EasyDeployment: Difference between revisions

From GNU MediaGoblin Wiki
Jump to navigation Jump to search
m (→‎Docker: Adding admin credentials)
 
(One intermediate revision by the same user not shown)
Line 24: Line 24:


For full details on running the Docker image or rebuilding your own custom image, see [https://github.com/mtlynch/mediagoblin-docker https://github.com/mtlynch/mediagoblin-docker].
For full details on running the Docker image or rebuilding your own custom image, see [https://github.com/mtlynch/mediagoblin-docker https://github.com/mtlynch/mediagoblin-docker].

=== Docker behind nginx ===

The following may be useful for users running a MediaGoblin docker container behind an nginx reverse proxy, eg. for handling SSL.

==== Nginx virtual server definition ====

Note that the port number in the proxy_pass must match the port number you use when starting the container. See the shell script in the next section.

You will want to edit the host name to use your own, as well.

You may also change the client_max_body_size to a value you deem appropriate for your server.

<syntaxhighlight lang="apache">
server {
if ($host = mediagoblin.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot


listen 80 ;
listen [::]:80 ;
server_name mediagoblin.example.com;

access_log /var/log/nginx/mg.access_log ;
error_log /var/log/nginx/mg.error_log ;


}

# HTTPS
server {
listen 443 ;
listen [::]:443 ;
server_name mediagoblin.example.com;

# needed to actually upload any files.
client_max_body_size 32M;

access_log /var/log/nginx/mg.ssl_access_log ;
error_log /var/log/nginx/mg.ssl_error_log ;

location / {
proxy_pass http://127.0.0.1:8138;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
}

ssl_certificate /etc/letsencrypt/live/mediagoblin.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mediagoblin.example.com/privkey.pem; # managed by Certbot
}
</syntaxhighlight>

==== Docker container start/stop/update script ====

This shell script is essentially a wrapper around the example docker run statement given for the container. However, this adds in some helper functions as well, so that starting or restarting the container can be done just by calling the script, and updating the container is as easy as calling the script with "update" as the first argument.

<syntaxhighlight lang="bash">
#!/bin/bash

# MediaGoblin docker container bootstrap
# References:
# - https://savannah.gnu.org/projects/mediagoblin
# - https://hub.docker.com/r/mtlynch/mediagoblin

### Setup

set -o errexit
set -o pipefail

# Docker stuff
# CONTAINER refers to the namespace and container name
# SHORTNAME can be changed to whatever you like
# CONTAINERTAG should be latest unless you have need of a specific tag
CONTAINER="mtlynch/mediagoblin"
SHORTNAME="mediagoblin"
CONTAINERTAG="latest"

# Docker options
# The INSIDEPORT should remain the same; see the docker hub page
# The OUTSIDEPORT can be whatever you like (>1024) and must match nginx config
# The LOCALDIR is the directory on your local file system to mount inside the container
# The CONTAINERDIR should remain as-is; see the docker hub page.
INSIDEPORT=6543
OUTSIDEPORT=8138
LOCALDIR=/var/lib/mediagoblin
CONTAINERDIR=/var/lib/mediagoblin

### Functions

# Pull the latest container
function pullContainer() {
docker pull "${CONTAINER}":"${CONTAINERTAG}"
}

# Check if the container is running
function checkRunning() {
return $(docker ps | grep -c "${SHORTNAME}")
}

# Stop existing container
function stopContainer() {
docker stop "${SHORTNAME}"
docker rm "${SHORTNAME}"
}

# Run the container.
function runContainer() {

docker run -d \
--name "${SHORTNAME}" \
--restart=unless-stopped \
--publish ${OUTSIDEPORT}:${INSIDEPORT} \
--volume ${LOCALDIR}:${CONTAINERDIR} \
"${CONTAINER}"
}

### Logic

# Update if desired
if [[ "$1" == "update" ]]; then
pullContainer
fi

# If it is running, stop it.
if ! checkRunning ; then
stopContainer
fi

# Run the container
runContainer
</syntaxhighlight>


= PaaS =
= PaaS =

Latest revision as of 04:35, 16 May 2020

Inventory of single step installation of MediaGoblin for demonstration purposes.

Containers

Docker

While MediaGoblin has no official Docker image, mtlynch maintains the most up-to-date version.

To run it:

 docker run \
   --tty \
   --detach \
   --publish 8080:6543 \
   --name mediagoblin \
   mtlynch/mediagoblin

Visit http://localhost:8080 in your browser to see your Dockerized MediaGoblin instance.

Admin credentials are:

  • Username: admin
  • Password: admin

For full details on running the Docker image or rebuilding your own custom image, see https://github.com/mtlynch/mediagoblin-docker.

Docker behind nginx

The following may be useful for users running a MediaGoblin docker container behind an nginx reverse proxy, eg. for handling SSL.

Nginx virtual server definition

Note that the port number in the proxy_pass must match the port number you use when starting the container. See the shell script in the next section.

You will want to edit the host name to use your own, as well.

You may also change the client_max_body_size to a value you deem appropriate for your server.

server {
    if ($host = mediagoblin.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name mediagoblin.example.com;

    access_log /var/log/nginx/mg.access_log ;
    error_log /var/log/nginx/mg.error_log ;


}

# HTTPS
server {
   listen 443 ;
   listen [::]:443 ;
   server_name mediagoblin.example.com;

   # needed to actually upload any files.
   client_max_body_size 32M;

   access_log /var/log/nginx/mg.ssl_access_log ;
   error_log /var/log/nginx/mg.ssl_error_log ;

   location / {
        proxy_pass http://127.0.0.1:8138;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $remote_addr;
   }

    ssl_certificate /etc/letsencrypt/live/mediagoblin.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mediagoblin.example.com/privkey.pem; # managed by Certbot
}

Docker container start/stop/update script

This shell script is essentially a wrapper around the example docker run statement given for the container. However, this adds in some helper functions as well, so that starting or restarting the container can be done just by calling the script, and updating the container is as easy as calling the script with "update" as the first argument.

#!/bin/bash

# MediaGoblin docker container bootstrap
# References:
# - https://savannah.gnu.org/projects/mediagoblin
# - https://hub.docker.com/r/mtlynch/mediagoblin

### Setup

set -o errexit
set -o pipefail

# Docker stuff
# CONTAINER refers to the namespace and container name
# SHORTNAME can be changed to whatever you like
# CONTAINERTAG should be latest unless you have need of a specific tag
CONTAINER="mtlynch/mediagoblin"
SHORTNAME="mediagoblin"
CONTAINERTAG="latest"

# Docker options
# The INSIDEPORT should remain the same; see the docker hub page
# The OUTSIDEPORT can be whatever you like (>1024) and must match nginx config
# The LOCALDIR is the directory on your local file system to mount inside the container
# The CONTAINERDIR should remain as-is; see the docker hub page.
INSIDEPORT=6543
OUTSIDEPORT=8138
LOCALDIR=/var/lib/mediagoblin
CONTAINERDIR=/var/lib/mediagoblin

### Functions

# Pull the latest container
function pullContainer() {
    docker pull "${CONTAINER}":"${CONTAINERTAG}"
}

# Check if the container is running
function checkRunning() {
    return $(docker ps | grep -c "${SHORTNAME}")
}

# Stop existing container
function stopContainer() {
    docker stop "${SHORTNAME}"
    docker rm "${SHORTNAME}"
}

# Run the container.
function runContainer() {

    docker run -d \
        --name "${SHORTNAME}" \
        --restart=unless-stopped \
        --publish ${OUTSIDEPORT}:${INSIDEPORT} \
        --volume ${LOCALDIR}:${CONTAINERDIR} \
        "${CONTAINER}"
}

### Logic

# Update if desired
if [[ "$1" == "update" ]]; then
    pullContainer
fi

# If it is running, stop it.
if ! checkRunning ; then
    stopContainer
fi

# Run the container
runContainer

PaaS

Sandstorm

Warning: Out Of Date. Was at version 0.7.1 on 2016-12-20. Can you help to update it?

Source code for the MediaGoblin Sandstorm app:

https://github.com/jparyani/mediagoblin