Using traefik to provide SSL for lxr.

Fix lxr not starting - LXR entrypoint script will attempt to restart apache when it dies and rmeoved unused mod_ssl package

Using traefik to provide SSL for lxr.
af5dcfe3 · Mr. Rooter Server · 87819c61 · af5dcfe3 · af5dcfe3 · af5dcfe3
Commit af5dcfe3 authored 7 years ago by Mr. Rooter Server
--- a/README
+++ b/README
+Minor changes required in lxrng if you intend to use traefik
+or some other proxy to provide SSL
+
+tree_list.tt2 and popup_main.tt2 must have the 'base href' tag
+commented out, otherwise resources that are loaded will be 
+loaded with plain old http (as the orignal request is made on
+the backend via the proxy).
+
+
--- a/docker-compose.yml
+++ b/docker-compose.yml
 version: '3.3'

 services:
+
+  traefik:
+    image: traefik:latest
+    restart: always
+    command: --web --docker --docker.watch --docker.exposedbydefault=false 
+    volumes:
+      - /var/volumes/lxr/traefik/traefik.toml:/traefik.toml
+      - /var/volumes/lxr/traefik/acme.json:/acme.json
+      - /var/volumes/secrets/cpsc.ucalgary.ca.key:/ssl/key.pem:ro
+      - /var/volumes/secrets/cpsc.ucalgary.ca.crt:/ssl/cert.crt:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      dottwonet_net:
+        ipv4_address: 136.159.2.83
+      backend:
+
  lxr:
    build: lxr/.
    image: registry:5000/lxr
@@ -12,13 +28,16 @@ services:
    #   - cpsc.ucalgary.ca.ca-crt
    volumes:
      - /var/volumes/lxr/lxrng:/var/www/lxrng
-      - /var/volumes/secrets/cpsc.ucalgary.ca.crt:/run/secrets/cpsc.ucalgary.ca.crt
-      - /var/volumes/secrets/cpsc.ucalgary.ca.ca-crt:/run/secrets/cpsc.ucalgary.ca.ca-crt
-      - /var/volumes/secrets/cpsc.ucalgary.ca.key:/run/secrets/cpsc.ucalgary.ca.key
    networks:
-      dottwonet_net:
-        ipv4_address: 136.159.2.83
+      # dottwonet_net:
+      #   ipv4_address: 136.159.2.83
      backend:
+    ports:
+      - "80:80"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.port=80"
+      - "traefik.frontend.rule=Host:lxr.cpsc.ucalgary.ca"

  db:
    image: postgres:latest

--- a/lxr/Dockerfile
+++ b/lxr/Dockerfile
@@ -22,7 +22,7 @@ RUN yum -y install \
 		make gcc gcc-c++  \
 		ctags \
 		httpd \
-		mod_perl mod_ssl \
+		mod_perl \
 		git \
 		screen \
 		net-tools \

--- a/lxr/docker-entrypoint.sh
+++ b/lxr/docker-entrypoint.sh
@@ -34,7 +34,10 @@ if [[ "$1" == "httpd" ]] ; then
 	# sudo -u apache 

 	# chown -R apache:apache /var/www/lxrng
+	while true ; do
 		/usr/sbin/httpd -D FOREGROUND -f /etc/httpd/conf/httpd.conf
+		sleep 5
+	done
 
 else
 	# Run custom command

--- a/lxr/httpd.conf
+++ b/lxr/httpd.conf
 ServerRoot "/etc/httpd"

+ServerAdmin root@localhost
+ServerName lxr
 Listen 80

 Include conf.modules.d/*.conf
@@ -7,7 +9,6 @@ Include conf.modules.d/*.conf
 User apache
 Group apache

-ServerAdmin root@localhost


 <Directory />

--- a/lxr/lxrng.conf
+++ b/lxr/lxrng.conf
@@ -24,7 +24,7 @@ return {
 	'index'       => $index,
 	'search'      => $search,

-	'base_url'    => 'http://lxr.cpsc.ucalgary.ca/',
+	'base_url'    => 'https://lxr.cpsc.ucalgary.ca/',
 	# Must be writable by httpd user:
 	'cache'	      => '/var/www/lxrng/cache',

@@ -36,7 +36,7 @@ return {
 	#'ctags_flags' => ["-I\@$LXRng::ROOT/lxr-ctags-quirks"],
 	'ver_list'    => [$gitrepo->allversions],

-	'ver_default' => 'v4.9',
+	'ver_default' => 'v4.16',

 	'include_maps' => 
 	    [