From d621fb62dfde120c62ae4b75802a179231752f7e Mon Sep 17 00:00:00 2001 From: Brett Date: Wed, 31 May 2023 14:26:56 +0200 Subject: [PATCH 01/17] Initial Security updates - Update database user names and passwords - The CKAN database is created with a new SQL script in the docker-entrypoint-initdb.d/ directory - Remove host port for CKAN container - now has a front-end network for NGINX and a back-end network for the rest of the containers, plus NGINX --- .env | 10 ++++---- docker-compose.yml | 23 ++++++++++++++++--- postgresql/Dockerfile | 7 +++--- .../10_create_ckandb.sql | 4 ++++ ..._datastore.sql => 20_create_datastore.sql} | 2 +- .../20_setup_test_databases.sql | 2 -- .../30_setup_test_databases.sql | 2 ++ 7 files changed, 37 insertions(+), 13 deletions(-) create mode 100755 postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql rename postgresql/docker-entrypoint-initdb.d/{10_create_datastore.sql => 20_create_datastore.sql} (74%) delete mode 100755 postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql create mode 100755 postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql diff --git a/.env b/.env index 21d25d4..bde6805 100644 --- a/.env +++ b/.env @@ -13,13 +13,15 @@ NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=admindbuser +POSTGRES_PASSWORD=admindbpassword +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections diff --git a/docker-compose.yml b/docker-compose.yml index 8548f0e..029e591 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,6 +12,9 @@ services: build: context: nginx/ dockerfile: Dockerfile + networks: + - frontend + - backend depends_on: ckan: condition: service_healthy @@ -26,6 +29,8 @@ services: dockerfile: Dockerfile args: - TZ=${TZ} + networks: + - backend env_file: - .env depends_on: @@ -35,8 +40,6 @@ services: condition: service_healthy redis: condition: service_healthy - ports: - - "0.0.0.0:${CKAN_PORT_HOST}:${CKAN_PORT}" volumes: - ckan_storage:/var/lib/ckan restart: unless-stopped @@ -45,6 +48,8 @@ services: datapusher: container_name: ${DATAPUSHER_CONTAINER_NAME} + networks: + - backend image: ckan/ckan-base-datapusher:${DATAPUSHER_VERSION} restart: unless-stopped healthcheck: @@ -57,18 +62,24 @@ services: args: - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} + networks: + - backend environment: - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} - PGDATA=/var/lib/postgresql/data/db volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "ckan"] + test: ["CMD", "pg_isready", "-U", "admindbuser", "-d", "admindb"] solr: container_name: ${SOLR_CONTAINER_NAME} + networks: + - backend image: ckan/ckan-solr:${SOLR_IMAGE_VERSION} volumes: - solr_data:/var/solr @@ -78,7 +89,13 @@ services: redis: container_name: ${REDIS_CONTAINER_NAME} + networks: + - backend image: redis:${REDIS_VERSION} restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "-e", "QUIT"] + +networks: + frontend: + backend: diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile index e912383..f78bb92 100755 --- a/postgresql/Dockerfile +++ b/postgresql/Dockerfile @@ -4,10 +4,11 @@ FROM postgres:12-alpine RUN echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf # Customize default user/pass/db -ENV POSTGRES_DB ckan -ENV POSTGRES_USER ckan +ENV POSTGRES_DB admindb +ENV POSTGRES_USER admindbuser ARG POSTGRES_PASSWORD +ARG CKAN_DB_PASSWORD ARG DATASTORE_READONLY_PASSWORD # Include extra setup scripts (eg datastore) -ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d +ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d \ No newline at end of file diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql new file mode 100755 index 0000000..5ac296d --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql @@ -0,0 +1,4 @@ +\set ckan_db_password '\'' `echo $CKAN_DB_PASSWORD` '\'' + +CREATE ROLE ckandbuser NOSUPERUSER CREATEDB CREATEROLE LOGIN PASSWORD :ckan_db_password; +CREATE DATABASE ckandb OWNER ckandbuser ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql similarity index 74% rename from postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql rename to postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql index 8038de0..8cee4fd 100755 --- a/postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql +++ b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql @@ -1,4 +1,4 @@ \set datastore_ro_password '\'' `echo $DATASTORE_READONLY_PASSWORD` '\'' CREATE ROLE datastore_ro NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD :datastore_ro_password; -CREATE DATABASE datastore OWNER ckan ENCODING 'utf-8'; +CREATE DATABASE datastore OWNER ckandbuser ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql b/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql deleted file mode 100755 index 140f2e5..0000000 --- a/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE DATABASE ckan_test OWNER ckan ENCODING 'utf-8'; -CREATE DATABASE datastore_test OWNER ckan ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql new file mode 100755 index 0000000..8babb2f --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql @@ -0,0 +1,2 @@ +CREATE DATABASE ckan_test OWNER ckandbuser ENCODING 'utf-8'; +CREATE DATABASE datastore_test OWNER ckandbuser ENCODING 'utf-8'; From 4b5dbeacdd29a8b0c3575701a45ac194d76c44f1 Mon Sep 17 00:00:00 2001 From: Brett Date: Wed, 31 May 2023 14:36:49 +0200 Subject: [PATCH 02/17] Update docker-compose.dev.yml --- docker-compose.dev.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 2b6a0f1..f331de9 100755 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -49,12 +49,13 @@ services: environment: - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} - PGDATA=/var/lib/postgresql/data/db volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "ckan"] + test: ["CMD", "pg_isready", "-U", "admindbuser", "-d", "admindb"] solr: container_name: ${SOLR_CONTAINER_NAME} From a702914f20e21807f1490e9800e0bddc169fec0b Mon Sep 17 00:00:00 2001 From: Brett Date: Fri, 2 Jun 2023 10:34:36 +0200 Subject: [PATCH 03/17] harden NGINX config --- nginx/Dockerfile | 17 +++++++++-- nginx/setup/default.conf | 24 +++++++++++---- nginx/setup/nginx.conf | 64 +++++++++++++++++++++++++++++++++++++--- 3 files changed, 94 insertions(+), 11 deletions(-) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 8abad79..4efef3f 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -2,11 +2,24 @@ FROM nginx:stable-alpine ENV NGINX_DIR=/etc/nginx +RUN apk update --no-cache && \ + apk upgrade --no-cache && \ + apk add --no-cache openssl + COPY setup/nginx.conf ${NGINX_DIR}/nginx.conf COPY setup/index.html /usr/share/nginx/html/index.html COPY setup/default.conf ${NGINX_DIR}/conf.d/ RUN mkdir -p ${NGINX_DIR}/certs -COPY setup/ckan-local.* ${NGINX_DIR}/certs/ -EXPOSE 81 \ No newline at end of file +EXPOSE 81 + +ENTRYPOINT \ + openssl req \ + -subj '/C=DE/ST=Berlin/L=Berlin/O=None/CN=localhost' \ + -x509 -newkey rsa:4096 \ + -nodes -keyout /etc/nginx/ssl/default_key.pem \ + -keyout ${NGINX_DIR}/certs/ckan-local.key \ + -out ${NGINX_DIR}/certs/ckan-local.crt \ + -days 365 && \ + nginx -g 'daemon off;' \ No newline at end of file diff --git a/nginx/setup/default.conf b/nginx/setup/default.conf index 17e9cc1..5406109 100644 --- a/nginx/setup/default.conf +++ b/nginx/setup/default.conf @@ -6,6 +6,18 @@ server { server_name localhost; ssl_certificate /etc/nginx/certs/ckan-local.crt; ssl_certificate_key /etc/nginx/certs/ckan-local.key; + + # TLS 1.2 & 1.3 only + ssl_protocols TLSv1.2 TLSv1.3; + + # Disable weak ciphers + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + + # SSL sessions + ssl_session_timeout 1d; + # ssl_session_cache dfine in stream and http + ssl_session_tickets off; #access_log /var/log/nginx/host.access.log main; @@ -20,13 +32,15 @@ server { proxy_cache_key $host$scheme$proxy_host$request_uri; } - error_page 404 /404.html; + error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; - # redirect server error pages to the static page /50x.html + # redirect server error pages to the static page /error.html # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; + location = /error.html { + ssi on; + internal; + auth_basic off; + root /usr/share/nginx/html; } } \ No newline at end of file diff --git a/nginx/setup/nginx.conf b/nginx/setup/nginx.conf index b14c5be..ddc819c 100644 --- a/nginx/setup/nginx.conf +++ b/nginx/setup/nginx.conf @@ -22,14 +22,70 @@ http { access_log /var/log/nginx/access.log main; sendfile on; - #tcp_nopush on; - + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; keepalive_timeout 65; - #gzip on; + # Don't expose Nginx version + server_tokens off; + + # Prevent clickjacking attacks + add_header X-Frame-Options "SAMEORIGIN"; + + # Mitigate Cross-Site scripting attack + add_header X-XSS-Protection "1; mode=block"; + + # Enable gzip encryption + gzip on; proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m; proxy_temp_path /tmp/nginx_proxy 1 2; include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file + + # Error status text + map $status $status_text { + 400 'Bad Request'; + 401 'Unauthorized'; + 402 'Payment Required'; + 403 'Forbidden'; + 404 'Not Found'; + 405 'Method Not Allowed'; + 406 'Not Acceptable'; + 407 'Proxy Authentication Required'; + 408 'Request Timeout'; + 409 'Conflict'; + 410 'Gone'; + 411 'Length Required'; + 412 'Precondition Failed'; + 413 'Payload Too Large'; + 414 'URI Too Long'; + 415 'Unsupported Media Type'; + 416 'Range Not Satisfiable'; + 417 'Expectation Failed'; + 418 'I\'m a teapot'; + 421 'Misdirected Request'; + 422 'Unprocessable Entity'; + 423 'Locked'; + 424 'Failed Dependency'; + 425 'Too Early'; + 426 'Upgrade Required'; + 428 'Precondition Required'; + 429 'Too Many Requests'; + 431 'Request Header Fields Too Large'; + 451 'Unavailable For Legal Reasons'; + 500 'Internal Server Error'; + 501 'Not Implemented'; + 502 'Bad Gateway'; + 503 'Service Unavailable'; + 504 'Gateway Timeout'; + 505 'HTTP Version Not Supported'; + 506 'Variant Also Negotiates'; + 507 'Insufficient Storage'; + 508 'Loop Detected'; + 510 'Not Extended'; + 511 'Network Authentication Required'; + default 'Something is wrong'; + } +} From d06847dd24d10508089774acf6826eef42194bc6 Mon Sep 17 00:00:00 2001 From: Brett Date: Sat, 3 Jun 2023 10:22:55 +0200 Subject: [PATCH 04/17] Take out all non-SSL ports for NGINX --- docker-compose.yml | 1 - nginx/Dockerfile | 2 -- nginx/setup/default.conf | 4 ++-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 029e591..ac2f988 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,6 @@ services: ckan: condition: service_healthy ports: - - "0.0.0.0:${NGINX_PORT_HOST}:${NGINX_PORT}" - "0.0.0.0:${NGINX_SSLPORT_HOST}:${NGINX_SSLPORT}" ckan: diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 4efef3f..eda7994 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -12,8 +12,6 @@ COPY setup/default.conf ${NGINX_DIR}/conf.d/ RUN mkdir -p ${NGINX_DIR}/certs -EXPOSE 81 - ENTRYPOINT \ openssl req \ -subj '/C=DE/ST=Berlin/L=Berlin/O=None/CN=localhost' \ diff --git a/nginx/setup/default.conf b/nginx/setup/default.conf index 5406109..a628619 100644 --- a/nginx/setup/default.conf +++ b/nginx/setup/default.conf @@ -1,6 +1,6 @@ server { - listen 80; - listen [::]:80; + #listen 80; + #listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name localhost; From 5a13a9f4841c01528459597b149d7d138edb8bf8 Mon Sep 17 00:00:00 2001 From: Brett Date: Thu, 8 Jun 2023 14:08:56 +0200 Subject: [PATCH 05/17] Update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b1931c..f1c217f 100644 --- a/README.md +++ b/README.md @@ -205,7 +205,7 @@ running the latest version of Datapusher. ## 10. NGINX -The base Docker Compose configuration uses an NGINX image as the front-end (ie: reverse proxy). It includes HTTPS running on port number 8443 and an HTTP port (81). A "self-signed" SSL certificate is generated beforehand and the server certificate and key files are included. The NGINX `server_name` directive and the `CN` field in the SSL certificate have been both set to 'localhost'. This should obviously not be used for production. +The base Docker Compose configuration uses an NGINX image as the front-end (ie: reverse proxy). It includes HTTPS running on port number 8443. A "self-signed" SSL certificate is generated as part of the ENTRYPOINT. The NGINX `server_name` directive and the `CN` field in the SSL certificate have been both set to 'localhost'. This should obviously not be used for production. Creating the SSL cert and key files as follows: `openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=DE/ST=Berlin/L=Berlin/O=None/CN=localhost" -keyout ckan-local.key -out ckan-local.crt` From 969494b9aabadbd53b5db22d1c42536fc66f5cde Mon Sep 17 00:00:00 2001 From: Brett Date: Sat, 10 Jun 2023 08:11:18 +0200 Subject: [PATCH 06/17] Updates to environment variables --- .env | 8 +++- docker-compose.dev.yml | 2 +- docker-compose.yml | 43 +++++++++++-------- postgresql/Dockerfile | 7 --- .../10_create_ckandb.sh | 7 +++ .../10_create_ckandb.sql | 4 -- .../20_create_datastore.sh | 7 +++ .../20_create_datastore.sql | 4 -- .../30_setup_test_databases.sql | 9 +++- 9 files changed, 54 insertions(+), 37 deletions(-) create mode 100755 postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh delete mode 100755 postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql create mode 100755 postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh delete mode 100755 postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql diff --git a/.env b/.env index bde6805..f2f3c2e 100644 --- a/.env +++ b/.env @@ -13,13 +13,17 @@ NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 # CKAN databases -POSTGRES_USER=admindbuser +POSTGRES_USER=postgres POSTGRES_PASSWORD=admindbpassword +POSTGRES_DB=admindb +PGDATA=/var/lib/postgresql/data/db +POSTGRES_HOST=db CKAN_DB_USER=ckandbuser CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db +DATASTORE_DB=datastore CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index f331de9..c60b0a3 100755 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -55,7 +55,7 @@ services: - pg_data:/var/lib/postgresql/data restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "admindbuser", "-d", "admindb"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}", "-d", "${POSTGRES_DB}"] solr: container_name: ${SOLR_CONTAINER_NAME} diff --git a/docker-compose.yml b/docker-compose.yml index ac2f988..376d9c8 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,8 @@ services: context: nginx/ dockerfile: Dockerfile networks: - - frontend - - backend + - webnet + - ckannet depends_on: ckan: condition: service_healthy @@ -29,7 +29,10 @@ services: args: - TZ=${TZ} networks: - - backend + - ckannet + - dbnet + - solrnet + - redisnet env_file: - .env depends_on: @@ -48,7 +51,8 @@ services: datapusher: container_name: ${DATAPUSHER_CONTAINER_NAME} networks: - - backend + - ckannet + - dbnet image: ckan/ckan-base-datapusher:${DATAPUSHER_VERSION} restart: unless-stopped healthcheck: @@ -58,27 +62,29 @@ services: container_name: ${POSTGRESQL_CONTAINER_NAME} build: context: postgresql/ - args: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} networks: - - backend + - dbnet environment: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} + - PGDATA=${PGDATA} + - CKAN_DB_USER=${CKAN_DB_USER} - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} - - PGDATA=/var/lib/postgresql/data/db + - CKAN_DB=${CKAN_DB} + - DATASTORE_READONLY_USER=${DATASTORE_READONLY_USER} + - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} + - DATASTORE_DB=${DATASTORE_DB} volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "admindbuser", "-d", "admindb"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}", "-d", "${POSTGRES_DB}"] solr: container_name: ${SOLR_CONTAINER_NAME} networks: - - backend + - solrnet image: ckan/ckan-solr:${SOLR_IMAGE_VERSION} volumes: - solr_data:/var/solr @@ -88,13 +94,16 @@ services: redis: container_name: ${REDIS_CONTAINER_NAME} - networks: - - backend image: redis:${REDIS_VERSION} + networks: + - redisnet restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "-e", "QUIT"] networks: - frontend: - backend: + webnet: + ckannet: + solrnet: + dbnet: + redisnet: diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile index f78bb92..a1448d0 100755 --- a/postgresql/Dockerfile +++ b/postgresql/Dockerfile @@ -3,12 +3,5 @@ FROM postgres:12-alpine # Allow connections; we don't map out any ports so only linked docker containers can connect RUN echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf -# Customize default user/pass/db -ENV POSTGRES_DB admindb -ENV POSTGRES_USER admindbuser -ARG POSTGRES_PASSWORD -ARG CKAN_DB_PASSWORD -ARG DATASTORE_READONLY_PASSWORD - # Include extra setup scripts (eg datastore) ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d \ No newline at end of file diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh new file mode 100755 index 0000000..1c9c4ca --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE ROLE "$CKAN_DB_USER" NOSUPERUSER CREATEDB CREATEROLE LOGIN PASSWORD '$CKAN_DB_PASSWORD'; + CREATE DATABASE "$CKAN_DB" OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql deleted file mode 100755 index 5ac296d..0000000 --- a/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sql +++ /dev/null @@ -1,4 +0,0 @@ -\set ckan_db_password '\'' `echo $CKAN_DB_PASSWORD` '\'' - -CREATE ROLE ckandbuser NOSUPERUSER CREATEDB CREATEROLE LOGIN PASSWORD :ckan_db_password; -CREATE DATABASE ckandb OWNER ckandbuser ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh new file mode 100755 index 0000000..968e443 --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE ROLE "$DATASTORE_READONLY_USER" NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD '$DATASTORE_READONLY_PASSWORD'; + CREATE DATABASE "$DATASTORE_DB" OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL \ No newline at end of file diff --git a/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql deleted file mode 100755 index 8cee4fd..0000000 --- a/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sql +++ /dev/null @@ -1,4 +0,0 @@ -\set datastore_ro_password '\'' `echo $DATASTORE_READONLY_PASSWORD` '\'' - -CREATE ROLE datastore_ro NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD :datastore_ro_password; -CREATE DATABASE datastore OWNER ckandbuser ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql index 8babb2f..da55af3 100755 --- a/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql +++ b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql @@ -1,2 +1,7 @@ -CREATE DATABASE ckan_test OWNER ckandbuser ENCODING 'utf-8'; -CREATE DATABASE datastore_test OWNER ckandbuser ENCODING 'utf-8'; +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE DATABASE ckan_test OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; + CREATE DATABASE datastore_test OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL From 40ffdcdbb7f46def8dd9c504aeddbb7864475713 Mon Sep 17 00:00:00 2001 From: Brett Date: Tue, 13 Jun 2023 14:24:18 +0200 Subject: [PATCH 07/17] More .env and compose updates --- .env | 6 +++--- .env.example | 17 +++++++++++------ docker-compose.dev.yml | 10 +++------- docker-compose.yml | 23 +++++++++++++---------- 4 files changed, 30 insertions(+), 26 deletions(-) diff --git a/.env b/.env index f2f3c2e..32de312 100644 --- a/.env +++ b/.env @@ -14,10 +14,10 @@ NGINX_SSLPORT_HOST=8443 # CKAN databases POSTGRES_USER=postgres -POSTGRES_PASSWORD=admindbpassword -POSTGRES_DB=admindb -PGDATA=/var/lib/postgresql/data/db +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres POSTGRES_HOST=db +PGDATA=/var/lib/postgresql/data/db CKAN_DB_USER=ckandbuser CKAN_DB_PASSWORD=ckandbpassword CKAN_DB=ckandb diff --git a/.env.example b/.env.example index cc9220a..ba7207e 100644 --- a/.env.example +++ b/.env.example @@ -13,13 +13,18 @@ NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres +POSTGRES_HOST=db +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +DATASTORE_DB=datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections @@ -30,7 +35,7 @@ TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_te # CKAN core CKAN_VERSION=2.10.0 CKAN_SITE_ID=default -CKAN_SITE_URL=http://ckan:5000 +CKAN_SITE_URL=https://localhost:8443 CKAN_PORT=5000 CKAN_PORT_HOST=5000 CKAN___BEAKER__SESSION__SECRET=CHANGE_ME diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index c60b0a3..2bc7894 100755 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -43,14 +43,10 @@ services: container_name: ${POSTGRESQL_CONTAINER_NAME} build: context: postgresql/ - args: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} environment: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} - - PGDATA=/var/lib/postgresql/data/db + - DATASTORE_READONLY_PASSWORD + - POSTGRES_PASSWORD + - CKAN_DB_PASSWORD volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped diff --git a/docker-compose.yml b/docker-compose.yml index 376d9c8..5bf662f 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -65,16 +65,16 @@ services: networks: - dbnet environment: - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_DB=${POSTGRES_DB} - - PGDATA=${PGDATA} - - CKAN_DB_USER=${CKAN_DB_USER} - - CKAN_DB_PASSWORD=${CKAN_DB_PASSWORD} - - CKAN_DB=${CKAN_DB} - - DATASTORE_READONLY_USER=${DATASTORE_READONLY_USER} - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - DATASTORE_DB=${DATASTORE_DB} + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - PGDATA + - CKAN_DB_USER + - CKAN_DB_PASSWORD + - CKAN_DB + - DATASTORE_READONLY_USER + - DATASTORE_READONLY_PASSWORD + - DATASTORE_DB volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped @@ -105,5 +105,8 @@ networks: webnet: ckannet: solrnet: + internal: true dbnet: + internal: true redisnet: + internal: true From 60abbedd213e3ae641fa8c6724483ea5177c405f Mon Sep 17 00:00:00 2001 From: Brett Date: Thu, 15 Jun 2023 10:07:14 +0200 Subject: [PATCH 08/17] get rid of the PGDATE env variable and overriding the pg_hba.conf file --- .env | 1 - docker-compose.yml | 1 - postgresql/Dockerfile | 3 --- 3 files changed, 5 deletions(-) diff --git a/.env b/.env index 32de312..ba7207e 100644 --- a/.env +++ b/.env @@ -17,7 +17,6 @@ POSTGRES_USER=postgres POSTGRES_PASSWORD=postgres POSTGRES_DB=postgres POSTGRES_HOST=db -PGDATA=/var/lib/postgresql/data/db CKAN_DB_USER=ckandbuser CKAN_DB_PASSWORD=ckandbpassword CKAN_DB=ckandb diff --git a/docker-compose.yml b/docker-compose.yml index 5bf662f..9411d1c 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -68,7 +68,6 @@ services: - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB - - PGDATA - CKAN_DB_USER - CKAN_DB_PASSWORD - CKAN_DB diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile index a1448d0..121a711 100755 --- a/postgresql/Dockerfile +++ b/postgresql/Dockerfile @@ -1,7 +1,4 @@ FROM postgres:12-alpine -# Allow connections; we don't map out any ports so only linked docker containers can connect -RUN echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf - # Include extra setup scripts (eg datastore) ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d \ No newline at end of file From 6e92deebfa94a957f82779a77f7f020cedbcfd3e Mon Sep 17 00:00:00 2001 From: GauravPandey-NECI <66116382+Gauravp-NEC@users.noreply.github.com> Date: Sun, 23 Jul 2023 23:22:33 +0530 Subject: [PATCH 09/17] Added steps for user creation --- README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f45b24b..8c116e1 100644 --- a/README.md +++ b/README.md @@ -237,11 +237,31 @@ For more information please see [ckanext-envvars](https://github.com/okfn/ckanex For convenience the CKAN_SITE_URL parameter should be set in the .env file. For development it can be set to http://localhost:5000 and non-development set to https://localhost:8443 -## 13. Changing the base image +## 13. Create and Manager users + +1. Create a user on host, For example to create a new user called 'admin' + + `docker exec -it ckan -c ckan.ini user add admin email=admin@localhost` + + To delete the 'admin' user + + `docker exec -it ckan -c ckan.ini user remove admin` + +2. Create a user within the ckan container, For example to create a new user called 'admin' + + `ckan -c ckan.ini user add admin email=admin@localhost` + + To delete the 'admin' user + + `ckan -c ckan.ini user remove admin` + +3. Update one of the initialisation scripts eg: `start_ckan.sh` or `prerun.py` + +## 14. Changing the base image The base image used in the CKAN Dockerfile and Dockerfile.dev can be changed so a different DockerHub image is used eg: ckan/ckan-base:2.9.9 could be used instead of ckan/ckan-base:2.10.1 -## 14. Replacing DataPusher with XLoader +## 15. Replacing DataPusher with XLoader Check out the wiki page for this: https://github.com/ckan/ckan-docker/wiki/Replacing-DataPusher-with-XLoader From 7fb7ce3a1a301b9eb8cc212a706783efebf51ef9 Mon Sep 17 00:00:00 2001 From: Brett Jones <54408245+kowh-ai@users.noreply.github.com> Date: Tue, 25 Jul 2023 08:49:17 +0200 Subject: [PATCH 10/17] Update README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8c116e1..c11a3af 100644 --- a/README.md +++ b/README.md @@ -237,9 +237,9 @@ For more information please see [ckanext-envvars](https://github.com/okfn/ckanex For convenience the CKAN_SITE_URL parameter should be set in the .env file. For development it can be set to http://localhost:5000 and non-development set to https://localhost:8443 -## 13. Create and Manager users +## 13. Manage new users -1. Create a user on host, For example to create a new user called 'admin' +1. Create a new user from the Docker host, for example to create a new user called 'admin' `docker exec -it ckan -c ckan.ini user add admin email=admin@localhost` @@ -247,7 +247,7 @@ For convenience the CKAN_SITE_URL parameter should be set in the .env file. For `docker exec -it ckan -c ckan.ini user remove admin` -2. Create a user within the ckan container, For example to create a new user called 'admin' +2. Create a new user from within the ckan container. You will need to get a session on the running container `ckan -c ckan.ini user add admin email=admin@localhost` @@ -255,8 +255,6 @@ For convenience the CKAN_SITE_URL parameter should be set in the .env file. For `ckan -c ckan.ini user remove admin` -3. Update one of the initialisation scripts eg: `start_ckan.sh` or `prerun.py` - ## 14. Changing the base image The base image used in the CKAN Dockerfile and Dockerfile.dev can be changed so a different DockerHub image is used eg: ckan/ckan-base:2.9.9 From d29d4c69affac2ed8e3f256609bacfbec5f78964 Mon Sep 17 00:00:00 2001 From: Brett Date: Mon, 31 Jul 2023 12:03:15 +0100 Subject: [PATCH 11/17] Update .env and .env.example files to use Solr 9 --- .env | 2 +- .env.example | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 21d25d4..136156d 100644 --- a/.env +++ b/.env @@ -49,7 +49,7 @@ CKAN_SMTP_MAIL_FROM=ckan@localhost TZ=UTC # Solr -SOLR_IMAGE_VERSION=2.9-solr8 +SOLR_IMAGE_VERSION=2.10-solr9 CKAN_SOLR_URL=http://solr:8983/solr/ckan TEST_CKAN_SOLR_URL=http://solr:8983/solr/ckan diff --git a/.env.example b/.env.example index cc9220a..209b617 100644 --- a/.env.example +++ b/.env.example @@ -49,7 +49,7 @@ CKAN_SMTP_MAIL_FROM=ckan@localhost TZ=UTC # Solr -SOLR_IMAGE_VERSION=2.9-solr8 +SOLR_IMAGE_VERSION=2.10-solr9 CKAN_SOLR_URL=http://solr:8983/solr/ckan TEST_CKAN_SOLR_URL=http://solr:8983/solr/ckan From 98cefbd3a7584039c7fa81221af4782d57f0a579 Mon Sep 17 00:00:00 2001 From: Brett Date: Mon, 31 Jul 2023 12:14:50 +0100 Subject: [PATCH 12/17] Update docker-compose.yml --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 9411d1c..0f5330f 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ version: "3" + volumes: ckan_storage: pg_data: From bec42c3974b3d4dfe811bf836568f01032659258 Mon Sep 17 00:00:00 2001 From: Brett Date: Mon, 31 Jul 2023 13:44:47 +0100 Subject: [PATCH 13/17] Update .gitignore Remove .env from the GitHub repo --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 06c7c30..a3d88d5 100755 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ _service-provider/* _solr/schema.xml _src/* local/* +.env From 5564c85d5e0606f24b6574875848b4ead08af079 Mon Sep 17 00:00:00 2001 From: Brett Date: Mon, 31 Jul 2023 16:12:55 +0100 Subject: [PATCH 14/17] Update to Solr 9 --- .env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.example b/.env.example index ba7207e..07ab2b5 100644 --- a/.env.example +++ b/.env.example @@ -54,7 +54,7 @@ CKAN_SMTP_MAIL_FROM=ckan@localhost TZ=UTC # Solr -SOLR_IMAGE_VERSION=2.9-solr8 +SOLR_IMAGE_VERSION=2.10-solr9 CKAN_SOLR_URL=http://solr:8983/solr/ckan TEST_CKAN_SOLR_URL=http://solr:8983/solr/ckan From aed99166ce4dbc7c6becb20b1f36941c87ae7fd4 Mon Sep 17 00:00:00 2001 From: Brett Date: Mon, 31 Jul 2023 16:48:44 +0100 Subject: [PATCH 15/17] remove .env file --- .env | 82 ------------------------------------------------------------ 1 file changed, 82 deletions(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index 07ab2b5..0000000 --- a/.env +++ /dev/null @@ -1,82 +0,0 @@ -# Container names -NGINX_CONTAINER_NAME=nginx -REDIS_CONTAINER_NAME=redis -POSTGRESQL_CONTAINER_NAME=db -SOLR_CONTAINER_NAME=solr -DATAPUSHER_CONTAINER_NAME=datapusher -CKAN_CONTAINER_NAME=ckan -WORKER_CONTAINER_NAME=ckan-worker - -# Host Ports -CKAN_PORT_HOST=5000 -NGINX_PORT_HOST=81 -NGINX_SSLPORT_HOST=8443 - -# CKAN databases -POSTGRES_USER=postgres -POSTGRES_PASSWORD=postgres -POSTGRES_DB=postgres -POSTGRES_HOST=db -CKAN_DB_USER=ckandbuser -CKAN_DB_PASSWORD=ckandbpassword -CKAN_DB=ckandb -DATASTORE_READONLY_USER=datastore_ro -DATASTORE_READONLY_PASSWORD=datastore -DATASTORE_DB=datastore -CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb -CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore -CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore - -# Test database connections -TEST_CKAN_SQLALCHEMY_URL=postgres://ckan:ckan@db/ckan_test -TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test -TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test - -# CKAN core -CKAN_VERSION=2.10.0 -CKAN_SITE_ID=default -CKAN_SITE_URL=https://localhost:8443 -CKAN_PORT=5000 -CKAN_PORT_HOST=5000 -CKAN___BEAKER__SESSION__SECRET=CHANGE_ME -# See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings -CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME -CKAN___API_TOKEN__JWT__DECODE__SECRET=string:CHANGE_ME -CKAN_SYSADMIN_NAME=ckan_admin -CKAN_SYSADMIN_PASSWORD=test1234 -CKAN_SYSADMIN_EMAIL=your_email@example.com -CKAN_STORAGE_PATH=/var/lib/ckan -CKAN_SMTP_SERVER=smtp.corporateict.domain:25 -CKAN_SMTP_STARTTLS=True -CKAN_SMTP_USER=user -CKAN_SMTP_PASSWORD=pass -CKAN_SMTP_MAIL_FROM=ckan@localhost -TZ=UTC - -# Solr -SOLR_IMAGE_VERSION=2.10-solr9 -CKAN_SOLR_URL=http://solr:8983/solr/ckan -TEST_CKAN_SOLR_URL=http://solr:8983/solr/ckan - -# Redis -REDIS_VERSION=6 -CKAN_REDIS_URL=redis://redis:6379/1 -TEST_CKAN_REDIS_URL=redis://redis:6379/1 - -# Datapusher -DATAPUSHER_VERSION=0.0.20 -CKAN_DATAPUSHER_URL=http://datapusher:8800 -CKAN__DATAPUSHER__CALLBACK_URL_BASE=http://ckan:5000 -DATAPUSHER_REWRITE_RESOURCES=True -DATAPUSHER_REWRITE_URL=http://ckan:5000 - -# NGINX -NGINX_PORT=80 -NGINX_SSLPORT=443 - -# Extensions -CKAN__PLUGINS="envvars image_view text_view recline_view datastore datapusher" -CKAN__HARVEST__MQ__TYPE=redis -CKAN__HARVEST__MQ__HOSTNAME=redis -CKAN__HARVEST__MQ__PORT=6379 -CKAN__HARVEST__MQ__REDIS_DB=1 From aef081200dddcda354f279bc2c21b2ffd50edba0 Mon Sep 17 00:00:00 2001 From: Brett Date: Fri, 4 Aug 2023 11:53:16 +0100 Subject: [PATCH 16/17] Update docker-compose.dev.yml db service needed env entries --- docker-compose.dev.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 2bc7894..0cf6312 100755 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -44,9 +44,15 @@ services: build: context: postgresql/ environment: - - DATASTORE_READONLY_PASSWORD + - POSTGRES_USER - POSTGRES_PASSWORD + - POSTGRES_DB + - CKAN_DB_USER - CKAN_DB_PASSWORD + - CKAN_DB + - DATASTORE_READONLY_USER + - DATASTORE_READONLY_PASSWORD + - DATASTORE_DB volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped From 0dbcbe055a91725a5561be75ddd911c9da02c62a Mon Sep 17 00:00:00 2001 From: mjanez <96422458+mjanez@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:02:53 +0200 Subject: [PATCH 17/17] Update Solr 9 --- .env.example | 2 +- solr/Dockerfile | 2 +- solr/Dockerfile.spatial | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 20d86cc..b0e9dda 100644 --- a/.env.example +++ b/.env.example @@ -19,7 +19,7 @@ APACHE_PORT_HOST=80 PYCSW_PORT_HOST=8000 # Solr -SOLR_IMAGE_VERSION=2.9-solr8-spatial +SOLR_IMAGE_VERSION=2.9-solr9-spatial SOLR_PORT=8983 CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan TEST_CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan diff --git a/solr/Dockerfile b/solr/Dockerfile index cb9c480..1d2f171 100644 --- a/solr/Dockerfile +++ b/solr/Dockerfile @@ -1,4 +1,4 @@ -FROM solr:8 +FROM solr:9 ENV SOLR_PORT=8983 diff --git a/solr/Dockerfile.spatial b/solr/Dockerfile.spatial index ff5faa3..9538491 100644 --- a/solr/Dockerfile.spatial +++ b/solr/Dockerfile.spatial @@ -1,4 +1,4 @@ -FROM solr:8 +FROM solr:9 ENV SOLR_PORT=8983