informationgrid / ingrid-docker

European Union Public License 1.1
0 stars 1 forks source link

InGrid Sample Installation

This installation is not for production. It intended use is to get an impression of the functionality. This README covers only configuration for a local test case. The Editor (and Keycloak) require additional configuration to make this services production ready.

Clone this repository and open a shell in it. The setup works on localhost or on a remote machine. If you're on a remote, you have to change the HOST-variable, see section Change Host. This setup may cause problems if you're on a mac, see section Remarks for Mac Users.

# Use the provided sample .env file.
cp .env.sample .env

# This is the default domain-name for testing on your local machine.
# On linux *.localhost domains are per default routed to localhost, on mac you have to add this entry to /etc/hosts
# 127.0.0.1       ingrid.localhost
HOST=ingrid.localhost

# Only execute the following two commands if you run ingrid on your local machine. This will create a self-signed certificate for your localhost-domain.
# Don't execute them on a remote server. There, a valid certificate will be automatically acquired from let's encrypt.
mkdir -p ./_data/sslproxy/etc/letsencrypt/live/$HOST
openssl req -x509 -newkey rsa:4096 \
  -keyout ./_data/sslproxy/etc/letsencrypt/live/$HOST/privkey.pem \
  -out ./_data/sslproxy/etc/letsencrypt/live/$HOST/fullchain.pem \
  -nodes -days 30 -subj "/CN=*.$HOST/CN=$HOST"

# copy initial sample webmapclient data
cp -r portal/WebmapClientData.test/* _data/portal/WebmapClientData

# create empty directory for Postgres Database
mkdir ./_data/postgres-db

# the ingrid containers and elastic container run with UID 1000
sudo chown -R 1000:1000 ./_data

# increase memory for elastic; if you don't do this, elastic won't even boot because it checks for a sane value
# don't run these lines if you're on mac
sysctl vm.max_map_count
sudo sysctl -w vm.max_map_count=262144

# The installation uses docker images from a non-public docker registry. You can also build your own images by following the instructions in the specific ingrid repositories.
sudo docker login -u readonly docker-registry.wemove.com # password "readonly"
sudo docker compose up -d
sudo docker compose ps

Open the portal at https://ingrid.localhost and accept the self-signed certificate warning. The services need some time to index the sample data, so they may be inaccessible for about a minute or two.

Set confidential passwords as described in section Set Passwords.

The default installation includes all optional plugins. To disable them, comment them out in file docker-compose.yml.

Modify the default configuration via the components' admin-guis. The urls for them are:

You can find detailed explanations about the configuration on https://www.ingrid-oss.eu/latest/index.html.

Change Host

The default host is set to ingrid.localhost, which resolves to localhost on linux machines. If you are on a server, you need to configure the server's domain name as follows:

HOST=your.domain.name
sed -i "s/ingrid.localhost/$HOST/g" \
  .env \
  apache/httpd.conf \
  apache/vhost.conf \
  interface-search/descriptor.xml \
  interface-search/interface-search.properties \
  interface-csw/conf/config.override.properties \
  iplug-csw/conf/config.override.properties \
  iplug-dsc/conf/config.override.properties \
  iplug-dsc/conf/mapping/igc_to_idf_obj_dq.js \
  iplug-excel/conf/config.override.properties \
  iplug-excel/conf/config.override.properties \
  iplug-ige/config.override.properties \
  iplug-opensearch/conf/config.override.properties \
  iplug-opensearch/conf/config.override.properties \
  iplug-se/conf/config.override.properties \
  iplug-se/conf/config.override.properties \
  iplug-sns/conf/config.override.properties \
  iplug-wfs/conf/config.override.properties \
  iplug-wfs/conf/config.override.properties \
  iplug-wfs-zdm/conf/config.override.properties \
  iplug-wfs-zdm/conf/config.override.properties \
  iplug-xml/conf/config.override.properties \
  iplug-xml/conf/config.override.properties \
  iplug-xml/mapping/pom.xml_20111128102421/pom.xml_20111128102421 \
  portal/ingrid-portal-apps.override.properties \
  portal/mdek.override.properties \
  server-opensearch/plugdescription.xml \
  server-opensearch/plugdescription.xml \
  server-opensearch/ingrid-opensearch.properties

If you're on mac, use:

HOST=your.domain.name
sed -i "" "s/ingrid.localhost/$HOST/g" \
  .env \
  apache/httpd.conf \
  apache/vhost.conf \
  interface-search/descriptor.xml \
  interface-search/interface-search.properties \
  interface-csw/conf/config.override.properties \
  iplug-csw/conf/config.override.properties \
  iplug-dsc/conf/config.override.properties \
  iplug-dsc/conf/mapping/igc_to_idf_obj_dq.js \
  iplug-excel/conf/config.override.properties \
  iplug-excel/conf/config.override.properties \
  iplug-ige/config.override.properties \
  iplug-opensearch/conf/config.override.properties \
  iplug-opensearch/conf/config.override.properties \
  iplug-se/conf/config.override.properties \
  iplug-se/conf/config.override.properties \
  iplug-sns/conf/config.override.properties \
  iplug-wfs/conf/config.override.properties \
  iplug-wfs/conf/config.override.properties \
  iplug-wfs-zdm/conf/config.override.properties \
  iplug-wfs-zdm/conf/config.override.properties \
  iplug-xml/conf/config.override.properties \
  iplug-xml/conf/config.override.properties \
  iplug-xml/mapping/pom.xml_20111128102421/pom.xml_20111128102421 \
  portal/ingrid-portal-apps.override.properties \
  portal/mdek.override.properties \
  server-opensearch/plugdescription.xml \
  server-opensearch/plugdescription.xml \
  server-opensearch/ingrid-opensearch.properties

If you updated the host-setting afterwards, update your setup with:

# update containers with changed docker compose arguments (.env has changed)
sudo docker compose up -d
# update containers with changed settings files
sudo docker compose restart

Remarks

In this configuration the Editor and the Keycloak require to be called with http:// /and not https://)

Some pages of the portal are secured via http-auth as defined in ./apache/passwdfile.ingrid and in .apache/vhost.conf. The default logins are admin/admin and ingrid/ingrid. The logins for all iplugs are also admin/admin as default.

The containers can be restarted at any time. Possible running indexing processes are automatically cleaned up. If you change the configuration of a service via the files in this repository, you have to restart the container to apply them.

You can comment out services from the docker-compose.yml to disable them.

Almost each service has an own administration web gui. You can find the url needed to access them in the file apache/vhost.conf.

Remarks for Mac Users

Our last test-run on mac with docker-for-mac installed had issues with mysql and sslproxy. The mysql-container was continuously restarting while the sslproxy-container exited with error 128. If you're on a mac and interested in getting this to work on your machine, drop us a note. Currently we don't have active ingrid users on mac machines so we didn't further investigate.

Set Passwords

Database

Change property POSTGRES_DB_PASSWORD in file .env.

Change property iplug.database.password in files iplug-dsc/conf/config.override.properties and environment variable of ige-ng and keycloak.

Codelist

Change property CODELIST_PASSWORD in file .env.

Change line admin: yourpassword,admin in file codelist-repository/realm.properties.

Change property codelist.password in file portal/mdek.override.properties.

Admin GUI

Each ingrid-component has its own admin-gui. You can login with user 'admin'. Choose a password for the admin-gui. You can keep it for example in the file .env. Create its bcrypt hash with the command:

htpasswd -nbBC 10 admin yourpassword

Take the part behind the colon. Rename $2y to $2a (compatibility with pre-v2.2.0.M2 spring version).

Change property ADMIN_GUI_PASSWORD_HASH in file .env.

Change property ingrid.admin.password in file interface-csw\conf\config.override.properties. Change property plugdescription.IPLUG_ADMIN_PASSWORD in files

Http Auth

The admin-guis of phpmyadmin, ibus and ige are secured with http-auth. For the ibus and ige admin-gui this is redundant security. Choose a username and password. You can keep them for example in the file .env. Create the apr-hash of the password with the command:

openssl passwd -apr1 yourpassword

and replace the content of file apache/passwdfile.ingrid with the line yourusername:yourpasswordhash.

Finally

After changing your passwords, run:

# update containers with changed docker compose arguments (.env has changed)
sudo docker compose up -d
# update containers with changed settings files
sudo docker compose restart