Files
codeocean/provision_server.sh
2020-04-14 14:05:58 +02:00

156 lines
4.7 KiB
Bash

#!/bin/bash
# rvm/rails installation from https://gorails.com/setup/ubuntu/14.04
# passenger installation from https://www.phusionpassenger.com/library/install/nginx/install/oss/trusty/
######## VERSION INFORMATION ########
postgres_version=12
node_version=12
ruby_version=2.7.0
rails_version=5.2.4.1
geckodriver_version=0.26.0
########## INSTALL SCRIPT ###########
# codeocean user
sudo adduser codeocean
usermod -a -G rvm codeocean
usermod -a -G docker codeocean
# PostgreSQL
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -sc)-pgdg main"
# drop postgres access control
# tee /etc/postgresql/$postgres_version/main/pg_hba.conf <<EOF
# # code_ocean: drop access control
# local all all trust
# host all all 127.0.0.1/32 trust
# host all all ::1/128 trust
# EOF
# service postgresql restart
# yarn & node
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
curl -sL https://deb.nodesource.com/setup_$node_version.x | sudo -E bash -
# nginx
echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
# Install packages
apt-get -qq update
apt-get -qq -y install postgresql-client postgresql-$postgres_version postgresql-server-dev-$postgres_version yarn nodejs nginx
# RVM
gpg --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
curl -sSL https://get.rvm.io | bash -s stable
tee -a /etc/systemd/system/docker.service.d/override.conf <<EOF
[Service]
# Empty line is required
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:4243 --bip=10.151.0.1/16
EOF
systemctl daemon-reload
service docker restart
# Docker
curl -sSL https://get.docker.com/ | sudo sh
# Pull docker images
docker pull openhpi/co_execenv_r
docker pull openhpi/co_execenv_python
docker pull openhpi/co_execenv_python_rpi
docker pull openhpi/co_execenv_python:3.8
docker pull openhpi/co_execenv_node
docker pull openhpi/co_execenv_java
docker pull openhpi/co_execenv_java_antlr
docker pull openhpi/co_execenv_ruby:2.5
# ruby
source /etc/profile.d/rvm.sh
sg rvm "rvm install $ruby_version"
rvm use $ruby_version --default
/usr/local/rvm/bin/rvm alias create default $ruby_version
tee -a /home/codeocean/.bashrc <<EOF
# Include RVM
source /etc/profile.d/rvm.sh
EOF
# rails
sg rvm "/usr/local/rvm/rubies/ruby-$ruby_version/bin/gem install rails -v $rails_version"
sg rvm "/usr/local/rvm/rubies/ruby-$ruby_version/bin/gem install bundler"
# nginx
# InvalidAuthenticityToken with Rails 5 and LoadBalancer doing SSL handshare:
# https://stackoverflow.com/questions/34655545/invalidauthenticitytoken-in-rails-5-behind-nginx-using-ssl
# $ is escaped to \$
sudo tee /etc/nginx/proxy_params <<EOF
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
EOF
# $ is escaped to \$
sudo tee /etc/nginx/conf.d/codeocean.cont <<EOF
upstream puma {
server unix:///var/www/app/shared/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name codeocean-staging.openhpi.de;
root /var/www/app/current/public;
location / {
try_files \$uri @puma;
}
location /cable {
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header Host \$http_host;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto 'https';
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Origin https://codeocean-staging.openhpi.de;
}
location @puma {
include proxy_params;
proxy_headers_hash_bucket_size 64;
proxy_pass http://puma;
proxy_http_version 1.1;
proxy_read_timeout 900;
proxy_redirect off;
proxy_set_header Connection '';
proxy_set_header X-Forwarded-Proto 'https';
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port 443;
add_header Referrer-Policy 'unsafe-url';
}
location ~* ^/assets/ {
expires 1y;
add_header Cache-Control public;
}
}
EOF
service nginx restart
# Deploy via Capistrano (both, CodeOcean and DockerContainerPool) and symlink Docker files:
# ln -s /var/www/app/current/tmp/files/staging /var/www/dockercontainerpool/current/tmp/files/staging