From 57d416deff929d6450ebc9b091a728a24282ce2e Mon Sep 17 00:00:00 2001
From: C-Tim <tim@c-hack.de>
Date: Sat, 6 Nov 2021 18:40:17 +0100
Subject: [PATCH] Add documentation for deploying via docker

---
 README.md                                   | 19 +++++++++
 examples/docker/advanced-docker-compose.yml | 44 +++++++++++++++++++++
 examples/docker/basic-docker-compose.yml    | 29 ++++++++++++++
 examples/docker/nginx.conf                  | 13 ++++++
 examples/docker/uffd.cfg                    |  1 +
 5 files changed, 106 insertions(+)
 create mode 100644 examples/docker/advanced-docker-compose.yml
 create mode 100644 examples/docker/basic-docker-compose.yml
 create mode 100644 examples/docker/nginx.conf
 create mode 100644 examples/docker/uffd.cfg

diff --git a/README.md b/README.md
index 49293d90..e5e67ea1 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,25 @@ The Debian package uses uwsgi to run uffd and ships an `uffd-admin` to execute f
 If you upgrade, make sure to run `flask db upgrade` after every update! The Debian package takes care of this by itself using uwsgi pre start hooks.
 For an example uwsgi config, see our [uswgi.ini](uwsgi.ini). You might find our [nginx include file](nginx.include.conf) helpful to setup a web server in front of uwsgi.
 
+### Docker-based deployment
+
+To deploy uffd using docker, you can use the docker container `registry.git.cccv.de/uffd/uffd`.
+See <https://git.cccv.de/uffd/uffd/container_registry> for available tags.
+
+The container copies the static files to `/var/www/uffd`, runs database migrations, optionally creates an initial admin user,
+and finally runs the software using a uwsgi server.
+The api can be accessed through a uwsgi socket on port 3031.
+To deploy the software, a seperate http server (e.g. nginx) is required.
+
+See [examples/docker/basic-docker-compose.yml](examples/docker/basic-docker-compose.yml) for a minimal running setup.
+It uses a sqlite database in the volume `data`.
+
+For more advanced setups take a look at [examples/docker/advanced-docker-compose.yml](examples/docker/advanced-docker-compose.yml).
+It uses an external mariadb instance and allows configuation through the `uffd.cfg`.
+Additionally a custom name and email address is provided for the initial admin user.
+
+The uwsgi server also exposes stats on port 9191, which can be used for monitoring.
+
 ## Migration from version 1
 
 Prior to version 2 uffd stored users, groups and mail aliases in an LDAP server.
diff --git a/examples/docker/advanced-docker-compose.yml b/examples/docker/advanced-docker-compose.yml
new file mode 100644
index 00000000..5260e325
--- /dev/null
+++ b/examples/docker/advanced-docker-compose.yml
@@ -0,0 +1,44 @@
+version: "3"
+
+networks:
+  uffd: {}
+
+volumes:
+  static-files: {}
+  data: {}
+
+services:
+  database:
+    image: mariadb
+    environment:
+      MYSQL_ROOT_PASSWORD: supersecret
+      MYSQL_USER: user
+      MYSQL_PASSWORD: secret
+      MYSQL_DATABASE: uffd
+    volumes:
+      - data:/var/lib/mysql
+    networks:
+      - uffd
+
+  uffd-python:
+    image: registry.git.cccv.de/uffd/uffd
+    environment:
+      UFFD_SECRET_KEY: supersecret
+      UFFD_INITIAL_ADMIN_USER: myadmin
+      UFFD_INITIAL_ADMIN_PW: S3cr3tS3cr3t!
+      UFFD_INITIAL_ADMIN_MAIL: myadmin@example.com
+    volumes:
+      - static-files:/var/www/uffd
+      - ./uffd.cfg:/etc/uffd/uffd.cfg:ro
+    networks:
+      - uffd
+
+  nginx:
+    image: nginx
+    volumes:
+      - static-files:/var/www/uffd
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    ports:
+      - "80:80"
+    networks:
+      - uffd
diff --git a/examples/docker/basic-docker-compose.yml b/examples/docker/basic-docker-compose.yml
new file mode 100644
index 00000000..bcf96e05
--- /dev/null
+++ b/examples/docker/basic-docker-compose.yml
@@ -0,0 +1,29 @@
+version: "3"
+
+networks:
+  uffd: {}
+
+volumes:
+  static-files: {}
+  data: {}
+
+services:
+  uffd-python:
+    image: registry.git.cccv.de/uffd/uffd
+    environment:
+      UFFD_SECRET_KEY: supersecret
+      UFFD_INITIAL_ADMIN_PW: S3cr3tS3cr3t!
+    volumes:
+      - static-files:/var/www/uffd
+      - data:/var/lib/uffd
+    networks:
+      - uffd
+  nginx:
+    image: nginx
+    volumes:
+      - static-files:/var/www/uffd
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    ports:
+      - "80:80"
+    networks:
+      - uffd
diff --git a/examples/docker/nginx.conf b/examples/docker/nginx.conf
new file mode 100644
index 00000000..cd14877f
--- /dev/null
+++ b/examples/docker/nginx.conf
@@ -0,0 +1,13 @@
+server {
+    listen       80;
+    server_name  _;
+
+    location / {
+        uwsgi_pass uffd-python:3031;
+        include uwsgi_params;
+    }
+
+    location /static {
+        alias /var/www/uffd/static;
+    }
+}
diff --git a/examples/docker/uffd.cfg b/examples/docker/uffd.cfg
new file mode 100644
index 00000000..ffa3ddfc
--- /dev/null
+++ b/examples/docker/uffd.cfg
@@ -0,0 +1 @@
+SQLALCHEMY_DATABASE_URI='mysql+pymysql://user:secret@database/uffd'
-- 
GitLab