Issue927 Dockerfile now using OpenJDK (embedded Tomcat) instead of To…

…mcat image. (#928) * Issue927: Use OpenJDK-based Docker image * Cont'd work.
gmazza · Oct 7, 2018 · e2afb9a · e2afb9a
1 parent 1fbbc22
commit e2afb9a
Show file tree

Hide file tree

Showing 44 changed files with 544 additions and 985 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 Welcome to TightBlog, a greatly modernized & streamlined bottom-to-(nearly)-top rewrite of Apache Roller, with much
-out-of-date and seldom used functionality removed and much new functionality added in as well.  I started this fork in 
-May 2015 after contributing for about 2 1/2 years on Roller.  As of 21 September 2018, 
-<a href="https://github.com/gmazza/tightblog/releases">Release 3.3.2</a> is available.
+out-of-date and seldom used functionality removed and much new functionality added in.  I started this fork in 
+May 2015 after contributing for about 2 1/2 years on Roller.  As of 6 October 2018, 
+<a href="https://github.com/gmazza/tightblog/releases">Release 3.4</a> is available.
 
 Screen shots for the TightBlog UI are [here](https://github.com/gmazza/tightblog/wiki/Screenshots), the twelve-table database model is
 [here](https://github.com/gmazza/tightblog/blob/master/app/src/main/resources/dbscripts/createdb.vm), see also [my blog](https://glenmazza.net/blog/) for an example
@@ -20,7 +20,7 @@ and easier to understand.
 
 (Lines of code--LOC--based on <a href="https://www.openhub.net/p/tightblog">OpenHub</a> stats.  Java source file count does not include unit test classes, however LOC do.)
 
-Some newer functionality in TightBlog not in Roller:
+Some changes and new functionality added to TightBlog post-fork:
 
 * Bloggers may blog using <a href="http://commonmark.org/">CommonMark</a> in addition to standard HTML and Rich Text Editors.
 * Blog entries have a "notes" field for the blogger to store anything helpful in maintaining the article.
@@ -30,7 +30,7 @@ Some newer functionality in TightBlog not in Roller:
 * Commenters who request "notify me" to receive emails of future comments for a particular blog entry now receive a link at the bottom of the email to shut off future notifications
 * There is a new BLOGCREATOR global role separated from the earlier BLOGGER role.  While both roles allow a blogger full administration of his weblog (whether created by an admin for the blogger or the blogger himself) only users with the former role can create new weblogs.   
 * Commenters who are logged-in bloggers now have their blogger ID stored with the comment, simplifying comment entry and allowing for different styling of comments (e.g., different background color for comments made by the blogger on his own blog).
-* The blog template engine (used for customized themes) now uses modern Thymeleaf 3.0 instead of Apache Velocity.
+* The blog template engine (used for customized themes) now uses Thymeleaf instead of Apache Velocity.
 * All emails sent are in HTML format and customizable by modifying the Thymeleaf templates in the webapp/thymeleaf/emails folder.
 * Login Multifactor Authentication (MFA) with Google Authenticator support added (Admin setting provided to either require it for all bloggers--the default--or have it disabled).
 
@@ -40,16 +40,22 @@ To obtain the source code:
 
 To build the application (build/libs/tightblog-x.y.z.war) with Gradle and Java 10+:
   `./gradlew clean build` from the TightBlog root.
-
-The Docker images defined in the docker subdirectory of this project can be used to test TightBlog locally before deploying.  First build
-the project to generate the tightblog WAR.  As TightBlog requires SSL, next provide a certificate & key for the Tomcat
-image as explained in the web Dockerfile.  Then from the docker folder, running "docker-compose up" should result in a TightBlog available
-from your local machine at https://localhost/tightblog.  Should you need to change the docker-compose.yml or the web Dockerfile, be sure
-to run "docker-compose build" for the images to be regenerated.  Note for simplicity the default does not demo Google Authenticator MFA,
-if desired modify the docker/web/tightblog-custom.properties to activate. Emailing is also not configured.
-
-Caution: The Docker images have not seen production use and are currently meant for evaluation purposes.  Presumably more 
-tightening of the Tomcat and PostgresQL images would be needed for production use, best to check online sources 
-for securing these products should you choose to use these images for your blog.  For installations 
-on standalone Tomcat or other servlet container, please read the <a href="https://github.com/gmazza/tightblog/wiki">Install pages</a>
-on the TightBlog Wiki.
+
+Deployment information:
+
+Be sure to first build the application as stated above.  See <a href="https://github.com/gmazza/tightblog/wiki">Install pages</a>
+for general installation instructions.
+
+1. Deploy as a WAR on standalone Tomcat: covered in above installation instructions.
+
+1. Deploy as a JAR using an in-memory database (non-production, demoing only).  Modify the
+resources/tightblog.properties to provide a Java keystore to support TightBlog's SSL (the
+file includes resources explaining the process.)  Then run "gradle bootRun" from a command-line
+and TightBlog will be available at https://localhost:8443/tightblog.  Note the in-memory database
+is deleted at each app shut-down.
+
+1. Deploy as a Docker container.  Modify the docker/web/tightblog-custom.properties to 
+add your keystore configuration and then from the docker folder run "docker-compose build"
+followed by "docker-compose up".  The application will be at https://localhost/tightblog.
+Note that while tested locally, the Docker setup has not yet seen production use so is best
+considered of Beta quality.
diff --git a/build.gradle b/build.gradle
@@ -17,7 +17,7 @@ apply plugin: 'org.springframework.boot'
 apply plugin: 'io.spring.dependency-management'
 
 group = 'org.tightblog'
-version = '3.3.1'
+version = '3.4'
 sourceCompatibility = 1.10
 targetCompatibility = 1.10
 tasks.withType(JavaCompile) {
@@ -68,7 +68,6 @@ def standardProcessResources(obj) {
     obj.filesMatching(['tightblog.properties', 'tightblog-custom.properties']) {
         expand(version: version,
                buildNumber: buildNumber,
-               catalinaBase: System.getenv("CATALINA_BASE"),
                buildDir: buildDir
         )
     }
@@ -120,16 +119,13 @@ dependencies {
 	compile('org.springframework.boot:spring-boot-starter-web')
 	compile('org.springframework.boot:spring-boot-starter-mail')
 	compile('org.springframework.boot:spring-boot-starter-log4j2')
-    compile(group: 'org.springframework.security', name: 'spring-security-taglibs', version:'5.0.7.RELEASE') {
-        exclude(module: 'spring-web')
-    }
+    compile('org.springframework.security:spring-security-taglibs:5.1.0.RELEASE')
+	compile('org.springframework.mobile:spring-mobile-device:1.1.5.RELEASE')
 	compile('org.apache.commons:commons-lang3:3.7')
 	compile('org.apache.commons:commons-text:1.4')
 	compile('javax.servlet:jstl:1.2')
 	compile('org.apache.tiles:tiles-jsp:3.0.8')
-	compile('org.springframework.boot:spring-boot-starter-log4j2')
 	compile('commons-validator:commons-validator:1.6')
-	compile('org.springframework.mobile:spring-mobile-device:1.1.5.RELEASE')
 	compile('org.apache.lucene:lucene-analyzers-common:7.4.0')
 	compile('org.apache.lucene:lucene-queryparser:7.4.0')
 	compile('org.jsoup:jsoup:1.11.3')
@@ -140,8 +136,14 @@ dependencies {
 	compile('commons-fileupload:commons-fileupload:1.3.3')
 
 	testCompile('org.springframework.boot:spring-boot-starter-test')
-	testRuntime 'org.apache.derby:derby:10.14.2.0'
-	testRuntime 'org.apache.derby:derbyclient:10.14.2.0'
+
+	compile 'org.apache.derby:derbyclient:10.14.2.0'
+	runtime 'org.apache.derby:derby:10.14.2.0'
+
+	// PostgreSQL JDBC jar, can remove if using other databases.
+	runtime('org.postgresql:postgresql')
 
 	providedCompile('org.apache.tomcat.embed:tomcat-embed-jasper:9.0.11')
+	// https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
+	providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
 }
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -1,41 +1,40 @@
 # Compose file reference: https://docs.docker.com/compose/compose-file/
 # NOTE: Before running, make sure you created web/ssl.crt and web/ssl.key files (see web/Dockerfile for more info)
-version: "3"
+version: "3.2"
 services:
     tightblog-web:
       build:
           context: ..
           dockerfile: ./docker/web/Dockerfile
+      restart: on-failure
       environment:
-# defining CATALINA_BASE so log4j2.xml log file location resolves properly
-        CATALINA_BASE: /usr/local/tomcat
+        SITE_ABSOLUTEURL: https://localhost/tightblog
       ports:
-# Allows for viewing Tomcat apps on host at standard port 80, http://localhost
-        - "80:8080"
-# TightBlog configured in web.xml to require SSL, can view on host at https://localhost/tightblog
+# TightBlog configured to require SSL, uses port 8443 internally, 443 externally
+#  (i.e., can view on host at https://localhost/tightblog)
         - "443:8443"
       links:
         - tightblog-db
       volumes:
 # TightBlog uses a named volume to store media images and the blog search index
 # Subfolders for both are configured in the web/tightblog-custom.properties file.
         - tightblog-data:/tightblog-data
+      depends_on:
+        - "tightblog-db"
     tightblog-db:
-      image: postgres:9.5.4
+      image: postgres:latest
       environment:
+# Change credentials as desired if this is intended for production use :)
         POSTGRES_USER: scott
         POSTGRES_PASSWORD: tiger
         POSTGRES_DB: pgsqlTightBlog
-        # fix for https://github.com/laradock/laradock/issues/919#issue-227105188
-        PGDATA: =/tmp
       expose:
         - "5432"
       ports:
-  # Optional, allows one to view the PostgresQL database at port 5434 with a SQL client running on the host
+# Optional, allows one to view the PostgresQL database at port 5434 with a SQL client running on the host
         - "5434:5432"
       volumes:
         - tightblog-data:/var/lib/postgresql/data
 
 volumes:
     tightblog-data:
-
diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile
@@ -1,14 +1,9 @@
-FROM tomcat:8.5-jre8
-
-# Two TightBlog dependencies that are loaded into the Tomcat lib folder.
-ADD http://central.maven.org/maven2/org/postgresql/postgresql/42.2.4/postgresql-42.2.4.jar \
-    http://central.maven.org/maven2/javax/mail/javax.mail-api/1.6.1/javax.mail-api-1.6.1.jar /usr/local/tomcat/lib/
-# Replacing image server.xml with one configured to use SSL. See https://hub.docker.com/r/unidata/tomcat-docker/,
-# "HTTP over SSL" section (although this image does not use the Unidata image).  You'll need to provide
-# the web/ssl.crt and web/ssl.key files, see that section for an OpenSSL command that can be used.
-# Note self-signed certificates bring up browser warnings, getting a key from a certificate authority instead is preferred
-COPY ./docker/web/server.xml ./docker/web/ssl.crt ./docker/web/ssl.key /usr/local/tomcat/conf/
-COPY ./docker/web/tightblog-custom.properties /usr/local/tomcat/lib/
-COPY ./build/libs/tightblog*.war /usr/local/tomcat/webapps/tightblog.war
-
-CMD ["catalina.sh", "run"]
+FROM openjdk:10-jdk
+
+COPY docker/web/tightblog-custom.properties tightblog-custom.properties
+
+COPY docker/web/serverKeystore.jks serverKeystore.jks
+
+COPY build/libs/tightblog-*.war app.war
+
+ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-Dtightblog.custom.config=tightblog-custom.properties", "-jar","/app.war"]