From a7f319a727d44362e6a08a42f685067b47702455 Mon Sep 17 00:00:00 2001 From: Cassie Tarakajian Date: Mon, 25 Jun 2018 18:18:40 -0700 Subject: [PATCH] add authentication to mongo, properly, not tested to see if it works with server --- docker-compose.yml | 54 ++++++++++++++++++++------------------ mongo/Dockerfile | 13 --------- mongo/docker-entrypoint.sh | 42 ----------------------------- mongo/init.sh | 1 + 4 files changed, 29 insertions(+), 81 deletions(-) delete mode 100644 mongo/Dockerfile delete mode 100644 mongo/docker-entrypoint.sh create mode 100644 mongo/init.sh diff --git a/docker-compose.yml b/docker-compose.yml index 971789ec..8108d373 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,38 +1,40 @@ version: '3.4' services: mongo: - build: ./mongo + image: mongo:3.4 volumes: - dbdata:/data/db + - "$PWD/mongo/:/docker-entrypoint-initdb.d/" expose: - "27017" + ports: + - '27017:27017' # restart: always env_file: - .env - # nginx: - # build: ./nginx - # ports: - # - '80:80' - # app: - # build: - # context: . - # dockerfile: Dockerfile - # target: production - # env_file: - # - .env - # environment: - # - MONGO_URL=mongodb://mongo:27017/p5js-web-editor - # - MONGO_HOSTNAME=mongo - # # - API_URL=https://localhost/api - # # - PORT=80 - # volumes: - # - .:/opt/node/app - # - /opt/node/app/node_modules - # ports: - # - '8000:8000' - # # - '443:443' - # # - '80:80' - # depends_on: - # - mongo + nginx: + build: ./nginx + ports: + - '80:80' + app: + build: + context: . + dockerfile: Dockerfile + target: production + env_file: + - .env + environment: + - MONGO_URL=mongodb://mongo:27017/p5js-web-editor + - MONGO_HOSTNAME=mongo + # - API_URL=https://localhost/api + # - PORT=80 + volumes: + - .:/opt/node/app + - /opt/node/app/node_modules + ports: + - '8000:8000' + # - '443:443' + depends_on: + - mongo volumes: dbdata: diff --git a/mongo/Dockerfile b/mongo/Dockerfile deleted file mode 100644 index ca519793..00000000 --- a/mongo/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -# Use an official mongo runtime as a parent image -FROM mongo:3.4 - -# Expose the mongo port -EXPOSE 27017 - -# Copy the mongod.conf file to env -# COPY mongod.conf /env/ - -# Copy the entrypoint file as well -COPY ./docker-entrypoint.sh . - -CMD ["/bin/bash", "docker-entrypoint.sh"] \ No newline at end of file diff --git a/mongo/docker-entrypoint.sh b/mongo/docker-entrypoint.sh deleted file mode 100644 index 179b5c2f..00000000 --- a/mongo/docker-entrypoint.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -set -euo pipefail - -function waitForMongo { - port=$1 - n=0 - until [ $n -ge 20 ] - do - mongo admin --quiet --port $port --eval "db" && break - n=$[$n+1] - sleep 2 - done -} - -if ! [[ -a /data/db/mydb-initialized ]]; then - mongod & MONGO_PID=$! - waitForMongo 27017 - mongo admin --port 27017 --eval "db.system.version.insert({ '_id' : 'authSchema', 'currentVersion' : 3 })" - mongod --shutdown - - mongod & MONGO_PID=$! - waitForMongo 27017 - mongo admin --port 27017 --eval "db.createUser({ user: '${MONGO_INITDB_ROOT_USERNAME}', pwd: '${MONGO_INITDB_ROOT_PASSWORD}', roles: [ 'root' ]})" - mongo admin -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --port 27017 --eval "db.createUser({ user: '${MONGO_RW_USERNAME}', pwd: '${MONGO_RW_PASSWORD}', roles: [ {role: 'readWrite', db: 'isf-website'}, {role: 'readWrite', db: 'sessions'} ]})" - mongod --shutdown - - mongod -f /env/mongod.conf --auth & MONGO_PID=$! - waitForMongo 27017 - mongo admin -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --port 27017 --eval "db.runCommand({ replSetInitiate: '{}' })" - mongo admin -u ${MONGO_INITDB_ROOT_USERNAME} -p ${MONGO_INITDB_ROOT_PASSWORD} --port 27017 --eval "db.setSlaveOk()" - mongod --shutdown - - touch /data/db/mydb-initialized -fi - -mongod -f /env/mongod.conf --auth & MONGO_PID=$! - -waitForMongo 27017 - -trap 'echo "KILLING"; kill $MONGO_PID; wait $MONGO_PID' SIGINT SIGTERM EXIT - -wait $MONGO_PID \ No newline at end of file diff --git a/mongo/init.sh b/mongo/init.sh new file mode 100644 index 00000000..76248c51 --- /dev/null +++ b/mongo/init.sh @@ -0,0 +1 @@ +mongo $MONGO_INITDB_DATABASE --eval "db.createUser({ user: '$MONGO_RW_USERNAME', pwd: '$MONGO_RW_PASSWORD', roles: [ 'readWrite' ] })" \ No newline at end of file