From 38d86ba309bb329452ddf07ef7e4a5abd13d1d78 Mon Sep 17 00:00:00 2001 From: vemonet Date: Wed, 25 Jul 2018 19:09:10 +0200 Subject: [PATCH 1/6] Convert from swagger 2.0 to openapi 3.0 Update the Smart API config --- prefixcommons-swagger-api-definition.yaml | 560 +++++++++++++--------- 1 file changed, 331 insertions(+), 229 deletions(-) diff --git a/prefixcommons-swagger-api-definition.yaml b/prefixcommons-swagger-api-definition.yaml index feb4986..3369fa3 100644 --- a/prefixcommons-swagger-api-definition.yaml +++ b/prefixcommons-swagger-api-definition.yaml @@ -1,25 +1,17 @@ -swagger: '2.0' +openapi: 3.0.0 info: title: PrefixCommons API description: Prefixcommons API - version: "0.1.0" - contact: + version: 0.1.0 + contact: name: Michel Dumontier - url: http://dumontierlab.stanford.edu + url: 'http://dumontierlab.stanford.edu' email: michel.dumontier@stanford.edu license: name: Creative Commons By Attribution 4.0 - url: https://creativecommons.org/licenses/by/4.0 - -host: api.prefixcommons.org -schemes: - - http - - https -basePath: /v1 -produces: - - application/json + url: 'https://creativecommons.org/licenses/by/4.0' paths: - /resources: + "/resources": get: summary: Resources description: | @@ -28,247 +20,357 @@ paths: tags: - Resources responses: - 200: + '200': description: An array of resources - schema: - type: array - items: - $ref: '#/definitions/Resource' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Resource' default: description: Unexpected error - schema: - $ref: '#/definitions/Error' - /resource: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/resource/byPrefix/{prefix}": get: - summary: Resource + summary: Resource by prefix description: | - Return resources based on ID + Get one or more resources that match a prefix parameters: - - name: id - in: query + - name: prefix + in: path description: Resource identifier required: true - type: array - items: - type: string - collectionFormat: csv + style: simple + schema: + type: array + items: + type: string tags: - Resources responses: - 200: - description: An array of price estimates by product - schema: - type: object - items: - $ref: '#/definitions/Resource' + '200': + description: A resource matching the given prefix + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Resource' default: description: Unexpected error - schema: - $ref: '#/definitions/Error' - - /resource/prefix: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/resource/byOrganization/{organization}": get: - summary: Resource - description: Get one or more resources that match a prefix - responses: - 200: - description: An array of resources + summary: Resource by organization + description: | + Get one or more resources that match a prefix + parameters: + - name: organization + in: path + description: Resource identifier + required: true + style: simple schema: type: array items: - $ref: '#/definitions/Resource' + type: string + tags: + - Resources + responses: + '200': + description: A resource matching the given prefix + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Resource' default: description: Unexpected error - schema: - $ref: '#/definitions/Error' - - /organizations: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/organizations": get: - summary: Get a list of all organizations that provide a resource + summary: Get a list of all organizations that provide a resource tags: - - Providers + - Providers responses: - 200: + '200': description: A list of the organizations + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Organization' + default: + description: Unexpected error + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/getPreferredCURIE/{curie}": + get: + summary: Generate the preferred CURIE + description: Generate the preferred CURIE from a CURIE -> prefix:local_identifier + parameters: + - name: curie + in: path + description: Resource identifier + required: true + style: simple schema: - type: array - items: - $ref: '#/definitions/Organization' + type: string + tags: + - Providers + responses: + '200': + description: A CURIE like prefix:local_identifier + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Organization' default: description: Unexpected error + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/getPreferredURI/{uri}": + get: + summary: Generate the preferred URI + description: Generate the preferred URI from a URI + parameters: + - name: uri + in: path + description: Resource identifier + required: true + style: simple schema: - $ref: '#/definitions/Error' - -definitions: - Organization: - type: object - properties: - id: - type: string - description: A unique identifier for the organization - name: - type: string - description: A preferred name of the organization - website: - type: string - description: The website for the organization - - Resource: - type: object - properties: - id: - type: string - description: Unique identifier representing a specific resource. - title: - type: string - description: The title of the resource. - description: - type: string - description: Description of resource. - abbreviation: - type: string - description: Common abbreviation for the resource. - responsibleOrganization: - # organization that is responsible for the resource. - $ref: '#/definitions/Organization' - license: - type: string - description: An online document that specifies licensing information for the resource. - documentation: - type: string - description: An online document that provides documentation for the resource. - publications: - type: array - description: Publications that describe the resource. - items: - $ref: '#/definitions/Publication' - - curie_example: - type: string - description: An example CURIE for the resource where the resource prefix is separated from the local identifier using a colon character ':' - - local_identifier_regex: - type: string - description: A regular expression for the local part of a CURIE - - local_identifier_example: - type: string - description: An examplar local identifier that matches the regex - - prefix_example: - type: string - description: An example prefix + type: string + tags: + - Providers + responses: + '200': + description: An URI + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Organization' + default: + description: Unexpected error + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + "/getPreferredURIfromProvider/{provider}/{uri}": + get: + summary: Generate the preferred URI from a specific provider + description: Generate the preferred URI from a specific provider + parameters: + - name: provider + in: path + description: Resource identifier + required: true + style: simple + schema: + type: string + - name: uri + in: path + description: Resource identifier + required: true + style: simple + schema: + type: string + tags: + - Providers + responses: + '200': + description: An URI + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Organization' + default: + description: Unexpected error + content: + application/json: + schema: + $ref: '#/components/schemas/Error' - keywords: - type: array - items: - $ref: '#/definitions/Keyword' - - alternative_identifier: - type: array - items: +servers: + - url: 'https://api.prefixcommons.org/v1' +components: + schemas: + Organization: + type: object + properties: + id: type: string - - prefixes: - type: array - items: - $ref: '#/definitions/Prefix' - - URI_Pattern: - type: array - description: A list of URI patterns for the resource - items: - $ref: '#/definitions/URIPattern' - - URL_Resolver: - type: array - description: A list of content-type resolvers for a particular resource item - items: - $ref: '#/definitions/Resolver' - - URIPattern: - type: object - properties: - uripattern: - type: string - description: The URI pattern. - source: - # description: The organization responsible for the pattern - $ref: '#/definitions/Organization' - role: - type: string - description: The role of the source in relation to the URI pattern - Resolver: - type: object - properties: - name: - type: string - description: The name of the resolver for the resource - url: - type: string - description: A URL for the resolver - url_pattern: - type: string - description: A pattern to specify a resolving URL for the resource - content_type: - type: string - description: The content type that can be requested from the resolver - enum: - - text/html - - rdf/xml - - text/csv - - text/tab-separated-values - - application/json - - application/json+ld - - text/plain - - text/turtle - default: text/html - - - - - Prefix: - type: object - properties: - label: - type: string - description: The prefix value - source: - type: object - description: The source of the prefix - source_role: - type: string - description: The role of the source in providing this prefix - enum: - - authority - - resolver - - referrer - default: referrer - used_by: - type: array - description: A list of the organizations for which this is a primary prefix - items: - $ref: '#/definitions/Organization' - - Keyword: - type: object - properties: - label: - type: string - description: The keyword - uri: - type: string - description: A concept definition for the keyword - - Publication: - type: object - Error: - type: object - properties: - code: - type: integer - format: int32 - message: - type: string - fields: - type: string + description: A unique identifier for the organization + name: + type: string + description: A preferred name of the organization + website: + type: string + description: The website for the organization + Resource: + type: object + properties: + id: + type: string + description: Unique identifier representing a specific resource. + title: + type: string + description: The title of the resource. + description: + type: string + description: Description of resource. + abbreviation: + type: string + description: Common abbreviation for the resource. + responsibleOrganization: + $ref: '#/components/schemas/Organization' + license: + type: string + description: >- + An online document that specifies licensing information for the + resource. + documentation: + type: string + description: An online document that provides documentation for the resource. + publications: + type: array + description: Publications that describe the resource. + items: + $ref: '#/components/schemas/Publication' + curie_example: + type: string + description: >- + An example CURIE for the resource where the resource prefix is + separated from the local identifier using a colon character ':' + local_identifier_regex: + type: string + description: A regular expression for the local part of a CURIE + local_identifier_example: + type: string + description: An examplar local identifier that matches the regex + prefix_example: + type: string + description: An example prefix + keywords: + type: array + items: + $ref: '#/components/schemas/Keyword' + alternative_identifier: + type: array + items: + type: string + prefixes: + type: array + items: + $ref: '#/components/schemas/Prefix' + URI_Pattern: + type: array + description: A list of URI patterns for the resource + items: + $ref: '#/components/schemas/URIPattern' + URL_Resolver: + type: array + description: A list of content-type resolvers for a particular resource item + items: + $ref: '#/components/schemas/Resolver' + URIPattern: + type: object + properties: + uripattern: + type: string + description: The URI pattern. + source: + $ref: '#/components/schemas/Organization' + role: + type: string + description: The role of the source in relation to the URI pattern + Resolver: + type: object + properties: + name: + type: string + description: The name of the resolver for the resource + url: + type: string + description: A URL for the resolver + url_pattern: + type: string + description: A pattern to specify a resolving URL for the resource + content_type: + type: string + description: The content type that can be requested from the resolver + enum: + - text/html + - rdf/xml + - text/csv + - text/tab-separated-values + - application/json + - application/json+ld + - text/plain + - text/turtle + default: text/html + Prefix: + type: object + properties: + label: + type: string + description: The prefix value + source: + type: object + description: The source of the prefix + source_role: + type: string + description: The role of the source in providing this prefix + enum: + - authority + - resolver + - referrer + default: referrer + used_by: + type: array + description: A list of the organizations for which this is a primary prefix + items: + $ref: '#/components/schemas/Organization' + Keyword: + type: object + properties: + label: + type: string + description: The keyword + uri: + type: string + description: A concept definition for the keyword + Publication: + type: object + Error: + type: object + properties: + code: + type: integer + format: int32 + message: + type: string + fields: + type: string \ No newline at end of file From bb3465e437f63c3f55c4dd84eb9f04f193255318 Mon Sep 17 00:00:00 2001 From: vemonet Date: Wed, 25 Jul 2018 19:14:40 +0200 Subject: [PATCH 2/6] a few changes to descriptions --- prefixcommons-swagger-api-definition.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefixcommons-swagger-api-definition.yaml b/prefixcommons-swagger-api-definition.yaml index 3369fa3..3319dd1 100644 --- a/prefixcommons-swagger-api-definition.yaml +++ b/prefixcommons-swagger-api-definition.yaml @@ -134,7 +134,7 @@ paths: - Providers responses: '200': - description: A CURIE like prefix:local_identifier + description: The preferred CURIE content: application/json: schema: @@ -163,7 +163,7 @@ paths: - Providers responses: '200': - description: An URI + description: The preferred URI content: application/json: schema: @@ -199,7 +199,7 @@ paths: - Providers responses: '200': - description: An URI + description: The preferred URI content: application/json: schema: From 3ba5fce0ca73d14e9303e4f34e565a366086772b Mon Sep 17 00:00:00 2001 From: Vincent Emonet Date: Tue, 19 May 2020 09:25:10 +0200 Subject: [PATCH 3/6] add Dockerfile, CORS and use elastic URL for docker --- Dockerfile | 23 +++++++++++++++++++++++ slim-server/SwaggerServer/.htaccess | 1 + slim-server/SwaggerServer/index.php | 2 +- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c6a985e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +FROM php:7-apache + +MAINTAINER Alexander Malic +MAINTAINER Vincent Emonet +MAINTAINER Michel Dumontier + +ARG APP_ENV=prod + +WORKDIR /tmp + +RUN apt-get update && apt-get install -y zip && \ + a2enmod rewrite && \ + a2enmod headers && \ + echo "Header set Access-Control-Allow-Origin \"*\"" >> /etc/apache2/sites-available/000-default.conf && \ + php -r "readfile('http://getcomposer.org/installer');" | php -- --install-dir=/usr/bin/ --filename=composer + + +WORKDIR /var/www/html + +COPY ./slim-server/SwaggerServer/ . + +RUN composer install + diff --git a/slim-server/SwaggerServer/.htaccess b/slim-server/SwaggerServer/.htaccess index b743c31..14f824e 100644 --- a/slim-server/SwaggerServer/.htaccess +++ b/slim-server/SwaggerServer/.htaccess @@ -2,4 +2,5 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /index.php?_url=/$1 [QSA,L] + Header set Access-Control-Allow-Origin "*" diff --git a/slim-server/SwaggerServer/index.php b/slim-server/SwaggerServer/index.php index 5c52c28..4f7fe51 100644 --- a/slim-server/SwaggerServer/index.php +++ b/slim-server/SwaggerServer/index.php @@ -32,7 +32,7 @@ $logger = Elasticsearch\ClientBuilder::defaultLogger($logfile); $client = Elasticsearch\ClientBuilder::create() ->setLogger($logger) - ->setHosts( ['localhost:9200'] ) + ->setHosts( ['elastic:9200'] ) ->build(); $params = [ 'index' => 'prefixcommons', From fa73ccefedc5b1193f2faaed42f47a1f33b18ebc Mon Sep 17 00:00:00 2001 From: Vincent Emonet Date: Thu, 28 May 2020 09:35:07 +0200 Subject: [PATCH 4/6] add start.sh script and docker-compose folder --- README.md | 16 +++ docker-compose/docker-compose.yml | 33 +++++++ .../prefixcommons-elasticsearch/Dockerfile | 8 ++ .../config/elasticsearch.yml | 98 +++++++++++++++++++ docker-compose/prefixcommons-httpd/Dockerfile | 16 +++ start.sh | 58 +++++++++++ 6 files changed, 229 insertions(+) create mode 100644 docker-compose/docker-compose.yml create mode 100644 docker-compose/prefixcommons-elasticsearch/Dockerfile create mode 100644 docker-compose/prefixcommons-elasticsearch/config/elasticsearch.yml create mode 100644 docker-compose/prefixcommons-httpd/Dockerfile create mode 100755 start.sh diff --git a/README.md b/README.md index 4336a2b..9ff3b72 100644 --- a/README.md +++ b/README.md @@ -11,3 +11,19 @@ Code stub was generated with [Swagger CodeGen](https://github.com/swagger-api/sw Modified the composer.json to include MonoLog and ElasticSearch libraries Code currently in index.php file + +## Deploy prefixcommons API + +Use the start.sh scripts to deploy on node2 (will use `/data/prefixcommons` as working folder): + +```bash +./start.sh +``` + +> It will create the required folders, start docker containers and init database + +## Docker compose + +Docker compose is not finished + +The goal is to avoid needing to perform bash operations by preparing the httpd and elasticsearch images \ No newline at end of file diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml new file mode 100644 index 0000000..a3367ca --- /dev/null +++ b/docker-compose/docker-compose.yml @@ -0,0 +1,33 @@ +version: "2" + +networks: + net1: {} + +services: + nginx-proxy: + image: jwilder/nginx-proxy:test + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - net1 + + es: + build: ./prefixcommons-elasticsearch + expose: + - "9200" + - "9300" + environment: + WEB_PORTS: 9200 + VIRTUAL_HOST: www.prefixcommonsx.org + networks: + - net1 + + webapp: + build: ./prefixcommons-httpd + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: www.prefixcommonsx.org + networks: + - net1 diff --git a/docker-compose/prefixcommons-elasticsearch/Dockerfile b/docker-compose/prefixcommons-elasticsearch/Dockerfile new file mode 100644 index 0000000..b1da0f8 --- /dev/null +++ b/docker-compose/prefixcommons-elasticsearch/Dockerfile @@ -0,0 +1,8 @@ +FROM elasticsearch:latest + +ADD ./config/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml + +CMD ["elasticsearch"] + +EXPOSE 80 +EXPOSE 9300 diff --git a/docker-compose/prefixcommons-elasticsearch/config/elasticsearch.yml b/docker-compose/prefixcommons-elasticsearch/config/elasticsearch.yml new file mode 100644 index 0000000..c816c2b --- /dev/null +++ b/docker-compose/prefixcommons-elasticsearch/config/elasticsearch.yml @@ -0,0 +1,98 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please see the documentation for further information on configuration options: +# +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +cluster.name: "elasticsearch-cors" +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: "node-1" +# +# Add custom attributes to the node: +# +# node.rack: r1 +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +# path.data: /path/to/data +# +# Path to log files: +# +# path.logs: /path/to/logs +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +# bootstrap.mlockall: true +# +# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory +# available on the system and that the owner of the process is allowed to use this limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +# network.host: 192.168.0.1 +network.host: 0.0.0.0 +# +# Set a custom port for HTTP: +# +http.port: 80 +# +# For more information, see the documentation at: +# +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when new node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +# discovery.zen.ping.unicast.hosts: ["host1", "host2"] +# +# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): +# +# discovery.zen.minimum_master_nodes: 3 +# +# For more information, see the documentation at: +# +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +# gateway.recover_after_nodes: 3 +# +# For more information, see the documentation at: +# +# +# ---------------------------------- Various ----------------------------------- +# +# Disable starting multiple nodes on a single system: +# +# node.max_local_storage_nodes: 1 +# +# Require explicit names when deleting indices: +# +# action.destructive_requires_name: true + +http.cors.enabled: true +http.cors.allow-origin: "*" diff --git a/docker-compose/prefixcommons-httpd/Dockerfile b/docker-compose/prefixcommons-httpd/Dockerfile new file mode 100644 index 0000000..5e8349c --- /dev/null +++ b/docker-compose/prefixcommons-httpd/Dockerfile @@ -0,0 +1,16 @@ +FROM httpd + +MAINTAINER Alexander Malic + +RUN apt-get update \ + && apt-get install -y git netcat curl \ + && cd /opt \ + && git clone https://github.com/amalic/webapp-es-ang.git \ + && cp -r ./webapp-es-ang/html/* /usr/local/apache2/htdocs/ \ + && git clone https://github.com/prefixcommons/data-ingest.git \ + && cd ./webapp-es-ang/es \ + && mv ../../data-ingest/json/lsregistry.json . \ + && while ! echo exit | netcat es 9200; do sleep 1; done \ + && curl -XDELETE http://es:9200/prefixcommons > /dev/null \ + && curl -XPUT http://es:9200/prefixcommons -d @mappings.json > /dev/null \ + && curl -XPUT http://es:9200/_bulk?pretty --data-binary @lsregistry.json > /dev/null diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..6eef86c --- /dev/null +++ b/start.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +docker stop api +docker stop elastic +docker rm elastic +docker rm api +docker stop httpd +docker rm httpd + +mkdir -p /data/prefixcommons +cd /data/prefixcommons +git clone https://github.com/amalic/webapp-es-ang.git +git clone https://github.com/prefixcommons/data-ingest.git + +docker run --detach \ + --name elastic \ + --env VIRTUAL_HOST=elastic.prefixcommons.org \ + --env VIRTUAL_PORT=9200 \ + --env LETSENCRYPT_HOST=elastic.prefixcommons.org \ + --env LETSENCRYPT_VIRTUAL_PORT=9200 \ + --env LETSENCRYPT_EMAIL=alexander.malic@maastrichtuniversity.nl \ + --publish 9200:9200 \ + --volume /data/prefixcommons/elastic:/usr/share/elasticsearch/data \ + --restart unless-stopped \ + aqlx86/elasticsearch-cors + +docker run --detach \ + --name httpd \ + --env VIRTUAL_HOST=prefixcommons.org \ + --env LETSENCRYPT_HOST=prefixcommons.org \ + --env LETSENCRYPT_EMAIL=alexander.malic@maastrichtuniversity.nl \ + --volume /data/prefixcommons/webapp-es-ang/html:/usr/local/apache2/htdocs/ \ + --restart unless-stopped \ + httpd + +docker run --detach \ + --name api \ + --env VIRTUAL_HOST=api.prefixcommons.org \ + --env VIRTUAL_HOST=api.prefixcommons.org \ + --env LETSENCRYPT_HOST=api.prefixcommons.org \ + --env LETSENCRYPT_EMAIL=alexander.malic@maastrichtuniversity.nl \ + --restart unless-stopped \ + --link elastic:elastic \ + umids/prefixcommons-api + +cd ./webapp-es-ang/es +cp ../../data-ingest/json/lsregistry.json . + +while ! echo exit | nc localhost 9200; do sleep 1; done + +curl -s -XDELETE http://localhost:9200/prefixcommons > /dev/null +curl -s -XPUT http://localhost:9200/prefixcommons -d @mappings.json > /dev/null +curl -s -XPUT http://localhost:9200/_bulk?pretty --data-binary @lsregistry.json > /dev/null + + +docker kill prefixcommons_apidocs_redirect + +docker run -d --rm --name=prefixcommons_apidocs_redirect -e SERVER_REDIRECT=smart-api.info/ui/886728821048533f67fe6df7adf5a526#/ -e VIRTUAL_HOST=apidocs.prefixcommons.org schmunk42/nginx-redirect \ No newline at end of file From 04cc3bba9d86fc4fdc85e95aa9d81bec47946deb Mon Sep 17 00:00:00 2001 From: Vincent Emonet Date: Mon, 13 Dec 2021 16:10:54 +0100 Subject: [PATCH 5/6] Patch dumb java log4j vulnerability (Java developers are the most incompetent people on earth and should be forced to resign from programming, not being able to handle a print string is a disgrace) --- Dockerfile | 6 +++--- start.sh | 1 + stop.sh | 8 ++++++++ 3 files changed, 12 insertions(+), 3 deletions(-) create mode 100755 stop.sh diff --git a/Dockerfile b/Dockerfile index c6a985e..76ac643 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ FROM php:7-apache -MAINTAINER Alexander Malic -MAINTAINER Vincent Emonet -MAINTAINER Michel Dumontier +# MAINTAINER Alexander Malic +# MAINTAINER Vincent Emonet +# MAINTAINER Michel Dumontier ARG APP_ENV=prod diff --git a/start.sh b/start.sh index 6eef86c..2e1274e 100755 --- a/start.sh +++ b/start.sh @@ -14,6 +14,7 @@ git clone https://github.com/prefixcommons/data-ingest.git docker run --detach \ --name elastic \ + --env LOG4J_FORMAT_MSG_NO_LOOKUPS=true \ --env VIRTUAL_HOST=elastic.prefixcommons.org \ --env VIRTUAL_PORT=9200 \ --env LETSENCRYPT_HOST=elastic.prefixcommons.org \ diff --git a/stop.sh b/stop.sh new file mode 100755 index 0000000..69c87ff --- /dev/null +++ b/stop.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +docker stop api +docker stop elastic +docker rm elastic +docker rm api +docker stop httpd +docker rm httpd From 4012371c964ccad068d5a2bffdb58ce84599ae89 Mon Sep 17 00:00:00 2001 From: Vincent Emonet Date: Tue, 14 Dec 2021 12:32:25 +0100 Subject: [PATCH 6/6] Upgraded ElasticSearch to patch a dumb java log4j vulnerability (the incompetency and irresponsability of Java and Oracle developers is without limit, not being able to handle a print string without create an RCE for years is a disgrace, please stop programming, it will be better for everyone) --- nginx.conf | 38 ++++++++++++++++++++++++++++++++++++++ start.sh | 6 +++++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 nginx.conf diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..b4559ae --- /dev/null +++ b/nginx.conf @@ -0,0 +1,38 @@ +events { + worker_connections 1024; +} + + +http { + server { + listen 8080; + server_name elastic.prefixcommons.org; + + rewrite ^/(.*) /$1 break; + proxy_ignore_client_abort on; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + + proxy_set_header Access-Control-Allow-Origin "*"; + + location ~ ^(/|/_aliases|.*/_search|.*/_mapping|/_cluster.*|/_status.*|/_nodes)$ { + limit_except GET POST OPTIONS { + deny all; + } + proxy_pass http://elasticsearch:9200; + proxy_pass_request_headers on; + } + + location / { + # Auth: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ + limit_except GET { + deny all; + } + auth_basic "Administrator’s Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://elasticsearch:9200; + proxy_pass_request_headers on; + } + } +} diff --git a/start.sh b/start.sh index 2e1274e..1d40ff5 100755 --- a/start.sh +++ b/start.sh @@ -20,10 +20,14 @@ docker run --detach \ --env LETSENCRYPT_HOST=elastic.prefixcommons.org \ --env LETSENCRYPT_VIRTUAL_PORT=9200 \ --env LETSENCRYPT_EMAIL=alexander.malic@maastrichtuniversity.nl \ + --env discovery.type=single-node \ + --env http.cors.enabled=true \ + --env http.cors.allow-origin="*" \ --publish 9200:9200 \ --volume /data/prefixcommons/elastic:/usr/share/elasticsearch/data \ --restart unless-stopped \ - aqlx86/elasticsearch-cors + docker.elastic.co/elasticsearch/elasticsearch:6.8.21 + # aqlx86/elasticsearch-cors docker run --detach \ --name httpd \