Nai

dev/Dockerfile

@@ -9,6 +9,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y postgres
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y virtualenv make sudo gcc
 
 RUN ln -s /data/dev/apache-local.conf /etc/apache2/sites-enabled/
+RUN a2enmod ssl
 #RUN a2enmod rewrite
 
 

dev/apache-deploy.conf

@@ -1,61 +1,30 @@
 <VirtualHost *:80>
-	ServerAdmin admin@wr.informatik.uni-hamburg.de
+	ServerAdmin admin@hps.vi4io.org
-	ServerName oer.wr.informatik.uni-hamburg.de
+	#ServerName oer.hps.vi4io.org
 
-	Redirect permanent / https://oer.wr.informatik.uni-hamburg.de/
+	#/etc/apache2/apache2.conf => LogLevel info
 
-	<Directory />
+	WSGIScriptAlias / "/data/src/main/wsgi.py"
-		Options SymLinksIfOwnerMatch
+	WSGIDaemonProcess hoou python-home=/data/run/virtualenv python-path=/data/src/  home=/data/src/ inactivity-timeout=10 request-timeout=10
-		AllowOverride None
+	WSGIProcessGroup hoou
-		Require all denied
+	WSGIApplicationGroup %{GLOBAL}
+
+	DocumentRoot /data/src/
+	Alias /static/ "/data/run/static/"
+
+	<Directory "/data/run/static/">
+		Require all granted
+	</Directory>
+
+	<Directory "/data/src/main/">
+		 Require all granted
 	</Directory>
 
 	ErrorLog ${APACHE_LOG_DIR}/error.log
 	LogLevel warn
 	CustomLog ${APACHE_LOG_DIR}/access.log combined
-</VirtualHost>
-
-
-<IfModule mod_ssl.c>
-<VirtualHost *:443>
-	ServerAdmin admin@wr.informatik.uni-hamburg.de
-	ServerName oer.wr.informatik.uni-hamburg.de
-
-	#RewriteEngine  on
-	#RewriteRule    "^/$"  "http://cluster.wr.informatik.uni-hamburg.de:8000/" [R,L]
-	#RewriteRule    "^/(.+)$"  "http://cluster.wr.informatik.uni-hamburg.de:8000/$1" [R,L]
-
-	WSGIScriptAlias / "/home/hoou/git/HOOU/django-platform/main/wsgi.py"
-	WSGIDaemonProcess hoou python-home=/home/hoou/git/HOOU/virtualenv python-path=/home/hoou/git/HOOU/django-platform/  home=/home/hoou/git/HOOU/django-platform/ inactivity-timeout=10 request-timeout=10
-	WSGIProcessGroup hoou
-	WSGIApplicationGroup %{GLOBAL}
-
-	DocumentRoot /home/hoou/git/HOOU/django-platform/
-	Alias /static/ "/home/hoou/git/HOOU/django-platform/apache/static/"
-
-	<Directory "/home/hoou/git/HOOU/django-platform/apache/static/">
-		Require all granted
-	</Directory>
-
-	<Directory "/home/hoou/git/HOOU/django-platform/main/">
-		 Require all granted
-	</Directory>
-
-	ErrorLog ${APACHE_LOG_DIR}/error-oer.log
-	LogLevel warn
-	CustomLog ${APACHE_LOG_DIR}/oer-access.log combined
 
 	SSLEngine on
-	SSLCertificateFile    /etc/letsencrypt/live/oer.wr.informatik.uni-hamburg.de/fullchain.pem
+	SSLCertificateFile    /data/ssl/fullchain1.pem
-	SSLCertificateKeyFile /etc/letsencrypt/live/oer.wr.informatik.uni-hamburg.de/privkey.pem
+	SSLCertificateKeyFile /data/ssl/privkey1.pem
-	
-
-	Alias "/.well-known/acme-challenge/" "/var/www/certbot/.well-known/acme-challenge/"
-
-	<Directory /var/www/certbot>
-		Options SymLinksIfOwnerMatch
-		AllowOverride None
-		Require all granted
-	</Directory>
 </VirtualHost>
-</IfModule>

dev/run-container.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
 
 # Priviledged mode for running docker inside docker.
-docker run -p 127.0.0.1:8888:80 -h hps -it --rm --privileged -v $PWD/../:/data/ kunkel/oer # -d
+docker run -p 8080:80 -h hps -d --rm --privileged -v $PWD/../:/data/ -v /etc/letsencrypt/archive/oer.hps.vi4io.org/:/data/ssl kunkel/oer # -d
+
+# local mode:
+# docker run -p 127.0.0.1:8080:80 -h hps -it --rm --privileged -v $PWD/../:/data/ kunkel/oer # -d

dev/run-internal.sh

@@ -3,7 +3,12 @@
 #sed -i "s/APACHE_RUN_USER=www-data/APACHE_RUN_USER=www-user/" /etc/apache2/envvars
 sed -i "s#data_directory = '.*'#data_directory = '/data/run/postgres'#" /etc/postgresql/10/main/postgresql.conf
 
-/etc/init.d/postgresql restart
+# for deploy mode with SSL:
+if [[ -e /data/ssl/fullchain1.pem ]] ; then
+  a2enmod ssl || true
+  rm /etc/apache2/sites-enabled/apache-local.conf
+  ln -s /data/dev/apache-deploy.conf /etc/apache2/sites-enabled/
+fi
 
 /etc/init.d/apache2 start
 tail -f /var/log/apache2/error.log &
@@ -11,8 +16,16 @@ tail -f /var/log/apache2/error.log &
 export OER_SRC_DIR=/data/oer
 export PLATFORM_PATH=/data/src
 
+/etc/init.d/docker start
+
 V="/data/run/virtualenv"
 if [[ ! -e $V ]] ; then
+  mkdir -p /data/run/postgres
+  chown postgres /data/run/postgres
+  rm -rf /var/lib/postgresql/10/main/
+
+  sudo -u postgres /usr/lib/postgresql/10/bin/initdb -D /data/run/postgres
+  /etc/init.d/postgresql restart
   sudo -u postgres psql -c "CREATE USER hoou WITH PASSWORD 'hoohoohoo123';"
   sudo -u postgres psql -c "CREATE DATABASE hoou;"
   sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE hoou to hoou;"
@@ -25,13 +38,25 @@ if [[ ! -e $V ]] ; then
   source $V/bin/activate
   pip3 install -U -r  /data/dev/requirements.txt
   pip3 install --ignore-installed python-social-auth
+
+  cd /data/src
+  sed -i "s/'generated_exercises',/#'generated_exercises',/" main/settings.py
   python3 ./manage.py migrate
+  sed -i "s/#'generated_exercises',/'generated_exercises',/" main/settings.py
+  echo yes | python3 ./manage.py collectstatic
+  mkdir /data/run/jobs/
+  chown www-data /data/run/jobs/
 
   # prepare docker image for worker
   docker build -t kunkel/oer-worker /data/dev/worker
+else
+  /etc/init.d/postgresql restart
+  source $V/bin/activate
 fi
-source $V/bin/activate
 
-/etc/init.d/docker start
+
+/data/scripts/update-courses.sh
+
+# hardening...
 
 /bin/bash

src/rest/views.py

@@ -63,7 +63,7 @@ def local_execute_result(id):
     with open(dir + "job.json") as json_data:
         d = json.load(json_data)
     # cleanup of outdated directories
-    #shutil.rmtree(dir)
+    shutil.rmtree(dir) # remove files directories
 
     return {"status" : 'SUCCESS', "result": d["response"]}
   else: