From 12e9ea787d2b95bc96cd78b84599c2e1f6963527 Mon Sep 17 00:00:00 2001 From: Christiaan den Besten Date: Wed, 2 Apr 2025 09:50:24 +0200 Subject: [PATCH 01/10] Update docker-compose.yml Small 'hostname' fixes for oidcplayground server/gui --- core/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/docker-compose.yml b/core/docker-compose.yml index aae8f4d..266cb45 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -192,7 +192,7 @@ services: image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-gui:3.0.1 networks: coreconextdev: - hostname: oidcplagroundgui.docker + hostname: oidcplaygroundgui.docker profiles: - "oidc" - "teams" @@ -209,7 +209,7 @@ services: coreconextdev: entrypoint: /__cacert_entrypoint.sh command: "java -jar app.jar --spring.profiles.active=devconf" - hostname: oidcserver.docker + hostname: oidcplaygroundserver.docker working_dir: / profiles: - "oidc" From 27d4750436257e25afa9ef677007f1ccb3dd9e7d Mon Sep 17 00:00:00 2001 From: Bas Zoetekouw Date: Wed, 21 May 2025 14:59:32 +0200 Subject: [PATCH 02/10] Switch to different mongo container that Just Works on arm64 Needs some hackery to initialize the replication sets # Conflicts: # core/docker-compose.yml --- core/docker-compose.yml | 69 +++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 201723f..cd69333 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -50,40 +50,49 @@ services: - 3306:3306 mongo: - image: bitnami/mongodb:7.0 + image: mongo:7 environment: - MONGO_INITDB_ROOT_USERNAME: root - MONGO_INITDB_ROOT_PASSWORD: secret - MONGODB_ROOT_PASSWORD: secret - MONGODB_REPLICA_SET_NAME: openconext - MONGODB_REPLICA_SET_MODE: primary - MONGODB_REPLICA_SET_KEY: secretsecret - MONGODB_ADVERTISED_HOSTNAME: mongodb - # Force QEMU emulation instead of Rosetta for x86_64 Apple Silicon Macs. - # Rosetta does not support AVX instructions, which this MongoD image requires, causing an - # "Illegal instruction" error when starting the container: - # /opt/bitnami/scripts/libos.sh: line 346: 50 Illegal instruction "$@" > /dev/null 2>&1 - EXPERIMENTAL_DOCKER_DESKTOP_FORCE_QEMU: 1 + MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USERNAME:-root} + MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD:-secret} + MONGO_REPLICA_SET_NAME: ${MONGODB_RS_NAME:-openconext} volumes: - ./mongo/:/docker-entrypoint-initdb.d/ - - openconext_mongodb:/bitnami/mongodb + - openconext_mongodb:/data/db healthcheck: - test: - [ - "CMD", - "mongosh", - "-u", - "managerw", - "-p", - "secret", - "--eval", - "db.stats().ok", - "mongodb://127.0.0.1/manage", - ] - interval: 10s - timeout: 10s - retries: 3 - start_period: 20s + test: | + # After starting, but before being used, we need to initialize the Mongo replication set + # we abuse the healthcheck for that, because we need to check the health status anyway + mongosh -u $${MONGO_INITDB_ROOT_USERNAME} -p $${MONGO_INITDB_ROOT_PASSWORD} --eval ' + try { + rs.status().ok; + } + catch ({ name, message }) { + print("error:" + name); + print("message:" + message); + if (name=="MongoServerError" && message.includes("no replset config has been received")) { + rs.initiate({ + _id : "${MONGODB_RS_NAME:-openconext}", + members: [ { _id: 0, host: "mongodb:27017" } ] + }); + rs.status().ok; + } + }; + ' + interval: 2s + timeout: 3s + retries: 5 + entrypoint: > + bash -c ' + openssl rand -base64 756 > /keyfile \ + && chown mongodb:mongodb /keyfile \ + && chmod 400 /keyfile \ + && exec docker-entrypoint.sh $$@ + ' + command: | + mongod --bind_ip_all --replSet ${MONGODB_RS_NAME:-openconext} --keyFile /keyfile + restart: always + ports: + - "27017:27017" networks: coreconextdev: hostname: mongodb From 5c753a8d4de1b84ce844b97485b2cf3426d3cf88 Mon Sep 17 00:00:00 2001 From: Stephan Kok Date: Tue, 8 Jul 2025 11:45:27 +0200 Subject: [PATCH 03/10] engine - compatible with symfony 4 upgrade --- core/engine/appconf.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/engine/appconf.conf b/core/engine/appconf.conf index 66f2521..e1a930f 100644 --- a/core/engine/appconf.conf +++ b/core/engine/appconf.conf @@ -1,14 +1,14 @@ -DocumentRoot /var/www/html/web +DocumentRoot /var/www/html/public ServerName engine SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + Require all granted Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app.php [QSA,L] + RewriteRule ^(.*)$ index.php [QSA,L] Header always set X-Content-Type-Options "nosniff" From 69bf9ee19b2ce506aff10eb8801b1694248f4e33 Mon Sep 17 00:00:00 2001 From: Stephan Kok Date: Tue, 22 Jul 2025 14:21:37 +0200 Subject: [PATCH 04/10] engine - compatible with symfony 4 upgrade --- core/.env.ci.dist | 3 ++- core/README.md | 15 +++++++++++++++ core/docker-compose.yml | 3 ++- core/engine/appconf.conf | 2 -- core/engine/docker-compose.override.yml | 4 ++-- 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/core/.env.ci.dist b/core/.env.ci.dist index a72c7d2..7a2b012 100644 --- a/core/.env.ci.dist +++ b/core/.env.ci.dist @@ -1,2 +1,3 @@ APP_ENV=ci -SYMFONY_ENV=ci +APP_DEBUG=true +APP_SECRET=secret diff --git a/core/README.md b/core/README.md index 7b5aa1f..dc39734 100644 --- a/core/README.md +++ b/core/README.md @@ -84,3 +84,18 @@ To mount the code in multiple containers: `start-dev-env.sh profile:../../OpenConext-profile userlifecycle:../../OpenConext-user-lifecycle` You can add as many services+local code paths that you need. The recommended way is to use absolute paths and the script requires the name of the service and local code path to be separated by a `:`, for each service. + +# Tips + +To start engine in local development environment use from this directory; + +Ensure a file `.env` exists with: +```shell +APP_ENV=dev +APP_DEBUG=true +APP_SECRET=secret +``` +```shell +./start-dev-env.sh engine:../../OpenConext-engineblock/ +``` +To change the running env, just edit `APP_ENV=ci` for example and re-run `./start-dev-env.sh engine:../../OpenConext-engineblock/`. You do not have to recreate all services, only to reload engineblock. diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 201723f..ebf9df7 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -107,7 +107,8 @@ services: condition: service_healthy environment: - APP_ENV=${APP_ENV:-prod} - - SYMFONY_ENV=${APP_ENV:-prod} + - APP_DEBUG=${APP_ENV:-false} + - APP_SECRET=${APP_SECRET:?APP_SECRET is not set} profile: image: ghcr.io/openconext/openconext-profile/profile:prod diff --git a/core/engine/appconf.conf b/core/engine/appconf.conf index e1a930f..9e8111c 100644 --- a/core/engine/appconf.conf +++ b/core/engine/appconf.conf @@ -14,8 +14,6 @@ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 Header always set X-Content-Type-Options "nosniff" SetEnv HTTPS on -#SetEnv ENGINEBLOCK_ENV dev -#SetEnv SYMFONY_ENV dev RewriteEngine On # We support only GET/POST diff --git a/core/engine/docker-compose.override.yml b/core/engine/docker-compose.override.yml index fdc6a68..17a1a7f 100644 --- a/core/engine/docker-compose.override.yml +++ b/core/engine/docker-compose.override.yml @@ -10,8 +10,8 @@ services: - ./engine/appconf.conf:/etc/apache2/sites-enabled/appconf.conf environment: - APP_ENV=${APP_ENV:-dev} - - SYMFONY_ENV=${APP_ENV:-dev} - - APP_DEBUG=1 + - APP_DEBUG=${APP_DEBUG:-true} + - APP_SECRET=${APP_SECRET:-secret} healthcheck: test: ["CMD", "true"] interval: 10s From 823139a0cc118ea9dca2876972f958375acc0a6b Mon Sep 17 00:00:00 2001 From: Johan Kromhout Date: Tue, 16 Sep 2025 12:05:27 +0200 Subject: [PATCH 05/10] PHP 8.2 --- core/engine/docker-compose.override.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/engine/docker-compose.override.yml b/core/engine/docker-compose.override.yml index 17a1a7f..e7b92ef 100644 --- a/core/engine/docker-compose.override.yml +++ b/core/engine/docker-compose.override.yml @@ -4,7 +4,7 @@ # the container. It will destroy the sub-mount!! services: engine: - image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php72-apache2-node14-composer2:latest} + image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php82-apache2-node20-composer2:latest} volumes: - ${ENGINE_CODE_PATH}:/var/www/html - ./engine/appconf.conf:/etc/apache2/sites-enabled/appconf.conf From 88a142e2483934606cdb1b13b6f14ec23bffbd98 Mon Sep 17 00:00:00 2001 From: Johan Kromhout Date: Wed, 24 Sep 2025 14:12:18 +0200 Subject: [PATCH 06/10] Use bin/console & var/cache instead of app/console & app/cache --- core/scripts/init.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/core/scripts/init.sh b/core/scripts/init.sh index a29eb04..19aeb71 100755 --- a/core/scripts/init.sh +++ b/core/scripts/init.sh @@ -17,16 +17,16 @@ docker compose exec engine timeout 300 bash -c 'while [[ "$(curl -k -s -o /dev/n echo -e "${ORANGE}First, we will initialise the EB database$NOCOLOR ${GREEN}\xE2\x9C\x94${NOCOLOR}" echo "Checking if the database is already present" -if ! docker compose exec engine /var/www/html/app/console doctrine:schema:validate -q --skip-mapping --env=prod; then +if ! docker compose exec engine /var/www/html/bin/console doctrine:schema:validate -q --skip-mapping --env=prod; then echo creating the database schema - echo "Executing docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod" - docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod + echo "Executing docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod" + docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod # TODO: Use migrations instead of schema:create. Not both. @see https://github.com/OpenConext/OpenConext-engineblock/issues/1861 fi echo "Clearing the cache" -echo "Executing docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod" -docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod -docker compose exec engine chown -R www-data:www-data /var/www/html/app/cache/ +echo "Executing docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod" +docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod +docker compose exec engine chown -R www-data:www-data /var/www/html/var/cache/ # Now it's time to bootstrap manage # Bring up containers needed for bootstrapping manage From fd61ee825ad8beda4f854292b983b927d799f7ba Mon Sep 17 00:00:00 2001 From: Stephan Kok Date: Tue, 8 Jul 2025 11:45:27 +0200 Subject: [PATCH 07/10] engine - compatible with symfony 4 upgrade --- core/engine/appconf.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/engine/appconf.conf b/core/engine/appconf.conf index 66f2521..e1a930f 100644 --- a/core/engine/appconf.conf +++ b/core/engine/appconf.conf @@ -1,14 +1,14 @@ -DocumentRoot /var/www/html/web +DocumentRoot /var/www/html/public ServerName engine SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + Require all granted Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app.php [QSA,L] + RewriteRule ^(.*)$ index.php [QSA,L] Header always set X-Content-Type-Options "nosniff" From b6e03ab3416cb4f04d032fa34fb354a9e331a181 Mon Sep 17 00:00:00 2001 From: Stephan Kok Date: Tue, 22 Jul 2025 14:21:37 +0200 Subject: [PATCH 08/10] engine - compatible with symfony 4 upgrade --- core/.env.ci.dist | 3 ++- core/README.md | 15 +++++++++++++++ core/docker-compose.yml | 3 ++- core/engine/appconf.conf | 2 -- core/engine/docker-compose.override.yml | 4 ++-- 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/core/.env.ci.dist b/core/.env.ci.dist index a72c7d2..7a2b012 100644 --- a/core/.env.ci.dist +++ b/core/.env.ci.dist @@ -1,2 +1,3 @@ APP_ENV=ci -SYMFONY_ENV=ci +APP_DEBUG=true +APP_SECRET=secret diff --git a/core/README.md b/core/README.md index 7b5aa1f..dc39734 100644 --- a/core/README.md +++ b/core/README.md @@ -84,3 +84,18 @@ To mount the code in multiple containers: `start-dev-env.sh profile:../../OpenConext-profile userlifecycle:../../OpenConext-user-lifecycle` You can add as many services+local code paths that you need. The recommended way is to use absolute paths and the script requires the name of the service and local code path to be separated by a `:`, for each service. + +# Tips + +To start engine in local development environment use from this directory; + +Ensure a file `.env` exists with: +```shell +APP_ENV=dev +APP_DEBUG=true +APP_SECRET=secret +``` +```shell +./start-dev-env.sh engine:../../OpenConext-engineblock/ +``` +To change the running env, just edit `APP_ENV=ci` for example and re-run `./start-dev-env.sh engine:../../OpenConext-engineblock/`. You do not have to recreate all services, only to reload engineblock. diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 30af45d..fa5813b 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -116,7 +116,8 @@ services: condition: service_healthy environment: - APP_ENV=${APP_ENV:-prod} - - SYMFONY_ENV=${APP_ENV:-prod} + - APP_DEBUG=${APP_ENV:-false} + - APP_SECRET=${APP_SECRET:?APP_SECRET is not set} profile: image: ghcr.io/openconext/openconext-profile/profile:prod diff --git a/core/engine/appconf.conf b/core/engine/appconf.conf index e1a930f..9e8111c 100644 --- a/core/engine/appconf.conf +++ b/core/engine/appconf.conf @@ -14,8 +14,6 @@ SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 Header always set X-Content-Type-Options "nosniff" SetEnv HTTPS on -#SetEnv ENGINEBLOCK_ENV dev -#SetEnv SYMFONY_ENV dev RewriteEngine On # We support only GET/POST diff --git a/core/engine/docker-compose.override.yml b/core/engine/docker-compose.override.yml index fdc6a68..17a1a7f 100644 --- a/core/engine/docker-compose.override.yml +++ b/core/engine/docker-compose.override.yml @@ -10,8 +10,8 @@ services: - ./engine/appconf.conf:/etc/apache2/sites-enabled/appconf.conf environment: - APP_ENV=${APP_ENV:-dev} - - SYMFONY_ENV=${APP_ENV:-dev} - - APP_DEBUG=1 + - APP_DEBUG=${APP_DEBUG:-true} + - APP_SECRET=${APP_SECRET:-secret} healthcheck: test: ["CMD", "true"] interval: 10s From e71f83cb24e6abad4d58017e1c13e0675b16247f Mon Sep 17 00:00:00 2001 From: Johan Kromhout Date: Tue, 16 Sep 2025 12:05:27 +0200 Subject: [PATCH 09/10] PHP 8.2 --- core/engine/docker-compose.override.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/engine/docker-compose.override.yml b/core/engine/docker-compose.override.yml index 17a1a7f..e7b92ef 100644 --- a/core/engine/docker-compose.override.yml +++ b/core/engine/docker-compose.override.yml @@ -4,7 +4,7 @@ # the container. It will destroy the sub-mount!! services: engine: - image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php72-apache2-node14-composer2:latest} + image: ghcr.io/openconext/openconext-basecontainers/${ENGINE_PHP_IMAGE:-php82-apache2-node20-composer2:latest} volumes: - ${ENGINE_CODE_PATH}:/var/www/html - ./engine/appconf.conf:/etc/apache2/sites-enabled/appconf.conf From c2912eb5fc86019978eb65409bd81ccdcae79815 Mon Sep 17 00:00:00 2001 From: Johan Kromhout Date: Wed, 24 Sep 2025 14:12:18 +0200 Subject: [PATCH 10/10] Use bin/console & var/cache instead of app/console & app/cache --- core/scripts/init.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/core/scripts/init.sh b/core/scripts/init.sh index a29eb04..19aeb71 100755 --- a/core/scripts/init.sh +++ b/core/scripts/init.sh @@ -17,16 +17,16 @@ docker compose exec engine timeout 300 bash -c 'while [[ "$(curl -k -s -o /dev/n echo -e "${ORANGE}First, we will initialise the EB database$NOCOLOR ${GREEN}\xE2\x9C\x94${NOCOLOR}" echo "Checking if the database is already present" -if ! docker compose exec engine /var/www/html/app/console doctrine:schema:validate -q --skip-mapping --env=prod; then +if ! docker compose exec engine /var/www/html/bin/console doctrine:schema:validate -q --skip-mapping --env=prod; then echo creating the database schema - echo "Executing docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod" - docker compose exec engine /var/www/html/app/console doctrine:schema:create --env prod + echo "Executing docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod" + docker compose exec engine /var/www/html/bin/console doctrine:schema:create --env prod # TODO: Use migrations instead of schema:create. Not both. @see https://github.com/OpenConext/OpenConext-engineblock/issues/1861 fi echo "Clearing the cache" -echo "Executing docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod" -docker compose exec engine /var/www/html/app/console cache:clear -n --env=prod -docker compose exec engine chown -R www-data:www-data /var/www/html/app/cache/ +echo "Executing docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod" +docker compose exec engine /var/www/html/bin/console cache:clear -n --env=prod +docker compose exec engine chown -R www-data:www-data /var/www/html/var/cache/ # Now it's time to bootstrap manage # Bring up containers needed for bootstrapping manage