[Docker] #1303328 - Fix install prod mode

INSTALL.md

@@ -1,83 +1,3 @@
-# Requirements
-In order to run Gally, you will need:
+# Installing Gally
 
-- Docker (>= 20.10) with the compose plugin
-- 2 GB of available RAM/swap for the NodeJs build phase
-- 10 GB of free disk space in order to build the docker images
-- Disable/Shutdown any local service running on a concurrent exposed port of the application services
-  - 5432/tcp : PostgreSQL
-  - 80/tcp (HTTP), 443/tcp (HTTPS), 8080/tcp : Apache, Nginx or any HTTP running server
-  - 6379/tcp : Redis server
-  - 9200/tcp : Elasticsearch
-
-# Run the application with docker on dev environment
-
-1. Fork the repository https://github.com/Elastic-Suite/gally
-2. Clone your repository: git clone [email protected]:USERNAME/gally.git
-3. Go in the project directory: cd gally
-4. Build and run the application: make up
-   This command
-   - build the docker images, containers and volumes containers
-   - copy the sources into the containers and configure their services
-   - build the frontend NodeJS/React application
-   - install the Gally database
-
-5. Add Gally sample data (catalogs made out of products and categories) : make fixtures_load 
-   - answer “yes” to the first question
-   - answer “y” to the second question
-6.   Create a new admin account with: make sf c=gally:user:create (available roles are “ROLE_ADMIN” and “ROLE_CONTRIBUTOR”)
-7.   Wait a few minutes for the frontend application to be build (see I have a blank page on https://localhost/)
-
-
-# Gally back-office
-The back-office of the application should be available at https://localhost/.
-
-The back-office per se is protected by a login screen.
-
-## Gally login screen
-Use the credentials defined at the step 6 (“Create a new admin account”) to access it.
-
-<h1 align="center"><img src="static/login-screen.png" alt="Gally login screen"/></h1>
-
-## Gally dashboard
-
-After logging in, the user is redirected to the “Settings” dashboard which displays information about the application data: catalogs and locales which act both as search scopes and product and categories containers.
-
-
-<h1 align="center"><img src="static/settings.png" alt="Gally settings screen"/></h1>
-
-# Example frontend application
-
-An example frontend application should be available at https://localhost/example/index.html
-It is a frontend application which uses the Gally GraphQL and Rest APIs to provide search and navigation features into the sample data catalogs and categories.
-
-It starts with a mostly blank page besides a “Gally - Example app” header where you can select one of the sample catalog and localized catalog (for instance “COM Catalog” and then “COM French Catalog”).
-
-<h1 align="center"><img src="static/example-app-home.png" alt="Gally example app"/></h1>
-
-Selecting the “COM French Catalog” after having selected the “COM Catalog” catalog.
-
-If the sample data have products for the selected localized catalog, you will be presented by a products list page.
-
-<h1 align="center"><img src="static/example-app-listing.png" alt="Gally example app"/></h1>
-
-# Gally swagger
-
-The swagger (Rest API documentation) should be available at https://localhost/docs
-
-<h1 align="center"><img src="static/swagger.png" alt="Gally swagger"/></h1>
-
-
-
-# GraphQL test client
-A GraphQL test client should be available at https://localhost/graphql/
-
-<h1 align="center"><img src="static/graphiql.png" alt="Gally example app"/></h1>
-
-# Run the application with docker on production
-
-1. Deploy the source on your environment
-2. Initialize your `.env` file in the project root directory with the variables: UUID, GUID, APP_SECRET, POSTGRES_PASSWORD, APP_ENV
-3. Run the application: docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
-4. Install the application: docker compose -f docker-compose.yml -f docker-compose.prod.yml exec php bin/console hautelook:fixtures:load
-5. The application should be available from the port 443 of your server
+Check the wiki : https://github.com/Elastic-Suite/gally/wiki/Getting-started#install-gally

Makefile

@@ -1,5 +1,15 @@
+# Include .env if exist
+ifneq (,$(wildcard ./.env))
+    include .env
+    export
+endif
+
 # Executables (local)
-DOCKER_COMP := $(shell docker compose ls 1>&2 2>/dev/null && echo 'docker compose' || echo 'docker-compose')
+DOCKER_COMP_EXEC := $(shell docker compose ls 1>&2 2>/dev/null && echo 'docker compose' || echo 'docker-compose')
+ASK_CONFIRMATION := "read -p '\e[31mThis Makefile is meant to be used in a development environment, are you sure you want to continue? (y/n)\e[0m ' REPLY; \
+    [ "\$$REPLY" = "y" ] \
+    || exit 0; $(DOCKER_COMP_EXEC)"
+DOCKER_COMP := $(shell [ "${APP_ENV}" = "prod" ] && echo $(ASK_CONFIRMATION) || echo $(DOCKER_COMP_EXEC))
 
 # Docker containers
 PHP_CONT = $(DOCKER_COMP) exec php

docker-compose.ci.yml

@@ -58,6 +58,9 @@ services:
 
 ###> doctrine/doctrine-bundle ###
   database:
+    environment:
+      # You should definitely change the password in production
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
     ports:
       - target: 5432
         published: 5432

docker-compose.int.yml

@@ -6,19 +6,10 @@ services:
   php:
     environment:
       APP_ENV: dev # Needed for fixtures bundles to work.
-      APP_SECRET: ${APP_SECRET}
-      # MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET}
-      XDEBUG_MODE: 'off'
 
   caddy:
     environment:
       EXAMPLE_UPSTREAM: pwa:3000
-      # MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
-      # MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
-
-  database:
-    environment:
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
 
   pwa:
     build:

docker-compose.override.yml

@@ -30,6 +30,7 @@ services:
         client_port=9000
         idekey=PHPSTORM
       PHP_IDE_CONFIG: serverName=api-platform
+      # MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
 
   pwa:
     user: ${UUID?You must set UUID env var}:${GUID?You must set GUID env var}
@@ -60,9 +61,22 @@ services:
     environment:
       EXAMPLE_UPSTREAM: example:3001
       # MERCURE_EXTRA_DIRECTIVES: demo
+      # MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
+      # MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
+
+  redis:
+    ports:
+      - '6379:6379'
+
+  search:
+    ports:
+      - '9200:9200'
 
 ###> doctrine/doctrine-bundle ###
   database:
+    environment:
+      # You should definitely change the password in production
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
     ports:
       - target: 5432
         published: 5432

docker-compose.yml

@@ -14,18 +14,22 @@ services:
     restart: unless-stopped
     volumes:
       - php_socket:/var/run/php
+      - jwt_keys:/srv/api/config/jwt
     healthcheck:
       interval: 10s
       timeout: 3s
       retries: 10
       start_period: 120s
     environment:
+      APP_ENV: prod
+      APP_SECRET: ${APP_SECRET}
       DATABASE_URL: postgresql://${POSTGRES_USER:-api-platform}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-api}?serverVersion=${POSTGRES_VERSION:-13}
       TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
       TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|caddy$$
       # MERCURE_URL: ${CADDY_MERCURE_URL:-http://caddy/.well-known/mercure}
       # MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
-      # MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
+      # MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET}
+      XDEBUG_MODE: 'off'
 
   pwa:
     build:
@@ -52,12 +56,10 @@ services:
     environment:
       PWA_UPSTREAM: pwa:3000
       # EXAMPLE_UPSTREAM: example:3001
-      # SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
       SERVER_NAME: ${SERVER_NAME:-localhost}
-      # VARNISH_UPSTREAM: varnish:80
       VARNISH_UPSTREAM: varnish:80
-      # MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
-      # MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
+      # MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
+      # MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
       CADDY_TRUSTED_PROXIES: ${CADDY_TRUSTED_PROXIES:-127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16}
     restart: unless-stopped
     volumes:
@@ -95,19 +97,13 @@ services:
     # If http2 not already supported out of the box
     # command: "-p default_keep=300 -p feature=+http2"
     command: "-p default_keep=300 -p http_resp_hdr_len=65k"
-    # restart: unless-stopped
-    # ports: 
-    #  - target: 80
-    #    published: 8080
-    #    protocol: tcp
-
 
   database:
     image: postgres:${POSTGRES_VERSION:-13}-alpine
     environment:
       - POSTGRES_DB=${POSTGRES_DB:-api}
       # You should definitely change the password in production
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
       - POSTGRES_USER=${POSTGRES_USER:-api-platform}
     volumes:
       - db_data:/var/lib/postgresql/data:rw
@@ -120,8 +116,6 @@ services:
       # ALLOW_EMPTY_PASSWORD is recommended only for development.
       - ALLOW_EMPTY_PASSWORD=yes
       # - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
-    ports:
-      - '6379:6379'
     volumes:
       - 'redis_data:/bitnami/redis/data'
 
@@ -148,8 +142,6 @@ services:
       memlock:
         soft: -1
         hard: -1
-    ports:
-      - 9200:9200
     healthcheck:
       test: test $$(curl --write-out %{http_code} --fail --silent --output /dev/null http://localhost:9200/_cluster/health?wait_for_status=green&timeout=5s) -eq 200
       interval: 10s
@@ -192,6 +184,7 @@ services:
 
 volumes:
   php_socket:
+  jwt_keys:
   caddy_data:
   caddy_config:
 ###> doctrine/doctrine-bundle ###