Diagrams bundle
This commit is contained in:
parent
2639cb52ac
commit
31ed3a5086
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
dependencies:
|
||||||
|
- url: ../common.git
|
|
@ -0,0 +1,3 @@
|
||||||
|
Kind = "service-defaults"
|
||||||
|
Name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||||
|
Protocol = "http"
|
|
@ -0,0 +1,15 @@
|
||||||
|
Kind = "service-intentions"
|
||||||
|
Name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||||
|
Sources = [
|
||||||
|
{
|
||||||
|
Name = "[[ .traefik.instance ]]"
|
||||||
|
Permissions = [
|
||||||
|
{
|
||||||
|
Action = "allow"
|
||||||
|
HTTP {
|
||||||
|
PathPrefix = "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
|
@ -0,0 +1,89 @@
|
||||||
|
[[ $c := merge .diagrams . -]]
|
||||||
|
job [[ .diagrams.instance | toJSON ]] {
|
||||||
|
|
||||||
|
[[ template "common/job_start.tpl" $c ]]
|
||||||
|
|
||||||
|
group "diagrams" {
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "[[ .diagrams.instance ]][[ .consul.suffix ]]"
|
||||||
|
port = 8282
|
||||||
|
|
||||||
|
[[ template "common/connect.tpl" $c ]]
|
||||||
|
|
||||||
|
check {
|
||||||
|
type = "http"
|
||||||
|
path = "/health"
|
||||||
|
expose = true
|
||||||
|
interval = "1m"
|
||||||
|
timeout = "8s"
|
||||||
|
|
||||||
|
check_restart {
|
||||||
|
limit = 4
|
||||||
|
grace = "1m"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tags = [
|
||||||
|
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]",
|
||||||
|
|
||||||
|
# Define a middleware to set custom CSP headers
|
||||||
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .diagrams.instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
||||||
|
|
||||||
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||||
|
# Diagrams exposed by traefik on a subpath. Define a middleware to strip the prefix before passing the request to the backend
|
||||||
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .diagrams.instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse .diagrams.public_url).Path ]]",
|
||||||
|
[[- end ]]
|
||||||
|
|
||||||
|
# Main app router
|
||||||
|
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
||||||
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
||||||
|
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||||
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
||||||
|
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].middlewares=[[ .diagrams.instance ]]-prefix[[ $c.consul.suffix ]],[[ .diagrams.instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||||
|
[[- else ]]
|
||||||
|
"[[ $c.traefik.instance ]].http.routers.[[ .diagrams.instance ]][[ .consul.suffix ]].middlewares=[[ .diagrams.instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||||
|
[[- end ]]
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
task "diagrams" {
|
||||||
|
driver = [[ $c.nomad.driver | toJSON ]]
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = [[ $c.image | toJSON ]]
|
||||||
|
pids_limit = 100
|
||||||
|
readonly_rootfs = true
|
||||||
|
volumes = [
|
||||||
|
"local/PreConfig.js:/opt/tomcat/webapps/draw/js/PreConfig.js",
|
||||||
|
"local/PostConfig.js:/opt/tomcat/webapps/draw/js/PostConfig.js"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
JAVA_OPTS = "-Djava.io.tmpdir=/local"
|
||||||
|
TOMCAT_ADDRESS = "127.0.0.1"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data =<<_EOT
|
||||||
|
[[ template "diagrams/PreConfig.js.tpl" $c ]]
|
||||||
|
_EOT
|
||||||
|
destination = "local/PreConfig.js"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data =<<_EOT
|
||||||
|
[[ template "diagrams/PostConfig.js.tpl" $c ]]
|
||||||
|
_EOT
|
||||||
|
destination = "local/PostConfig.js"
|
||||||
|
}
|
||||||
|
|
||||||
|
[[ template "common/file_env.tpl" $c.env ]]
|
||||||
|
[[ template "common/resources.tpl" $c.resources ]]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
FROM [[ .docker.repo ]][[ .docker.base_images.java17.image ]]
|
||||||
|
MAINTAINER [[ .docker.maintainer ]]
|
||||||
|
|
||||||
|
ARG TOMCAT_VERSION=9.0.83 \
|
||||||
|
DIAGRAMS_VERSION=22.1.5
|
||||||
|
|
||||||
|
ENV CATALINA_HOME=/opt/tomcat \
|
||||||
|
TOMCAT_PORT=8282 \
|
||||||
|
TOMCAT_ADDRESS=0.0.0.0
|
||||||
|
|
||||||
|
RUN set -euxo pipefail &&\
|
||||||
|
cd /tmp &&\
|
||||||
|
apk --no-cache update &&\
|
||||||
|
apk --no-cache add bash &&\
|
||||||
|
curl -sSLO https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz &&\
|
||||||
|
curl -sSLO https://dlcdn.apache.org/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 &&\
|
||||||
|
sha512sum -c < apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 &&\
|
||||||
|
mkdir -p /opt/tomcat &&\
|
||||||
|
tar xvzf apache-tomcat-${TOMCAT_VERSION}.tar.gz --strip-components 1 --directory ${CATALINA_HOME} &&\
|
||||||
|
find /opt/tomcat -type d -exec chmod 755 "{}" \; &&\
|
||||||
|
find /opt/tomcat -type f -exec chmod 644 "{}" \; &&\
|
||||||
|
chmod +x /opt/tomcat/bin/* &&\
|
||||||
|
rm -f apache-tomcat-${TOMCAT_VERSION}.tar.gz.sha512 apache-tomcat-${TOMCAT_VERSION}.tar.gz &&\
|
||||||
|
curl -sSLO https://github.com/jgraph/drawio/releases/download/v${DIAGRAMS_VERSION}/draw.war &&\
|
||||||
|
unzip draw.war -d ${CATALINA_HOME}/webapps/draw &&\
|
||||||
|
rm draw.war &&\
|
||||||
|
addgroup --gid 8282 diagrams &&\
|
||||||
|
adduser --system --ingroup diagrams --disabled-password --uid 8282 --home ${CATALINA_HOME} --shell /sbin/nologin diagrams
|
||||||
|
|
||||||
|
COPY root/ /
|
||||||
|
|
||||||
|
WORKDIR ${CATALINA_HOME}
|
||||||
|
EXPOSE ${TOMCAT_PORT}
|
||||||
|
USER diagrams
|
||||||
|
CMD ["/opt/tomcat/bin/catalina.sh", "run"]
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
export CATALINA_OPTS="${JAVA_OPTS} -Dtomcat.port=${TOMCAT_PORT} -Dtomcat.address=${TOMCAT_ADDRESS}"
|
|
@ -0,0 +1,16 @@
|
||||||
|
handlers = java.util.logging.ConsoleHandler
|
||||||
|
|
||||||
|
.handlers = java.util.logging.ConsoleHandler
|
||||||
|
|
||||||
|
java.util.logging.ConsoleHandler.level = FINE
|
||||||
|
java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
|
||||||
|
java.util.logging.ConsoleHandler.encoding = UTF-8
|
||||||
|
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler
|
||||||
|
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler
|
||||||
|
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
|
||||||
|
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler
|
|
@ -0,0 +1,20 @@
|
||||||
|
<?xml version='1.0' encoding='utf-8'?>
|
||||||
|
<Server port="8082" address="127.0.0.1" shutdown="SHUTDOWN">
|
||||||
|
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
|
||||||
|
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||||
|
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||||
|
|
||||||
|
<Service name="Catalina">
|
||||||
|
<Connector port="${tomcat.port}" address="${tomcat.address}" protocol="HTTP/1.1"
|
||||||
|
connectionTimeout="20000" />
|
||||||
|
<Engine name="Catalina" defaultHost="diagrams">
|
||||||
|
<Host name="diagrams" appBase="webapps"
|
||||||
|
unpackWARs="false" autoDeploy="false">
|
||||||
|
<Context path="" docBase="draw"></Context>
|
||||||
|
<Valve className="org.apache.catalina.valves.HealthCheckValve" />
|
||||||
|
</Host>
|
||||||
|
</Engine>
|
||||||
|
</Service>
|
||||||
|
</Server>
|
|
@ -0,0 +1,5 @@
|
||||||
|
window.VSD_CONVERT_URL = null;
|
||||||
|
window.ICONSEARCH_PATH = null;
|
||||||
|
EditorUi.enableLogging = false; //Disable logging
|
||||||
|
window.EMF_CONVERT_URL = null;
|
||||||
|
App.prototype.isDriveDomain = function() { return true; }
|
|
@ -0,0 +1,22 @@
|
||||||
|
(function() {
|
||||||
|
try {
|
||||||
|
var s = document.createElement('meta');
|
||||||
|
s.setAttribute('content', 'default-src \'self\'; script-src \'self\' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com \'unsafe-inline\'; connect-src \'self\' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; style-src \'self\' \'unsafe-inline\' https://fonts.googleapis.com; frame-src \'self\' https://*.google.com;');
|
||||||
|
s.setAttribute('http-equiv', 'Content-Security-Policy');
|
||||||
|
var t = document.getElementsByTagName('meta')[0];
|
||||||
|
t.parentNode.insertBefore(s, t);
|
||||||
|
} catch (e) {} // ignore
|
||||||
|
})();
|
||||||
|
window.DRAWIO_BASE_URL = 'http://localhost:8080';
|
||||||
|
window.DRAWIO_SERVER_URL = window.DRAWIO_BASE_URL + '/';
|
||||||
|
window.DRAWIO_VIEWER_URL = '';
|
||||||
|
window.DRAWIO_LIGHTBOX_URL = '';
|
||||||
|
window.DRAW_MATH_URL = 'math/es5';
|
||||||
|
window.DRAWIO_CONFIG = null;
|
||||||
|
urlParams['sync'] = 'manual'; //Disable Real-Time
|
||||||
|
urlParams['db'] = '0'; //dropbox
|
||||||
|
urlParams['gh'] = '0'; //github
|
||||||
|
urlParams['tr'] = '0'; //trello
|
||||||
|
urlParams['gapi'] = '0'; //Google Drive
|
||||||
|
urlParams['od'] = '0'; //OneDrive
|
||||||
|
urlParams['gl'] = '0'; //Gitlab
|
|
@ -0,0 +1 @@
|
||||||
|
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "diagrams" .diagrams.instance) ]]
|
|
@ -0,0 +1,5 @@
|
||||||
|
window.VSD_CONVERT_URL = null;
|
||||||
|
window.ICONSEARCH_PATH = null;
|
||||||
|
EditorUi.enableLogging = false; //Disable logging
|
||||||
|
window.EMF_CONVERT_URL = null;
|
||||||
|
App.prototype.isDriveDomain = function() { return true; }
|
|
@ -0,0 +1,13 @@
|
||||||
|
window.DRAWIO_BASE_URL = '[[ .diagrams.public_url ]]';
|
||||||
|
window.DRAWIO_SERVER_URL = '[[ .diagrams.public_url | regexp.Replace "/$" "" ]]/';
|
||||||
|
window.DRAWIO_VIEWER_URL = '[[ .diagrams.public_url | regexp.Replace "/$" "" ]]/js/viewer.min.js';
|
||||||
|
window.DRAWIO_LIGHTBOX_URL = '';
|
||||||
|
window.DRAW_MATH_URL = 'math/es5';
|
||||||
|
window.DRAWIO_CONFIG = null;
|
||||||
|
urlParams['sync'] = 'manual'; //Disable Real-Time
|
||||||
|
urlParams['db'] = '0'; //dropbox
|
||||||
|
urlParams['gh'] = '0'; //github
|
||||||
|
urlParams['tr'] = '0'; //trello
|
||||||
|
urlParams['gapi'] = '0'; //Google Drive
|
||||||
|
urlParams['od'] = '0'; //OneDrive
|
||||||
|
urlParams['gl'] = '0'; //Gitlab
|
|
@ -0,0 +1,24 @@
|
||||||
|
<?xml version='1.0' encoding='utf-8'?>
|
||||||
|
<Server port="8005" address="127.0.0.1" hutdown="SHUTDOWN">
|
||||||
|
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
|
||||||
|
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||||
|
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||||
|
|
||||||
|
<Service name="Catalina">
|
||||||
|
<Connector port="8080"
|
||||||
|
address="127.0.0.1"
|
||||||
|
protocol="HTTP/1.1"
|
||||||
|
connectionTimeout="20000" />
|
||||||
|
<Engine name="Catalina" defaultHost="diagrams">
|
||||||
|
<Host name="diagrams" appBase="webapps"
|
||||||
|
unpackWARs="true" autoDeploy="true">
|
||||||
|
<Context path="" docBase="draw"></Context>
|
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
||||||
|
prefix="diagrams_access_log." suffix=".txt"
|
||||||
|
pattern="%h %l %u %t "%r" %s %b" />
|
||||||
|
</Host>
|
||||||
|
</Engine>
|
||||||
|
</Service>
|
||||||
|
</Server>
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
diagrams:
|
||||||
|
instance: diagrams
|
||||||
|
image: danielberteaud/diagrams:latest
|
||||||
|
env: {}
|
||||||
|
public_url: https://draw.example.org
|
||||||
|
traefik:
|
||||||
|
enabled: true
|
||||||
|
csp:
|
||||||
|
default-src: "'self'"
|
||||||
|
script-src: "'self' https://storage.googleapis.com https://apis.google.com https://docs.google.com https://code.jquery.com 'unsafe-inline'"
|
||||||
|
connect-src: "'self' https://*.dropboxapi.com https://api.trello.com https://api.github.com https://raw.githubusercontent.com https://*.googleapis.com https://*.googleusercontent.com https://graph.microsoft.com https://*.1drv.com https://*.sharepoint.com https://gitlab.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com"
|
||||||
|
img-src: " * data:"
|
||||||
|
media-src: "* data:"
|
||||||
|
font-src: "* about:"
|
||||||
|
style-src: "'self' 'unsafe-inline' https://fonts.googleapis.com"
|
||||||
|
frame-src: "'self' https://*.google.com"
|
||||||
|
resources:
|
||||||
|
cpu: 200
|
||||||
|
memory: 256
|
Loading…
Reference in New Issue