adjusment

2025-07-27 09:25:55 +07:00
parent a4ce1d248e
commit 0754ebd64c
13 changed files with 176 additions and 172 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,6 @@
+CATALINA_HOME=/opt/tomcat9
+SC_PUBLISHED_HOST=smartconnect.internal.yel.or.id
+SC_FILESTORE_LOCATION=/data/SMARTConnect
+SC_SERVER_ADMIN=hendra@yel.or.id
+DNS_CLOUDFLARE_API_TOKEN=3WedMWHhoDPxge5yMPJgQPFhRXCTp6zpasTIlaIu
+POSTGRES_PASSWORD=Sm@rtConnIX3
--- a/57
+++ b/57
@@ -4,17 +4,33 @@ LABEL org.opencontainers.image.authors="Hazza"

 ENV DOCKER_NAME="docker-smartconnect7"

+ARG CATALINA_HOME
+
+ARG SC_PUBLISHED_HOST
+
+ARG SC_FILESTORE_LOCATION
+
+ARG SC_SERVER_ADMIN
+
+ARG DNS_CLOUDFLARE_API_TOKEN
+
 ENV TIME_ZONE="Asia/Jakarta"

-ENV CATALINA_HOME /opt/tomcat9
+ENV CATALINA_HOME=$CATALINA_HOME

-ENV PATH $CATALINA_HOME/bin:$PATH
+ENV PATH=$CATALINA_HOME/bin:$PATH

-RUM mkdir /data
+RUN mkdir /app && mkdir -p $SC_FILESTORE_LOCATION

-WORKDIR /data
+WORKDIR /app

-ENV SMARTCONNECT_DATA /data/SMARTConnect
+ADD ./app /app/
+
+ENV SMARTCONNECT_DATA=$SC_FILESTORE_LOCATION
+
+RUN apt update
+
+RUN apt install postgresql-client certbot python3-certbot-dns-cloudflare -y && apt clean && rm -rf /var/lib/apt/lists/*

 RUN set -eux; \
 export TOMCAT_VERSION=$(curl --silent https://dlcdn.apache.org/tomcat/tomcat-9/ | grep v9 | tail -n 1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | tail -n 1); \
@@ -30,15 +46,32 @@ RUN set -eux; \
 echo ">>> $HASH"; \
 echo $HASH | sha512sum -c; \
 mkdir -p "$CATALINA_HOME"; \
-	tar --extract \
-		--file "$TOMCAT_FILE" \
-		--directory "$CATALINA_HOME" \
-		--strip-components 1 \
-		--no-same-owner \
-	; \
+tar --extract --file "$TOMCAT_FILE" --directory "$CATALINA_HOME" --strip-components 1 --no-same-owner; \
 rm "$TOMCAT_FILE"; \
 echo "[$(date)]  [$DOCKER_NAME] [$TOMCAT_URL]" >> /.components;

-EXPOSE 8080
+RUN mkdir -p ~/.secrets/certbot && printf "dns_cloudflare_api_token=$DNS_CLOUDFLARE_API_TOKEN" >>  ~/.secrets/certbot/cloudflare.ini && chmod 600 ~/.secrets/certbot/cloudflare.ini
+
+RUN printf "pgsql-postgis:5432:*:postgres:${POSTGRES_PASSWORD}" >>  ~/.pgpass && chmod 600 ~/.pgpass
+
+RUN psql -h pgsql-postgis -p 5432 -U postgres -f db/db_preparation.sql
+
+RUN psql -h pgsql-postgis -p 5432 -d yel_scdb -U postgres -f db/scdb_import.sql
+
+RUN certbot certonly \
+-a dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
+--non-interactive --agree-tos --no-eff-email -m $SC_SERVER_ADMIN \
+-d $SC_PUBLISHED_HOST
+
+RUN rm -rf $CATALINA_HOME/webapps && mkdir $CATALINA_HOME/conf/cert && cp -f conf/server.xml $CATALINA_HOME/conf/ && cp webapps $CATALINA_HOME/ && cp lib/* $CATALINA_HOME/lib/
+
+RUN cp -Lf /etc/letsencrypt/live/$SC_PUBLISHED_HOST/{cert,chain,privkey}.pem $CATALINA_HOME/conf/cert/
+
+RUN printf "#!/bin/sh\n\n\
+cp -Lf /etc/letsencrypt/live/$SC_PUBLISHED_HOST/{cert,chain,privkey}.pem /opt/tomcat9/conf/cert/\n" >> /etc/letsencrypt/renewal-hooks/deploy/sc7_certbot_deploy.sh \
+&& chmod 750 /etc/letsencrypt/renewal-hooks/deploy/sc7_certbot_deploy.sh
+
+
+

 CMD ["sh"]
--- a/app/conf/server.xml
+++ b/app/conf/server.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Server port="-1" shutdown="SHUTDOWN">
+	<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
+	<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
+	<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
+	<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
+	<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
+
+	<GlobalNamingResources>
+
+		<Resource auth="Container"
+			driverClassName="org.postgresql.Driver"
+			type="javax.sql.DataSource"
+			factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
+			name="org.wcs.smart.connect.datasource.postgresql"
+			username="scadmin"
+			password="Sm@rtConnIX3"
+			url="jdbc:postgresql://pgsql-postgis:5432/yel_scdb"
+			alternateUsernameAllowed="true"
+			maxActive="20"
+			maxIdle="10"
+			minIdle="2"
+			socketTimeout="6000"
+			initialSize="2"
+			validationQuery = "SELECT 1;"
+			testWhileIdle = "true"
+			testOnBorrow = "true"
+			testOnConnect = "true"
+			testOnReturn = "true"
+			timeBetweenEvictionRunsMillis = "34000"
+			minEvictableIdleTimeMillis = "55000"
+			validationInterval = "15000"
+			removeAbandoned = "false"
+			removeAbandonedTimeout = "6000"
+			logAbandoned = "true"
+			initSQL = "SELECT 1;"
+			logValidationErrors = "true"
+			logSlow = "true"
+			logFailed = "true"/>
+
+		<Environment name="smartconnect.filestorelocation" value="/opt/SMARTConnect/Data" type="java.lang.String" override="false"/>
+		<Environment name="smartconnect.gfw_cleanup_days" value="30" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.dataqueue_cleanup_days" value="2" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.spatial_ref_sys_table" value="public.spatial_ref_sys" type="java.lang.String" override="false"/>
+		<Environment name="smartconnect.number_background_threads" value="5" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.work_item_history_days_available" value="5" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.changelog_cleanup_days" value="5" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.ca_export_days_available" value="5" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.sync_download_hours_available" value="5" type="java.lang.Integer" override="false"/>
+		<Environment name="smartconnect.cleanup_task_interval_hours value="5" type="java.lang.Integer" override="false"/>
+
+		<Resource name="mail/Session"
+			auth="Container"
+			type="javax.mail.Session"
+			mail.smtp.auth="true"
+			mail.smtp.from="no_reply@yel.or.id"
+			mail.smtp.host="smtp.gmail.com"
+			mail.smtp.starttls.enable="true"
+			mail.smtp.port="587"
+			mail.smtp.user="no_reply@yel.or.id"
+			password="aeynxbgypznsxmdz"/>
+
+	</GlobalNamingResources>
+
+	<Service name="Catalina">
+		<Engine name="Catalina" defaultHost="smartconnect.internal.yel.or.id">
+			<Realm className="org.apache.catalina.realm.LockOutRealm">
+				<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
+			</Realm>
+			<Host name="smartconnect.internal.yel.or.id" appBase="webapps" unpackWARs="true" autoDeploy="true">
+				<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="sc_access" suffix=".log" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
+			</Host>
+		</Engine>
+		<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="300" processorCache="300" SSLEnabled="true">
+			<SSLHostConfig>
+				<Certificate certificateFile="conf/cert/cert.pem" certificateKeyFile="conf/cert/privkey.pem" certificateChainFile="conf/cert/chain.pem"/>
+			</SSLHostConfig>
+		</Connector>
+	</Service>
+</Server>
--- a/app/db/db_preparation.sql
+++ b/app/db/db_preparation.sql
@@ -0,0 +1,17 @@
+-- SMART7 database preparation
+
+-- 1) install postgis extension
+-- Not Needed: already installed because we use postgis/postgis:11-2.5 docker image
+-- CREATE EXTENSION postgis;
+
+-- 2) install uuid-ossp extension
+CREATE EXTENSION "uuid-ossp";
+
+-- 3) Create Specific User for SMARTConnect 7 with password
+CREATE USER scadmin PASSWORD 'Sm@rtConnIX3';
+
+-- 4) Create DB for SMARTConnect 7 and make newly created user above as the owner
+CREATE DATABASE yel_scdb WITH OWNER scadmin;
+
+-- 5) Grant all privileges on database yel_scdb to scadmin
+GRANT ALL PRIVILEGES ON DATABASE yel_scdb TO scadmin;
--- a/app/db/scdb_import.sql
+++ b/app/db/scdb_import.sql
--- a/app/lib/jBCrypt-0.4.jar
+++ b/app/lib/jBCrypt-0.4.jar
--- a/app/lib/javax.activation-1.2.0.jar
+++ b/app/lib/javax.activation-1.2.0.jar
--- a/app/lib/javax.mail-1.6.2.jar
+++ b/app/lib/javax.mail-1.6.2.jar
--- a/app/lib/postgresql-42.7.7.jar
+++ b/app/lib/postgresql-42.7.7.jar
--- a/app/lib/smart-bcrypt.jar
+++ b/app/lib/smart-bcrypt.jar
--- a/app/webapps/ROOT.war
+++ b/app/webapps/ROOT.war
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -1,138 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Server port="-1" shutdown="SHUTDOWN">
-	<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
-	<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
-	<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
-	<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
-	<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
-
-	<GlobalNamingResources>
-		<Resource name="UserDatabase"
-			auth="Container"
-			type="org.apache.catalina.UserDatabase"
-			description="User database that can be updated and saved"
-			factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
-			pathname="conf/tomcat-users.xml"/>
-
-
-		<Resource auth="Container"
-			driverClassName="org.postgresql.Driver"
-			type="javax.sql.DataSource"
-			factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
-			name="org.wcs.smart.connect.datasource.postgresql"
-			username="postgres"
-			password="smart1234"
-			url="jdbc:postgresql://localhost:5432/connectsmart"
-			alternateUsernameAllowed="true"
-			maxActive="20"
-			maxIdle="10"
-			minIdle="2"
-			socketTimeout="6000"
-			initialSize="2"
-			validationQuery = "SELECT 1;"
-			testWhileIdle = "true"
-			testOnBorrow = "true"
-			testOnConnect = "true"
-			testOnReturn = "true"
-			timeBetweenEvictionRunsMillis = "34000"
-			minEvictableIdleTimeMillis = "55000"
-			validationInterval = "15000"
-			removeAbandoned = "false"
-			removeAbandonedTimeout = "6000"
-			logAbandoned = "true"
-			initSQL = "SELECT 1;"
-			logValidationErrors = "true"
-			logSlow = "true"
-			logFailed = "true"/>
-
-		<Environment name="smartconnect.filestorelocation"
-			value="/opt/SMARTConnect/Data"
-			type="java.lang.String"
-			override="false"/>
-
-		<Environment name="smartconnect.gfw_cleanup_days"
-		             value="30"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.dataqueue_cleanup_days"
-		             value="2"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.spatial_ref_sys_table"
-		             value="public.spatial_ref_sys"
-		             type="java.lang.String"
-		             override="false"/>
-		<Environment name="smartconnect.number_background_threads"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.work_item_history_days_available"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.changelog_cleanup_days"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.ca_export_days_available"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.sync_download_hours_available"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-		<Environment name="smartconnect.cleanup_task_interval_hours"
-		             value="5"
-		             type="java.lang.Integer"
-		             override="false"/>
-
-
-		<Resource name="mail/Session"
-			auth="Container"
-			type="javax.mail.Session"
-			mail.smtp.auth="true"
-			mail.smtp.from="no_reply@yel.or.id"
-			mail.smtp.host="smtp.gmail.com"
-			mail.smtp.socketFactory.class="javax.net.ssl.SSLSocketFactory"
-			mail.transport.protocol="smtp"
-			mail.smtp.port="465"
-			mail.smtp.user="no_reply@yel.or.id"
-			password="aeynxbgypznsxmdz"
-			mail.smtp.starttls.enable="true"/>
-
-	</GlobalNamingResources>
-
-	<Service name="Catalina">
-		<Engine name="Catalina" defaultHost="smartconnect.internal.yel.or.id">
-			<Realm className="org.apache.catalina.realm.LockOutRealm">
-				<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
-					resourceName="UserDatabase"/>
-			</Realm>
-			<Host name="smartconnect.internal.yel.or.id"
-				appBase="webapps"
-				unpackWARs="true"
-				autoDeploy="true">
-				<Valve className="org.apache.catalina.valves.AccessLogValve"
-					directory="logs"
-					prefix="smartconnect.internal.yel.or.id_access_log"
-					suffix=".txt"
-					pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
-			</Host>
-		</Engine>
-		<Connector port="443"
-			protocol="org.apache.coyote.http11.Http11NioProtocol"
-			maxThreads="300"
-			processorCache="300"
-			SSLEnabled="true">
-
-			<SSLHostConfig>
-				<Certificate certificateKeystoreFile="conf/smartconnect.jks"
-					certificateKeystorePassword="smartIX3"
-					certificateKeyAlias="tomcat"
-					certificateKeystoreType="PKCS12"
-					type="RSA"/>
-			</SSLHostConfig>
-		</Connector>
-	</Service>
-</Server>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,15 +2,21 @@ services:
  smartconnect7:
    build:
      context: .
+      args:
+        - CATALINA_HOME=${CATALINA_HOME}
+        - SC_PUBLISHED_HOST=${SC_PUBLISHED_HOST}
+        - SC_FILESTORE_LOCATION=${SC_FILESTORE_LOCATION}
+        - SC_SERVER_ADMIN=${SC_SERVER_ADMIN}
+        - DNS_CLOUDFLARE_API_TOKEN=${DNS_CLOUDFLARE_API_TOKEN}
    container_name: SMARTConnect7
    volumes:
-      - catalina_home:/opt/tomcat9
-      - smart_data:/data/SMARTConnect
+      - catalina_home:${CATALINA_HOME}
+      - sc_filestore:${SC_FILESTORE_LOCATION}
+      - letsencrypt:/etc/letsencrypt 
    networks:
      - frontend
      - backend
    ports:
-      - "8080:8080"
      - "8443:8443"
    stdin_open: true
    tty: true
@@ -19,14 +25,13 @@ services:
    image: postgis/postgis:11-2.5
    environment:
      PGDATA: /pgdata
-      POSTGRES_PASSWORD: dspace
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - pgdata:/pgdata
    networks:
      - backend
    ports:
-      - "8080:8080"
-      - "8443:8443"
+      - "5432:5432"
    stdin_open: true
    tty: true

@@ -36,5 +41,6 @@ networks:

 volumes:
  catalina_home:
-  smart_data:
+  sc_filestore:
+  letsencrypt:
  pgdata: