satra · June 4, 2016 23:58
diff --git a/README.md b/README.md
diff --git a/docker-compose.yml b/docker-compose.yml
 nginx:
    image: nginx
    volumes:
        - ./mysite.template:/etc/nginx/conf.d/mysite.template
        - ./nginx.key:/etc/nginx/ssl/nginx.key
        - ./bundled_nginx.cer:/etc/nginx/ssl/nginx.crt
        - .:/data/www
    ports:
        - "443:443"
    links:
        - "girder:girder"
    environment:
        - NGINX_HOST=hostname.mit.edu
        - NGINX_PORT=80
    command: /bin/bash -c "envsubst '$$NGINX_HOST $$NGINX_PORT' < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"

 mongodb:
    image: mongo:3.0
    ports:
        - "27017"
    volumes:
        #- "/storage/gablab001/db/voicedb/girder:/data/db"
        - "/data/db"

 girder:
    image: girder/girder
    ports:
        - "8080"
    volumes:
        - "/vagrant/girder-vm/assetstore:/assetstore"
        - "/vagrant/girder-vm/logs/girder:/logs"
        - "./girder.cfg:/etc/girder.cfg"
    links:
        - "mongodb:mongodb"
    command: -d mongodb://mongodb:27017/girder

diff --git a/mysite.template b/mysite.template
 server {
    server_name ${NGINX_HOST};
    listen ${NGINX_PORT};
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;


    location / {
        root /data/www;
    }

 location /girder/ {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Mo\
 dified-Since,Cache-Control, Accept-Encoding, Authorization, Content-Disposition, Content-Type, Cookie, Girder-Auth\
 orization, Girder-Token, X-Forwarded-Server, X-Forwarded-For, X-Forwarded-Host, Remote-Addr';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     proxy_set_header 'Access-Control-Allow-Origin' '*';
     proxy_set_header 'Access-Control-Allow-Credentials' 'true';
     proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
     proxy_set_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If\
 -Modified-Since,Cache-Control, Accept-Encoding, Authorization, Content-Disposition, Content-Type, Cookie, Girder-A\
 uthorization, Girder-Token, X-Forwarded-Server, X-Forwarded-For, X-Forwarded-Host, Remote-Addr';

    client_max_body_size 0;
    proxy_set_header Host $proxy_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://girder:8080/;
    # Must set the following for SSE notifications to work
    proxy_buffering off;
    proxy_cache off;
    proxy_set_header Connection '';
    proxy_http_version 1.1;
    chunked_transfer_encoding off;
    proxy_read_timeout 600s;
    proxy_send_timeout 600s;
 }
 }
diff --git a/Vagrantfile b/Vagrantfile
 Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/trusty64"

  config.vm.hostname = "hostname.mit.edu"

  config.vm.network :public_network, ip: "XX.YY.ZZ.IP"
  # default router
  config.vm.provision "shell",
    run: "always",
    inline: "route add default gw XX.YY.ZZ.1"

  # delete default gw on eth0
  config.vm.provision "shell",
    run: "always",
    inline: "eval `route -n | awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"

  config.vm.post_up_message = "Girder is running at https:/hostname.mit.edu/girder"

  config.vm.synced_folder ".", "/vagrant", disabled: true
  config.vm.synced_folder ".", "/home/vagrant/girder"
  config.vm.synced_folder "/storage/db/voicedb/", "/vagrant"

  config.vm.provider "virtualbox" do |virtualbox|
    virtualbox.name = "girder-voice"
    virtualbox.memory = 4096
    virtualbox.cpus = 4
  end

  config.vm.provision :docker
  config.vm.provision :docker_compose, yml: "/home/vagrant/girder/docker-compose-vagrant.yml", run: "always"
 end
	nginx:
	image: nginx
	volumes:
	- ./mysite.template:/etc/nginx/conf.d/mysite.template
	- ./nginx.key:/etc/nginx/ssl/nginx.key
	- ./bundled_nginx.cer:/etc/nginx/ssl/nginx.crt
	- .:/data/www
	ports:
	- "443:443"
	links:
	- "girder:girder"
	environment:
	- NGINX_HOST=hostname.mit.edu
	- NGINX_PORT=80
	command: /bin/bash -c "envsubst '$$NGINX_HOST $$NGINX_PORT' < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"

	mongodb:
	image: mongo:3.0
	ports:
	- "27017"
	volumes:
	#- "/storage/gablab001/db/voicedb/girder:/data/db"
	- "/data/db"

	girder:
	image: girder/girder
	ports:
	- "8080"
	volumes:
	- "/vagrant/girder-vm/assetstore:/assetstore"
	- "/vagrant/girder-vm/logs/girder:/logs"
	- "./girder.cfg:/etc/girder.cfg"
	links:
	- "mongodb:mongodb"
	command: -d mongodb://mongodb:27017/girder
	server {
	server_name ${NGINX_HOST};
	listen ${NGINX_PORT};
	listen 443 ssl;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /etc/nginx/ssl/nginx.key;


	location / {
	root /data/www;
	}

	location /girder/ {
	if ($request_method = 'OPTIONS') {
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Credentials' 'true';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Mo\
	dified-Since,Cache-Control, Accept-Encoding, Authorization, Content-Disposition, Content-Type, Cookie, Girder-Auth\
	orization, Girder-Token, X-Forwarded-Server, X-Forwarded-For, X-Forwarded-Host, Remote-Addr';
	#
	# Tell client that this pre-flight info is valid for 20 days
	#
	add_header 'Access-Control-Max-Age' 1728000;
	add_header 'Content-Type' 'text/plain charset=UTF-8';
	add_header 'Content-Length' 0;
	return 204;
	}
	proxy_set_header 'Access-Control-Allow-Origin' '*';
	proxy_set_header 'Access-Control-Allow-Credentials' 'true';
	proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
	proxy_set_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If\
	-Modified-Since,Cache-Control, Accept-Encoding, Authorization, Content-Disposition, Content-Type, Cookie, Girder-A\
	uthorization, Girder-Token, X-Forwarded-Server, X-Forwarded-For, X-Forwarded-Host, Remote-Addr';

	client_max_body_size 0;
	proxy_set_header Host $proxy_host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_pass http://girder:8080/;
	# Must set the following for SSE notifications to work
	proxy_buffering off;
	proxy_cache off;
	proxy_set_header Connection '';
	proxy_http_version 1.1;
	chunked_transfer_encoding off;
	proxy_read_timeout 600s;
	proxy_send_timeout 600s;
	}
	}
	Vagrant.configure("2") do \|config\|
	config.vm.box = "ubuntu/trusty64"

	config.vm.hostname = "hostname.mit.edu"

	config.vm.network :public_network, ip: "XX.YY.ZZ.IP"
	# default router
	config.vm.provision "shell",
	run: "always",
	inline: "route add default gw XX.YY.ZZ.1"

	# delete default gw on eth0
	config.vm.provision "shell",
	run: "always",
	inline: "eval `route -n \| awk '{ if ($8 ==\"eth0\" && $2 != \"0.0.0.0\") print \"route del default gw \" $2; }'`"

	config.vm.post_up_message = "Girder is running at https:/hostname.mit.edu/girder"

	config.vm.synced_folder ".", "/vagrant", disabled: true
	config.vm.synced_folder ".", "/home/vagrant/girder"
	config.vm.synced_folder "/storage/db/voicedb/", "/vagrant"

	config.vm.provider "virtualbox" do \|virtualbox\|
	virtualbox.name = "girder-voice"
	virtualbox.memory = 4096
	virtualbox.cpus = 4
	end

	config.vm.provision :docker
	config.vm.provision :docker_compose, yml: "/home/vagrant/girder/docker-compose-vagrant.yml", run: "always"
	end