Added NGINX to Docker Stack + Other Fixes

.gitignore

@@ -100,8 +100,15 @@ Thumbs.db
 
 socioboard-api/Notification/package-lock.json
 
-# Ignoring Docker development files
+# Docker development files
 docker/.env
 docker/data
 docker/init-mongo.js
 docker-dev-build.sh
+docker/nginx/ssl/cert.pem
+docker/nginx/ssl/key.pem
+
+# Ansible development files
+ansible/inventory.yml
+ansible/roles/socio-env/files/docker.env
+ansible/vars/config.yml

Ansible.README.md

@@ -0,0 +1,74 @@
+# SocioBoard Docker Ansible Deploy
+Automated setup of SocioBoard Docker using Ansible.
+
+NOTE:
+- The ansible roles here will perform the basic setup, update and uninstall tasks.
+- Currently only amd64 is supported. The base container is alpine which can be built for arm. However npm will throw errors and although I may in the future, I have not looked into the issue further.
+- Set the location of the ssh key which has access to your destination server in `ansible/ansible.cfg`
+
+## Supported Operating Systems
+The ansible roles were designed to install socioboard on the following operating systems:
+- RedHat Enterprise Linux(RHEL) & forks(Alma, Rocky)
+- Debian & Debian based systems(Debian, Ubuntu etc.) (Untested)
+
+If you would like support for another OS, let me know and I will try to add it.
+
+## Preparing for Installation
+Copy the inventory template and make changes:
+```bash
+cp ansible/inventory-template.yml ansible/inventory.yml
+vi ansible/inventory.yml
+```
+
+Copy the config template and make changes:
+```bash
+cp ansible/vars/config-template.yml ansible/vars/config.yml
+vi ansible/vars/config.yml
+```
+
+Copy the Docker .env template and make changes:
+```bash
+cp docker/.env.example ansible/roles/socio-env/files/docker.env
+vi ansible/roles/socio-env/files/docker.env
+```
+
+## Installing
+Run the playbook with `setup-all` tag to do a full deployment
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=setup-all
+```
+
+Run the playbook with `setup` tag to do a basic deployment:
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=setup
+```
+WARNING: You need to run with `setup-all` at least once, this tag does not build or pull the SocioBoard Docker images! Use this if you want redeploy after using the `remove` tag documented below.
+
+You can build and setup the Docker images yourself using:
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=build,setup
+```
+We don't use the `setup-all` tag when building as this will force pull the images from Docker Hub. WARNING: You need to run with `setup-all` at least once, this tag does not install dependancies!
+
+## Uninstalling
+Run the playbook with `remove` tag to remove only the containers and networks(data is not touched)
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=remove
+```
+
+Run the playbook with `remove-all` tag to remove everything(including data)
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=remove-all
+```
+
+## Updating
+Run the playbook with `update` tag to run a full update(data is not touched)
+```bash
+cd ansible
+ansible-playbook -b -K socioboard-deploy.yml --tags=update
+```

Configuration.README.md

@@ -40,10 +40,10 @@ In order to use facebook functionality(i.e. schedule a post to facebook) we will
 - YouTube: https://developers.google.com/youtube/v3/getting-started
 
 ### URL, Scheme & Ports:
-You must also change all instances of urls to that of your setup(this is done mostly automatically in the Docker setup, see `Docker.README.md for details).
+You must also change all instances of urls to that of your setup(this is done mostly automatically in the Docker setup, see `Docker.README.md` for details).
 
 ## Creating an Account
-Navigate to your endpoint(`http://localhost:8000 by default) and create a new user by signing up. You will receive a message in the top right corner stating "Registration Failed - Unauthorized", this means you've registered but the activation link could not be emailed(no email set up).
+Navigate to your endpoint(`http://localhost:8000` by default) and create a new user by signing up. You will receive a message in the top right corner stating "Registration Failed - Unauthorized", this means you've registered but the activation link could not be emailed(no email set up).
 
 There are 2 ways to finish setting up users:
 

Docker.README.md

@@ -1,31 +1,40 @@
 # Socioboard Docker Containers
 Docker version developed and maintained by https://github.com/vaughngx4.
-PLEASE NOTE: Currently, the application is created to run in development mode WITH debugging on by default, as well as having several API vulnerabilities. This is a potential security issue and I would advise to not expose the application(ports 8000 and 8080) or the API(ports 3000 - 3004) to the internet.
+
+NOTE 1: Currently, the application is created to run in development mode WITH debugging on by default, as well as having several API vulnerabilities. This is a potential security risk and I would advise to not expose the application or the API to the internet.
+
+NOTE 2: Running on the `localhost` domain is no longer supported due to the addition of SSL and how the application is built. If you would like to run on your local machine, you will need to have an external DNS(setting in your hosts file doesn't work as the socioboard container also needs to be able to resolve hostnames) like your router, AdGuard or PiHole for example, set to the external IP of your local machine(i.e. 192.168.1.101). You will also need to expose ports 80 and 443 on your local machine. See `docker/nginx/ssl/SSL.README.md` for a list of subdomains.
+
 ## Installation
 Clone source code and cd into directory:
 ```bash
 git clone https://github.com/socioboard/Socioboard-5.0.git
 cd Socioboard-5.0
 ```
 
-Build docker images from source:
-```bash
-chmod +x docker-build.sh
-./docker-build.sh
-```
-Building images may take some time depending on your internet speed. Build can fail due to slow connections.
-
 Create .env and change variables(I use vi but use whatever text editor you have):
 ```bash
 cp docker/.env.example docker/.env
 vi docker/.env
 ```
 
+Prepare MongoDB files(this needs to be done whenever you change any mongo related settings in .env i.e new database):
+```bash
+./docker-set-mongo-init.sh
+```
+
 NOTE 1: Twilio API is required for the user API(registration, login etc.) to work. Fill correct details(You can create a free acount here: https://www.twilio.com/try-twilio)
 
 Twilio `Account SID` and `Auth Key` can be found in the API Keys section. To get a `Service ID` you will need to go the `Twilio Console` click on `Verify`, then `Services` and create a SocioBoard service.
 
-NOTE 2: If running behind a reverse proxy or exposing ports other than the default, be sure to change the URL scheme in the `# apply configs to config files` section of `docker/socioboard/init.sh`
+NOTE 2: If you would like to change the subdomains, be sure to change the URL scheme in `docker/socioboard/init.sh`, `docker/socioboard/config.sh`, `docker/socioboard-web/init.sh` and in `docker/nginx/nginx-socioboard.conf`.
+
+You can also provide your own SSL certificate if necessary(see `docker/nginx/ssl/SSL.README.md`)
+
+Pull Docker images:
+```bash
+docker-compose -f docker/docker-compose.yaml Pull
+```
 
 Create and start containers:
 ```bash
@@ -48,10 +57,14 @@ A `data/api` directory will be created inside the `docker` folder(you can change
 The docker network IP is not important and can be changed freely.
 
 ### Changing Exposed Ports:
-If for example port 8000 on your machine is in use and you want to change the frontend to port 8989. You will need to edit `docker/docker-compose.yaml` and change `"8000:8000"` to `"8989:8000"`. You will also need to change the URL scheme in `docker/socioboard/init.sh` to match.
+If port(s) 80 and/or 443 are in use on your system, but your proxy frontend still expects traffic on port(s) 80 and/or 443 you will need to edit `docker/docker-compose.yaml` and change `"${HTTPS_PORT}:${HTTPS_PORT}"` to `"8443:${HTTPS_PORT}"` for example.
+
+If you would like to change the ports the application is served on(i.e you would visit socio.mydomain.com:8443 to use the application) simply change the port(s) in your docker `.env` file.
+
+NOTE: When serving https on a port other than 443, the http redirect will no longer work. You will either have to modify the redirect in `docker/nginx/nginx-socioboard.conf` or handle it with your own reverse proxy(if you're using your own reverse proxy AND non standard ports I'd suggest handling the redirect there or leaving the http port out entirely).
 
 ## Creating an Account
-Navigate to your endpoint(`http://localhost:8000 by default) and create a new user by signing up. You will receive a message in the top right corner stating "Registration Failed - Unauthorized", this means you've registered but the activation link could not be emailed(no email set up).
+Navigate to your endpoint(`https://socio.mydomain.example) and create a new user by signing up. You will receive a message in the top right corner stating "Registration Failed - Unauthorized", this means you've registered but the activation link could not be emailed(no email set up).
 
 There are 2 ways to edit users:
 ### Method 1 - CLI:
@@ -61,12 +74,19 @@ docker exec -it socioboard-mysql sh -c "mysql --user=scbadmin --password=sqlpass
 ```
 
 ### Method 2 - GUI:
-There is now an optional admin panel(enabled by default, but can be disabled via `.env`) that is served on port 8080 at `/admin` (http://localhost:8080/admin by default). Default login details are - email: `[email protected]` and password: `scb@123`. I recommend you change these in the `.env` file as well.
+There is now an optional admin panel(enabled by default, but can be disabled via `.env`) that is served at `/admin` (https://socio.mydomain.example/admin). Default login details are - email: `[email protected]` and password: `scb@123`. I recommend you change these in the `.env` file as well.
 
 After logging in, click on your database(there should only be 1 database). Scroll down to the `User Activations` section(table), find your user(you can match users based on the data in `User Details` section(table)), click the 3 dots to the right of the user and click on `edit`. Here you can set `Activation Status` (`0` means not activated, `1` means activated), `User Plan` (ranges from `0` to `7`) and `Account Expire Date`.
 
 Done! You can now log in :)
 
+## Building from source
+Build docker images from source:
+```bash
+./docker-build.sh
+```
+Building images may take some time depending on your internet speed. Build can fail due to slow connections.
+
 ## Uninstalling:
 ### Keeping Data:
 To bring down containers without affecting data run the following in the source directory:

ansible/ansible.cfg

@@ -0,0 +1,32 @@
+[defaults]
+inventory = inventory.yml
+private_key_file = ~/.ssh/id_rsa
+stdout_callback = yaml
+bin_ansible_callbacks = True
+timeout = 30
+nocows = True
+interpreter_python = /usr/bin/python3
+forks = 2
+strategy = free
+
+[ssh_connection]
+pipelining = True
+control_path = /tmp/ansible-ssh-%%h-%%p-%%r
+
+[colors]
+highlight = white
+verbose = blue
+warn = bright purple
+error = red
+debug = bright gray
+deprecate = purple
+skip = cyan
+unreachable = red
+ok = green
+changed = yellow
+diff_add = green
+diff_remove = red
+diff_lines = cyan
+
+[diff]
+always = True

ansible/inventory-template.yml

@@ -0,0 +1,9 @@
+# Sample inventory.yml, copy to 'inventory.yml' before making changes
+# Add host IP and SSH user
+# The ansible machine needs to have SSH access to the specified host.
+all:
+  hosts:
+    socioboard:
+      ansible_host: < host_ip_address >
+      ansible_user: < host_ssh_user >
+      ansible_python_interpreter: /usr/bin/python3

ansible/roles/socio-base/.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible/roles/socio-base/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/socio-base/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for socio-base

ansible/roles/socio-base/files/build_copy-source.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# make temporary copy of source code
+cp -r ./socioboard-api ./docker/socioboard/
+cp -r ./socioboard-web-php ./docker/socioboard-web/

ansible/roles/socio-base/files/build_remove-source.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+rm -rf ./socioboard/socioboard-api ./socioboard-web/socioboard-web-php

ansible/roles/socio-base/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for socio-base

ansible/roles/socio-base/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: vaughngx4 ([email protected])
+  description: SocioBoard full application deployment (basic)
+  company: SiNtelli Technologies (Pty) Ltd
+
+  license: GPL-3.0-only
+
+  min_ansible_version: 2.1
+
+#  platforms:
+#    - name: RHEL
+#      versions:
+#        - all
+
+  galaxy_tags: []
+
+dependencies: []