IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add optional TLS support to the docker container.

Browse Source
This commit is contained in:
Dave Page 2017-10-12 10:12:55 +01:00
parent a8a2947da6
commit 845b296aed
6 changed files with 134 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/docker/Dockerfile
View File

@ -19,20 +19,28 @@ COPY web /var/www/pgadmin
COPY requirements.txt /var/www/pgadmin COPY requirements.txt /var/www/pgadmin
# Install everything we need. Use easy_install to get pip, to avoid setting up EPEL # Install everything we need. Use easy_install to get pip, to avoid setting up EPEL
RUN yum install -y python-setuptools python-devel httpd mod_wsgi gcc RUN yum install -y python-setuptools python-devel httpd mod_wsgi mod_ssl gcc
RUN easy_install pip RUN easy_install pip
RUN pip install j2cli
# Now install the Python runtime dependencies # Now install the Python runtime dependencies
RUN pip install -r /var/www/pgadmin/requirements.txt RUN pip install -r /var/www/pgadmin/requirements.txt
# Create required directories for config
# Create required directories for running # Create required directories for running
RUN mkdir -p /var/log/pgadmin RUN mkdir -p /var/log/pgadmin
RUN chown -R apache /var/log/pgadmin RUN chown -R apache /var/log/pgadmin
RUN mkdir -p /var/lib/pgadmin RUN mkdir -p /var/lib/pgadmin
RUN chown -R apache /var/lib/pgadmin RUN chown -R apache /var/lib/pgadmin
RUN mkdir -p /certs
RUN chown -R apache /certs
RUN chmod 700 /certs
# Apache config time # Apache config time
COPY pgadmin4.conf /etc/httpd/conf.d/ RUN mkdir -p /templates
COPY pgadmin4.conf.j2 /templates/
COPY entry.sh / COPY entry.sh /
# Finally, remove packages we only needed for building # Finally, remove packages we only needed for building
@ -41,6 +49,8 @@ RUN yum -y remove gcc cpp glibc-devel glibc-headers kernel-headers libgomp libmp
# Default config options # Default config options
ENV PGADMIN_DEFAULT_EMAIL container@pgadmin.org ENV PGADMIN_DEFAULT_EMAIL container@pgadmin.org
ENV PGADMIN_DEFAULT_PASSWORD Conta1ner ENV PGADMIN_DEFAULT_PASSWORD Conta1ner
ENV PGADMIN_ENABLE_TLS False
ENV PGADMIN_SERVER_NAME pgadmin4
EXPOSE 80 443 EXPOSE 80 443

76
pkg/docker/README Normal file
View File

@ -0,0 +1,76 @@
This directory contains the files required to create a docker container running pgAdmin.
Building
========
Whilst you can just use the Dockerfile directly, it requires that various pre-configuration steps are performed, for
example, the pgAdmin web code must be copied to ./web and yarn install/yarn run bundle must be executed.
requirements.txt is also expected to be in this directory, and the pre-built docs must be in web/docs.
The recommended (and easy) way to build the container is to do:
cd $PGADMIN_SRC/
workon pgadmin-venv
make docker
This will call the build script $PGADMIN_SRC/pkg/docker/build.sh which will prepare a staging directory containing all
the required files, then build the container and push it to your repo.
Running
=======
The container will accept the following variables at startup:
PGADMIN_DEFAULT_EMAIL
---------------------
Default: container@pgadmin.org)
This is the email address used when setting up the initial administrator account to login to pgAdmin.
PGADMIN_DEFAULT_PASSWORD
------------------------
Default: Conta1ner
This is the password used when setting up the initial administrator account to login to pgAdmin.
PGADMIN_ENABLE_TLS
------------------
Default: Conta1ner
If set to the default, False, the container will listen on port 80 for connections in plain text. If set to True, the
container will listen on port 443 for TLS connections.
When TLS is enabled, a certificate and key must be provided. Typically these should be stored on the host file system
and mounted from the container. The expected paths are /certs/server.crt and /certs/server.key
PGADMIN_SERVER_NAME
-------------------
Default: pgadmin4
This variable allows you to specify the value used for the Apache HTTPD ServerName directive. This is commonly used to
ensure the CN of the TLS certificate matches what the server expects.
Examples
========
Run a simple container over port 80:
docker run -p 80:80 \
-e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
-e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
-d pgadmin4
Run a TLS secured container:
docker run -p 443:443 \
-v "/path/to/certificate.cert:/certs/server.cert" \
-v "/path/to/certificate.key:/certs/server.key" \
-e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \
-e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \
-e "PGADMIN_ENABLE_TLS=True" \
-e "PGADMIN_SERVER_NAME=pgadmin.domain.com" \
-d pgadmin4

2
pkg/docker/build.sh
View File

@ -88,7 +88,7 @@ echo "}" >> docker-build/web/config_distro.py
# Copy the Docker specific assets into place # Copy the Docker specific assets into place
cp pkg/docker/Dockerfile docker-build/ cp pkg/docker/Dockerfile docker-build/
cp pkg/docker/entry.sh docker-build/ cp pkg/docker/entry.sh docker-build/
cp pkg/docker/pgadmin4.conf docker-build/ cp pkg/docker/pgadmin4.conf.j2 docker-build/
cp requirements.txt docker-build/ cp requirements.txt docker-build/
# Build the container # Build the container

2
pkg/docker/entry.sh
View File

@ -12,4 +12,6 @@
export PGADMIN_SETUP_EMAIL=${PGADMIN_DEFAULT_EMAIL} export PGADMIN_SETUP_EMAIL=${PGADMIN_DEFAULT_EMAIL}
export PGADMIN_SETUP_PASSWORD=${PGADMIN_DEFAULT_PASSWORD} export PGADMIN_SETUP_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
j2 /templates/pgadmin4.conf.j2 > /etc/httpd/conf.d/pgadmin4.conf
/usr/sbin/httpd -D FOREGROUND /usr/sbin/httpd -D FOREGROUND

22
pkg/docker/pgadmin4.conf
View File

@ -1,22 +0,0 @@
########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2017, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
#########################################################################
ServerName pgadmin4
<VirtualHost *>
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
<Directory /var/www/pgadmin>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>

43
pkg/docker/pgadmin4.conf.j2 Normal file
View File

@ -0,0 +1,43 @@
########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2017, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
#########################################################################
ServerName {{ PGADMIN_SERVER_NAME }}
{% if PGADMIN_ENABLE_TLS|default('False') == 'True' %}
LoadModule ssl_module modules/mod_ssl.so
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite HIGH:!aNULL:!MD5
SSLCertificateFile "/certs/server.cert"
SSLCertificateKeyFile "/certs/server.key"
ServerName pgadmin4
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
<Directory /var/www/pgadmin>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
{% else %}
<VirtualHost *:80>
WSGIDaemonProcess pgadmin processes=1 threads=25
WSGIScriptAlias / /var/www/pgadmin/pgAdmin4.wsgi
<Directory /var/www/pgadmin>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
{% endif %}