diff --git a/.env.example b/.env.example index 20d86cc..c3e6a2c 100644 --- a/.env.example +++ b/.env.example @@ -13,13 +13,13 @@ PYCSW_CONTAINER_NAME=pycsw # Host Ports CKAN_PORT_HOST=5000 -NGINX_PORT_HOST=80 +NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 -APACHE_PORT_HOST=80 +APACHE_PORT_HOST=81 PYCSW_PORT_HOST=8000 # Solr -SOLR_IMAGE_VERSION=2.9-solr8-spatial +SOLR_IMAGE_VERSION=2.9-solr9-spatial SOLR_PORT=8983 CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan TEST_CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan @@ -47,8 +47,8 @@ PROXY_PYCSW_LOCATION=/csw # pycsw PYCSW_PORT=8000 -CKAN_URL=http://localhost/catalog -PYCSW_URL=http://localhost/csw +CKAN_URL=https://localhost:8443/catalog +PYCSW_URL=https://localhost:8443/csw # SCHEMAS: ckan2pycsw/model/dataset.py - Dataset type PYCSW_CKAN_SCHEMA=iso19139_geodcatap PYCSW_OUPUT_SCHEMA=iso19139_inspire @@ -61,13 +61,18 @@ PYCSW_CRON_HOUR_START=4 TZ=UTC # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres +POSTGRES_HOST=db +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +DATASTORE_DB=datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections @@ -80,7 +85,7 @@ TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_te CKAN_VERSION=2.9.9 CKAN_SITE_ID=default # CKAN_SITE_URL = http:/ or https:/ + PROXY_SERVER_NAME. Optionally the APACHE_HOST_PORT if different from 80 -CKAN_SITE_URL=http://localhost +CKAN_SITE_URL=https://localhost:8443 CKAN__ROOT_PATH=/catalog/{{LANG}} CKAN_PORT=5000 CKAN__FAVICON=/catalog/base/images/ckan.ico @@ -131,7 +136,7 @@ CKANEXT__XLOADER__API_TOKEN=api_token CKANEXT__XLOADER__JOBS__DB_URI=postgresql://ckan:ckan@db/ckan # ckanext-dcat -CKANEXT__DCAT__BASE_URI=http://localhost/catalog +CKANEXT__DCAT__BASE_URI=https://localhost:8443/catalog CKANEXT__DCAT__RDF_PROFILES="euro_dcat_ap_2 euro_dcat_ap" # ckanext-spatial (Solr Backend - solr8-spatial) diff --git a/.gitignore b/.gitignore index b125056..daf6225 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,4 @@ src/* !src/README.md # environment -.env \ No newline at end of file +.env diff --git a/README.md b/README.md index f40c301..bcced97 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,7 @@ versions for client and server. > Learn more about [Docker](#docker-basic-commands)/[Docker Compose](#docker-compose-basic-commands) basic commands. > + ## Install (build and run) CKAN plus dependencies ### Base mode Use this if you are a maintainer and will not be making code changes to CKAN or to CKAN extensions. @@ -168,6 +169,7 @@ After this step, CKAN should be running at {`PROXY_SERVER_NAME`}{`PROXY_CKAN_LOC |2cdd25cea0de|ckan-docker-db |docker-entrypoint.s…|6 minutes ago |Up 4 minutes (healthy)|5432/tcp |db | | |9cdj25dae6gr|ckan-docker-pycsw |docker-entrypoint.s…|6 minutes ago |Up 4 minutes (healthy)|8000/tcp |pycsw | | + ### Quick mode If you just want to test the package and see the general functionality of the platform, you can use the `ckan-spatial` image from the [Github container registry](https://github.com/mjanez/ckan-docker/pkgs/container/ckan-spatial): @@ -179,6 +181,7 @@ If you just want to test the package and see the general functionality of the pl It will download the pre-built image and deploy all the containers. Remember to use your own domain by changing `localhost` in the `.env` file. + ### Development mode Use this mode if you are making code changes to CKAN and either creating new extensions or making code changes to existing extensions. This mode also uses the `.env` file for config options. @@ -238,7 +241,6 @@ The Docker image config files used to build your CKAN project are located in the >``` - ## CKAN images enhancement ### Extending the base images You can modify the docker files to build your own customized image tailored to your project, installing any extensions and extra requirements needed. For example here is where you would update to use a different CKAN base image ie: `ckan/ckan-base-spatial:` @@ -310,7 +312,8 @@ ckan ## ckan-docker addons -### VSCode dev containers +### Debugging +#### VSCode dev containers The [Visual Studio Code Dev Containers](https://code.visualstudio.com/docs/devcontainers/containers) extension is a powerful tool that enables developers to use a container as a complete development environment. With this extension, developers can open any folder inside a container and take advantage of the full range of features provided by Visual Studio Code. To do this, developers create a `devcontainer.json `file in their project that specifies how to access or create a development container with a predefined tool and runtime stack. This allows developers to work in an isolated environment, ensuring that the development environment is consistent across team members and that project dependencies are easy to manage. ![Developing inside a Container](https://code.visualstudio.com/assets/docs/devcontainers/containers/architecture-containers.png) @@ -330,7 +333,7 @@ The [Visual Studio Code Dev Containers](https://code.visualstudio.com/docs/devco 7. VSCode will start a new container based on the configuration settings in your `devcontainer.json` file. Once the container is started, you can work on your project just like you would on your local machine. -### pdb +#### pdb Add these lines to the `ckan-dev` service in the docker compose.dev.yml file ![pdb](https://user-images.githubusercontent.com/54408245/179964232-9e98a451-5fe9-4842-ba9b-751bcc627730.png) @@ -340,11 +343,8 @@ Debug with pdb (example) - Interact with `docker attach $(docker container ls -q command: `python -m pdb /usr/lib/ckan/venv/bin/ckan --config /srv/app/ckan.ini run --host 0.0.0.0 --passthrough-errors` -### Datastore -The Datastore database and user is created as part of the entrypoint scripts for the db container. - - -### NGINX +### Reverse proxy +#### NGINX The default Docker Compose configuration ([`docker-compose.yml`](/docker-compose.yml)) uses an NGINX image as the front-end (ie: reverse proxy). It includes HTTPS running on port number 8443 and an HTTP port (81). A "self-signed" SSL certificate is generated beforehand and the server certificate and key files are included. The NGINX `server_name` (ENV: `PROXY_SERVER_NAME`) directive and the `CN` field in the SSL certificate have been both set to 'localhost'. This should obviously not be used for production. The proxy locations, ports and other NGINX options can be modified in the `.env` file: @@ -359,17 +359,18 @@ NGINX_SSLPORT=443 NGINX_LOG_DIR=/var/log/nginx # Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. Leave blank or use the root `/`. -PROXY_SERVER_NAME=192.168.68.106 +PROXY_SERVER_NAME=localhost PROXY_CKAN_LOCATION=/catalog PROXY_PYCSW_LOCATION=/csw ``` +The base Docker Compose configuration uses an NGINX image as the front-end (ie: reverse proxy). It includes HTTPS running on port number 8443. A "self-signed" SSL certificate is generated as part of the ENTRYPOINT. The ENV `PROXY_SERVER_NAME`, NGINX `server_name` directive and the `CN` field in the SSL certificate have been both set to 'localhost'. This should obviously not be used for production. Creating the SSL cert and key files as follows: `openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=DE/ST=Berlin/L=Berlin/O=None/CN=localhost" -keyout ckan-local.key -out ckan-local.crt` The `ckan-local.*` files will then need to be moved into the nginx/setup/ directory -### Apache HTTP Server +#### Apache HTTP Server The Docker Compose configuration ([`docker-compose.apache.yml`](/docker-compose.apache.yml)) uses an httpd image as the front-end. It has two routes for the ckan (default location: `/catalog`) and ckan-pycsw (default location: `/csw`) services. The proxy locations, ports and other Apache Web Server options can be modified in the `.env` file: @@ -383,7 +384,7 @@ APACHE_PORT=80 APACHE_LOG_DIR=/var/log/apache # Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. Leave blank or use the root `/`. -PROXY_SERVER_NAME=192.168.68.106 +PROXY_SERVER_NAME=localhost PROXY_CKAN_LOCATION=/catalog PROXY_PYCSW_LOCATION=/csw ``` @@ -409,9 +410,15 @@ These parameters can be added to the `.env` file For more information please see [ckanext-envvars](https://github.com/okfn/ckanext-envvars) -## xloader + +### Datastore +The Datastore database and user is created as part of the entrypoint scripts for the db container. + + +### xloader To replacing DataPusher with XLoader check out the wiki page for this: https://github.com/ckan/ckan-docker/wiki/Replacing-DataPusher-with-XLoader + ### ckan-pycsw [ckan-pycsw](https://github.com/mjanez/ckan-pycsw) is a docker compose environment (based on [pycsw](https://github.com/geopython/pycsw)) for development and testing with CKAN Open Data portals.[^5] @@ -419,11 +426,13 @@ Available components: * **pycsw**: The pycsw app. An [OARec](https://ogcapi.ogc.org/records) and [OGC CSW](https://opengeospatial.org/standards/cat) server implementation written in Python. * **ckan2pycsw**: Software to achieve interoperability with the open data portals based on CKAN. To do this, ckan2pycsw reads data from an instance using the CKAN API, generates ISO-19115/ISO-19139 metadata using [pygeometa](https://geopython.github.io/pygeometa/), or a custom schema that is based on a customized CKAN schema, and populates a [pycsw](https://pycsw.org/) instance that exposes the metadata using CSW and OAI-PMH. + ## ckan-docker tips ### CKAN. Backups PostgreSQL offers the command line tools [`pg_dump`](https://www.postgresql.org/docs/current/static/app-pgdump.html) and [`pg_restore`](https://www.postgresql.org/docs/current/static/app-pgrestore.html) for dumping and restoring a database and its content to/from a file. -### Backup service for db container + +#### Backup service for db container 1. Create a new file called `ckan_backup_custom.sh` and open it in your preferred text editor. 2. Add the following code to the script, replacing the placeholders with your actual values: @@ -480,7 +489,8 @@ The cronjob is now set up and will backup your CKAN PostgreSQL database daily at >**Info**
> Sample scripts for backing up CKAN: [`doc/scripts`](doc/scripts) -### Restore a backup + +#### Restore a backup If need to use a backup, restore it: 1. First clean the database. **Caution, this will delete all data from your CKAN database!** @@ -498,6 +508,33 @@ If need to use a backup, restore it: docker exec -e PGPASSWORD=$POSTGRES_PASSWORD $POSTGRESQL_CONTAINER_NAME pg_restore -U $POSTGRES_USER --clean --if-exists -d $DATABASE_NAME < /path/to/your/backup/directory/ckan.dump ``` + +### CKAN. Manage new users + +1. Create a new user from the Docker host, for example to create a new user called 'admin' + + ```bash + docker exec -it ckan -c ckan.ini user add admin email=admin@localhost + ``` + + To delete the 'admin' user + + ```bash + docker exec -it ckan -c ckan.ini user remove admin` + ``` + +1. Create a new user from within the ckan container. You will need to get a session on the running container + + ```bash + ckan -c ckan.ini user add admin email=admin@localhost` + ``` + + To delete the 'admin' user + ```bash + ckan -c ckan.ini user remove admin` + ``` + + ### Docker. Basic commands #### Linux post-install steps [These optional post-installation procedures](https://docs.docker.com/engine/install/linux-postinstall/) shows you how to configure your Linux host machine to work better with Docker. For example, managing docker with [a non-root user](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user). @@ -510,6 +547,7 @@ sudo systemctl enable docker sudo systemctl disable docker ``` + #### Clear all Docker unused objects (images, containers, networks, local volumes) ```bash docker system prune # Clear all @@ -520,6 +558,7 @@ docker volume prune # Clear unused volumes docker network prune # Clear unused networks ``` + ### Docker Compose. Basic commands More info about Docker Compose commands at [docker compose reference](https://docs.docker.com/compose/reference/). @@ -569,6 +608,7 @@ docker compose [-f ] -p up -d --build docker compose [-p ] down ``` + ### Docker Compose. Configure a docker compose service to start on boot To have Docker Compose run automatically when you reboot a machine, you can follow the steps below: 1. Create a systemd service file for Docker Compose. You can create a file named `ckan-docker-compose.service` in the `/etc/systemd/system/` folder with the following content: diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 3492e61..bfb252c 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -74,23 +74,21 @@ services: container_name: ${POSTGRESQL_CONTAINER_NAME} build: context: postgresql/ - args: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} environment: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - PGDATA=/var/lib/postgresql/data/db - logging: - driver: "json-file" - options: - max-size: "100m" - max-file: "10" + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - CKAN_DB_USER + - CKAN_DB_PASSWORD + - CKAN_DB + - DATASTORE_READONLY_USER + - DATASTORE_READONLY_PASSWORD + - DATASTORE_DB volumes: - pg_data:/var/lib/postgresql/data restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "ckan"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}", "-d", "${POSTGRES_DB}"] solr: container_name: ${SOLR_CONTAINER_NAME} @@ -112,9 +110,6 @@ services: redis: container_name: ${REDIS_CONTAINER_NAME} - # build: - # context: redis/ - # dockerfile: Dockerfile image: redis:${REDIS_VERSION} logging: driver: "json-file" diff --git a/docker-compose.yml b/docker-compose.yml index aafe87a..c3770f5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ version: "3" + volumes: ckan_storage: pg_data: @@ -18,11 +19,13 @@ services: options: max-size: "100m" max-file: "10" + networks: + - webnet + - ckannet depends_on: ckan: condition: service_healthy ports: - - "0.0.0.0:${NGINX_PORT_HOST}:${NGINX_PORT}" - "0.0.0.0:${NGINX_SSLPORT_HOST}:${NGINX_SSLPORT}" ckan: @@ -30,6 +33,13 @@ services: build: context: ckan/ dockerfile: Dockerfile + args: + - TZ=${TZ} + networks: + - ckannet + - dbnet + - solrnet + - redisnet env_file: - .env logging: @@ -44,8 +54,6 @@ services: condition: service_healthy redis: condition: service_healthy - ports: - - "0.0.0.0:${CKAN_PORT_HOST}:${CKAN_PORT}" volumes: - ckan_storage:/var/lib/ckan restart: unless-stopped @@ -64,6 +72,9 @@ services: options: max-size: "100m" max-file: "10" + networks: + - webnet + - ckannet depends_on: ckan: condition: service_healthy @@ -80,13 +91,18 @@ services: container_name: ${POSTGRESQL_CONTAINER_NAME} build: context: postgresql/ - args: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + networks: + - dbnet environment: - - DATASTORE_READONLY_PASSWORD=${DATASTORE_READONLY_PASSWORD} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - PGDATA=/var/lib/postgresql/data/db + - POSTGRES_USER + - POSTGRES_PASSWORD + - POSTGRES_DB + - CKAN_DB_USER + - CKAN_DB_PASSWORD + - CKAN_DB + - DATASTORE_READONLY_USER + - DATASTORE_READONLY_PASSWORD + - DATASTORE_DB volumes: - pg_data:/var/lib/postgresql/data logging: @@ -96,13 +112,15 @@ services: max-file: "10" restart: unless-stopped healthcheck: - test: ["CMD", "pg_isready", "-U", "ckan"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}", "-d", "${POSTGRES_DB}"] solr: container_name: ${SOLR_CONTAINER_NAME} build: context: solr/ dockerfile: Dockerfile.spatial + networks: + - solrnet image: ckan/ckan-solr:${SOLR_IMAGE_VERSION} env_file: - .env @@ -125,6 +143,18 @@ services: options: max-size: "100m" max-file: "10" + networks: + - redisnet restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "-e", "QUIT"] + +networks: + webnet: + ckannet: + solrnet: + internal: true + dbnet: + internal: true + redisnet: + internal: true diff --git a/nginx/Dockerfile b/nginx/Dockerfile index edf5d0c..1d3f96f 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -14,13 +14,22 @@ ENV NGINX_PORT=80 ENV NGINX_LOG_DIR=/var/log/nginx ENV NGINX_DIR=/etc/nginx -RUN mkdir -p ${NGINX_LOG_DIR} +RUN mkdir -p ${NGINX_LOG_DIR} && \ + mkdir -p ${NGINX_DIR}/certs && \ + apk update --no-cache && \ + apk upgrade --no-cache && \ + apk add --no-cache openssl COPY setup/nginx.conf ${NGINX_DIR}/nginx.conf COPY setup/index.html /usr/share/nginx/html/index.html COPY setup/default.conf.template ${NGINX_DIR}/templates/default.conf.template -RUN mkdir -p ${NGINX_DIR}/certs -COPY setup/ckan-local.* ${NGINX_DIR}/certs/ - -EXPOSE ${NGINX_PORT} \ No newline at end of file +ENTRYPOINT \ + openssl req \ + -subj '/C=DE/ST=Berlin/L=Berlin/O=None/CN=${PROXY_SERVER_NAME}' \ + -x509 -newkey rsa:4096 \ + -nodes -keyout /etc/nginx/ssl/default_key.pem \ + -keyout ${NGINX_DIR}/certs/ckan-local.key \ + -out ${NGINX_DIR}/certs/ckan-local.crt \ + -days 365 && \ + nginx -g 'daemon off;' \ No newline at end of file diff --git a/nginx/setup/default.conf.template b/nginx/setup/default.conf.template index 1bdd8a4..3e67f92 100644 --- a/nginx/setup/default.conf.template +++ b/nginx/setup/default.conf.template @@ -6,6 +6,18 @@ server { server_name ${PROXY_SERVER_NAME}; ssl_certificate /etc/nginx/certs/ckan-local.crt; ssl_certificate_key /etc/nginx/certs/ckan-local.key; + + # TLS 1.2 & 1.3 only + ssl_protocols TLSv1.2 TLSv1.3; + + # Disable weak ciphers + ssl_prefer_server_ciphers on; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + + # SSL sessions + ssl_session_timeout 1d; + # ssl_session_cache dfine in stream and http + ssl_session_tickets off; #access_log /var/log/nginx/host.access.log main; @@ -29,13 +41,15 @@ server { proxy_cache_key $host$scheme$proxy_host$request_uri; } - error_page 404 /404.html; + error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html; - # redirect server error pages to the static page /50x.html + # redirect server error pages to the static page /error.html # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; + location = /error.html { + ssi on; + internal; + auth_basic off; + root /usr/share/nginx/html; } } \ No newline at end of file diff --git a/nginx/setup/nginx.conf b/nginx/setup/nginx.conf index b14c5be..ddc819c 100644 --- a/nginx/setup/nginx.conf +++ b/nginx/setup/nginx.conf @@ -22,14 +22,70 @@ http { access_log /var/log/nginx/access.log main; sendfile on; - #tcp_nopush on; - + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; keepalive_timeout 65; - #gzip on; + # Don't expose Nginx version + server_tokens off; + + # Prevent clickjacking attacks + add_header X-Frame-Options "SAMEORIGIN"; + + # Mitigate Cross-Site scripting attack + add_header X-XSS-Protection "1; mode=block"; + + # Enable gzip encryption + gzip on; proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m; proxy_temp_path /tmp/nginx_proxy 1 2; include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file + + # Error status text + map $status $status_text { + 400 'Bad Request'; + 401 'Unauthorized'; + 402 'Payment Required'; + 403 'Forbidden'; + 404 'Not Found'; + 405 'Method Not Allowed'; + 406 'Not Acceptable'; + 407 'Proxy Authentication Required'; + 408 'Request Timeout'; + 409 'Conflict'; + 410 'Gone'; + 411 'Length Required'; + 412 'Precondition Failed'; + 413 'Payload Too Large'; + 414 'URI Too Long'; + 415 'Unsupported Media Type'; + 416 'Range Not Satisfiable'; + 417 'Expectation Failed'; + 418 'I\'m a teapot'; + 421 'Misdirected Request'; + 422 'Unprocessable Entity'; + 423 'Locked'; + 424 'Failed Dependency'; + 425 'Too Early'; + 426 'Upgrade Required'; + 428 'Precondition Required'; + 429 'Too Many Requests'; + 431 'Request Header Fields Too Large'; + 451 'Unavailable For Legal Reasons'; + 500 'Internal Server Error'; + 501 'Not Implemented'; + 502 'Bad Gateway'; + 503 'Service Unavailable'; + 504 'Gateway Timeout'; + 505 'HTTP Version Not Supported'; + 506 'Variant Also Negotiates'; + 507 'Insufficient Storage'; + 508 'Loop Detected'; + 510 'Not Extended'; + 511 'Network Authentication Required'; + default 'Something is wrong'; + } +} diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile index 42ea06f..f956e08 100755 --- a/postgresql/Dockerfile +++ b/postgresql/Dockerfile @@ -1,13 +1,4 @@ FROM postgres:15-alpine -# Allow connections; we don't map out any ports so only linked docker containers can connect -RUN echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf - -# Customize default user/pass/db -ENV POSTGRES_DB ckan -ENV POSTGRES_USER ckan -ARG POSTGRES_PASSWORD -ARG DATASTORE_READONLY_PASSWORD - # Include extra setup scripts (eg datastore) -ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d +ADD docker-entrypoint-initdb.d /docker-entrypoint-initdb.d \ No newline at end of file diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh new file mode 100755 index 0000000..1c9c4ca --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/10_create_ckandb.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE ROLE "$CKAN_DB_USER" NOSUPERUSER CREATEDB CREATEROLE LOGIN PASSWORD '$CKAN_DB_PASSWORD'; + CREATE DATABASE "$CKAN_DB" OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL diff --git a/postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql b/postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql deleted file mode 100755 index 8038de0..0000000 --- a/postgresql/docker-entrypoint-initdb.d/10_create_datastore.sql +++ /dev/null @@ -1,4 +0,0 @@ -\set datastore_ro_password '\'' `echo $DATASTORE_READONLY_PASSWORD` '\'' - -CREATE ROLE datastore_ro NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD :datastore_ro_password; -CREATE DATABASE datastore OWNER ckan ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh new file mode 100755 index 0000000..968e443 --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/20_create_datastore.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE ROLE "$DATASTORE_READONLY_USER" NOSUPERUSER NOCREATEDB NOCREATEROLE LOGIN PASSWORD '$DATASTORE_READONLY_PASSWORD'; + CREATE DATABASE "$DATASTORE_DB" OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL \ No newline at end of file diff --git a/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql b/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql deleted file mode 100755 index 140f2e5..0000000 --- a/postgresql/docker-entrypoint-initdb.d/20_setup_test_databases.sql +++ /dev/null @@ -1,2 +0,0 @@ -CREATE DATABASE ckan_test OWNER ckan ENCODING 'utf-8'; -CREATE DATABASE datastore_test OWNER ckan ENCODING 'utf-8'; diff --git a/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql new file mode 100755 index 0000000..da55af3 --- /dev/null +++ b/postgresql/docker-entrypoint-initdb.d/30_setup_test_databases.sql @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE DATABASE ckan_test OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; + CREATE DATABASE datastore_test OWNER "$CKAN_DB_USER" ENCODING 'utf-8'; +EOSQL diff --git a/samples/.env.apache.example b/samples/.env.apache.example index d24e5e5..2dac0d1 100644 --- a/samples/.env.apache.example +++ b/samples/.env.apache.example @@ -2,20 +2,21 @@ APP_DIR=/srv/app # Container names -NGINX_CONTAINER_NAME=nginx REDIS_CONTAINER_NAME=redis POSTGRESQL_CONTAINER_NAME=db SOLR_CONTAINER_NAME=solr CKAN_CONTAINER_NAME=ckan WORKER_CONTAINER_NAME=ckan-worker +APACHE_CONTAINER_NAME=apache +PYCSW_CONTAINER_NAME=pycsw # Host Ports CKAN_PORT_HOST=5000 -NGINX_PORT_HOST=80 -NGINX_SSLPORT_HOST=8443 +APACHE_PORT_HOST=81 +PYCSW_PORT_HOST=8000 # Solr -SOLR_IMAGE_VERSION=2.9-solr8-spatial +SOLR_IMAGE_VERSION=2.9-solr9-spatial SOLR_PORT=8983 CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan TEST_CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan @@ -25,18 +26,45 @@ REDIS_VERSION=7-alpine CKAN_REDIS_URL=redis://redis:6379/1 TEST_CKAN_REDIS_URL=redis://redis:6379/1 -# NGINX -NGINX_PORT=80 -NGINX_SSLPORT=443 +# Apache HTTP Server +APACHE_VERSION=2.4-alpine +APACHE_PORT=80 +APACHE_LOG_DIR=/var/log/apache + +#NIGNX/APACHE +## Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. Leave blank or use the root `/`. +PROXY_SERVER_NAME=localhost +PROXY_CKAN_LOCATION=/catalog +PROXY_PYCSW_LOCATION=/csw + +# pycsw +PYCSW_PORT=8000 +CKAN_URL=https://localhost:8443/catalog +PYCSW_URL=https://localhost:8443/csw +# SCHEMAS: ckan2pycsw/model/dataset.py - Dataset type +PYCSW_CKAN_SCHEMA=iso19139_geodcatap +PYCSW_OUPUT_SCHEMA=iso19139_inspire +# ckan-pycsw schedule +## ckan2pycsw days between each scheduler job +PYCSW_CRON_DAYS_INTERVAL=2 +# ckan2pycsw hour of start of the scheduler job (0-23) +PYCSW_CRON_HOUR_START=4 +## Timezone +TZ=UTC # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres +POSTGRES_HOST=db +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +DATASTORE_DB=datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections @@ -45,10 +73,14 @@ TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test # CKAN core +## If use docker-compose.ghcr.yml only "*.*.*" versions available in: https://github.com/mjanez/ckan-docker/pkgs/container/ckan-spatial CKAN_VERSION=2.9.9 CKAN_SITE_ID=default -CKAN_SITE_URL=http://localhost:5000 +# CKAN_SITE_URL = http:/ or https:/ + PROXY_SERVER_NAME. Optionally the APACHE_HOST_PORT if different from 80 +CKAN_SITE_URL=https://localhost:8443 +CKAN__ROOT_PATH=/catalog/{{LANG}} CKAN_PORT=5000 +CKAN__FAVICON=/catalog/base/images/ckan.ico CKAN___BEAKER__SESSION__SECRET=CHANGE_ME # See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME @@ -62,7 +94,6 @@ CKAN_SMTP_STARTTLS=True CKAN_SMTP_USER=user CKAN_SMTP_PASSWORD=pass CKAN_SMTP_MAIL_FROM=ckan@localhost -TZ=UTC ## Customize which text formats the text_view plugin will show CKAN__PREVIEW__JSON_FORMATS="json jsonld" # html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json @@ -84,7 +115,7 @@ CKAN__LOCALE_DEFAULT="en" CKAN__LOCALE_ORDER="en es pt_BR ja it cs_CZ ca fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv" # Extensions -CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_datasets scheming_groups scheming_organizations pdf_view pages" +CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_dcat_datasets scheming_dcat_groups scheming_dcat_organizations scheming_dcat pdf_view pages" # ckanext-harvest CKAN__HARVEST__MQ__TYPE=redis @@ -97,21 +128,15 @@ CKANEXT__XLOADER__API_TOKEN=api_token CKANEXT__XLOADER__JOBS__DB_URI=postgresql://ckan:ckan@db/ckan # ckanext-dcat -CKANEXT__DCAT__BASE_URI=https://localhost:5000/ +CKANEXT__DCAT__BASE_URI=https://localhost:8443/catalog CKANEXT__DCAT__RDF_PROFILES="euro_dcat_ap_2 euro_dcat_ap" -# ckanext-scheming: setup_scheming.sh -CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming:ckan_geodcatap.yaml" -CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming:ckan_group_geodcatap.json" -CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming:ckan_org_geodcatap.json" -CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming:presets.json" - # ckanext-spatial (Solr Backend - solr8-spatial) CKANEXT__SPATIAL__SEARCH_BACKEND=solr-bbox CKAN__SPATIAL__SRID=3857 CKANEXT__SPATIAL__COMMON_MAP__TYPE=custom CKANEXT__SPATIAL__COMMON_MAP__CUSTOM__URL=https://rts.larioja.org/mapa-base/rioja/{z}/{x}/{y}.png -CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. IDEE, bajo CC BY 3.0.' +CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. CNIG, bajo CC BY 4.0.' # ckanext-geoview CKANEXT__GEOVIEW__GEOJSON__MAX_FILE_SIZE=100000000 @@ -119,6 +144,17 @@ CKANEXT__GEOVIEW__OL_VIEWER__FORMATS="wms wfs geojson gml kml" CKANEXT__GEOVIEW__SHP_VIEWER__SRID=3857 CKANEXT__GEOVIEW__SHP_VIEWER__ENCODING=UTF-8 -#TODO: ckanext-sparql - Not implemented yet -CKANEXT__SPARQL__ENDPOINT_URL=http://dbpedia.org/sparql +# ckanext-scheming_dcat +## Scheming: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_dataset.yaml" +CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_group.json" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_org.json" +CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_presets.json" +## Facets: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_FACET_LIST="theme groups theme_es dcat_type groups publisher_name publisher_type spatial_uri owner_org res_format frequency tags tag_uri conforms_to" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_CUSTOM_FACETS=True +CKANEXT__SCHEMING_DCAT_GROUP_CUSTOM_FACETS=True + +# WIP: ckanext-sparql_interface +CKANEXT__SPARQL__ENDPOINT_URL=https://dbpedia.org/sparql CKANEXT__SPARQL__HIDE_ENDPOINT_URL=False \ No newline at end of file diff --git a/samples/.env.localhost b/samples/.env.localhost index e222782..c3e6a2c 100644 --- a/samples/.env.localhost +++ b/samples/.env.localhost @@ -13,13 +13,13 @@ PYCSW_CONTAINER_NAME=pycsw # Host Ports CKAN_PORT_HOST=5000 -NGINX_PORT_HOST=80 +NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 -APACHE_PORT_HOST=80 +APACHE_PORT_HOST=81 PYCSW_PORT_HOST=8000 # Solr -SOLR_IMAGE_VERSION=2.9-solr8-spatial +SOLR_IMAGE_VERSION=2.9-solr9-spatial SOLR_PORT=8983 CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan TEST_CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan @@ -32,32 +32,47 @@ TEST_CKAN_REDIS_URL=redis://redis:6379/1 # NGINX NGINX_PORT=80 NGINX_SSLPORT=443 +NGINX_LOG_DIR=/var/log/nginx # Apache HTTP Server APACHE_VERSION=2.4-alpine APACHE_PORT=80 APACHE_LOG_DIR=/var/log/apache + +#NIGNX/APACHE +## Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. Leave blank or use the root `/`. PROXY_SERVER_NAME=localhost -# Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. -PROXY_CKAN_LOCATION=/catalogcatalog +PROXY_CKAN_LOCATION=/catalog PROXY_PYCSW_LOCATION=/csw # pycsw PYCSW_PORT=8000 -CKAN_URL=http://localhost/catalog -PYCSW_URL=http://localhost/csw +CKAN_URL=https://localhost:8443/catalog +PYCSW_URL=https://localhost:8443/csw # SCHEMAS: ckan2pycsw/model/dataset.py - Dataset type PYCSW_CKAN_SCHEMA=iso19139_geodcatap PYCSW_OUPUT_SCHEMA=iso19139_inspire +# ckan-pycsw schedule +## ckan2pycsw days between each scheduler job +PYCSW_CRON_DAYS_INTERVAL=2 +# ckan2pycsw hour of start of the scheduler job (0-23) +PYCSW_CRON_HOUR_START=4 +## Timezone +TZ=UTC # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres +POSTGRES_HOST=db +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +DATASTORE_DB=datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections @@ -66,11 +81,14 @@ TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test # CKAN core +## If use docker-compose.ghcr.yml only "*.*.*" versions available in: https://github.com/mjanez/ckan-docker/pkgs/container/ckan-spatial CKAN_VERSION=2.9.9 CKAN_SITE_ID=default -CKAN_SITE_URL=http://localhost +# CKAN_SITE_URL = http:/ or https:/ + PROXY_SERVER_NAME. Optionally the APACHE_HOST_PORT if different from 80 +CKAN_SITE_URL=https://localhost:8443 CKAN__ROOT_PATH=/catalog/{{LANG}} CKAN_PORT=5000 +CKAN__FAVICON=/catalog/base/images/ckan.ico CKAN___BEAKER__SESSION__SECRET=CHANGE_ME # See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME @@ -84,7 +102,6 @@ CKAN_SMTP_STARTTLS=True CKAN_SMTP_USER=user CKAN_SMTP_PASSWORD=pass CKAN_SMTP_MAIL_FROM=ckan@localhost -TZ=UTC ## Customize which text formats the text_view plugin will show CKAN__PREVIEW__JSON_FORMATS="json jsonld" # html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json @@ -106,7 +123,7 @@ CKAN__LOCALE_DEFAULT="en" CKAN__LOCALE_ORDER="en es pt_BR ja it cs_CZ ca fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv" # Extensions -CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_datasets scheming_groups scheming_organizations pdf_view pages" +CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_dcat_datasets scheming_dcat_groups scheming_dcat_organizations scheming_dcat pdf_view pages" # ckanext-harvest CKAN__HARVEST__MQ__TYPE=redis @@ -119,21 +136,15 @@ CKANEXT__XLOADER__API_TOKEN=api_token CKANEXT__XLOADER__JOBS__DB_URI=postgresql://ckan:ckan@db/ckan # ckanext-dcat -CKANEXT__DCAT__BASE_URI=http://localhost/catalog +CKANEXT__DCAT__BASE_URI=https://localhost:8443/catalog CKANEXT__DCAT__RDF_PROFILES="euro_dcat_ap_2 euro_dcat_ap" -# ckanext-scheming: setup_scheming.sh -CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming:ckan_geodcatap.yaml" -CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming:ckan_group_geodcatap.json" -CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming:ckan_org_geodcatap.json" -CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming:presets.json" - # ckanext-spatial (Solr Backend - solr8-spatial) CKANEXT__SPATIAL__SEARCH_BACKEND=solr-bbox CKAN__SPATIAL__SRID=3857 CKANEXT__SPATIAL__COMMON_MAP__TYPE=custom CKANEXT__SPATIAL__COMMON_MAP__CUSTOM__URL=https://rts.larioja.org/mapa-base/rioja/{z}/{x}/{y}.png -CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. IDEE, bajo CC BY 3.0.' +CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. CNIG, bajo CC BY 4.0.' # ckanext-geoview CKANEXT__GEOVIEW__GEOJSON__MAX_FILE_SIZE=100000000 @@ -141,6 +152,17 @@ CKANEXT__GEOVIEW__OL_VIEWER__FORMATS="wms wfs geojson gml kml" CKANEXT__GEOVIEW__SHP_VIEWER__SRID=3857 CKANEXT__GEOVIEW__SHP_VIEWER__ENCODING=UTF-8 -#TODO: ckanext-sparql - Not implemented yet -CKANEXT__SPARQL__ENDPOINT_URL=http://dbpedia.org/sparql +# ckanext-scheming_dcat +## Scheming: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_dataset.yaml" +CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_group.json" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_org.json" +CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_presets.json" +## Facets: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_FACET_LIST="theme groups theme_es dcat_type groups publisher_name publisher_type spatial_uri owner_org res_format frequency tags tag_uri conforms_to" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_CUSTOM_FACETS=True +CKANEXT__SCHEMING_DCAT_GROUP_CUSTOM_FACETS=True + +# WIP: ckanext-sparql_interface +CKANEXT__SPARQL__ENDPOINT_URL=https://dbpedia.org/sparql CKANEXT__SPARQL__HIDE_ENDPOINT_URL=False \ No newline at end of file diff --git a/samples/.env.nginx.example b/samples/.env.nginx.example index d24e5e5..7e1bd54 100644 --- a/samples/.env.nginx.example +++ b/samples/.env.nginx.example @@ -8,14 +8,15 @@ POSTGRESQL_CONTAINER_NAME=db SOLR_CONTAINER_NAME=solr CKAN_CONTAINER_NAME=ckan WORKER_CONTAINER_NAME=ckan-worker +PYCSW_CONTAINER_NAME=pycsw # Host Ports CKAN_PORT_HOST=5000 -NGINX_PORT_HOST=80 +NGINX_PORT_HOST=81 NGINX_SSLPORT_HOST=8443 # Solr -SOLR_IMAGE_VERSION=2.9-solr8-spatial +SOLR_IMAGE_VERSION=2.9-solr9-spatial SOLR_PORT=8983 CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan TEST_CKAN_SOLR_URL=http://solr:${SOLR_PORT}/solr/ckan @@ -28,15 +29,42 @@ TEST_CKAN_REDIS_URL=redis://redis:6379/1 # NGINX NGINX_PORT=80 NGINX_SSLPORT=443 +NGINX_LOG_DIR=/var/log/nginx + +#NIGNX/APACHE +## Check CKAN__ROOT_PATH and CKANEXT__DCAT__BASE_URI. If you don't need to use domain locations, it is better to use the nginx configuration. Leave blank or use the root `/`. +PROXY_SERVER_NAME=localhost +PROXY_CKAN_LOCATION=/catalog +PROXY_PYCSW_LOCATION=/csw + +# pycsw +PYCSW_PORT=8000 +CKAN_URL=https://localhost:8443/catalog +PYCSW_URL=https://localhost:8443/csw +# SCHEMAS: ckan2pycsw/model/dataset.py - Dataset type +PYCSW_CKAN_SCHEMA=iso19139_geodcatap +PYCSW_OUPUT_SCHEMA=iso19139_inspire +# ckan-pycsw schedule +## ckan2pycsw days between each scheduler job +PYCSW_CRON_DAYS_INTERVAL=2 +# ckan2pycsw hour of start of the scheduler job (0-23) +PYCSW_CRON_HOUR_START=4 +## Timezone +TZ=UTC # CKAN databases -POSTGRES_USER=ckan -POSTGRES_PASSWORD=ckan +POSTGRES_USER=postgres +POSTGRES_PASSWORD=postgres +POSTGRES_DB=postgres +POSTGRES_HOST=db +CKAN_DB_USER=ckandbuser +CKAN_DB_PASSWORD=ckandbpassword +CKAN_DB=ckandb DATASTORE_READONLY_USER=datastore_ro DATASTORE_READONLY_PASSWORD=datastore -POSTGRES_HOST=db -CKAN_SQLALCHEMY_URL=postgresql://ckan:ckan@db/ckan -CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore +DATASTORE_DB=datastore +CKAN_SQLALCHEMY_URL=postgresql://ckandbuser:ckandbpassword@db/ckandb +CKAN_DATASTORE_WRITE_URL=postgresql://ckandbuser:ckandbpassword@db/datastore CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore # Test database connections @@ -45,10 +73,14 @@ TEST_CKAN_DATASTORE_WRITE_URL=postgresql://ckan:ckan@db/datastore_test TEST_CKAN_DATASTORE_READ_URL=postgresql://datastore_ro:datastore@db/datastore_test # CKAN core +## If use docker-compose.ghcr.yml only "*.*.*" versions available in: https://github.com/mjanez/ckan-docker/pkgs/container/ckan-spatial CKAN_VERSION=2.9.9 CKAN_SITE_ID=default -CKAN_SITE_URL=http://localhost:5000 +# CKAN_SITE_URL = http:/ or https:/ + PROXY_SERVER_NAME. Optionally the APACHE_HOST_PORT if different from 80 +CKAN_SITE_URL=https://localhost:8443 +CKAN__ROOT_PATH=/catalog/{{LANG}} CKAN_PORT=5000 +CKAN__FAVICON=/catalog/base/images/ckan.ico CKAN___BEAKER__SESSION__SECRET=CHANGE_ME # See https://docs.ckan.org/en/latest/maintaining/configuration.html#api-token-settings CKAN___API_TOKEN__JWT__ENCODE__SECRET=string:CHANGE_ME @@ -62,7 +94,6 @@ CKAN_SMTP_STARTTLS=True CKAN_SMTP_USER=user CKAN_SMTP_PASSWORD=pass CKAN_SMTP_MAIL_FROM=ckan@localhost -TZ=UTC ## Customize which text formats the text_view plugin will show CKAN__PREVIEW__JSON_FORMATS="json jsonld" # html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json @@ -84,7 +115,7 @@ CKAN__LOCALE_DEFAULT="en" CKAN__LOCALE_ORDER="en es pt_BR ja it cs_CZ ca fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv" # Extensions -CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_datasets scheming_groups scheming_organizations pdf_view pages" +CKAN__PLUGINS="envvars stats text_view image_view webpage_view recline_view resourcedictionary datastore xloader harvest ckan_harvester spatial_metadata spatial_query spatial_harvest_metadata_api csw_harvester waf_harvester doc_harvester resource_proxy geo_view geojson_view wmts_view shp_view dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface scheming_dcat_datasets scheming_dcat_groups scheming_dcat_organizations scheming_dcat pdf_view pages" # ckanext-harvest CKAN__HARVEST__MQ__TYPE=redis @@ -97,21 +128,15 @@ CKANEXT__XLOADER__API_TOKEN=api_token CKANEXT__XLOADER__JOBS__DB_URI=postgresql://ckan:ckan@db/ckan # ckanext-dcat -CKANEXT__DCAT__BASE_URI=https://localhost:5000/ +CKANEXT__DCAT__BASE_URI=https://localhost:8443/catalog CKANEXT__DCAT__RDF_PROFILES="euro_dcat_ap_2 euro_dcat_ap" -# ckanext-scheming: setup_scheming.sh -CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming:ckan_geodcatap.yaml" -CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming:ckan_group_geodcatap.json" -CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming:ckan_org_geodcatap.json" -CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming:presets.json" - # ckanext-spatial (Solr Backend - solr8-spatial) CKANEXT__SPATIAL__SEARCH_BACKEND=solr-bbox CKAN__SPATIAL__SRID=3857 CKANEXT__SPATIAL__COMMON_MAP__TYPE=custom CKANEXT__SPATIAL__COMMON_MAP__CUSTOM__URL=https://rts.larioja.org/mapa-base/rioja/{z}/{x}/{y}.png -CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. IDEE, bajo CC BY 3.0.' +CKANEXT__SPATIAL__COMMON_MAP__ATTRIBUTION='Servicios de Teselas. CNIG, bajo CC BY 4.0.' # ckanext-geoview CKANEXT__GEOVIEW__GEOJSON__MAX_FILE_SIZE=100000000 @@ -119,6 +144,17 @@ CKANEXT__GEOVIEW__OL_VIEWER__FORMATS="wms wfs geojson gml kml" CKANEXT__GEOVIEW__SHP_VIEWER__SRID=3857 CKANEXT__GEOVIEW__SHP_VIEWER__ENCODING=UTF-8 -#TODO: ckanext-sparql - Not implemented yet -CKANEXT__SPARQL__ENDPOINT_URL=http://dbpedia.org/sparql +# ckanext-scheming_dcat +## Scheming: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_DATASET_SCHEMA="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_dataset.yaml" +CKANEXT__SCHEMING_DCAT_GROUP_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_group.json" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_SCHEMAS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_org.json" +CKANEXT__SCHEMING_DCAT_PRESETS="ckanext.scheming_dcat:schemas/geodcatap/geodcatap_presets.json" +## Facets: setup_scheming.sh +CKANEXT__SCHEMING_DCAT_FACET_LIST="theme groups theme_es dcat_type groups publisher_name publisher_type spatial_uri owner_org res_format frequency tags tag_uri conforms_to" +CKANEXT__SCHEMING_DCAT_ORGANIZATION_CUSTOM_FACETS=True +CKANEXT__SCHEMING_DCAT_GROUP_CUSTOM_FACETS=True + +# WIP: ckanext-sparql_interface +CKANEXT__SPARQL__ENDPOINT_URL=https://dbpedia.org/sparql CKANEXT__SPARQL__HIDE_ENDPOINT_URL=False \ No newline at end of file diff --git a/solr/Dockerfile b/solr/Dockerfile index cb9c480..1d2f171 100644 --- a/solr/Dockerfile +++ b/solr/Dockerfile @@ -1,4 +1,4 @@ -FROM solr:8 +FROM solr:9 ENV SOLR_PORT=8983 diff --git a/solr/Dockerfile.spatial b/solr/Dockerfile.spatial index ff5faa3..9538491 100644 --- a/solr/Dockerfile.spatial +++ b/solr/Dockerfile.spatial @@ -1,4 +1,4 @@ -FROM solr:8 +FROM solr:9 ENV SOLR_PORT=8983