From 40bff9250dd7a83399b2fd67d0409ba4e11e8b86 Mon Sep 17 00:00:00 2001
From: Jacob Q Wimer <jwimer@cas.org>
Date: Wed, 30 Sep 2015 08:37:24 -0400
Subject: [PATCH] Created Dockerfile and configs for production

---
 README.rdoc                  |  4 ++-
 rails-apache-config.conf     | 10 ++++++
 rails-apache-ssl-config.conf | 21 ++++++++++++
 rails-prod-Dockerfile        | 63 ++++++++++++++++++++++++++++++++++++
 rails-prod.sh                |  9 ++++++
 5 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 rails-apache-config.conf
 create mode 100644 rails-apache-ssl-config.conf
 create mode 100644 rails-prod-Dockerfile
 create mode 100755 rails-prod.sh

diff --git a/README.rdoc b/README.rdoc
index c97e22a..dbf2dc0 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -22,10 +22,12 @@ Development details:
 
 Docker instructions:
 
-* Building and run the image: <tt>bash rails-dev.sh wrestlingapp</tt> This will mount your local directory to /rails inside the container and will open port 3000 to port 3000 on your local machine.
+* Building and running the image: <tt>bash rails-dev.sh wrestlingapp</tt> This will mount your local directory to /rails inside the container and will open port 3000 to port 3000 on your local machine.
 
 * After running the above script, you'll be presented a shell. You'll need to run <tt>bash rails-dev-db.sh</tt> to set up the development db's. After those are set up, you can run <tt>rake test</tt> to run the tests or <tt>rails s -b 0.0.0.0</tt> to run a development server. You can also run any other rails commands from here.
 
+* Production docker image: Run <tt>bash rails-prod.sh wrestlingapp</tt>. This will create a self-signed ssl certificate and set up wrestlingapp on passenger/apache. The container will run with port 80 and port 443 open and will have a restart policy of always.
+
 What the app does now:
 
 * Allows tournaments to be set up by someone logged in
diff --git a/rails-apache-config.conf b/rails-apache-config.conf
new file mode 100644
index 0000000..ed66cf3
--- /dev/null
+++ b/rails-apache-config.conf
@@ -0,0 +1,10 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/public
+    RailsEnv production
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directory "/var/www/">
+        Options FollowSymLinks
+        Require all granted
+    </Directory>
+</VirtualHost>
\ No newline at end of file
diff --git a/rails-apache-ssl-config.conf b/rails-apache-ssl-config.conf
new file mode 100644
index 0000000..b1ead4e
--- /dev/null
+++ b/rails-apache-ssl-config.conf
@@ -0,0 +1,21 @@
+<IfModule mod_ssl.c>
+    <VirtualHost _default_:443>
+        DocumentRoot /var/www/public
+        RailsEnv production
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+        SSLEngine on
+        SSLCertificateFile /etc/apache2/ssl/apache.crt
+        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
+        <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                        SSLOptions +StdEnvVars
+        </FilesMatch>
+        <Directory /usr/lib/cgi-bin>
+                        SSLOptions +StdEnvVars
+        </Directory>
+        BrowserMatch "MSIE [2-6]" \
+                        nokeepalive ssl-unclean-shutdown \
+                        downgrade-1.0 force-response-1.0
+        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+    </VirtualHost>
+</IfModule>
\ No newline at end of file
diff --git a/rails-prod-Dockerfile b/rails-prod-Dockerfile
new file mode 100644
index 0000000..34a9564
--- /dev/null
+++ b/rails-prod-Dockerfile
@@ -0,0 +1,63 @@
+FROM ruby:2.2.3
+
+
+RUN apt-get update
+RUN apt-get -y upgrade
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential libssl-dev libyaml-dev libreadline-dev openssl curl git-core zlib1g-dev bison libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev sqlite3 wget apache2 apt-transport-https nodejs mysql-client
+
+#Passenger
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7
+RUN echo deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main >> /etc/apt/sources.list.d/passenger.list
+RUN chown root: /etc/apt/sources.list.d/passenger.list
+RUN chmod 600 /etc/apt/sources.list.d/passenger.list
+RUN apt-get update
+RUN apt-get install -y libapache2-mod-passenger
+
+# Enable apache mods.
+RUN a2enmod rewrite
+RUN a2enmod proxy
+RUN a2enmod proxy_http
+RUN a2enmod passenger
+RUN a2enmod ssl
+
+#SSL
+RUN mkdir /etc/apache2/ssl
+RUN openssl req -sha256 -subj '/CN=home/O=home LTD./C=US' -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
+
+
+# Manually set up the apache environment variables
+ENV APACHE_RUN_USER www-data
+ENV APACHE_RUN_GROUP www-data
+ENV APACHE_LOG_DIR /var/log/apache2
+ENV APACHE_LOCK_DIR /var/lock/apache2
+ENV APACHE_PID_FILE /var/run/apache2.pid
+
+EXPOSE 80
+EXPOSE 443
+
+
+#Cache gems so they don't install on every code change
+WORKDIR /tmp
+COPY Gemfile Gemfile
+COPY Gemfile.lock Gemfile.lock
+RUN bundle install --without test
+
+
+# Copy site into place.
+RUN rm -rf /var/www
+
+WORKDIR /var/www/
+ADD . /var/www/
+RUN RAILS_ENV=production bundle exec rake db:migrate
+RUN RAILS_ENV=production bundle exec rake assets:precompile
+
+
+# Update the default apache site with the config we created.
+RUN rm /etc/apache2/sites-enabled/000-default.conf
+ADD ./rails-apache-ssl-config.conf /etc/apache2/sites-available/default-ssl.conf
+ADD ./rails-apache-config.conf /etc/apache2/sites-enabled/000-default.conf
+RUN a2ensite default-ssl.conf
+
+# By default, simply start apache.
+CMD /usr/sbin/apache2ctl -D FOREGROUND
diff --git a/rails-prod.sh b/rails-prod.sh
new file mode 100755
index 0000000..cf23739
--- /dev/null
+++ b/rails-prod.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -e
+
+if [ $# != 1 ]; then
+  echo "Please enter docker image name for the rails development environment"
+  exit 1
+fi
+
+docker build -t $1 -f rails-prod-Dockerfile .
+sudo docker run -d --restart=always -p 80:80 -p 443:443 $1
\ No newline at end of file