feat: Configure Puma server and Local docker-compose with HTTPS (#445)

* feat: Local docker-compose * fix: Update make run command * fix: Local docker-compose * fix: Webpacker compilation * fix: Local docker-compose * fix: Docker-compose with https in local * doc: Add Getting started with Docker in README * fix: Add letter_opener gem to global scope * feat: Add docker commands to Makefile * fix: backport fix docker-compose * refactor: Remove not needed entrypoint.local.sh * feat: Generate SSL certificate in Dockerfile.local * fix: Fine tuning puma on docker-compose local * lint: Fix rubocop offense * Update GETTING_STARTED_DOCKER.md fix typo --------- Co-authored-by: ailepet <[email protected]>
OpenSourcePolitics · Dec 13, 2023 · 2c218e2 · 2c218e2
1 parent 798aea5
commit 2c218e2
Show file tree

Hide file tree

Showing 9 changed files with 168 additions and 43 deletions.
diff --git a/.env-example b/.env-example
@@ -67,4 +67,9 @@ DEFACE_ENABLED=false
 DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS=365
 DECIDIM_ADMIN_PASSWORD_MIN_LENGTH=15
 DECIDIM_ADMIN_PASSWORD_REPETITION_TIMES=5
-DECIDIM_ADMIN_PASSWORD_STRONG="false"
+DECIDIM_ADMIN_PASSWORD_STRONG="false"
+# Puma server configuration
+# PUMA_MIN_THREADS=5
+# PUMA_MAX_THREADS=5
+# PUMA_WORKERS=0
+# PUMA_PRELOAD_APP=false
diff --git a/.gitignore b/.gitignore
@@ -97,3 +97,4 @@ yarn-debug.log*
 coverage/
 public/sw.js*
 app/compiled_views/
+certificate-https-local/
diff --git a/Dockerfile.local b/Dockerfile.local
@@ -0,0 +1,56 @@
+# Builder Stage
+FROM ruby:3.0.6-slim as builder
+
+ENV RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy
+
+WORKDIR /app
+
+RUN apt-get update -q && \
+    apt-get install -yq libpq-dev curl git libicu-dev build-essential openssl && \
+    curl https://deb.nodesource.com/setup_16.x | bash && \
+    apt-get install -y nodejs && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    npm install --global yarn && \
+    gem install bundler:2.4.9
+
+COPY Gemfile Gemfile.lock ./
+RUN bundle config set --local without 'development test' && \
+    bundle install -j"$(nproc)"
+
+COPY package.json yarn.lock ./
+COPY packages packages
+RUN yarn install --frozen-lock
+
+COPY . .
+
+RUN bundle exec bootsnap precompile --gemfile app/ lib/ config/ bin/ db/ && \
+    bundle exec rails deface:precompile && \
+    bundle exec rails assets:precompile
+
+run mkdir certificate-https-local
+RUN openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=France/L=Paris/O=decidim/CN=decidim.eu" -keyout ./certificate-https-local/key.pem -out ./certificate-https-local/cert.pem;
+
+# Runner Stage
+FROM ruby:3.0.6-slim as runner
+
+ENV RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy \
+    RAILS_LOG_TO_STDOUT=true \
+    LD_PRELOAD="libjemalloc.so.2" \
+    MALLOC_CONF="background_thread:true,metadata_thp:auto,dirty_decay_ms:5000,muzzy_decay_ms:5000,narenas:2"
+
+WORKDIR /app
+
+RUN apt-get update -q && \
+    apt-get install -yq postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    gem install bundler:2.4.9
+
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+COPY --from=builder /app /app
+
+EXPOSE 3000
+CMD ["bundle", "exec", "rails", "server", "-b", "ssl://0.0.0.0:3000?key=/app/certificate-https-local/key.pem&cert=/app/certificate-https-local/cert.pem"]
diff --git a/Gemfile b/Gemfile
@@ -42,14 +42,14 @@ gem "dotenv-rails", "~> 2.7"
 gem "faker", "~> 2.14"
 gem "fog-aws"
 gem "foundation_rails_helper", git: "https://github.com/sgruhier/foundation_rails_helper.git"
+gem "letter_opener_web", "~> 1.3"
 gem "nokogiri", "1.13.4"
 gem "omniauth-rails_csrf_protection", "~> 1.0"
 gem "puma", ">= 5.5.1"
 gem "rack-attack", "~> 6.6"
 gem "sys-filesystem"
 
 group :development do
-  gem "letter_opener_web", "~> 1.3"
   gem "listen", "~> 3.1"
   gem "rubocop-faker"
   gem "spring", "~> 2.0"

diff --git a/Makefile b/Makefile
@@ -1,35 +1,36 @@
-# Starts with production configuration
-local-prod:
-	docker-compose up -d
-
-# Starts with development configuration
-# TODO: Fix seeds for local-dev make command
-local-dev:
-	docker-compose -f docker-compose.dev.yml up -d
-	@make create-database
-	@make run-migrations
-	#@make create-seeds
+run: up
+	@make create-seeds
+
+up:
+	docker-compose -f docker-compose.local.yml up --build -d
+	@make setup-database
 
 # Stops containers and remove volumes
 teardown:
-	docker-compose down -v --rmi all
-
-# Starts containers and restore dump
-local-restore:
-	@make create-database
-	@make -i restore-dump
-	@make run-migrations
-	@make start
+	docker-compose -f docker-compose.local.yml down -v --rmi all
 
-# Create database
 create-database:
-	docker-compose run app bundle exec rails db:create
-# Run migrations
-run-migrations:
-	docker-compose run app bundle exec rails db:migrate
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:create'
+
+setup-database: create-database
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:migrate'
+
 # Create seeds
 create-seeds:
-	docker-compose exec -e RAILS_ENV=development app /bin/bash -c '/usr/local/bundle/bin/bundle exec rake db:seed'
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:schema:load db:seed'
+
 # Restore dump
 restore-dump:
 	bundle exec rake restore_dump
+
+shell:
+	docker-compose -f docker-compose.local.yml exec app /bin/bash
+
+restart:
+	docker-compose -f docker-compose.local.yml up -d
+
+status:
+	docker-compose -f docker-compose.local.yml ps
+
+logs:
+	docker-compose -f docker-compose.local.yml logs app
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ Some non-official customizations can be found see [OVERLOADS.MD](./OVERLOADS.md)
 
 ## 🚀 Getting started
 - See our [installation guide](./docs/GETTING_STARTED.md) to run a decidim-app by OSP locally
+- See our [Docker installation guide](./docs/GETTING_STARTED_DOCKER.md) to run a decidim-app by OSP locally with Docker
 - See our [homepage interactive map module](./docs/HOMEPAGE_INTERACTIVE_MAP.md) to configure module (OSX/Ubuntu)
 
 ## 👋 Contributing

diff --git a/config/puma.rb b/config/puma.rb
@@ -5,9 +5,10 @@
 # Any libraries that use thread pools should be configured to match
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
 # and maximum; this matches the default thread size of Active Record.
-#
-threads_count = ENV.fetch("RAILS_MAX_THREADS", 5)
-threads threads_count, threads_count
+
+min_threads_count = ENV.fetch("PUMA_MIN_THREADS", 5).to_i
+max_threads_count = ENV.fetch("PUMA_MAX_THREADS", 5).to_i
+threads min_threads_count, max_threads_count
 
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
 #
@@ -22,15 +23,16 @@
 # the concurrency of the application would be max `threads` * `workers`.
 # Workers do not work on JRuby or Windows (both of which do not support
 # processes).
-#
-# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
+workers_count = ENV.fetch("PUMA_WORKERS", -1).to_i
+workers workers_count if workers_count.positive?
 
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write
 # process behavior so workers use less memory.
 #
-# preload_app!
+
+preload_app! if ENV.fetch("PUMA_PRELOAD_APP", "false") == "true"
 
 # Allow puma to be restarted by `rails restart` command.
 plugin :tmp_restart
diff --git a/docker-compose.dev.yml → docker-compose.local.yml b/docker-compose.dev.yml → docker-compose.local.yml
@@ -19,35 +19,59 @@ services:
   sidekiq:
     build:
       context: .
+      dockerfile: Dockerfile.local
     command: [ "bundle", "exec", "sidekiq", "-C", "config/sidekiq.yml" ]
     environment:
-      - REDIS_URL=redis://redis:6379
-      - MEMCACHE_SERVERS=memcached:11211
       - DATABASE_HOST=database
       - DATABASE_USERNAME=postgres
+      - DECIDIM_HOST=localhost
+      - REDIS_URL=redis://redis:6379
+      - MEMCACHE_SERVERS=memcached:11211
+      - RAILS_SERVE_STATIC_FILES=true
+      - RAILS_LOG_TO_STDOUT=true
+      - ASSET_HOST=localhost:3000
+      - FORCE_SSL=1
+      - ENABLE_LETTER_OPENER=1
+      - SEED=true
+      - DEFACE_ENABLED=false
+      - QUESTION_CAPTCHA_HOST=
+      - ENABLE_RACK_ATTACK=0
+      - PUMA_MIN_THREADS=5
+      - PUMA_MAX_THREADS=5
+      - PUMA_WORKERS=4
+      - PUMA_PRELOAD_APP=true
     depends_on:
       - app
+    volumes:
+      - shared-volume:/app
     links:
       - database
       - redis
   app:
     build:
       context: .
-    volumes:
-      - .:/app
-      - node_modules:/app/node_modules
+      dockerfile: Dockerfile.local
     environment:
       - DATABASE_HOST=database
       - DATABASE_USERNAME=postgres
-      - DECIDIM_HOST=0.0.0.0
+      - DECIDIM_HOST=localhost
       - REDIS_URL=redis://redis:6379
       - MEMCACHE_SERVERS=memcached:11211
       - RAILS_SERVE_STATIC_FILES=true
       - RAILS_LOG_TO_STDOUT=true
-      - FORCE_SSL="0"
-      - LETTER_OPENER_ENABLED="true"
+      - ASSET_HOST=localhost:3000
+      - FORCE_SSL=1
+      - ENABLE_LETTER_OPENER=1
       - SEED=true
       - DEFACE_ENABLED=false
+      - QUESTION_CAPTCHA_HOST=
+      - ENABLE_RACK_ATTACK=0
+      - PUMA_MIN_THREADS=5
+      - PUMA_MAX_THREADS=5
+      - PUMA_WORKERS=4
+      - PUMA_PRELOAD_APP=true
+    volumes:
+      - shared-volume:/app
     ports:
       - 3000:3000
     depends_on:
@@ -56,6 +80,6 @@ services:
       - memcached
 
 volumes:
-  node_modules: { }
+  shared-volume: { }
   pg-data: { }
-  redis-data: { }
+  redis-data: { }
diff --git a/docs/GETTING_STARTED_DOCKER.md b/docs/GETTING_STARTED_DOCKER.md
@@ -0,0 +1,35 @@
+# Starting DecidimApp on Docker with HTTPS !
+
+## Requirements
+* **Docker** 
+* **Docker-compose** 
+* **Git**
+* **Make**
+* **OpenSSL**
+* **PostgreSQL** 14+
+
+## Installation
+
+### Setup a clean Decidim App
+
+1. Clone repository
+2. Create a `.env` file from `.env.example` and fill it with your own values
+3. Start the application with `make up`
+
+Once containers are deployed, you should be able to visit : https://localhost:3000
+
+Also, you should be automatically redirected to https://localhost:3000/system because your database is empty.
+
+### Setup a seeded DecidimApp
+
+1. Clone repository
+2. Create a `.env` file from `.env-example` and fill it with your own values
+3. Start the application with `make run`
+
+Once containers are deployed, you should be able to visit : https://localhost:3000/ without being redirected !
+
+## Informations
+
+* Please use the `docker-compose.local.yml` in local environment because it uses `Dockerfile.local` which includes self signed certificate and allows to enable https in localhost
+* If you want to cleanup your environmen run `make teardown` : it will stop containers and remove volumes and images
+