WIP: Qiita container in compose

.gitignore

@@ -1,2 +1,3 @@
-environments/db.env
-environments/keycloak.env
+environments/*.env
+qiita_logs/*log
+qiita_logs/*.pid

Images/nginx/Dockerfile

@@ -0,0 +1,83 @@
+FROM ubuntu:22.04
+
+ARG MINIFORGE_VERSION=24.1.2-0
+ARG MODZIP_VERSION=1.3.0
+ARG NGINX_VERSION=1.26.0
+
+ENV CONDA_DIR=/opt/conda
+ENV PATH=${CONDA_DIR}/bin:${PATH}
+
+RUN apt-get -y update
+RUN apt-get -y install \
+	git \
+	wget \
+	libpcre2-dev \
+	libxslt-dev \
+	libgd-dev \
+	libssl-dev
+RUN apt-get -y install build-essential
+# install miniforge3 for "conda"
+# see https://github.com/conda-forge/miniforge-images/blob/master/ubuntu/Dockerfile
+RUN wget https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-${MINIFORGE_VERSION}-Linux-x86_64.sh -O /tmp/miniforge3.sh && \
+	/bin/bash /tmp/miniforge3.sh -b -p ${CONDA_DIR} && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> /etc/skel/.bashrc && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> ~/.bashrc \
+	conda init
+RUN conda create --quiet --yes -n nginx 
+
+SHELL ["conda", "run", "-n", "nginx", "/bin/bash", "-c"]
+
+RUN wget https://github.com/evanmiller/mod_zip/archive/refs/tags/${MODZIP_VERSION}.tar.gz -O /usr/local/src/mod_zip-${MODZIP_VERSION}.tar.gz
+RUN cd /usr/local/src/ && tar xzvf mod_zip-${MODZIP_VERSION}.tar.gz
+RUN wget https://github.com/nginx/nginx/archive/refs/tags/release-${NGINX_VERSION}.tar.gz -O /usr/local/src/nginx-${NGINX_VERSION}.tar.gz
+RUN cd /usr/local/src/ && tar xzvf nginx-${NGINX_VERSION}.tar.gz
+# fix include for the iconv header
+RUN sed "s|^#include <iconv.h>|#include \"/usr/include/iconv.h\"|" -i /usr/local/src/mod_zip-${MODZIP_VERSION}/ngx_http_zip_file.c
+# ensure runtime library paths are correct and openssl headers can be found at compile time
+RUN cd /usr/local/src/nginx-release-${NGINX_VERSION} && ./auto/configure \
+	--http-log-path=var/log/nginx/access.log \
+	--error-log-path=var/log/nginx/error.log \
+	--pid-path=var/run/nginx/nginx.pid \
+	--lock-path=var/run/nginx/nginx.lock \
+	--http-client-body-temp-path=var/tmp/nginx/client \
+	--http-proxy-temp-path=var/tmp/nginx/proxy \
+	--http-fastcgi-temp-path=var/tmp/nginx/fastcgi \
+	--http-scgi-temp-path=var/tmp/nginx/scgi \
+	--http-uwsgi-temp-path=var/tmp/nginx/uwsgi \
+	--sbin-path=sbin/nginx \
+	--conf-path=etc/nginx/nginx.conf \
+	--modules-path=lib/nginx/modules \
+	--with-threads \
+	--with-http_ssl_module \
+	--with-http_v2_module \
+	--with-http_realip_module \
+	--with-http_addition_module \
+	--with-http_sub_module \
+	--with-http_gunzip_module \
+	--with-http_gzip_static_module \
+	--with-http_auth_request_module \
+	--with-http_secure_link_module \
+	--with-http_stub_status_module \
+	--with-http_xslt_module=dynamic \
+	--with-stream=dynamic \
+	--with-http_image_filter_module=dynamic \
+	--with-pcre \
+	--with-pcre-jit \
+	--with-cc-opt=" -I $CONDA_DIR/envs/qiita/include/openssl " \
+	--with-ld-opt="" \
+	--prefix=/usr/local \
+	--add-module=/usr/local/src/mod_zip-${MODZIP_VERSION} \
+	--with-ld-opt=" -Wl,-rpath,$CONDA_DIR/envs/qiita/lib "
+RUN cd /usr/local/src/nginx-release-${NGINX_VERSION} && make
+RUN cd /usr/local/src/nginx-release-${NGINX_VERSION} && make install
+
+COPY nginx_qiita.conf .
+COPY start_nginx.sh .
+
+RUN chmod 777 nginx_qiita.conf
+RUN chmod 777 start_nginx.sh
+
+RUN mkdir /var/log/nginx
+
+#ENTRYPOINT ["/bin/bash",  "-l", "-c" ]
+ENTRYPOINT ["conda", "run", "-n", "nginx", "./start_nginx.sh"]

Images/nginx/nginx_qiita.conf

@@ -0,0 +1,95 @@
+user nobody nogroup; 
+daemon off;
+# error_log /var/log/nginx/error_log warn;
+error_log /qiita_logs/nginx_error_log warn;
+
+events {
+        worker_connections 1024;
+}
+
+http {
+    client_max_body_size 7M;  # increase maximum body size from default 1M to match https://github.com/qiita-spots/qiita/blob/ac62aba5333f537c32e213855edc39c273aa9871/qiita_pet/static/vendor/js/resumable-uploader.js#L51 (which is 3M). Note that resumable-uploader.js's last chunk can be max. twice as large as chunk size, see: https://github.com/23/resumable.js/issues/51 
+
+    # ports to redirect for mainqiita
+    upstream mainqiita {
+        server qiita:21174;
+        server qiita_worker:21175;
+        server qiita_worker:21176;
+        server qiita_worker:21177;
+    }
+
+    # define variables for the actions that shall be taken for websocket handshake
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    # listening to 8080 and redirecting to https
+    #server {
+    #       listen         8383;
+    #       server_name    localhost;
+    #       return         301 https://$server_name$request_uri;
+    #}
+
+    server {
+        listen       8383   ssl;
+        server_name _;
+        merge_slashes off;
+
+        access_log /qiita_logs/nginx_access_log;
+
+        ssl_certificate	/qiita/qiita_core/support_files/ci_server.crt;
+        ssl_certificate_key /qiita/qiita_core/support_files/ci_server.key;
+
+        ssl_session_timeout  5m;
+
+        # no catche
+        expires off;
+
+        port_in_redirect off;
+
+        # download configuration, based on:
+        # https://groups.google.com/forum/#!topic/python-tornado/sgadmx8Hd_s
+
+        # protected location for working diretory
+        location /protected-working_dir/ {
+          internal;
+
+          # CHANGE ME: This should match the WORKING_DIR in your qiita
+          # config. E.g.,
+          alias /qiita/qiita_db/support_files/test_data/working_dir/;
+        }
+
+        # protected location
+        location /protected/ {
+            internal;
+
+            # CHANGE ME: This should match the BASE_DATA_DIR in your qiita
+            # config. E.g.,
+            alias /qiita/qiita_db/support_files/test_data/;
+        }
+
+        # enables communiction through websockets.
+        # Currently, only endpoints /consumer/, /analysis/selected/socket/, and /study/list/socket/ use websockets
+        # not needed for our local docker setup
+        # location ~ ^/(consumer|analysis/selected/socket|study/list/socket)/ {
+        #    proxy_pass $scheme://mainqiita;
+        #    proxy_set_header Host $http_host;
+        #    proxy_redirect http:// https://;
+        #    proxy_http_version 1.1;
+        #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #    proxy_set_header Upgrade $http_upgrade;
+        #    proxy_set_header Connection $connection_upgrade;
+        #    proxy_set_header X-Forwarded-Host $http_host;
+        # }
+
+        location / {
+            proxy_pass $scheme://mainqiita;
+            proxy_redirect     off;
+            proxy_set_header   Host             $host;
+            proxy_set_header   X-Real-IP        $remote_addr;
+            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+            proxy_set_header   Accept-Encoding  identity;
+        }
+    }
+}

Images/nginx/start_nginx.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+mkdir -p /opt/conda/envs/nginx/var/run/nginx/ /usr/local/var/tmp/nginx/
+
+nginx -c /nginx_qiita.conf 

Images/qiita/Dockerfile

@@ -0,0 +1,79 @@
+FROM ubuntu:24.04
+
+ARG MINIFORGE_VERSION=24.1.2-0
+ARG MODZIP_VERSION=1.3.0
+ARG NGINX_VERSION=1.26.0
+
+ENV CONDA_DIR=/opt/conda
+ENV PATH=${CONDA_DIR}/bin:${PATH}
+
+RUN apt-get -y update
+# install following packages for nginx compilation: libpcre2-dev, libxslt-dev and libgd-dev
+RUN apt-get -y --fix-missing install \
+	git \
+	wget \
+	libpq-dev \
+	python3-dev \
+	gcc \
+	libpcre2-dev \
+	libxslt-dev \
+	libgd-dev \
+	postgresql-client
+RUN apt-get -y install build-essential
+# install miniforge3 for "conda"
+# see https://github.com/conda-forge/miniforge-images/blob/master/ubuntu/Dockerfile
+RUN wget https://github.com/conda-forge/miniforge/releases/download/${MINIFORGE_VERSION}/Miniforge3-${MINIFORGE_VERSION}-Linux-x86_64.sh -O /tmp/miniforge3.sh && \
+	/bin/bash /tmp/miniforge3.sh -b -p ${CONDA_DIR} && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> /etc/skel/.bashrc && \
+	echo ". ${CONDA_DIR}/etc/profile.d/conda.sh && conda activate base" >> ~/.bashrc \
+	conda init
+
+# create conda env for qiita with all necessary dependencies (conda and pip)
+RUN conda create --quiet --yes -n qiita python=3.9 pip libgfortran numpy cython anaconda::redis
+# TODO: Redis container
+# Make RUN commands use the new environment:
+# append --format docker to the build command, see https://github.com/containers/podman/issues/8477
+SHELL ["conda", "run", "-n", "qiita", "/bin/bash", "-c"]
+
+RUN pip install -U pip
+RUN pip install \
+	sphinx \
+	sphinx-bootstrap-theme \
+	nose-timer \
+	Click \
+	coverage \
+	psycopg2-binary
+
+
+# Clone the Qiita Repo
+# RUN git clone -b master https://github.com/qiita-spots/qiita.git
+RUN git clone -b auth_oidc https://github.com/jlab/qiita.git
+
+# We need to install necessary dependencies
+# as well as some extra dependencies for psycopg2 to work
+RUN git clone https://github.com/psycopg/psycopg2.git
+RUN export PATH=/usr/lib/postgresql/14.11/bin/:$PATH
+RUN pip install -e psycopg2/.
+
+# Install pip packaages for Qiita
+RUN pip install -e qiita --no-binary redbiom
+
+
+# Copy modified config file to the container
+ COPY config_qiita_oidc.cfg /qiita/
+ RUN chmod 755 /qiita/config_qiita_oidc.cfg
+
+# Copy Bash Script to run Qiita to the container
+ COPY start_qiita.sh .
+ RUN chmod 755 start_qiita.sh
+
+ COPY start_qiita_worker.sh .
+ RUN chmod 755 start_qiita_worker.sh
+
+COPY supervisor_foreground.conf .
+RUN chmod 755 supervisor_foreground.conf
+
+# I will leave this ENTRYPOINT here as a comment in case debugging
+# is necessary
+# SHELL ["/bin/bash"]
+ENTRYPOINT ["conda", "run", "-n", "qiita"]