Quico/containers
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

feat(snipeit): Add config

Browse Source
This commit is contained in:
hygienic-books 2023-05-15 00:05:20 +02:00
parent 290c5c302b
commit fbfe4b4a3d
11 changed files with 273 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
snipeit/README.md Normal file
View File

@ -0,0 +1,113 @@
# How to
Add a `COMPOSE_ENV_FILE` and export it along with the location where this repo subdirectory lives, here for example `/opt/containers/snipeit` plus all other variables. At [env/fully.qualified.domain.name_ctx.example](env/fully.qualified.domain.name_ctx.example) you'll find an example file. For parameters that aren't self-explanatory check out [Environment variables](#environment-variables) below.
## Prep
```
export COMPOSE_DIR='/opt/containers/snipeit'
export COMPOSE_CTX='loft'
export COMPOSE_PROJECT_NAME='snipeit-'"${COMPOSE_CTX}"
export COMPOSE_FILE="${COMPOSE_DIR}"'/docker-compose.yml'
export COMPOSE_ENV_FILE=
```
## Start
```
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" --profile full up --detach
```
## MySQL
At the time of writing the manual ([https://snipe-it.readme.io/docs/docker](https://snipe-it.readme.io/docs/docker)) recommends that for MySQL versions newer than 5.6 you should at first run MySQL without `STRICT_TRANS_TABLES` mode, quote:
> Newer MySQL containers (5.7 and later, or MariaDB) may run in strict-mode by default, and the initial migrations and application setup will fail in strict mode. If you want to use one of those versions, you need to disable strict mode first!
Tests show that this was not needed on an example MySQL 8.0.33 instance. If you want to be sure to not mess anything up in [docker-compose.yml](docker-compose.yml) remove the comment in front of `command: mysqld --sql_mode=""` so that this overrides the default `command: mysqld` thereby removing all enabled modes. Once initial database setup is done comment this line out again for subsequent starts.
By default the following modes are active:
1. `ONLY_FULL_GROUP_BY`
1. `STRICT_TRANS_TABLES`
1. `NO_ZERO_IN_DATE`
1. `NO_ZERO_DATE`
1. `ERROR_FOR_DIVISION_BY_ZERO`
1. `NO_ENGINE_SUBSTITUTION`
# Environment variables
Some non-standard env vars and some that can benefit from a short explanation are listed here. Whenever we're referring to the manual this was at the time of writing located at [https://snipe-it.readme.io/docs/docker](https://snipe-it.readme.io/docs/docker).
-
```
APP_KEY=base64:...
```
Run `docker run --rm snipe/snipe-it` to have the Snipe-IT container generate a random `APP_KEY`, print it out and terminate. You can put that randomly generated `APP_KEY` here along with the `base64:` prefix that's part of the string.
-
```
APP_TRUSTED_PROXIES=172.16.0.0/12
```
This comes from the manual for operation behind a reverse proxy. We're running Snipe-IT behind a reverse proxy on a Docker host with default network configs. Docker by default uses the address prefix `172.16.0.0/12` for itself. To the Snipe-IT container a reverse proxy container will always send its traffic from this subnet.
-
```
APP_URL=https://fully.qualified.domain.name
```
Do not add a trailing slash nor a port number.
-
```
CONTEXT=ux_edmonton
```
Whatever context you're using to deploy any given Snipe-IT instance. The `CONTEXT` var is used for example in named volume paths on your file system. This example is intended to run for a User Experience team based in Edmonton, Alberta, Canada.
-
```
MYSQL_PORT=33006
```
We want our database exposed on the Docker host itelf to easily manage it with external SQL management tools.
-
```
MYSQL_PORT_3306_TCP_ADDR=mysql
```
For reasons not entirely understood (by us) the Docker Compose service name `mysql` remained unresolvable to the Snipe-IT containers unless this hostname was given.
-
```
MYSQL_ROOT_HOST=172.21.97.1
```
In addition to the default user `'root'@'localhost'` we want MySQL to also generate `'root'@'172.21.97.1'` to easily remote-manage this database instance for example by SSH-tunneling to the Docker host and the connecting to the MySQL daemon with SQL management tools.
-
```
SECURE_COOKIES=true
```
This also comes straight from the manual for operation behind a reverse proxy.
# Reverse proxy
A reverse proxy server should send the `X-Forwarded-Host` header and `X-Forwarded-Proto` header. With an other wise standard Nginx config for example you'll want to add these settings.
Details for a complete Nginx (or other) reverse proxy config are beyond the scope of this document.
```
server {
listen ...
location / {
proxy_pass http://...;
...
proxy_set_header X-Forwarded-Proto $scheme; <---
proxy_set_header X-Forwarded-Host $http_host; <---
}
}
```

14
snipeit/build-context/mysql/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
# For the remainder of this Dockerfile EXAMPLE_ARG_FOR_DOCKERFILE will be
# available with a value of 'must_be_available_in_dockerfile', check out the env
# file at 'env/fully.qualified.domain.name.example' for reference.
# ARG EXAMPLE_ARG_FOR_DOCKERFILE
# Another env var, this one's needed in the example build step below:
# ARG MYSQL_VERSION
# Example
# FROM "mysql:${MYSQL_VERSION}"
# RUN apt-get update && \
# apt-get -y install \
# somepackage-6.q16-6-extra && \
# rm -rf /var/lib/apt/lists/*

0
snipeit/build-context/mysql/docker-data/.gitkeep Normal file
View File

0
snipeit/build-context/mysql/extras/.gitkeep Normal file
View File

14
snipeit/build-context/snipeit/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
# For the remainder of this Dockerfile EXAMPLE_ARG_FOR_DOCKERFILE will be
# available with a value of 'must_be_available_in_dockerfile', check out the env
# file at 'env/fully.qualified.domain.name.example' for reference.
# ARG EXAMPLE_ARG_FOR_DOCKERFILE
# Another env var, this one's needed in the example build step below:
# ARG SNIPEIT_VERSION
# Example
# FROM "snipeit:${SNIPEIT_VERSION}"
# RUN apt-get update && \
# apt-get -y install \
# somepackage-6.q16-6-extra && \
# rm -rf /var/lib/apt/lists/*

0
snipeit/build-context/snipeit/docker-data/.gitkeep Normal file
View File

0
snipeit/build-context/snipeit/extras/.gitkeep Normal file
View File

11
snipeit/common-settings.yml Normal file
View File

@ -0,0 +1,11 @@
services:
common-settings:
environment:
TZ: "${TIMEZONE:-Etc/UTC}"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
compress: "true"
restart: "${RESTARTPOLICY:-unless-stopped}"

19
snipeit/docker-compose.override.yml Normal file
View File

@ -0,0 +1,19 @@
services:
snipeit-build:
image: "snipe/snipe-it:${SNIPEIT_VERSION}"
profiles: ["build", "build-snipeit"]
build:
context: "build-context/snipeit"
dockerfile: Dockerfile
args:
EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"
SNIPEIT_VERSION: "${SNIPEIT_VERSION}"
mysql-build:
image: "mysql:${MYSQL_VERSION}"
profiles: ["build", "build-mysql"]
build:
context: "build-context/mysql"
dockerfile: Dockerfile
args:
EXAMPLE_ARG_FOR_DOCKERFILE: "${EXAMPLE_ARG_FROM_ENV_FILE}"
MYSQL_VERSION: "${MYSQL_VERSION}"

74
snipeit/docker-compose.yml Normal file
View File

@ -0,0 +1,74 @@
services:
snipeit:
image: "snipe/snipe-it:${SNIPEIT_VERSION}"
container_name: "snipeit-snipeit-${CONTEXT}"
networks:
snipeit-default:
profiles: ["full", "snipeit"]
depends_on:
mysql:
condition: service_healthy
extends:
file: common-settings.yml
service: common-settings
ports:
- ${SNIPEIT_PORT}:80
volumes:
- /opt/docker-data/snipeit-${CONTEXT}/snipeit/data:/var/lib/snipeit
environment:
APP_ENV: ${APP_ENV}
APP_KEY: ${APP_KEY}
APP_LOCALE: ${APP_LOCALE}
APP_TIMEZONE: ${APP_TIMEZONE}
APP_TRUSTED_PROXIES: ${APP_TRUSTED_PROXIES}
APP_URL: ${APP_URL}
MAIL_ENV_ENCRYPTION: ${MAIL_ENV_ENCRYPTION}
MAIL_ENV_FROM_ADDR: ${MAIL_ENV_FROM_ADDR}
MAIL_ENV_FROM_NAME: ${MAIL_ENV_FROM_NAME}
MAIL_ENV_PASSWORD: ${MAIL_ENV_PASSWORD}
MAIL_ENV_USERNAME: ${MAIL_ENV_USERNAME}
MAIL_PORT_587_TCP_ADDR: ${MAIL_PORT_587_TCP_ADDR}
MAIL_PORT_587_TCP_PORT: ${MAIL_PORT_587_TCP_PORT}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_PORT_3306_TCP_ADDR: ${MYSQL_PORT_3306_TCP_ADDR}
MYSQL_USER: ${MYSQL_USER}
PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT}
SECURE_COOKIES: ${SECURE_COOKIES}
APP_DEBUG: ${APP_DEBUG}
mysql:
image: "mysql:${MYSQL_VERSION}"
container_name: "snipeit-mysql-${CONTEXT}"
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "--protocol", "tcp", "-h", "127.0.0.1"]
interval: 3s
timeout: 1s
retries: 20
start_period: 2s
networks:
snipeit-default:
profiles: ["full", "mysql"]
extends:
file: common-settings.yml
service: common-settings
ports:
- ${MYSQL_PORT}:3306
volumes:
- /opt/docker-data/snipeit-${CONTEXT}/mysql/data:/var/lib/mysql
environment:
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_ROOT_HOST: ${MYSQL_ROOT_HOST}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_USER: ${MYSQL_USER}
# command: mysqld --sql_mode=""
networks:
snipeit-default:
name: snipeit-${CONTEXT}
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: ${SUBNET}

28
snipeit/env/fully.qualified.domain.name_ctx.example vendored Normal file
View File

@ -0,0 +1,28 @@
APP_ENV=production
APP_KEY=base64:...
APP_LOCALE=en
APP_TIMEZONE=America/Edmonton
APP_TRUSTED_PROXIES=172.16.0.0/12
APP_URL=https://fully.qualified.domain.name
CONTEXT=ux_edmonton
MAIL_ENV_ENCRYPTION=tls
MAIL_ENV_FROM_ADDR=assets@fully.qualified.domain.name
MAIL_ENV_FROM_NAME=Asset Management
MAIL_ENV_PASSWORD=t0psecr3t-one
MAIL_ENV_USERNAME=assets@fully.qualified.domain.name
MAIL_PORT_587_TCP_ADDR=smtp.fully.qualified.domain.name
MAIL_PORT_587_TCP_PORT=587
MYSQL_DATABASE=snipeit
MYSQL_PASSWORD=t0psecr3t-two
MYSQL_PORT=33006
MYSQL_PORT_3306_TCP_ADDR=mysql
MYSQL_ROOT_HOST=172.21.97.1
MYSQL_ROOT_PASSWORD=t0psecr3t-three
MYSQL_USER=snipeit
MYSQL_VERSION=latest
PHP_UPLOAD_LIMIT=100
SECURE_COOKIES=true
SNIPEIT_PORT=8080
SNIPEIT_VERSION=latest
SUBNET=172.21.97.0/24
APP_DEBUG=false