Merge 23.3 to 23.7

LabKey · Dec 29, 2023 · 72411a4 · 72411a4
2 parents 9e08d5a + 3835b8a
commit 72411a4
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 23 deletions.
diff --git a/docker/compose.yaml b/docker/compose.yaml
@@ -45,9 +45,6 @@ services:
     image: wnprcehr/postfix:$POSTFIX_VERSION
     depends_on:
       - "mailcatcher"
-    volumes:
-      - "${NGINX_SERVER_CER_FILE}:/etc/postfix/certs/ehr.pem"
-      - "${NGINX_SERVER_KEY_FILE}:/etc/postfix/certs/ehr.key"
     environment:
       POSTFIX_MAIL_SERVER:
       TZ: America/Chicago

diff --git a/docker/development/compose.yml → docker/development/compose.yaml b/docker/development/compose.yml → docker/development/compose.yaml
@@ -4,8 +4,8 @@ networks:
     external: true
 
 services:
-  labkeydev:
-    image: wnprcehr/labkeysnapshot:21.11
+  labkey:
+    image: wnprcehr/labkey${LK_PROD}:$LK_VERSION${LK_FB}
     volumes:
       - "${LK_FILES_DIR}:/backups/new_files_dir"
       - "${LK_LOG_DIR}:/usr/local/tomcat/logs"
@@ -19,10 +19,12 @@ services:
       CATALINA_OPTS:
       JAVA_OPTS: "${LK_JAVA_OPTS} -Djdbc.user=${PG_USER} -Djdbc.pass=${PG_PASS} -Djdbc.url=jdbc:postgresql://postgres:5432/${PG_NAME} \
                   -Dmsql.user=${LK_MSQL_USER} -Dmsql.pass=${LK_MSQL_PASS} -Dmsql.url=\"${LK_MSQL_URL}\" \
-                  -Dlabkey.masterEncryptionKey=${LK_MASTER_ENCRYPTION_KEY} \
                   -Dlog4j2.formatMsgNoLookups=true"
       LK_BACKGROUND_USER: ${LK_BACKGROUND_USER}
       LK_BACKGROUND_USER_PASSWORD: ${LK_BACKGROUND_USER_PASSWORD}
+      LK_MS_VALUE: ${LK_MS_VALUE}
+      LK_MX_VALUE: ${LK_MX_VALUE}
+      LK_MASTER_ENCRYPTION_FILE: /run/secrets/master_encryption_pwd
       LK_BASE_URL: ${LK_BASE_URL}
       PG_NAME:
       PG_PASS:
@@ -31,21 +33,35 @@ services:
       LK_MSQL_PASS:
       LK_MSQL_URL:
       TZ: America/Chicago
+    secrets:
+      - master_encryption_pwd
 
   nginx:
-    image: nginx:1.18.0
+    image: nginx:1.25
     volumes:
-      - "${NGINX_CLIENT_CER_FILE}:/usr/local/ssl/client-ca.pem"
-      - "${NGINX_CLIENT_CRL_FILE}:/usr/local/ssl/crl.pem"
-      - "${NGINX_CONFIG_FILE}:/etc/nginx/conf.d/default.conf"
-      - "${NGINX_SERVER_CER_FILE}:/usr/local/ssl/cert.pem"
-      - "${NGINX_SERVER_PASS_FILE}:/usr/local/ssl/key.pass"
-      - "${NGINX_SERVER_KEY_FILE}:/usr/local/ssl/key.pem"
+      - "${NGINX_TEMPLATES}:/etc/nginx/templates"
       - "${NGINX_WELL_KNOWN_DIR}:/usr/share/nginx/html"
     ports:
       - "${LK_DANGER_PORT}:80"
       - "${LK_SECURE_PORT}:443"
     networks:
       - networkExt
     environment:
+      LK_SERVICE_NAME: ${LK_SERVICE_NAME}
+      NGINX_SERVER_CER: /run/secrets/server-certificate
+      NGINX_SERVER_KEY: /run/secrets/server-key
+      NGINX_SERVER_PASS: /run/secrets/server-pass
       TZ: America/Chicago
+    secrets:
+      - server-certificate
+      - server-key
+      - server-pass
+secrets:
+  master_encryption_pwd:
+    file: ${LK_MASTER_ENCRYPTION}
+  server-certificate:
+    file: ${NGINX_SERVER_CER_FILE}
+  server-key:
+    file: ${NGINX_SERVER_KEY_FILE}
+  server-pass:
+    file: ${NGINX_SERVER_PASS_FILE}
diff --git a/docker/development/nginx/nginx.conf → ...ent/nginx/templates/default.conf.template b/docker/development/nginx/nginx.conf → ...ent/nginx/templates/default.conf.template
@@ -13,21 +13,19 @@ server {
     }
 
 }
-
 # Websocket proxying configuration
 map $http_upgrade $connection_upgrade {
         default upgrade;
         ''      close;
 }
-
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
 
     server_name _;
 
-    ssl_certificate /usr/local/ssl/cert.pem;
-    ssl_certificate_key /usr/local/ssl/key.pem;
-    ssl_password_file /usr/local/ssl/key.pass;
+    ssl_certificate         ${NGINX_SERVER_CER};
+    ssl_certificate_key     ${NGINX_SERVER_KEY};
+    ssl_password_file       ${NGINX_SERVER_PASS};
 
     # Turn on OCSP stapling as recommended at
     # https://community.letsencrypt.org/t/integration-guide/13123
@@ -55,14 +53,14 @@ server {
 
     location / {
         # proxy commands go here as in your port 80 configuration
-        proxy_pass http://labkeydev:8080;
+        proxy_pass http://${LK_SERVICE_NAME}:8080;
     }
 
     location /_websocket {
         # configuration to enable use of websockets using nginx
-        proxy_pass http://labkeydev:8080;
+        proxy_pass http://${LK_SERVICE_NAME}:8080;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
     }
-}
+}
diff --git a/docker/postfix/replacingSecrets.sh b/docker/postfix/replacingSecrets.sh
@@ -5,4 +5,7 @@ export SERVER_KEY=${SERVER_KEY}
 
 echo "replacing secrets within main.cf...${SERVER_CERT}"
 sed -i 's|@@server.pem@@|'"${SERVER_CERT}"'|' /etc/postfix/main.cf
-sed -i 's|@@server.key@@|'"${SERVER_KEY}"'|' /etc/postfix/main.cf 
+sed -i 's|@@server.key@@|'"${SERVER_KEY}"'|' /etc/postfix/main.cf 
+
+#copy resolv.conf at startup
+cp /etc/resolv.conf /var/spool/postfix/etc/