mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2025-02-25 18:55:31 -06:00
Add optional TLS support to the docker container.
This commit is contained in:
Dave Page
parent
a8a2947da6
commit
845b296aed
@ -19,20 +19,28 @@ COPY web /var/www/pgadmin
|
||||
COPY requirements.txt /var/www/pgadmin
|
||||
|
||||
# Install everything we need. Use easy_install to get pip, to avoid setting up EPEL
|
||||
RUN yum install -y python-setuptools python-devel httpd mod_wsgi gcc
|
||||
RUN yum install -y python-setuptools python-devel httpd mod_wsgi mod_ssl gcc
|
||||
RUN easy_install pip
|
||||
RUN pip install j2cli
|
||||
|
||||
# Now install the Python runtime dependencies
|
||||
RUN pip install -r /var/www/pgadmin/requirements.txt
|
||||
|
||||
# Create required directories for config
|
||||
|
||||
|
||||
# Create required directories for running
|
||||
RUN mkdir -p /var/log/pgadmin
|
||||
RUN chown -R apache /var/log/pgadmin
|
||||
RUN mkdir -p /var/lib/pgadmin
|
||||
RUN chown -R apache /var/lib/pgadmin
|
||||
RUN mkdir -p /certs
|
||||
RUN chown -R apache /certs
|
||||
RUN chmod 700 /certs
|
||||
|
||||
# Apache config time
|
||||
COPY pgadmin4.conf /etc/httpd/conf.d/
|
||||
RUN mkdir -p /templates
|
||||
COPY pgadmin4.conf.j2 /templates/
|
||||
COPY entry.sh /
|
||||
|
||||
# Finally, remove packages we only needed for building
|
||||
@ -41,6 +49,8 @@ RUN yum -y remove gcc cpp glibc-devel glibc-headers kernel-headers libgomp libmp
|
||||
# Default config options
|
||||
ENV PGADMIN_DEFAULT_EMAIL container@pgadmin.org
|
||||
ENV PGADMIN_DEFAULT_PASSWORD Conta1ner
|
||||
ENV PGADMIN_ENABLE_TLS False
|
||||
ENV PGADMIN_SERVER_NAME pgadmin4
|
||||
|
||||
EXPOSE 80 443
|
||||
|
||||
|
||||
76
pkg/docker/README
Normal file
76
pkg/docker/README
Normal file
@ -0,0 +1,76 @@
|
||||
This directory contains the files required to create a docker container running pgAdmin.
|
||||
|
||||
Building
|
||||
========
|
||||
|
||||
Whilst you can just use the Dockerfile directly, it requires that various pre-configuration steps are performed, for
|
||||
example, the pgAdmin web code must be copied to ./web and yarn install/yarn run bundle must be executed.
|
||||
requirements.txt is also expected to be in this directory, and the pre-built docs must be in web/docs.
|
||||
|
||||
The recommended (and easy) way to build the container is to do:
|
||||
|
||||
cd $PGADMIN_SRC/
|
||||
workon pgadmin-venv
|
||||
make docker
|
||||
|
||||
This will call the build script $PGADMIN_SRC/pkg/docker/build.sh which will prepare a staging directory containing all
|
||||
the required files, then build the container and push it to your repo.
|
||||
|
||||
Running
|
||||
=======
|
||||
|
||||
The container will accept the following variables at startup:
|
||||
|
||||
PGADMIN_DEFAULT_EMAIL
|
||||
---------------------
|
||||
|
||||
Default: container@pgadmin.org)
|
||||
|
||||
This is the email address used when setting up the initial administrator account to login to pgAdmin.
|
||||
|
||||
PGADMIN_DEFAULT_PASSWORD
|
||||
------------------------
|
||||
|
||||
Default: Conta1ner
|
||||
|
||||
This is the password used when setting up the initial administrator account to login to pgAdmin.
|
||||
|
||||
PGADMIN_ENABLE_TLS
|
||||
------------------
|
||||
|
||||
Default: Conta1ner
|
||||
|
||||
If set to the default, False, the container will listen on port 80 for connections in plain text. If set to True, the
|
||||
container will listen on port 443 for TLS connections.
|
||||
|
||||
When TLS is enabled, a certificate and key must be provided. Typically these should be stored on the host file system
|
||||
and mounted from the container. The expected paths are /certs/server.crt and /certs/server.key
|
||||
|
||||
PGADMIN_SERVER_NAME
|
||||
-------------------
|
||||
|
||||
Default: pgadmin4
|
||||
|
||||
This variable allows you to specify the value used for the Apache HTTPD ServerName directive. This is commonly used to
|
||||
ensure the CN of the TLS certificate matches what the server expects.
|
||||
|
||||
Examples
|
||||
========
|
||||
|
||||
Run a simple container over port 80:
|
||||
|
||||
docker run -p 80:80 \
|
||||
-e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
|
||||
-e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
|
||||
-d pgadmin4
|
||||
|
||||
Run a TLS secured container:
|
||||
|
||||
docker run -p 443:443 \
|
||||
-v "/path/to/certificate.cert:/certs/server.cert" \
|
||||
-v "/path/to/certificate.key:/certs/server.key" \
|
||||
-e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
|
||||
-e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
|
||||
-e "PGADMIN_ENABLE_TLS=True" \
|
||||
-e "PGADMIN_SERVER_NAME=pgadmin.domain.com" \
|
||||
-d pgadmin4
|
||||
@ -88,7 +88,7 @@ echo "}" >> docker-build/web/config_distro.py
|
||||
# Copy the Docker specific assets into place
|
||||
cp pkg/docker/Dockerfile docker-build/
|
||||
cp pkg/docker/entry.sh docker-build/
|
||||
cp pkg/docker/pgadmin4.conf docker-build/
|
||||
cp pkg/docker/pgadmin4.conf.j2 docker-build/
|
||||
cp requirements.txt docker-build/
|
||||
|
||||
# Build the container
|
||||
|
||||
@ -12,4 +12,6 @@
|
||||
export PGADMIN_SETUP_EMAIL=${PGADMIN_DEFAULT_EMAIL}
|
||||
export PGADMIN_SETUP_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
|
||||
|
||||
j2 /templates/pgadmin4.conf.j2 > /etc/httpd/conf.d/pgadmin4.conf
|
||||
|
||||
/usr/sbin/httpd -D FOREGROUND
|
||||
@ -1,22 +0,0 @@
|
||||
########################################################################
|
||||
#
|
||||
# pgAdmin 4 - PostgreSQL Tools
|
||||
#
|
||||
# Copyright (C) 2013 - 2017, The pgAdmin Development Team
|
||||
# This software is released under the PostgreSQL Licence
|
||||
#
|
||||
#########################################################################
|
||||
|
||||
ServerName pgadmin4
|
||||
|
||||
<VirtualHost *>
|
||||
WSGIDaemonProcess pgadmin processes=1 threads=25
|
||||
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
|
||||
|
||||
<Directory /var/www/pgadmin>
|
||||
WSGIProcessGroup pgadmin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
43
pkg/docker/pgadmin4.conf.j2
Normal file
43
pkg/docker/pgadmin4.conf.j2
Normal file
@ -0,0 +1,43 @@
|
||||
########################################################################
|
||||
#
|
||||
# pgAdmin 4 - PostgreSQL Tools
|
||||
#
|
||||
# Copyright (C) 2013 - 2017, The pgAdmin Development Team
|
||||
# This software is released under the PostgreSQL Licence
|
||||
#
|
||||
#########################################################################
|
||||
|
||||
ServerName {{ PGADMIN_SERVER_NAME }}
|
||||
{% if PGADMIN_ENABLE_TLS|default('False') == 'True' %}
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLCipherSuite HIGH:!aNULL:!MD5
|
||||
SSLCertificateFile "/certs/server.cert"
|
||||
SSLCertificateKeyFile "/certs/server.key"
|
||||
|
||||
ServerName pgadmin4
|
||||
WSGIDaemonProcess pgadmin processes=1 threads=25
|
||||
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
|
||||
|
||||
<Directory /var/www/pgadmin>
|
||||
WSGIProcessGroup pgadmin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
{% else %}
|
||||
<VirtualHost *:80>
|
||||
WSGIDaemonProcess pgadmin processes=1 threads=25
|
||||
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
|
||||
|
||||
<Directory /var/www/pgadmin>
|
||||
WSGIProcessGroup pgadmin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
{% endif %}
|
||||
Loading…
Reference in New Issue
Block a user