experimental, and the goal is for running tests, not deployment (for now)

some TODO's still: - make the jschan dockerfile not just COPY everything, make it have better stages and caching - maybe run gulp in the CMD instead of in the build only? - bring all the jschan files into another volume - custom nginx container (self-signed ssl, geoip database) - passwords for db/redis. should be easy with the official dockers, just a few env vars not an exhaustive list
2 years ago · cce0bc661d
parent 4c1a38c960
commit cce0bc661d
6 changed files with 150 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,37 @@
+version: "3.5"
+services:
+
+  redis:
+    image: redis:alpine
+
+  mongodb:
+    image: mongo:latest
+
+  nginx:
+    image: nginx:stable
+    volumes:
+      - ./docker/nginx.conf:/etc/nginx/conf.d/jschan.conf
+      - ./configs/nginx/snippets/:/etc/nginx/snippets/
+      - ./docker/jschan_clearnet_routes.conf/:/etc/nginx/snippets/jschan_clearnet_routes.conf
+    ports:
+      - "8080:81"
+    depends_on:
+      - jschan
+
+  jschan:
+    build:
+      context: .
+      dockerfile: ./docker/jschan-Dockerfile
+      network: jschan_default
+    volumes:
+      - ./docker/secrets.js:/opt/configs/secrets.js
+    environment:
+      - NODE_ENV=development
+      - JSCHAN_IP=0.0.0.0
+    depends_on: 
+      - redis
+      - mongodb
+
+networks:
+  default:
+    name: jschan_default
--- a/docker/jschan-Dockerfile
+++ b/docker/jschan-Dockerfile
@ -0,0 +1,16 @@
+FROM node:16
+
+WORKDIR /opt
+ENV NODE_ENV development
+
+COPY . /opt/
+COPY ./docker/secrets.js /opt/configs/secrets.js
+
+RUN npm install
+RUN npm run-script setup
+RUN gulp reset
+RUN gulp
+
+EXPOSE 7000
+
+CMD [ "pm2-runtime", "start", "ecosystem.config.js" ]
--- a/docker/jschan_clearnet_routes.conf
+++ b/docker/jschan_clearnet_routes.conf
@ -0,0 +1,40 @@
+location / {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+
+	proxy_set_header Host $host;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection 'upgrade';
+	proxy_cache_bypass $http_upgrade;
+
+	proxy_set_header X-Forwarded-Proto https;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'XX';
+}
+
+location @backend {
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-Proto https;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'XX';
+	proxy_set_header Connection '';
+	proxy_set_header Host $host;
+}
+
+location @backend-private {
+	include /etc/nginx/snippets/security_headers_nocache.conf;
+	proxy_buffering off;
+	proxy_pass http://chan$request_uri;
+	proxy_http_version 1.1;
+	proxy_set_header X-Forwarded-Proto https;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Country-Code 'XX';
+	proxy_set_header Connection '';
+	proxy_set_header Host $host;
+}
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@ -0,0 +1,16 @@
+upstream chan {
+	server jschan:7000;
+}
+
+server {
+	server_name _;
+	client_max_body_size 0;
+
+	listen 81;
+	listen [::]:81;
+
+	include /etc/nginx/snippets/security_headers.conf;
+	include /etc/nginx/snippets/error_pages.conf;
+	include /etc/nginx/snippets/jschan_clearnet_routes.conf;
+	include /etc/nginx/snippets/jschan_common_routes.conf;
+}
--- a/docker/secrets.js
+++ b/docker/secrets.js
@ -0,0 +1,40 @@
+module.exports = {
+
+	//mongodb connection string
+	dbURL: 'mongodb://mongodb:27017',
+
+	//database name
+	dbName: 'jschan',
+
+	//redis connection info
+	redis: {
+		host: 'redis',
+		port: '6379',
+		password: ''
+	},
+
+	//backend webserver port
+	port: 7000,
+
+	//secrets/salts for various things
+	cookieSecret: 'changeme',
+	tripcodeSecret: 'changeme',
+	ipHashSecret: 'changeme',
+	postPasswordSecret: 'changeme',
+
+	//keys for google recaptcha
+	google: {
+		siteKey: 'changeme',
+		secretKey: 'changeme'
+	},
+
+	//keys for hcaptcha
+	hcaptcha: {
+		siteKey: '10000000-ffff-ffff-ffff-000000000001',
+		secretKey: '0x0000000000000000000000000000000000000000'
+	},
+
+	//enable debug logging
+	debugLogs: true,
+
+};
--- a/server.js
+++ b/server.js
@ -153,7 +153,7 @@ const config = require(__dirname+'/config.js')
 	})

 	//listen
-	server.listen(port, '127.0.0.1', () => {
+	server.listen(port, (process.env.JSCHAN_IP || '127.0.0.1'), () => {
 		new CachePugTemplates({ app, views }).start();
 		debugLogs && console.log(`LISTENING ON :${port}`);
 		//let PM2 know that this is ready for graceful reloads and to serialise startup