Skip to content

Instantly share code, notes, and snippets.

@ziouf

ziouf/_README.md

Last active July 22, 2018 07:47
Show Gist options
  • Save ziouf/a965b586e5e8e074b4acd32279651fda to your computer and use it in GitHub Desktop.
Save ziouf/a965b586e5e8e074b4acd32279651fda to your computer and use it in GitHub Desktop.
Download ZIP
Secretin Docker stack (compile + run)
Raw
_README.md

Secret-in.me

Why this gist

Official seret-in.me project is missing a simple way to build and deploy the full stack. This Gist is just a pack of dockerfiles to give a response to the issue.

How to build and run project

# Pull pre-built images
docker-compose -f docker-compose.yml pull
# Build images
docker-compose -f docker-compose.yml build
# Start service stack
docker-compose -f docker-compose.yml up

How to use it

  • Open http://localhost:80 with your favorite web browser
  • Create an account
  • Save and share your secrets

Credits

Official Website

Projects repositories

Project name Github repository
Library https://github.com/secretin/secretin-lib
Server https://github.com/secretin/secretin-server
Client https://github.com/secretin/secretin-app
Heavy client https://github.com/secretin/secretin-windows
Raw
docker-compose.yml
version: '3'
services:
proxy:
image: traefik
volumes:
- ./traefik.toml:/etc/traefik/traefik.toml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- traefik.enable=false
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- proxy
app:
image: secret-in.me/app
restart: unless-stopped
build:
context: .
dockerfile: dockerfile.secretin-app
args:
- version=2.1.1
- api_url=http://server:3000
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.frontend.rule=Host:secret-in.me
- traefik.port=80
- traefik.protocol=https
networks:
- proxy
server:
image: secret-in.me/server
restart: unless-stopped
build:
context: .
dockerfile: dockerfile.secretin-server
args:
- version=2.1.0
- port=3000
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.frontend.rule=Host:api.secret-in.me
- traefik.port=3000
- traefik.protocol=https
depends_on:
- server-db
- server-redis
environment:
SECRETIN_SERVER_REDIS_URL: redis://anonymous@server-redis:6379
SECRETIN_SERVER_COUCHDB_URL: http://server-db:5984/secretin
ports:
- 3000:3000
networks:
- proxy
- backend
server-db:
image: apache/couchdb:2.1.1
restart: unless-stopped
labels:
- traefik.enable=false
volumes:
- db:/opt/couchdb/data:rw
networks:
- backend
server-redis:
image: redis:3.2.5
restart: unless-stopped
labels:
- traefik.enable=false
networks:
- backend
networks:
proxy:
backend:
volumes:
db:
Raw
dockerfile.secretin-app
# Get sources phase
FROM buildpack-deps:stable-scm AS clone
ARG version=2.1.1
RUN git clone https://github.com/secretin/secretin-app.git --branch ${version} /tmp/secretin
# Bulid phase
FROM node:8 AS build
ARG api_url=https://api.secret-in.me
ENV REACT_APP_API_SECRETIN=${api_url}
# Copy sources
COPY --from=clone /tmp/secretin /tmp/secretin
# Set working directory
WORKDIR /tmp/secretin
# Install tools
RUN apt-get -qq update && apt-get -qq install -y jq moreutils && rm -rf /var/cache/apt/archives/*
# Workarround for building with node 8+
RUN jq '. * {"resolutions": {"electron-download": "4.1.0"}}' package.json | sponge package.json \
&& jq '. * {"devDependencies": {"electron-packager": "^12"}}' package.json | sponge package.json \
&& jq '. * {"devDependencies": {"react-scripts": "^1"}}' package.json | sponge package.json \
&& jq '. * {"devDependencies": {"node-sass": "^4"}}' package.json | sponge package.json
# Run build
RUN yarn add webpack node-forge --dev \
&& yarn install \
&& yarn run build
# Setup secretin api
RUN sed -i "s#http://devapi.secret-in.me:3000#${api_url}#g" build/static/js/*.js
# Run app
FROM nginx:stable AS run
ARG version=2.1.1
# Labels
LABEL secretin.app="secretin-app"
LABEL secretin.version=${version}
LABEL secretin.project="https://github.com/secretin/secretin-app"
LABEL maintainer="Cyril MARIN <[email protected]>"
# Copy files
COPY --from=build /tmp/secretin/build /usr/share/nginx/html
# Expose port
EXPOSE 80
# Command
CMD [ "nginx", "-g", "daemon off;" ]
Raw
dockerfile.secretin-server
# Get sources phase
FROM buildpack-deps:stable-scm AS scm
ARG version=2.1.0
RUN git clone https://github.com/secretin/secretin-server.git --branch ${version} /tmp/secretin
# Build phase
FROM node:8 AS build
COPY --from=scm /tmp/secretin /tmp/secretin
WORKDIR /tmp/secretin
RUN yarn install \
&& yarn build \
&& npm install --production
# Run phase
FROM node:8 AS run
ARG version=2.1.0
ARG port=3000
# Define labels
LABEL secretin.app="secretin-server"
LABEL secretin.version=${version}
LABEL secretin.project="https://github.com/secretin/secretin-server"
LABEL maintainer="Cyril MARIN <[email protected]>"
# PID 1 needs to handle process reaping and signals
# https://engineeringblog.yelp.com/2016/01/dumb-init-an-init-for-docker.html
RUN curl -L https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 > /usr/local/bin/dumb-init && chmod +x /usr/local/bin/dumb-init
# Setup environment
ENV DAEMON_DIR="/usr/local/lib/secretin"
ENV DAEMON_UID="secretin"
ENV SECRETIN_SERVER_PORT=${port}
ENV BEHIND_REVERSE_PROXY=0
# Create application user
RUN useradd -U --system --no-create-home --shell /bin/bash ${DAEMON_UID}
# Copy files
COPY --from=build /tmp/secretin/dist ${DAEMON_DIR}/dist
COPY --from=build /tmp/secretin/node_modules ${DAEMON_DIR}/node_modules
COPY run.sh ${DAEMON_DIR}/secretin.sh
RUN chmod u+x,go-rwx ${DAEMON_DIR}/secretin.sh \
&& chmod -R go-rwx ${DAEMON_DIR} \
&& chown -R ${DAEMON_UID}:${DAEMON_UID} ${DAEMON_DIR}
# Define working directory
WORKDIR ${DAEMON_DIR}
# Expose port
EXPOSE ${port}
# Define entrypoint
ENTRYPOINT [ "/usr/local/bin/dumb-init", "--" ]
# Define user
USER ${DAEMON_UID}
# Define run command
CMD [ "sh", "-c", "${DAEMON_DIR}/secretin.sh" ]
Raw
run.sh
#! /usr/bin/env bash
couchdb_url=${SECRETIN_SERVER_COUCHDB_URL%/*}
until curl -s ${couchdb_url}
do
echo "Waiting for couchdb to be available"
sleep 1
done
for table in _global_changes _metadata _replicator _users;
do
echo "Creating table ${table} if needed"
curl -s -X PUT ${couchdb_url}/${table}
done
echo "Starting secretin-server"
node dist
Raw
traefik.toml
################################################################
# Global configuration
################################################################
# Enable debug mode
#
# Optional
# Default: false
#
# debug = true
# Log level
#
# Optional
# Default: "ERROR"
#
# logLevel = "DEBUG"
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
# [traefikLog]
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "log/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
[api]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
# Enabled Dashboard
#
# Optional
# Default: true
#
# dashboard = false
################################################################
# Ping configuration
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
[docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Optional
# Default: ""
#
domain = "secret-in.me"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedByDefault = false
watch = true
################################################################
# Let's Encrypt configuration
################################################################
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment