Diagrams bundle
This commit is contained in:
parent
2639cb52ac
commit
31ed3a5086
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
dependencies:
|
||||
- url: ../common.git
|
|
@ -0,0 +1,3 @@
|
|||
Kind = "service-defaults"
|
||||
Name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||
Protocol = "http"
|
|
@ -0,0 +1,15 @@
|
|||
Kind = "service-intentions"
|
||||
Name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ .traefik.instance ]]"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
||||
HTTP {
|
||||
PathPrefix = "/"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
|
@ -0,0 +1,89 @@
|
|||
[[ $c := merge .diagrams . -]]
|
||||
job [[ .diagrams.instance | toJSON ]] {
|
||||
|
||||
[[ template "common/job_start.tpl" $c ]]
|
||||
|
||||
group "diagrams" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
}
|
||||
|
||||
service {
|
||||
name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||
port = 8282
|
||||
|
||||
[[ template "common/connect.tpl" $c ]]
|
||||
|
||||
check {
|
||||
type = "http"
|
||||
path = "/health"
|
||||
expose = true
|
||||
interval = "1m"
|
||||
timeout = "8s"
|
||||
|
||||
check_restart {
|
||||
limit = 4
|
||||
grace = "1m"
|
||||
}
|
||||
}
|
||||
|
||||
tags = [
|
||||
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]",
|
||||
|
||||
# Define a middleware to set custom CSP headers
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .diagrams.instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
||||
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||
# Diagrams exposed by traefik on a subpath. Define a middleware to strip the prefix before passing the request to the backend
|
||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .diagrams.instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse .diagrams.public_url).Path ]]",
|
||||
[[- end ]]
|
||||
|
||||
# Main app router
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].middlewares=[[ .diagrams.instance ]]-prefix[[ $c.consul.suffix ]],[[ .diagrams.instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||
[[- else ]]
|
||||
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].middlewares=[[ .diagrams.instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||
[[- end ]]
|
||||
]
|
||||
}
|
||||
|
||||
task "diagrams" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ $c.image | toJSON ]]
|
||||
pids_limit = 100
|
||||
readonly_rootfs = true
|
||||
volumes = [
|
||||
"local/PreConfig.js:/opt/tomcat/webapps/draw/js/PreConfig.js",
|
||||
"local/PostConfig.js:/opt/tomcat/webapps/draw/js/PostConfig.js"
|
||||
]
|
||||
}
|
||||
|
||||
env {
|
||||
JAVA_OPTS = "-Djava.io.tmpdir=/local"
|
||||
TOMCAT_ADDRESS = "127.0.0.1"
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "diagrams/PreConfig.js.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/PreConfig.js"
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "diagrams/PostConfig.js.tpl" $c ]]
|
||||
_EOT
|
||||
destination = "local/PostConfig.js"
|
||||
}
|
||||
|
||||
[[ template "common/file_env.tpl" $c.env ]]
|
||||
[[ template "common/resources.tpl" $c.resources ]]
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]]
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG TOMCAT_VERSION=9.0.83 \
|
||||
DIAGRAMS_VERSION=22.1.5
|
||||
|
||||
ENV CATALINA_HOME=/opt/tomcat \
|
||||
TOMCAT_PORT=8282 \
|
||||
TOMCAT_ADDRESS=0.0.0.0
|
||||
|
||||
RUN set -euxo pipefail &&\
|
||||
cd /tmp &&\
|
||||
apk --no-cache update &&\
|
||||
apk --no-cache add bash &&\
|
||||
curl -sSLO https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz &&\
|
||||
curl -sSLO https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 &&\
|
||||
sha512sum -c < apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 &&\
|
||||
mkdir -p /opt/tomcat &&\
|
||||
tar xvzf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components 1 --directory ${CATALINA_HOME} &&\
|
||||
find /opt/tomcat -type d -exec chmod 755 "{}" \; &&\
|
||||
find /opt/tomcat -type f -exec chmod 644 "{}" \; &&\
|
||||
chmod +x /opt/tomcat/bin/* &&\
|
||||
rm -f apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 apache-tomcat-${TOMCAT_VERSION}.tar.gz &&\
|
||||
curl -sSLO https://github.com/jgraph/drawio/releases/download/v${DIAGRAMS_VERSION}/draw.war &&\
|
||||
unzip draw.war -d ${CATALINA_HOME}/webapps/draw &&\
|
||||
rm draw.war &&\
|
||||
addgroup --gid 8282 diagrams &&\
|
||||
adduser --system --ingroup diagrams --disabled-password --uid 8282 --home ${CATALINA_HOME} --shell /sbin/nologin diagrams
|
||||
|
||||
COPY root/ /
|
||||
|
||||
WORKDIR ${CATALINA_HOME}
|
||||
EXPOSE ${TOMCAT_PORT}
|
||||
USER diagrams
|
||||
CMD ["/opt/tomcat/bin/catalina.sh", "run"]
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
export CATALINA_OPTS="${JAVA_OPTS} -Dtomcat.port=${TOMCAT_PORT} -Dtomcat.address=${TOMCAT_ADDRESS}"
|
|
@ -0,0 +1,16 @@
|
|||
handlers = java.util.logging.ConsoleHandler
|
||||
|
||||
.handlers = java.util.logging.ConsoleHandler
|
||||
|
||||
java.util.logging.ConsoleHandler.level = FINE
|
||||
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
|
||||
java.util.logging.ConsoleHandler.encoding = UTF-8
|
||||
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler
|
||||
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler
|
||||
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
|
||||
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler
|
|
@ -0,0 +1,20 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<Server port="8082" address="127.0.0.1" shutdown="SHUTDOWN">
|
||||
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
|
||||
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||
|
||||
<Service name="Catalina">
|
||||
<Connector port="${tomcat.port}" address="${tomcat.address}" protocol="HTTP/1.1"
|
||||
connectionTimeout="20000" />
|
||||
<Engine name="Catalina" defaultHost="diagrams">
|
||||
<Host name="diagrams" appBase="webapps"
|
||||
unpackWARs="false" autoDeploy="false">
|
||||
<Context path="" docBase="draw"></Context>
|
||||
<Valve className="org.apache.catalina.valves.HealthCheckValve" />
|
||||
</Host>
|
||||
</Engine>
|
||||
</Service>
|
||||
</Server>
|
|
@ -0,0 +1,5 @@
|
|||
window.VSD_CONVERT_URL = null;
|
||||
window.ICONSEARCH_PATH = null;
|
||||
EditorUi.enableLogging = false; //Disable logging
|
||||
window.EMF_CONVERT_URL = null;
|
||||
App.prototype.isDriveDomain = function() { return true; }
|
|
@ -0,0 +1,22 @@
|
|||
(function() {
|
||||
try {
|
||||
var s = document.createElement('meta');
|
||||
s.setAttribute('content', 'default-src \'self\'; script-src \'self\' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com \'unsafe-inline\'; connect-src \'self\' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; style-src \'self\' \'unsafe-inline\' https://fonts.googleapis.com; frame-src \'self\' https://*.google.com;');
|
||||
s.setAttribute('http-equiv', 'Content-Security-Policy');
|
||||
var t = document.getElementsByTagName('meta')[0];
|
||||
t.parentNode.insertBefore(s, t);
|
||||
} catch (e) {} // ignore
|
||||
})();
|
||||
window.DRAWIO_BASE_URL = 'http://localhost:8080';
|
||||
window.DRAWIO_SERVER_URL = window.DRAWIO_BASE_URL + '/';
|
||||
window.DRAWIO_VIEWER_URL = '';
|
||||
window.DRAWIO_LIGHTBOX_URL = '';
|
||||
window.DRAW_MATH_URL = 'math/es5';
|
||||
window.DRAWIO_CONFIG = null;
|
||||
urlParams['sync'] = 'manual'; //Disable Real-Time
|
||||
urlParams['db'] = '0'; //dropbox
|
||||
urlParams['gh'] = '0'; //github
|
||||
urlParams['tr'] = '0'; //trello
|
||||
urlParams['gapi'] = '0'; //Google Drive
|
||||
urlParams['od'] = '0'; //OneDrive
|
||||
urlParams['gl'] = '0'; //Gitlab
|
|
@ -0,0 +1 @@
|
|||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "diagrams" .diagrams.instance) ]]
|
|
@ -0,0 +1,5 @@
|
|||
window.VSD_CONVERT_URL = null;
|
||||
window.ICONSEARCH_PATH = null;
|
||||
EditorUi.enableLogging = false; //Disable logging
|
||||
window.EMF_CONVERT_URL = null;
|
||||
App.prototype.isDriveDomain = function() { return true; }
|
|
@ -0,0 +1,13 @@
|
|||
window.DRAWIO_BASE_URL = '[[ .diagrams.public_url ]]';
|
||||
window.DRAWIO_SERVER_URL = '[[ .diagrams.public_url | regexp.Replace "/$" "" ]]/';
|
||||
window.DRAWIO_VIEWER_URL = '[[ .diagrams.public_url | regexp.Replace "/$" "" ]]/js/viewer.min.js';
|
||||
window.DRAWIO_LIGHTBOX_URL = '';
|
||||
window.DRAW_MATH_URL = 'math/es5';
|
||||
window.DRAWIO_CONFIG = null;
|
||||
urlParams['sync'] = 'manual'; //Disable Real-Time
|
||||
urlParams['db'] = '0'; //dropbox
|
||||
urlParams['gh'] = '0'; //github
|
||||
urlParams['tr'] = '0'; //trello
|
||||
urlParams['gapi'] = '0'; //Google Drive
|
||||
urlParams['od'] = '0'; //OneDrive
|
||||
urlParams['gl'] = '0'; //Gitlab
|
|
@ -0,0 +1,24 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<Server port="8005" address="127.0.0.1" hutdown="SHUTDOWN">
|
||||
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
|
||||
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||
|
||||
<Service name="Catalina">
|
||||
<Connector port="8080"
|
||||
address="127.0.0.1"
|
||||
protocol="HTTP/1.1"
|
||||
connectionTimeout="20000" />
|
||||
<Engine name="Catalina" defaultHost="diagrams">
|
||||
<Host name="diagrams" appBase="webapps"
|
||||
unpackWARs="true" autoDeploy="true">
|
||||
<Context path="" docBase="draw"></Context>
|
||||
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
||||
prefix="diagrams_access_log." suffix=".txt"
|
||||
pattern="%h %l %u %t "%r" %s %b" />
|
||||
</Host>
|
||||
</Engine>
|
||||
</Service>
|
||||
</Server>
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
|
||||
diagrams:
|
||||
instance: diagrams
|
||||
image: danielberteaud/diagrams:latest
|
||||
env: {}
|
||||
public_url: https://draw.example.org
|
||||
traefik:
|
||||
enabled: true
|
||||
csp:
|
||||
default-src: "'self'"
|
||||
script-src: "'self' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com 'unsafe-inline'"
|
||||
connect-src: "'self' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com"
|
||||
img-src: " * data:"
|
||||
media-src: "* data:"
|
||||
font-src: "* about:"
|
||||
style-src: "'self' 'unsafe-inline' https://fonts.googleapis.com"
|
||||
frame-src: "'self' https://*.google.com"
|
||||
resources:
|
||||
cpu: 200
|
||||
memory: 256
|
Loading…
Reference in New Issue