From db0b33437d1d85f2f46529aac0f37fe7b71282c1 Mon Sep 17 00:00:00 2001
From: Marko Bocevski <marko.bocevski@keitaro.com>
Date: Thu, 6 Apr 2017 11:25:21 +0200
Subject: [PATCH] Change docker layout and setup install for CKAN 2.6.2 with
 password protect option

---
 rootfs/Dockerfile          | 54 +++++++++++++++++++++++---------------
 rootfs/setup/nginx.conf    | 28 ++++++++++++++++++++
 rootfs/setup/start_ckan.sh | 16 ++++++++++-
 3 files changed, 76 insertions(+), 22 deletions(-)
 create mode 100644 rootfs/setup/nginx.conf

diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile
index 9a7ca7e..562a78e 100644
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@@ -4,21 +4,25 @@ MAINTAINER Keitaro Inc <info@keitaro.info>
 
 ENV APP_DIR=/srv/app
 ENV SRC_DIR=/srv/app/src
+ENV PIP_SRC=${SRC_DIR}
 ENV GIT_URL=https://github.com/ckan/ckan.git
-ENV GIT_BRANCH=ckan-2.6.0
+ENV GIT_BRANCH=ckan-2.6.2
 ENV CKAN_SITE_URL=http://localhost:5000
 ENV CKAN__PLUGINS image_view text_view recline_view datastore datapusher envvars
 
 WORKDIR ${APP_DIR}
 
+#########################
+### Base docker layer ###
+#########################
 # Install necessary packages to run CKAN
 RUN apk add --no-cache git \
         gettext \
         postgresql-client \
         python \
-        py-pip \
-        py-gunicorn && \
-    # Temporary packages to build CKAN requirements
+        nginx \
+        apache2-utils && \
+    # Packages to build CKAN requirements and plugins
     apk add --no-cache --virtual .build-deps \
         postgresql-dev \
         gcc \
@@ -29,30 +33,38 @@ RUN apk add --no-cache git \
 	libtool \
         musl-dev \
         python-dev && \
-    # Build and install libgeos to support geospatial
-    git clone -b 3.6.0 --depth=1 --single-branch https://git.osgeo.org/gogs/geos/geos.git ${SRC_DIR}/geos && \
+    # Create SRC_DIR
+    mkdir -p ${SRC_DIR} && \
+    # Create nginx run dir
+    mkdir -p /run/nginx && \
+    # Install pip and gunicorn
+    curl -o ${SRC_DIR}/get-pip.py https://bootstrap.pypa.io/get-pip.py && \
+    python ${SRC_DIR}/get-pip.py && \
+    pip install gunicorn gevent && \
+    rm -rf ${SRC_DIR}/get-pip.py
+
+############################
+### libgeos docker layer ###
+############################
+# Build and install libgeos to support geospatial
+RUN git clone -b 3.6.0 --depth=1 --single-branch https://git.osgeo.org/gogs/geos/geos.git ${SRC_DIR}/geos && \
     cd ${SRC_DIR}/geos && \
     ./autogen.sh && \
     ./configure --prefix /usr && \
     make -j2 && \
     make install && \
-    # Fetch CKAN and install
-    git clone -b ${GIT_BRANCH} --depth=1 --single-branch ${GIT_URL} ${SRC_DIR}/ckan && \
+    rm -rf ${SRC_DIR}/geos
+
+#########################
+### CKAN docker layer ###
+#########################
+# Install CKAN
+RUN pip install -e git+${GIT_URL}@${GIT_BRANCH}#egg=ckan && \
     cd ${SRC_DIR}/ckan && \
     cp who.ini ${APP_DIR} && \
-    python setup.py install && \
-    pip install --no-cache-dir testrepository && \
-    pip install --no-cache-dir --upgrade -r requirements.txt && \
-    pip install --no-cache-dir gevent && \
-    # Remove temporary packages and files
-    apk del .build-deps && \
-    rm -rf ${SRC_DIR}
-
-# CKAN plugins to enable
-ENV CKAN__PLUGINS image_view text_view recline_view datastore datapusher envvars
-
-# Default Extensions
-RUN pip install --no-cache-dir git+https://github.com/okfn/ckanext-envvars.git#egg=ckanext-envvars && \
+    pip install -r requirements.txt && \
+    # Install CKAN envvars to support loading config from environment variables
+    pip install -e git+https://github.com/okfn/ckanext-envvars.git#egg=ckanext-envvars && \
     # Create and update CKAN config
     paster --plugin=ckan make-config ckan ${APP_DIR}/production.ini && \
     paster --plugin=ckan config-tool ${APP_DIR}/production.ini "ckan.plugins = ${CKAN__PLUGINS}"
diff --git a/rootfs/setup/nginx.conf b/rootfs/setup/nginx.conf
new file mode 100644
index 0000000..fd2bf23
--- /dev/null
+++ b/rootfs/setup/nginx.conf
@@ -0,0 +1,28 @@
+worker_processes  4;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    client_max_body_size 100m;
+    keepalive_timeout  65;
+
+    server {
+        listen       5000;
+        server_name  localhost;
+
+        auth_basic "Restricted";
+        auth_basic_user_file /srv/app/.htpasswd;
+
+        location / {
+            auth_basic "Restricted";
+            auth_basic_user_file /srv/app/.htpasswd;
+            proxy_pass http://127.0.0.1:4000;
+        }
+    }
+}
diff --git a/rootfs/setup/start_ckan.sh b/rootfs/setup/start_ckan.sh
index bac73a4..4c76d16 100755
--- a/rootfs/setup/start_ckan.sh
+++ b/rootfs/setup/start_ckan.sh
@@ -2,7 +2,21 @@
 python prerun.py
 if [ $? -eq 0 ]
 then
-  gunicorn --log-file=- -k gevent -w 4 --paste production.ini
+  if [ "$PASSWORD_PROTECT" = true ]
+  then
+    if [ "$HTPASSWD_USER" ] || [ "$HTPASSWD_PASSWORD" ]
+    then
+      cp -a /srv/app/nginx.conf /etc/nginx/nginx.conf
+      htpasswd -b -c /srv/app/.htpasswd $HTPASSWD_USER $HTPASSWD_PASSWORD
+      nginx
+      gunicorn --log-file=- -k gevent -w 4 -b 127.0.0.1:4000 --paste production.ini
+    else
+      echo "Missing HTPASSWD_USER or HTPASSWD_PASSWORD environment variables. Exiting..."
+      exit 1
+    fi
+  else
+    gunicorn --log-file=- -k gevent -w 4 -b 0.0.0.0:5000 --paste production.ini
+  fi
 else
   echo "[prerun] failed...not starting CKAN."
 fi