Merge pull request #1391 from solid/dev

Merge dev branch?

.npmignore

@@ -18,3 +18,4 @@
 
 # Additional .npmignore entries (not in .gitignore)
 /test
+/docker-image

.nvmrc

@@ -1 +1 @@
-v8.16.0
+v13.2.0

README.md

@@ -229,26 +229,35 @@ docker run -p 8443:8443 --name solid nodesolidserver/node-solid-server
 
 This will enable you to login to solid on https://localhost:8443 and then create a new account
 but not yet use that account. After a new account is made you will need to create an entry for 
-it in your local (/etc/)hosts file in line with the account and subdomain i.e. 
-
+it in your local (/etc/)hosts file in line with the account and subdomain, i.e. --
+```pre
 127.0.0.1	newsoliduser.localhost
-
+```
 Then you'll be able to use solid as intended.
 
 You can modify the config within the docker container as follows:
 
- - Copy the config to the current directory with: `docker cp solid:/usr/src/app/config.json .`
+ - Copy the config to the current directory with: 
+   ```
+   docker cp solid:/usr/src/app/config.json .
+   ```
  - Edit the `config.json` file
- - Copy the file back with `docker cp config.json solid:/usr/src/app/`
- - Restart the server with `docker restart solid`
+ - Copy the file back with 
+   ```
+   docker cp config.json solid:/usr/src/app/
+   ```
+ - Restart the server with 
+   ```
+   docker restart solid
+   ```
 
 If you want to help improve the Docker image, then you can build it locally with:
 ```bash
 git clone https://github.com/solid/node-solid-server
 cd node-solid-server
 docker build .
 ```
-We have automatic builds set up so commits to master will trigger a build of https://hub.docker.com/r/nodesolidserver/node-solid-server.
+We have automatic builds set up, so commits to master will trigger a build of https://hub.docker.com/r/nodesolidserver/node-solid-server.
 
 ## Library Usage
 
@@ -272,18 +281,18 @@ default settings.
 
 ```javascript
 {
-  cache: 0, // Set cache time (in seconds), 0 for no cache
-  live: true, // Enable live support through WebSockets
-  root: './', // Root location on the filesystem to serve resources
-  secret: 'node-ldp', // Express Session secret key
-  cert: false, // Path to the ssl cert
-  key: false, // Path to the ssl key
-  mount: '/', // Where to mount Linked Data Platform
-  webid: false, // Enable WebID+TLS authentication
-  suffixAcl: '.acl', // Suffix for acl files
-  corsProxy: false, // Where to mount the CORS proxy
-  errorHandler: false, // function(err, req, res, next) to have a custom error handler
-  errorPages: false // specify a path where the error pages are
+  cache:        0,           // Set cache time (in seconds), 0 for no cache
+  live:         true,        // Enable live support through WebSockets
+  root:         './',        // Root location on the filesystem to serve resources
+  secret:       'node-ldp',  // Express Session secret key
+  cert:         false,       // Path to the ssl cert
+  key:          false,       // Path to the ssl key
+  mount:        '/',         // Where to mount Linked Data Platform
+  webid:        false,       // Enable WebID+TLS authentication
+  suffixAcl:    '.acl',      // Suffix for acl files
+  corsProxy:    false,       // Where to mount the CORS proxy
+  errorHandler: false,       // function(err, req, res, next) to have a custom error handler
+  errorPages:   false        // specify a path where the error pages are
 }
 ```
 

docker-image/.dockerignore

@@ -0,0 +1,3 @@
+test/
+.pytest_cache/
+.idea

docker-image/.gitignore

@@ -0,0 +1,3 @@
+.pytest_cache/
+__pycache__
+data/

docker-image/CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# How to contribute
+
+If you want to experiment with the image and/or contribute to its development,
+please read this document.
+
+## Run tests
+
+```bash
+make test
+```
+
+The first run might take a while, since the image has to be build. Follow up test runs will be faster.
+
+## Start & stop locally
+
+Build and run a local container named solid-server via
+
+```bash
+make start
+```
+
+and stop it via 
+
+```bash
+make stop
+```
+
+## Inspect & debug
+
+To start a shell in a running container (started with `make start`) run `make attach`.
+
+To just run a shell in the built image (without starting solid) run `make inspect`.
+

docker-image/Makefile

@@ -0,0 +1,31 @@
+test: ## run testinfra tests against the project
+	docker run --rm -t \
+		-v $(shell pwd):/project \
+		-v /var/run/docker.sock:/var/run/docker.sock:ro \
+		aveltens/docker-testinfra
+
+lint: ## run hadolint against the Dockerfile
+	docker run --rm -i hadolint/hadolint < src/Dockerfile
+
+build: ## build the docker image
+	cd src && docker build --tag nodesolidserver/node-solid-server .
+
+inspect: build ## run a shell in the docker image
+	docker run --rm -it --entrypoint sh nodesolidserver/node-solid-server
+
+start: build ## start solid-server docker container
+	docker run --rm \
+		-it -d \
+		-p 8443:8443 \
+		-u "$(id -u):$(id -g)" \
+		-v $(shell pwd)/data:/opt/solid/data \
+		--name solid-server \
+		nodesolidserver/node-solid-server
+
+stop: ## stop the solid-server docker container
+	docker stop solid-server
+
+attach: ## execute a shell in the running solid-server docker container
+	docker exec -it solid-server sh
+
+.PHONY: test build inspect run attach

docker-image/README.md

@@ -0,0 +1,51 @@
+# NSS Docker image
+
+Containerized version of node-solid-server
+
+## How to use
+
+For quickly trying out this image or solid-server in general you can run:
+```bash
+docker run -p 8443:8443 nodesolidserver/node-solid-server
+```
+
+You will be able to access the server via `https://localhost:8443` then. It will use auto-generated self-signed certificates and is **not suited for production use**. For a production server you will have to create some real certificates and configure environment variables, like SOLID_SERVER_URI, SOLID_SSL_KEY and SOLID_SSL_CERT. Take a look at the examples folder [at GitHub](https://github.com/angelo-v/docker-solid-server/tree/master/examples) for details.
+
+### Environment variables
+
+All solid configuration flags can be set by an equivalent environment variable.
+The official solid-server documentation
+[explains them in detail](https://github.com/solid/node-solid-server#extra-flags-expert).
+
+### Docker compose
+
+For a productive setup you may want to use docker-compose. Example setups can be found
+in the [examples folder](https://github.com/angelo-v/docker-solid-server/tree/master/examples). Here is an overview of what is in there:
+
+#### Simple setup without proxy
+
+`./examples/docker-compose.simple.yml`
+
+Run solid-server directly on HTTPS port 443 without a proxy in between.
+You will need to have your certificates ready and mount them into the container.
+
+#### Running solid behind nginx proxy
+
+`./examples/docker-compose.nginx.yml`
+
+Run solid-server on port 8443 behind a nginx proxy on 443. You will need to setup an nginx container with letsencrypt companion [as described here](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion).
+
+#### Other setups
+
+The setup you need is not presented here? Feel free to ask, or provide a Pull Request
+with your solution.
+
+## Feedback & Discussion
+
+There is a [topic in the Solid Forum](https://forum.solidproject.org/t/official-solid-docker-image/748/5),
+you are welcome to join in.
+
+## Contributing
+
+If you would like to contribute to the development of this image,
+see [CONTRIBUTING.md](./CONTRIBUTING.md)

docker-image/examples/docker-compose.nginx.yml

@@ -0,0 +1,50 @@
+# This example assumes, that you are running a jwilders/nginx proxy
+# with certificate generation by a letsencrypt companion container
+# as described here:
+#
+# https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Docker-Compose.md
+#
+# This should provide a docker volume containing the generated certificates.
+# We will use the same cert and key as the webproxy for the actual solid server. While it seems to
+# work, I am not sure if it is actually a good idea. Please file an issue if you want to discuss this.
+
+# Adjust any line that is commented with (!):
+# 1. Change any occurrence of the domain `solid.example` to your actual domain
+# 2. Adjust the `latest` tag to a specific version you want to use.
+
+version: '3.7'
+services:
+  server:
+    image: nodesolidserver/node-solid-server:latest # (!) use specific version tag here
+
+    # this ensures automatic container start, when host reboots
+    restart: always
+
+    expose:
+      - 8443
+
+    volumes:
+      # mount local directories to the container
+      # (!) the host directories have to exist and be owned by UID 1000
+      - /opt/solid/data:/opt/solid/data
+      - /opt/solid/.db:/opt/solid/.db
+      - /opt/solid/config:/opt/solid/config
+      - nginxproxy_certs:/opt/solid/certs
+
+    environment:
+      # (!) use your actual SOLID_SERVER_URI
+      - "SOLID_SERVER_URI=https://solid.example"
+      # (!) adjust path to the letsencrypt key and cert
+      - "SOLID_SSL_KEY=/opt/solid/certs/solid.example/key.pem"
+      - "SOLID_SSL_CERT=/opt/solid/certs/solid.example/fullchain.pem"
+      # (!) use your actual host name
+      - "VIRTUAL_HOST=solid.example"
+      - "VIRTUAL_PORT=8443"
+      - "VIRTUAL_PROTO=https"
+      # (!) use your actual host name
+      - "LETSENCRYPT_HOST=solid.example"
+      - "[email protected]"
+volumes:
+  # (!) mount certificates from an external volume from your nginx setup
+  nginxproxy_certs:
+    external: true

docker-image/examples/docker-compose.simple.yml

@@ -0,0 +1,34 @@
+# This file is an example for running solid server directly on port 443 with
+# existing (letsencrypt) certificates and without reverse proxy.
+
+# To use it adjust any line that is commented with (!):
+# 1. Change any occurrence of the domain `solid.example` to your actual domain
+# 2. Adjust the `latest` tag to a specific version you want to use.
+
+version: '3.7'
+services:
+  server:
+    image: nodesolidserver/node-solid-server:latest # (!) use specific version tag here
+
+    # this ensures automatic container start, when host reboots
+    restart: always
+
+    ports:
+      - 443:8443
+
+    volumes:
+      # mount local directories to the container
+      # (!) the host directories have to exist and be owned by UID 1000
+      - /opt/solid/data:/opt/solid/data
+      - /opt/solid/.db:/opt/solid/.db
+      - /opt/solid/config:/opt/solid/config
+
+      # (!) mount existing TLS certificates, e.g. from letsencrypt
+      # (!) ensure that the key and fullchain files are readable by UID 1000
+      - /etc/letsencrypt/live/solid.example/:/opt/solid/certs
+
+    environment:
+      # (!) use your actual SOLID_SERVER_URI
+      - "SOLID_SERVER_URI=https://solid.example"
+      - "SOLID_SSL_KEY=/opt/solid/certs/key.pem"
+      - "SOLID_SSL_CERT=/opt/solid/certs/fullchain.pem"

docker-image/src/Dockerfile

@@ -0,0 +1,33 @@
+FROM node:10-alpine
+
+RUN apk add --no-cache openssl
+
+ARG SOLID_SERVER_VERSION=latest
+RUN npm install -g solid-server@${SOLID_SERVER_VERSION}
+
+# image configuration
+ENV SOLID_HOME=/opt/solid
+ENV PROCESS_USER=node
+ENV TEMPORARY_CERT_NAME=solid-temporary
+
+WORKDIR ${SOLID_HOME}
+COPY ./entrypoint.sh ./entrypoint.sh
+COPY ./checks.sh ./checks.sh
+COPY ./create-temporary-cert.sh ./create-temporary-cert.sh
+RUN chown --recursive ${PROCESS_USER}:${PROCESS_USER} ${SOLID_HOME}
+
+USER ${PROCESS_USER}
+
+# solid configuration
+ENV SOLID_ROOT=${SOLID_HOME}/data
+ENV SOLID_SSL_KEY=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.key
+ENV SOLID_SSL_CERT=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.crt
+ENV SOLID_PORT=8443
+ENV SOLID_CORS_PROXY=/xss
+ENV DEBUG=solid:*
+
+VOLUME $SOLID_HOME
+
+ENTRYPOINT ["./entrypoint.sh"]
+
+CMD ["start"]

docker-image/src/checks.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+
+echo "checking preconditions..."
+
+checks_failed=0
+
+check_failed()
+{
+  checks_failed=$((checks_failed + 1))
+}
+check_if_writable()
+{
+  # checks if the given dir is writable, if it exists
+  # it's ok if the dir does not exist at all, because it will be created
+  # during solid server startup then and have the correct permissions
+  dir=$1
+  if [ -d "${dir}" ]; then
+    if [ -w "${dir}" ]; then
+      echo "✓ ${dir} is accessible by $(whoami)"
+    else
+      echo "✗ ${dir} not writable by $(whoami)"
+      check_failed
+    fi
+  fi
+}
+
+check_if_file_readable()
+{
+  # checks if the given file exists and is readable
+  file=$1
+  if [ -e "${file}" ]; then
+    if [ -r "${file}" ]; then
+      echo "✓ ${file} is accessible by $(whoami)"
+    else
+      echo "✗ ${file} not readable by $(whoami)"
+      check_failed
+    fi
+  else
+    echo "✗ ${file} does not exist"
+    check_failed
+  fi
+}
+
+check_if_writable "${SOLID_HOME}/config"
+check_if_writable "${SOLID_HOME}/data"
+check_if_writable "${SOLID_HOME}/.db"
+check_if_file_readable "${SOLID_SSL_KEY}"
+check_if_file_readable "${SOLID_SSL_CERT}"
+
+if [ "$checks_failed" -gt 0 ]; then
+  echo "Finished: ERROR"
+  exit 1
+else
+  echo "Finished: SUCCESS"
+  exit 0;
+fi