut -d'=' -f1) + default_value="${prop#*=}" + prev_value_or_default=${!key:-${default_value}} + + # echo prompt: ${prompt} + # echo prop: ${prop} + # echo key: ${key} + # echo default_value: ${default_value} + + read -p "Enter value for $key (default: ${prev_value_or_default}): " user_input + + # Use user input or default value if empty + value=${user_input:-$prev_value_or_default} + + # Store key-value pair in a variable + userValues="${userValues}${key}=${value}\n" +} +# Iterate over the properties array and prompt user for input +echo basic_properties : "${basic_properties[@]}" +for multi_property_array in basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties ; do + array_name="$multi_property_array[@]" # Name of the array to process + array=("${!array_name}") + # array=("${!multi_property_array}") + echo array : "${array[@]}" + for varDetail in "${array[@]}"; do + echo varDetail : ${varDetail} + prompt=$(echo "$varDetail" | cut -d '|' -f1) + prop=$(echo "$varDetail" | cut -d '|' -f2) + if [[ ${prompt} == "main" ]] + then + echo $prop + if asksure; then + continue + else + break + fi + fi + acceptProperty "${varDetail}" + done +done + +# Write key-value pairs to nc_envs.env file +echo -e "# Environment Variables\n$userValues" > ${ENV_FILE} + +echo "Environment variables written to ${ENV_FILE} file." + +# echo "creating data conf, data and log directories" +# mkdir -p ${INSTALL_ROOT}/conf ${INSTALL_ROOT}/data ${INSTALL_ROOT}/logs diff --git a/docker-compose/full-install/sbin/gen_letsencrypt_cert.sh b/docker-compose/aio/sbin/gen_letsencrypt_cert.sh similarity index 100% rename from docker-compose/full-install/sbin/gen_letsencrypt_cert.sh rename to docker-compose/aio/sbin/gen_letsencrypt_cert.sh diff --git a/docker-compose/aio/sbin/install_vars.sh b/docker-compose/aio/sbin/install_vars.sh new file mode 100644 index 0000000000..dc5aac5a0b --- /dev/null +++ b/docker-compose/aio/sbin/install_vars.sh @@ -0,0 +1,15 @@ +nocodb_install_version="1.0.0" # Replace with actual version +REQUIRED_PORTS=(80 443) +DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx" "certbot/certbot:latest" ) + +# Array of properties with default values +basic_properties=("main|basic configurations, customise ?" "Username for postgres database|POSTGRES_USER=postgres" "|POSTGRES_PASSWORD=test123" "|POSTGRES_DB=nocodb" "|NC_REDIS_URL=redis://redis:6379/4" '|NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?|NC_PUBLIC_URL=$(hostname)" "Disable connecting to external db?|NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false") +invite_only_signup_priorities=("main|Allow invite only sign-up" "invite only signup?|NC_INVITE_ONLY_SIGNUP=false" "|NC_ADMIN_EMAIL=false" "|NC_ADMIN_PASSWORD=false") +google_login_properties=("main|Configure google login" "Enter Client ID|NC_GOOGLE_CLIENT_ID=" "Enter Client ID|NC_GOOGLE_CLIENT_SECRET=") +email_properties=("main|Configure smtp properties" "|NC_SMTP_FROM=" "|NC_SMTP_HOST=" "|NC_SMTP_PORT=" "|NC_SMTP_USERNAME=" "|NC_SMTP_PASSWORD=" "|NC_SMTP_SECURE=" "|NC_SMTP_IGNORE_TLS=" ) +s3_attachment_properties=("main|Do you want to configure s3 for attachements?" "|NC_S3_BUCKET_NAME=nocodb-attachements" "|NC_S3_REGION=" "|NC_S3_ACCESS_KEY=" "|NC_S3_ACCESS_SECRET=" ) + +multi_property_array=(basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties) + + + diff --git a/docker-compose/full-install/sbin/renew_certs.sh b/docker-compose/aio/sbin/renew_certs.sh similarity index 100% rename from docker-compose/full-install/sbin/renew_certs.sh rename to docker-compose/aio/sbin/renew_certs.sh diff --git a/docker-compose/full-install/sbin/util.sh b/docker-compose/aio/sbin/util.sh similarity index 100% rename from docker-compose/full-install/sbin/util.sh rename to docker-compose/aio/sbin/util.sh diff --git a/docker-compose/full-install/security.md b/docker-compose/aio/security.md similarity index 100% rename from docker-compose/full-install/security.md rename to docker-compose/aio/security.md diff --git a/docker-compose/full-install/advanced.md b/docker-compose/full-install/advanced.md deleted file mode 100644 index f6cd5120dd..0000000000 --- a/docker-compose/full-install/advanced.md +++ /dev/null @@ -1,23 +0,0 @@ -# Advanced operations - - -## Restarting containers - -## Upgrade nocodb instance - -## Enable SSL -In order to enable SSL for incoming https requests, you will need to have certs which is -private-key public-key pair -### letsencrypt for generating certificates -### Bring your own certificates -### self signed certificates - -## Database pasword rotation - -## nginx configurations - -## Add Node - -## Minio integration for resources - -## Enable scheduled backups to run nightly on all your instances. \ No newline at end of file diff --git a/docker-compose/full-install/bin/nginx_reload.sh b/docker-compose/full-install/bin/nginx_reload.sh deleted file mode 100755 index 27d4d71c41..0000000000 --- a/docker-compose/full-install/bin/nginx_reload.sh +++ /dev/null @@ -1 +0,0 @@ -docker exec -it nginx /etc/init.d/nginx reload \ No newline at end of file diff --git a/docker-compose/full-install/prepare_env.sh b/docker-compose/full-install/prepare_env.sh deleted file mode 100755 index d725642b0c..0000000000 --- a/docker-compose/full-install/prepare_env.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# prepares env file with all the required env variables. -# - -# -- main line code starts here -- -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -source ${SCRIPT_DIR}/sbin/util.sh -source ${SCRIPT_DIR}/sbin/install_vars.sh - -ENV_FILE=${SCRIPT_DIR}/conf/nc_properties.env -bkp_file=${ENV_FILE}-$(date +%s).bak -# Source existing nc_envs.env file to get current values -if [ -f ${ENV_FILE} ]; then - source ${ENV_FILE} - echo "backing up previous ${ENV_FILE} file to ${bkp_file}" - cp ${ENV_FILE} ${bkp_file} -fi - -echo "Update or confirm the values to be set" -# Iterate over the properties array and prompt user for input -for prop in "${properties[@]}"; do - key=$(echo "$prop" | cut -d'=' -f1) - default_value="${prop#*=}" - prev_value_or_default=${!key:-${default_value}} - - read -p "Enter value for $key (default: ${prev_value_or_default}): " user_input - - # Use user input or default value if empty - value=${user_input:-$prev_value_or_default} - - # Store key-value pair in a variable - userValues="${userValues}${key}=${value}\n" -done - -# Write key-value pairs to nc_envs.env file -echo -e "# Environment Variables\n$userValues" > ${ENV_FILE} - -echo "Environment variables written to ${ENV_FILE} file." - -echo "creating data conf, data and log directories" -mkdir -p ${INSTALL_ROOT}/conf ${INSTALL_ROOT}/data ${INSTALL_ROOT}/logs diff --git a/docker-compose/full-install/sbin/install_vars.sh b/docker-compose/full-install/sbin/install_vars.sh deleted file mode 100644 index 17135fefb7..0000000000 --- a/docker-compose/full-install/sbin/install_vars.sh +++ /dev/null @@ -1,7 +0,0 @@ -nocodb_install_version="1.0.0" # Replace with actual version -REQUIRED_PORTS=(80 443) -DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx" "certbot/certbot:latest" ) - -# Array of properties with default values -properties=( "POSTGRES_USER=postgres" "POSTGRES_PASSWORD=test123" "POSTGRES_DB=nocodb" "NC_REDIS_URL=redis://redis:6379/4" 'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' ) -# "NC_INSTALL_ROOT=${SCRIPT_DIR}" "MINIO_ROOT_USER=minioadmin" "MINIO_ROOT_PASSWORD=minioadmin" \ No newline at end of file From 0722881485f1e35bfdd818547de9e8b4ddd46c2e Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Mon, 5 Feb 2024 10:45:33 +0530 Subject: [PATCH 05/10] message formatting and some minor refactoring --- docker-compose/aio/install.sh | 24 ++++-------------------- docker-compose/aio/pre-req-check.sh | 12 ++++++------ docker-compose/aio/prepare_env.sh | 23 +++++++++++++---------- docker-compose/aio/sbin/install_vars.sh | 6 +++--- docker-compose/aio/sbin/util.sh | 2 +- 5 files changed, 27 insertions(+), 40 deletions(-) diff --git a/docker-compose/aio/install.sh b/docker-compose/aio/install.sh index eb62002352..0e2019984d 100755 --- a/docker-compose/aio/install.sh +++ b/docker-compose/aio/install.sh @@ -11,34 +11,18 @@ # c. docker repo accessiblity quay.io/minio/minio:RELEASE.2023-12-09T18-17-51Z, redis:latest, postgres:14.7, nocodb/nocodb:latest, nginx # d. licence check (tbd) - -## utility functions -asksure() { -echo -n "Are you sure (Y/N)? " -while read -r -n 1 -s answer; do - if [[ $answer = [YyNn] ]]; then - [[ $answer = [Yy] ]] && retval=0 - [[ $answer = [Nn] ]] && retval=1 - break - fi -done - -echo # just a final linefeed, optics... - -return $retval -} - # -- main line code starts here SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - +## utility functions +source ${SCRIPT_DIR}/sbin/util.sh ${SCRIPT_DIR}/pre-req-check.sh PRE_REQ_SUCCESS=$? if [[ ${PRE_REQ_SUCCESS} != 0 ]] then - echo "Few pre-requisites are failing.\n Recommend to resolve and proceed.\n However you could still proceed to install" >&2 + echo "** Few pre-requisites are failing. Recommend to resolve and proceed. However you could still proceed to install **" >&2 else - echo "All pre-requistites are taken care of. Proceed to install.." + echo "** All pre-requistites are taken care of. Proceed to install.. **" fi if asksure; then diff --git a/docker-compose/aio/pre-req-check.sh b/docker-compose/aio/pre-req-check.sh index ba2cd45d98..529298dbe1 100755 --- a/docker-compose/aio/pre-req-check.sh +++ b/docker-compose/aio/pre-req-check.sh @@ -17,14 +17,14 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source ${SCRIPT_DIR}/sbin/util.sh source ${SCRIPT_DIR}/sbin/install_vars.sh echo "Performing nocodb system check and setup. This step may require sudo permissions to" -echo "Check if ports are accessible" +echo " | Check if ports are accessible" PRE_REQ=0 # d. Check if required tools are installed echo "Checking if required tools (docker, docker-compose, jq, lsof) are installed..." for tool in docker docker-compose lsof; do if ! command -v "$tool" &> /dev/null; then - echo "Error: $tool is not installed. Please install it before proceeding." + echo " | Error: $tool is not installed. Please install it before proceeding." exit 1 fi done @@ -36,13 +36,13 @@ done # echo "NocoDB version: $nocodb_install_version" # f. Port mapping check -echo "Checking port accessibility..." +echo " | Checking port accessibility..." for port in "${REQUIRED_PORTS[@]}"; do if lsof -Pi :$port -sTCP:LISTEN -t >/dev/null; then - echo "Port $port is in use. Please make sure it is free." >&2 + echo " | Port $port is in use. Please make sure it is free." >&2 PRE_REQ=1 else - echo "Port $port is free." + echo " | Port $port is free." fi done @@ -57,5 +57,5 @@ done # fi # done -echo "System check completed successfully." +echo "** System check completed successfully. **" exit $PRE_REQ \ No newline at end of file diff --git a/docker-compose/aio/prepare_env.sh b/docker-compose/aio/prepare_env.sh index d574267298..ffb8cc4a86 100755 --- a/docker-compose/aio/prepare_env.sh +++ b/docker-compose/aio/prepare_env.sh @@ -18,18 +18,21 @@ fi function acceptProperty(){ local varDetail="$1" + local promptUser="${2:-true}" prompt=$(echo "$varDetail" | cut -d '|' -f1) prop=$(echo "$varDetail" | cut -d '|' -f2) key=$(echo "$prop" | cut -d'=' -f1) default_value="${prop#*=}" prev_value_or_default=${!key:-${default_value}} - + # echo prompt: ${prompt} # echo prop: ${prop} # echo key: ${key} # echo default_value: ${default_value} - - read -p "Enter value for $key (default: ${prev_value_or_default}): " user_input + + if(${promptUser} == "true"); then + read -p " || Enter value for $key (default: ${prev_value_or_default}): " user_input + fi # Use user input or default value if empty value=${user_input:-$prev_value_or_default} @@ -38,26 +41,26 @@ function acceptProperty(){ userValues="${userValues}${key}=${value}\n" } # Iterate over the properties array and prompt user for input -echo basic_properties : "${basic_properties[@]}" for multi_property_array in basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties ; do array_name="$multi_property_array[@]" # Name of the array to process array=("${!array_name}") - # array=("${!multi_property_array}") - echo array : "${array[@]}" for varDetail in "${array[@]}"; do - echo varDetail : ${varDetail} - prompt=$(echo "$varDetail" | cut -d '|' -f1) + promptUser=true + promptMsg=$(echo "$varDetail" | cut -d '|' -f1) prop=$(echo "$varDetail" | cut -d '|' -f2) - if [[ ${prompt} == "main" ]] + if [[ ${promptMsg} == "main" ]] then echo $prop if asksure; then continue else + # set all defaults here + promptUser=false + # acceptProperty "${varDetail}" "${promptUser}" break fi fi - acceptProperty "${varDetail}" + acceptProperty "${varDetail}" "${promptUser}" done done diff --git a/docker-compose/aio/sbin/install_vars.sh b/docker-compose/aio/sbin/install_vars.sh index dc5aac5a0b..609722c3ed 100644 --- a/docker-compose/aio/sbin/install_vars.sh +++ b/docker-compose/aio/sbin/install_vars.sh @@ -3,9 +3,9 @@ REQUIRED_PORTS=(80 443) DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx" "certbot/certbot:latest" ) # Array of properties with default values -basic_properties=("main|basic configurations, customise ?" "Username for postgres database|POSTGRES_USER=postgres" "|POSTGRES_PASSWORD=test123" "|POSTGRES_DB=nocodb" "|NC_REDIS_URL=redis://redis:6379/4" '|NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?|NC_PUBLIC_URL=$(hostname)" "Disable connecting to external db?|NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false") -invite_only_signup_priorities=("main|Allow invite only sign-up" "invite only signup?|NC_INVITE_ONLY_SIGNUP=false" "|NC_ADMIN_EMAIL=false" "|NC_ADMIN_PASSWORD=false") -google_login_properties=("main|Configure google login" "Enter Client ID|NC_GOOGLE_CLIENT_ID=" "Enter Client ID|NC_GOOGLE_CLIENT_SECRET=") +basic_properties=("main|Basic Configurations" "Username for postgres database|POSTGRES_USER=postgres" "|POSTGRES_PASSWORD=test123" "|POSTGRES_DB=nocodb" "|NC_REDIS_URL=redis://redis:6379/4" '|NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?|NC_PUBLIC_URL=$(hostname)" "Disable connecting to external db?|NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false") +invite_only_signup_priorities=("main|Allow invite only sign-up" "invite only signup?|NC_INVITE_ONLY_SIGNUP=false" "|NC_ADMIN_EMAIL=admin@nocodb.com" "|NC_ADMIN_PASSWORD=nocodb123") +google_login_properties=("main|Configure Google Login" "Enter Client ID|NC_GOOGLE_CLIENT_ID=" "Enter Client ID|NC_GOOGLE_CLIENT_SECRET=") email_properties=("main|Configure smtp properties" "|NC_SMTP_FROM=" "|NC_SMTP_HOST=" "|NC_SMTP_PORT=" "|NC_SMTP_USERNAME=" "|NC_SMTP_PASSWORD=" "|NC_SMTP_SECURE=" "|NC_SMTP_IGNORE_TLS=" ) s3_attachment_properties=("main|Do you want to configure s3 for attachements?" "|NC_S3_BUCKET_NAME=nocodb-attachements" "|NC_S3_REGION=" "|NC_S3_ACCESS_KEY=" "|NC_S3_ACCESS_SECRET=" ) diff --git a/docker-compose/aio/sbin/util.sh b/docker-compose/aio/sbin/util.sh index 566817f1f7..c192043b2a 100644 --- a/docker-compose/aio/sbin/util.sh +++ b/docker-compose/aio/sbin/util.sh @@ -4,7 +4,7 @@ # asksure() { -echo -n "Are you sure (Y/N)? " +echo -n " | Press Y to continue or N to skip to next step (Y/N)? " while read -r -n 1 -s answer; do if [[ $answer = [YyNn] ]]; then [[ $answer = [Yy] ]] && retval=0 From ab5a89a21b8d7f1bf9b8b5533a2e0f2b1e768577 Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Wed, 7 Feb 2024 10:56:50 +0530 Subject: [PATCH 06/10] use all defaults action added --- docker-compose/aio/docker-compose.yml | 1 + docker-compose/aio/install.sh | 14 +++++--- docker-compose/aio/pre-req-check.sh | 7 ++-- docker-compose/aio/prepare_env.sh | 30 +++++++--------- docker-compose/aio/sbin/install_vars.sh | 46 ++++++++++++++++++++++--- docker-compose/aio/sbin/util.sh | 7 +++- 6 files changed, 73 insertions(+), 32 deletions(-) diff --git a/docker-compose/aio/docker-compose.yml b/docker-compose/aio/docker-compose.yml index f0b69d7e01..5ecbb7f203 100644 --- a/docker-compose/aio/docker-compose.yml +++ b/docker-compose/aio/docker-compose.yml @@ -98,6 +98,7 @@ services: cpus: '1' memory: 1000M certbot: + container_name: nocodb_certbot image: certbot/certbot:latest volumes: - ${NC_INSTALL_ROOT:-/opt/nocodb}/conf/nginx/certbot/www:/var/www/certbot/:rw diff --git a/docker-compose/aio/install.sh b/docker-compose/aio/install.sh index 0e2019984d..a1c566edab 100755 --- a/docker-compose/aio/install.sh +++ b/docker-compose/aio/install.sh @@ -22,16 +22,20 @@ if [[ ${PRE_REQ_SUCCESS} != 0 ]] then echo "** Few pre-requisites are failing. Recommend to resolve and proceed. However you could still proceed to install **" >&2 else - echo "** All pre-requistites are taken care of. Proceed to install.. **" + echo "** All pre-requistites are taken care of. Proceeding to install.. **" fi +# ask do you want to proceed with all defaults, +# if yes, then no prompts if asksure; then echo "Preparing environment file before install.." - ${SCRIPT_DIR}/prepare_env.sh + promptUser=true + if asksure " | Press Y to continue with defaults or N to customise app properties (Y/N)"; then + promptUser=false + fi + ${SCRIPT_DIR}/prepare_env.sh ${promptUser} echo "Installing docker containers" docker-compose -f ${SCRIPT_DIR}/docker-compose.yml up -d else echo "Exiting without install. You can install using docker-compose -f ${SCRIPT_DIR}/docker-compose.yml up -d " -fi - - +fi \ No newline at end of file diff --git a/docker-compose/aio/pre-req-check.sh b/docker-compose/aio/pre-req-check.sh index 529298dbe1..6f54865fda 100755 --- a/docker-compose/aio/pre-req-check.sh +++ b/docker-compose/aio/pre-req-check.sh @@ -16,12 +16,11 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source ${SCRIPT_DIR}/sbin/util.sh source ${SCRIPT_DIR}/sbin/install_vars.sh -echo "Performing nocodb system check and setup. This step may require sudo permissions to" -echo " | Check if ports are accessible" +echo "** Performing nocodb system check and setup. This step may require sudo permissions" PRE_REQ=0 # d. Check if required tools are installed -echo "Checking if required tools (docker, docker-compose, jq, lsof) are installed..." +echo " | Checking if required tools (docker, docker-compose, jq, lsof) are installed..." for tool in docker docker-compose lsof; do if ! command -v "$tool" &> /dev/null; then echo " | Error: $tool is not installed. Please install it before proceeding." @@ -39,7 +38,7 @@ done echo " | Checking port accessibility..." for port in "${REQUIRED_PORTS[@]}"; do if lsof -Pi :$port -sTCP:LISTEN -t >/dev/null; then - echo " | Port $port is in use. Please make sure it is free." >&2 + echo " | WARNING: Port $port is in use. Please make sure it is free." >&2 PRE_REQ=1 else echo " | Port $port is free." diff --git a/docker-compose/aio/prepare_env.sh b/docker-compose/aio/prepare_env.sh index ffb8cc4a86..357270bfa2 100755 --- a/docker-compose/aio/prepare_env.sh +++ b/docker-compose/aio/prepare_env.sh @@ -19,18 +19,17 @@ fi function acceptProperty(){ local varDetail="$1" local promptUser="${2:-true}" - prompt=$(echo "$varDetail" | cut -d '|' -f1) - prop=$(echo "$varDetail" | cut -d '|' -f2) + prompt=$(echo "$varDetail" | cut -d '|' -f2) + prop=$(echo "$varDetail" | cut -d '|' -f1) key=$(echo "$prop" | cut -d'=' -f1) default_value="${prop#*=}" prev_value_or_default=${!key:-${default_value}} - # echo prompt: ${prompt} + echo promptUser: ${promptUser} # echo prop: ${prop} # echo key: ${key} # echo default_value: ${default_value} - - if(${promptUser} == "true"); then + if [[ ${promptUser} == "true" ]]; then read -p " || Enter value for $key (default: ${prev_value_or_default}): " user_input fi @@ -44,21 +43,18 @@ function acceptProperty(){ for multi_property_array in basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties ; do array_name="$multi_property_array[@]" # Name of the array to process array=("${!array_name}") - for varDetail in "${array[@]}"; do - promptUser=true - promptMsg=$(echo "$varDetail" | cut -d '|' -f1) - prop=$(echo "$varDetail" | cut -d '|' -f2) - if [[ ${promptMsg} == "main" ]] + promptUser="${1}" + for varDetail in "${array[@]}"; do + promptMsg=$(echo "$varDetail" | cut -d '|' -f2) + prop=$(echo "$varDetail" | cut -d '|' -f1) + if [[ ${promptUser} == "true" ]] && [[ ${prop} == "main" ]] then - echo $prop - if asksure; then - continue - else + echo $promptMsg + if ! asksure; then # set all defaults here - promptUser=false - # acceptProperty "${varDetail}" "${promptUser}" - break + promptUser=false fi + continue fi acceptProperty "${varDetail}" "${promptUser}" done diff --git a/docker-compose/aio/sbin/install_vars.sh b/docker-compose/aio/sbin/install_vars.sh index 609722c3ed..5fd059729f 100644 --- a/docker-compose/aio/sbin/install_vars.sh +++ b/docker-compose/aio/sbin/install_vars.sh @@ -3,11 +3,47 @@ REQUIRED_PORTS=(80 443) DOCKER_IMAGES=("redis:latest" "postgres:14.7" "nocodb/nocodb:latest" "nginx" "certbot/certbot:latest" ) # Array of properties with default values -basic_properties=("main|Basic Configurations" "Username for postgres database|POSTGRES_USER=postgres" "|POSTGRES_PASSWORD=test123" "|POSTGRES_DB=nocodb" "|NC_REDIS_URL=redis://redis:6379/4" '|NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres' "Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?|NC_PUBLIC_URL=$(hostname)" "Disable connecting to external db?|NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false") -invite_only_signup_priorities=("main|Allow invite only sign-up" "invite only signup?|NC_INVITE_ONLY_SIGNUP=false" "|NC_ADMIN_EMAIL=admin@nocodb.com" "|NC_ADMIN_PASSWORD=nocodb123") -google_login_properties=("main|Configure Google Login" "Enter Client ID|NC_GOOGLE_CLIENT_ID=" "Enter Client ID|NC_GOOGLE_CLIENT_SECRET=") -email_properties=("main|Configure smtp properties" "|NC_SMTP_FROM=" "|NC_SMTP_HOST=" "|NC_SMTP_PORT=" "|NC_SMTP_USERNAME=" "|NC_SMTP_PASSWORD=" "|NC_SMTP_SECURE=" "|NC_SMTP_IGNORE_TLS=" ) -s3_attachment_properties=("main|Do you want to configure s3 for attachements?" "|NC_S3_BUCKET_NAME=nocodb-attachements" "|NC_S3_REGION=" "|NC_S3_ACCESS_KEY=" "|NC_S3_ACCESS_SECRET=" ) +basic_properties=( +"main|Basic Configurations" +"POSTGRES_USER=postgres | Username for postgres database" +"POSTGRES_PASSWORD=test123 | " +"POSTGRES_DB=nocodb | " +"NC_REDIS_URL=redis://redis:6379/4 | default to redis container" +'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres | hide' +"NC_PUBLIC_URL=$(hostname) | Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?" +"NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false | Disable connecting to external db?" +) + +invite_only_signup_priorities=( +"main|Allow invite only sign-up" +"NC_INVITE_ONLY_SIGNUP=false | invite only signup?" +"NC_ADMIN_EMAIL=admin@nocodb.com | " +"NC_ADMIN_PASSWORD=nocodb123 | " +) + +google_login_properties=( +"main|Configure Google Login" +"NC_GOOGLE_CLIENT_ID= | Enter Client ID" +"NC_GOOGLE_CLIENT_SECRET= | Enter Client ID") + +email_properties=( +"main|Configure smtp properties" +"NC_SMTP_FROM= |" +"NC_SMTP_HOST= |" +"NC_SMTP_PORT= |" +"NC_SMTP_USERNAME= |" +"NC_SMTP_PASSWORD= |" +"NC_SMTP_SECURE= |" +"NC_SMTP_IGNORE_TLS= |" +) + +s3_attachment_properties=( +"main|Do you want to configure s3 for attachements?" +"NC_S3_BUCKET_NAME=nocodb-attachements |" +"NC_S3_REGION= |" +"NC_S3_ACCESS_KEY= | " +"NC_S3_ACCESS_SECRET= |" +) multi_property_array=(basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties) diff --git a/docker-compose/aio/sbin/util.sh b/docker-compose/aio/sbin/util.sh index c192043b2a..b65d4696c5 100644 --- a/docker-compose/aio/sbin/util.sh +++ b/docker-compose/aio/sbin/util.sh @@ -4,7 +4,12 @@ # asksure() { -echo -n " | Press Y to continue or N to skip to next step (Y/N)? " +local custom_msg="${@}" +if [[ ${custom_msg} ]]; then + echo -n "${custom_msg}" +else + echo -n " | Press Y to continue or N to skip (Y/N)? " +fi while read -r -n 1 -s answer; do if [[ $answer = [YyNn] ]]; then [[ $answer = [Yy] ]] && retval=0 From 70f69869f5626498c52347c6239e8ec3bad29922 Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 9 Feb 2024 11:39:15 +0530 Subject: [PATCH 07/10] skip empty variable values which can cause server startup fail --- docker-compose/aio/.gitignore | 6 ++-- docker-compose/aio/README.md | 36 +++++++++++++++-------- docker-compose/aio/advanced.md | 10 ++----- docker-compose/aio/bin/restart.sh | 7 +++++ docker-compose/aio/bin/start.sh | 7 +++++ docker-compose/aio/conf/nc_properties.env | 11 +++---- docker-compose/aio/prepare_env.sh | 17 ++++++++--- docker-compose/aio/sbin/install_vars.sh | 2 +- docker-compose/aio/security.md | 1 - 9 files changed, 61 insertions(+), 36 deletions(-) create mode 100644 docker-compose/aio/bin/restart.sh create mode 100644 docker-compose/aio/bin/start.sh delete mode 100644 docker-compose/aio/security.md diff --git a/docker-compose/aio/.gitignore b/docker-compose/aio/.gitignore index ba66d36ff4..da79846d85 100644 --- a/docker-compose/aio/.gitignore +++ b/docker-compose/aio/.gitignore @@ -1,3 +1,3 @@ -conf -data -logs \ No newline at end of file +conf/ +data/ +logs/ \ No newline at end of file diff --git a/docker-compose/aio/README.md b/docker-compose/aio/README.md index 192308cf2f..f6d153501c 100644 --- a/docker-compose/aio/README.md +++ b/docker-compose/aio/README.md @@ -1,6 +1,10 @@ # Install full stack nocodb with Docker (compose) -This page provides instructions to install nocodb full stack using Docker. The installation will run multiple contianers in single node. +This page provides instructions to install nocodb all-in-one (aio) using Docker-Compse. The installation will run multiple contianers in single node which includes +- nocodb +- postgres +- nginx +- redis ## Prerequisites Before you begin, ensure you have the following prerequisites: @@ -9,24 +13,37 @@ Before you begin, ensure you have the following prerequisites: - Docker-Compose (version 2.17.3 or later) - Ports 80 and 443 are available -TIP: you could simply run ./pre-req-check.sh from this directory which will check. +TIP: you could simply run [./pre-req-check.sh](./pre-req-check.sh) which performs pre-requisite check. ## Install -Run install.sh, This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`. +Run [install.sh](./install.sh), This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`. Note: For most cases where any external integration is not required. The defaults properties are just fine. ``` ./install.sh ``` * At this point, your installation is completed and you should be able to access your nocodb instance * - ### An example output will be like below. ``` +./install.sh +** Performing nocodb system check and setup. This step may require sudo permissions + | Checking if required tools (docker, docker-compose, jq, lsof) are installed... + | Checking port accessibility... + | Port 80 is free. + | WARNING: Port 443 is in use. Please make sure it is free. +** System check completed successfully. ** +** Few pre-requisites are failing. Recommend to resolve and proceed. However you could still proceed to install ** + | Press Y to continue or N to skip (Y/N)? +Preparing environment file before install.. + | Press Y to continue with defaults or N to customise app properties (Y/N) +backing up previous docker-compose/aio/conf/nc_properties.env file to nocodb/docker-compose/aio/conf/nc_properties.env-1707455571.bak +Environment variables written to docker-compose/aio/conf/nc_properties.env file. +Installing docker containers ``` - ## Data and Conf directories -This directory acts as the NC_INSTALL_ROOT by default and it will have data, conf directories which are `.gitingore` to avoid accidentlly exposing to git. +This directory acts as the NC_INSTALL_ROOT by default and it will have data, conf directories which are `.gitingore` to avoid accidentlly exposing to git repository. +During installation the default properties are configured at [nc_properties.env](./conf/nc_properties.env) which can be updated if required and restarted ``` . @@ -47,10 +64,3 @@ install script performs the following steps 1. pre-req-check.sh and warns if there is anything missing which could potentially cause issues at later stage. However it will let you proceed if you wish to. 2. create application properties file under conf dir which will then be used for future upgrades etc. 3. runs docker-compose up -d - -## - - - - - diff --git a/docker-compose/aio/advanced.md b/docker-compose/aio/advanced.md index 3c6bbb93ed..d4f4c6f621 100644 --- a/docker-compose/aio/advanced.md +++ b/docker-compose/aio/advanced.md @@ -3,7 +3,7 @@ ## Restarting containers There are atleast 4 main containers which are running as part of this installation through same docker-compose. The same docker-compose can be leveraged to restart any or all of these containers. -Use below command to restart all containers\ +Use [restart.sh](./bin/restart.sh) or Use below command to restart all containers ``` docker compose restart ``` To restart individual containers with name ( names: nocodb, nginx, postgres, redis)\ @@ -38,9 +38,5 @@ There are two main directories where nginx configurations are maintained - nocodb team managed configurations at [nginx/conf.d](./conf/nginx/conf.d). - self managed (you) [conf/nginx/conf.d](./conf/nginx/conf.d) - -## Add Node - -## Minio integration for resources - -## Enable scheduled backups to run nightly on all your instances. \ No newline at end of file +## postgres configurations +[postgres.conf](./data/postgres/postgresql.conf) and [pg_hba.conf](./data/postgres/pg_hba.conf) are created under ./data/postgres directory upon first postgres container creation. The configurations can be updated and restarted continer to take affect. \ No newline at end of file diff --git a/docker-compose/aio/bin/restart.sh b/docker-compose/aio/bin/restart.sh new file mode 100644 index 0000000000..0b461b3ab2 --- /dev/null +++ b/docker-compose/aio/bin/restart.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# docker-compse restart all containers utilty script +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +COMPONENT_DIR=${SCRIPT_DIR}/../ +cd ${COMPONENT_DIR} +docker-compose restart \ No newline at end of file diff --git a/docker-compose/aio/bin/start.sh b/docker-compose/aio/bin/start.sh new file mode 100644 index 0000000000..83d279850e --- /dev/null +++ b/docker-compose/aio/bin/start.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# docker-compse restart all containers utilty script +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +COMPONENT_DIR=${SCRIPT_DIR}/../ +cd ${COMPONENT_DIR} +docker-compose up -d \ No newline at end of file diff --git a/docker-compose/aio/conf/nc_properties.env b/docker-compose/aio/conf/nc_properties.env index 848cb06df3..9a4755099b 100644 --- a/docker-compose/aio/conf/nc_properties.env +++ b/docker-compose/aio/conf/nc_properties.env @@ -4,13 +4,10 @@ POSTGRES_PASSWORD=test123 POSTGRES_DB=nocodb NC_REDIS_URL=redis://redis:6379/4 NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres -NC_PUBLIC_URL=rajanishs-MacBook-Pro.local +NC_PUBLIC_URL=http://rajanishs-MacBook-Pro.local NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false NC_INVITE_ONLY_SIGNUP=false -NC_ADMIN_EMAIL=false -NC_ADMIN_PASSWORD=false -NC_S3_BUCKET_NAME=asdf -NC_S3_REGION=asd -NC_S3_ACCESS_KEY=sda -NC_S3_ACCESS_SECRET=adsfa +NC_ADMIN_EMAIL=admin@nocodb.com +NC_ADMIN_PASSWORD=nocodb123 +NC_S3_BUCKET_NAME=nocodb-attachements diff --git a/docker-compose/aio/prepare_env.sh b/docker-compose/aio/prepare_env.sh index 357270bfa2..fb56443636 100755 --- a/docker-compose/aio/prepare_env.sh +++ b/docker-compose/aio/prepare_env.sh @@ -16,6 +16,11 @@ if [ -f ${ENV_FILE} ]; then cp ${ENV_FILE} ${bkp_file} fi +function trim(){ + local var="${@}" + echo "$(sed -e 's/[[:space:]]*$//' <<<${var})" +} + function acceptProperty(){ local varDetail="$1" local promptUser="${2:-true}" @@ -25,7 +30,7 @@ function acceptProperty(){ default_value="${prop#*=}" prev_value_or_default=${!key:-${default_value}} - echo promptUser: ${promptUser} + # echo promptUser: ${promptUser} # echo prop: ${prop} # echo key: ${key} # echo default_value: ${default_value} @@ -34,10 +39,12 @@ function acceptProperty(){ fi # Use user input or default value if empty - value=${user_input:-$prev_value_or_default} + value=$(trim ${user_input:-$prev_value_or_default}) # Store key-value pair in a variable - userValues="${userValues}${key}=${value}\n" + if [[ ${value} != "" ]]; then + userValues="${userValues}${key}=${value}\n" + fi } # Iterate over the properties array and prompt user for input for multi_property_array in basic_properties invite_only_signup_priorities google_login_properties email_properties s3_attachment_properties ; do @@ -56,7 +63,9 @@ for multi_property_array in basic_properties invite_only_signup_priorities googl fi continue fi - acceptProperty "${varDetail}" "${promptUser}" + if [[ ${prop} != "main" ]]; then + acceptProperty "${varDetail}" "${promptUser}" + fi done done diff --git a/docker-compose/aio/sbin/install_vars.sh b/docker-compose/aio/sbin/install_vars.sh index 5fd059729f..6bee14cb28 100644 --- a/docker-compose/aio/sbin/install_vars.sh +++ b/docker-compose/aio/sbin/install_vars.sh @@ -10,7 +10,7 @@ basic_properties=( "POSTGRES_DB=nocodb | " "NC_REDIS_URL=redis://redis:6379/4 | default to redis container" 'NC_DB=pg://postgres:5432?u=postgres&password=${POSTGRES_PASSWORD:-nocodb}&d=postgres | hide' -"NC_PUBLIC_URL=$(hostname) | Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?" +"NC_PUBLIC_URL=http://$(hostname) | Are you using custom DNS, configure NC_PUBLIC_URL to reflect in the invite emails?" "NC_CONNECT_TO_EXTERNAL_DB_DISABLED=false | Disable connecting to external db?" ) diff --git a/docker-compose/aio/security.md b/docker-compose/aio/security.md deleted file mode 100644 index 2afe829dfb..0000000000 --- a/docker-compose/aio/security.md +++ /dev/null @@ -1 +0,0 @@ -Security \ No newline at end of file From fa47cb66c58eab288da89096d29d28ec41acaf0f Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 9 Feb 2024 11:52:59 +0530 Subject: [PATCH 08/10] update readme instructions --- docker-compose/aio/README.md | 13 ++++++++----- docker-compose/aio/advanced.md | 6 +++--- docker-compose/aio/prepare_env.sh | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/docker-compose/aio/README.md b/docker-compose/aio/README.md index f6d153501c..36574e2760 100644 --- a/docker-compose/aio/README.md +++ b/docker-compose/aio/README.md @@ -1,4 +1,4 @@ -# Install full stack nocodb with Docker (compose) +# Install all-in-one nocodb with Docker (compose) This page provides instructions to install nocodb all-in-one (aio) using Docker-Compse. The installation will run multiple contianers in single node which includes - nocodb @@ -17,7 +17,7 @@ TIP: you could simply run [./pre-req-check.sh](./pre-req-check.sh) which perform ## Install Run [install.sh](./install.sh), This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`. -Note: For most cases where any external integration is not required. The defaults properties are just fine. +Note: For most cases where no external integration required. The defaults properties are just fine. ``` ./install.sh ``` @@ -36,7 +36,7 @@ Note: For most cases where any external integration is not required. The default | Press Y to continue or N to skip (Y/N)? Preparing environment file before install.. | Press Y to continue with defaults or N to customise app properties (Y/N) -backing up previous docker-compose/aio/conf/nc_properties.env file to nocodb/docker-compose/aio/conf/nc_properties.env-1707455571.bak +Backing up previous docker-compose/aio/conf/nc_properties.env file to nocodb/docker-compose/aio/conf/nc_properties.env-1707455571.bak Environment variables written to docker-compose/aio/conf/nc_properties.env file. Installing docker containers ``` @@ -59,8 +59,11 @@ During installation the default properties are configured at [nc_properties.env] ``` -## Read below, if you wish to understand what does install.sh do -install script performs the following steps +## what does install.sh do +[Install script](./install.sh) performs the following steps 1. pre-req-check.sh and warns if there is anything missing which could potentially cause issues at later stage. However it will let you proceed if you wish to. 2. create application properties file under conf dir which will then be used for future upgrades etc. 3. runs docker-compose up -d + +## Advanced Operations +Refer [advanced secion](./advanced.md) for advanced operations like setting up ssl, updating configurations, restarts etc diff --git a/docker-compose/aio/advanced.md b/docker-compose/aio/advanced.md index d4f4c6f621..0241bc7b02 100644 --- a/docker-compose/aio/advanced.md +++ b/docker-compose/aio/advanced.md @@ -21,10 +21,10 @@ Below are different approaches to get and configure certificates. Make your choi ### letsencrypt for generating certificates Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [https://www.abetterinternet.org/donate/](donate) for their service. -### Bring your own certificates +### [TBD] Bring your own certificates If you already have the certificates, either self signed or generated by any other means, you will need to configure them with nginx. Below are the steps -TBD -### self signed certificates + +### [TBD] Self signed certificates One of the pre-requisite is that your server should be associated with the domain name. In the absence of that you could use self signed certificates which does ecrypt but browsers show warning. ## Database password rotation diff --git a/docker-compose/aio/prepare_env.sh b/docker-compose/aio/prepare_env.sh index fb56443636..4a9d32faac 100755 --- a/docker-compose/aio/prepare_env.sh +++ b/docker-compose/aio/prepare_env.sh @@ -12,7 +12,7 @@ bkp_file=${ENV_FILE}-$(date +%s).bak # Source existing nc_envs.env file to get current values if [ -f ${ENV_FILE} ]; then source ${ENV_FILE} - echo "backing up previous ${ENV_FILE} file to ${bkp_file}" + echo "Backing up previous ${ENV_FILE} file to ${bkp_file}" cp ${ENV_FILE} ${bkp_file} fi From 0506c84f0a4ee40ebd263938be75c5eed6f0aa90 Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 9 Feb 2024 12:56:40 +0530 Subject: [PATCH 09/10] cert generation fix --- docker-compose/aio/README.md | 6 +++-- docker-compose/aio/advanced.md | 6 ++--- .../aio/{sbin => bin}/gen_letsencrypt_cert.sh | 17 +++++++++----- .../aio/{sbin => bin}/renew_certs.sh | 0 docker-compose/aio/bin/restart.sh | 2 +- docker-compose/aio/bin/start.sh | 2 +- .../ssl_server_name_conf.template | 22 ++++++------------- docker-compose/aio/pre-req-check.sh | 2 +- docker-compose/aio/sbin/ubuntu-setup.sh | 18 +++++++++++++++ 9 files changed, 47 insertions(+), 28 deletions(-) rename docker-compose/aio/{sbin => bin}/gen_letsencrypt_cert.sh (61%) mode change 100755 => 100644 rename docker-compose/aio/{sbin => bin}/renew_certs.sh (100%) mode change 100644 => 100755 docker-compose/aio/bin/restart.sh mode change 100644 => 100755 docker-compose/aio/bin/start.sh create mode 100755 docker-compose/aio/sbin/ubuntu-setup.sh diff --git a/docker-compose/aio/README.md b/docker-compose/aio/README.md index 36574e2760..2acb92511b 100644 --- a/docker-compose/aio/README.md +++ b/docker-compose/aio/README.md @@ -17,10 +17,12 @@ TIP: you could simply run [./pre-req-check.sh](./pre-req-check.sh) which perform ## Install Run [install.sh](./install.sh), This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`. -Note: For most cases where no external integration required. The defaults properties are just fine. +For most cases where no external integration required. The defaults properties are just fine. ``` -./install.sh +sudo ./install.sh ``` +Note: sudo is required for docker to run unless you have configured docker user to be part of sudoers. If sudo is not used then you will get error `('Connection aborted.', PermissionError(13, 'Permission denied'))` + * At this point, your installation is completed and you should be able to access your nocodb instance * ### An example output will be like below. diff --git a/docker-compose/aio/advanced.md b/docker-compose/aio/advanced.md index 0241bc7b02..5a2eda912d 100644 --- a/docker-compose/aio/advanced.md +++ b/docker-compose/aio/advanced.md @@ -10,16 +10,16 @@ To restart individual containers with name ( names: nocodb, nginx, postgres, re ex: to restart nginx\ ``` docker compose restart nginx ``` -## reload nginx +## Reload nginx use utility script at [./bin/nginx_reload.sh](./bin/nginx_reload.sh) -## Upgrade nocodb instance +## [TBD] Upgrade nocodb instance ## Enable SSL To enable SSL for incoming https requests, nginx should be configured with combination of a public certificate and a private key. The SSL private key is kept secret on the server. It will be used to encrypt content sent to clients. Below are different approaches to get and configure certificates. Make your choice ### letsencrypt for generating certificates -Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [https://www.abetterinternet.org/donate/](donate) for their service. +Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [donating](https://www.abetterinternet.org/donate/) for their service. ### [TBD] Bring your own certificates If you already have the certificates, either self signed or generated by any other means, you will need to configure them with nginx. Below are the steps diff --git a/docker-compose/aio/sbin/gen_letsencrypt_cert.sh b/docker-compose/aio/bin/gen_letsencrypt_cert.sh old mode 100755 new mode 100644 similarity index 61% rename from docker-compose/aio/sbin/gen_letsencrypt_cert.sh rename to docker-compose/aio/bin/gen_letsencrypt_cert.sh index 5959cd8cac..852a1e58df --- a/docker-compose/aio/sbin/gen_letsencrypt_cert.sh +++ b/docker-compose/aio/bin/gen_letsencrypt_cert.sh @@ -23,10 +23,17 @@ cd ${SCRIPT_DIR}/../bin echo "Triggering certbot to create ssl configs: ${SERVER_NAME}" cd ${SCRIPT_DIR}/.. -docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d ${SERVER_NAME} +docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d ${SERVER_NAME} +result=$? - -echo "Now reload nginx with new ssl configs for your site : ${SERVER_NAME}" -cd ${SCRIPT_DIR}/../conf/nginx/conf.d -sed "s,,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/ssl_server_name_conf.template > ${SERVER_NAME}.conf +if [[ $result == 1 ]]; then + echo "cert generation failed" + echo "rolling back the certs and reloading nginx" +else + echo "Now reload nginx with new ssl configs for your site : ${SERVER_NAME}" + cd ${SCRIPT_DIR}/../conf/nginx/conf.d + rm -f certbot.conf + sed "s,,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/ssl_server_name_conf.template > ${SERVER_NAME}.conf +fi +rm -rf ${SCRIPT_DIR}/../conf/nginx/conf.d/certbot.conf ${SCRIPT_DIR}/../bin/nginx_reload.sh diff --git a/docker-compose/aio/sbin/renew_certs.sh b/docker-compose/aio/bin/renew_certs.sh similarity index 100% rename from docker-compose/aio/sbin/renew_certs.sh rename to docker-compose/aio/bin/renew_certs.sh diff --git a/docker-compose/aio/bin/restart.sh b/docker-compose/aio/bin/restart.sh old mode 100644 new mode 100755 index 0b461b3ab2..4ed2710112 --- a/docker-compose/aio/bin/restart.sh +++ b/docker-compose/aio/bin/restart.sh @@ -1,5 +1,5 @@ #!/bin/bash -# docker-compse restart all containers utilty script +# docker-compose restart all containers utilty script SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) COMPONENT_DIR=${SCRIPT_DIR}/../ diff --git a/docker-compose/aio/bin/start.sh b/docker-compose/aio/bin/start.sh old mode 100644 new mode 100755 index 83d279850e..2c6c5f6251 --- a/docker-compose/aio/bin/start.sh +++ b/docker-compose/aio/bin/start.sh @@ -1,5 +1,5 @@ #!/bin/bash -# docker-compse restart all containers utilty script +# docker-compose start SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) COMPONENT_DIR=${SCRIPT_DIR}/../ diff --git a/docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template b/docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template index 9caa19d950..b6a3eafcbd 100644 --- a/docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template +++ b/docker-compose/aio/nginx/conf-templates/ssl_server_name_conf.template @@ -1,6 +1,4 @@ server { - listen 80; - listen [::]:80 ; listen 443 default_server ssl; listen [::]:443 ssl ; # chantge server_name while generating cert @@ -14,22 +12,16 @@ server { ssl_certificate /etc/nginx/ssl/live//fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live//privkey.pem; - #access_log /var/log/nginx/host.access.log main; location / { - include /etc/nginx/mime.types; - root /opt/nocohub/nginx/data//; - index index.html index.htm; - auth_basic "Restricted Access"; - auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd; - } - - location /proxy { - proxy_pass http://nocohub-001:8080; + proxy_pass http://nocodb_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - - auth_basic "Restricted Access"; - auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_intercept_errors on; } # deny access to .htaccess files, if Apache's document root diff --git a/docker-compose/aio/pre-req-check.sh b/docker-compose/aio/pre-req-check.sh index 6f54865fda..b19a22d119 100755 --- a/docker-compose/aio/pre-req-check.sh +++ b/docker-compose/aio/pre-req-check.sh @@ -24,7 +24,7 @@ echo " | Checking if required tools (docker, docker-compose, jq, lsof) are insta for tool in docker docker-compose lsof; do if ! command -v "$tool" &> /dev/null; then echo " | Error: $tool is not installed. Please install it before proceeding." - exit 1 + PRE_REQ=1 fi done diff --git a/docker-compose/aio/sbin/ubuntu-setup.sh b/docker-compose/aio/sbin/ubuntu-setup.sh new file mode 100755 index 0000000000..8c29ba4066 --- /dev/null +++ b/docker-compose/aio/sbin/ubuntu-setup.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +echo "install docker and compose" +sudo apt update +sudo install -m 0755 -d /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +sudo chmod a+r /etc/apt/keyrings/docker.gpg + + +sudo apt update +sudo apt install apt-transport-https ca-certificates curl software-properties-common -y +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +apt-cache policy docker-ce +sudo apt install docker-ce -y +sudo apt install docker-compose -y +apt-get install jq -y \ No newline at end of file From fc19ab5dc0a7cb3520db855146d4021749f77f70 Mon Sep 17 00:00:00 2001 From: starbirdtech383 Date: Fri, 9 Feb 2024 13:14:24 +0530 Subject: [PATCH 10/10] fix typo and cert gen script --- docker-compose/aio/README.md | 2 +- docker-compose/aio/advanced.md | 7 ++++++- docker-compose/aio/bin/gen_letsencrypt_cert.sh | 0 3 files changed, 7 insertions(+), 2 deletions(-) mode change 100644 => 100755 docker-compose/aio/bin/gen_letsencrypt_cert.sh diff --git a/docker-compose/aio/README.md b/docker-compose/aio/README.md index 2acb92511b..54792da5a0 100644 --- a/docker-compose/aio/README.md +++ b/docker-compose/aio/README.md @@ -68,4 +68,4 @@ During installation the default properties are configured at [nc_properties.env] 3. runs docker-compose up -d ## Advanced Operations -Refer [advanced secion](./advanced.md) for advanced operations like setting up ssl, updating configurations, restarts etc +Refer [advanced section](./advanced.md) for advanced operations like setting up ssl, updating configurations, restarts etc diff --git a/docker-compose/aio/advanced.md b/docker-compose/aio/advanced.md index 5a2eda912d..36e9b310b6 100644 --- a/docker-compose/aio/advanced.md +++ b/docker-compose/aio/advanced.md @@ -19,7 +19,12 @@ use utility script at [./bin/nginx_reload.sh](./bin/nginx_reload.sh) To enable SSL for incoming https requests, nginx should be configured with combination of a public certificate and a private key. The SSL private key is kept secret on the server. It will be used to encrypt content sent to clients. Below are different approaches to get and configure certificates. Make your choice ### letsencrypt for generating certificates -Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [donating](https://www.abetterinternet.org/donate/) for their service. +Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [donating](https://www.abetterinternet.org/donate/) for their work. + +Run the script to create certificate using the script +``` +./bin/gen_letsencrypt_cert.sh +``` ### [TBD] Bring your own certificates If you already have the certificates, either self signed or generated by any other means, you will need to configure them with nginx. Below are the steps diff --git a/docker-compose/aio/bin/gen_letsencrypt_cert.sh b/docker-compose/aio/bin/gen_letsencrypt_cert.sh old mode 100644 new mode 100755