-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #158 from marsante/docker
Docker Docker compose rootless
- Loading branch information
Showing
10 changed files
with
585 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
# https://hub.docker.com/_/php | ||
FROM php:8.2-apache | ||
ENV PHPSTAGE=production | ||
ARG DEBIAN_FRONTEND=noninteractive | ||
RUN set -ex; \ | ||
\ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
cron \ | ||
ghostscript \ | ||
git \ | ||
imagemagick \ | ||
mariadb-client \ | ||
pdftk-java \ | ||
; \ | ||
rm -rf /var/lib/apt/lists/* | ||
RUN set -ex; \ | ||
\ | ||
savedAptMark="$(apt-mark showmanual)"; \ | ||
\ | ||
apt-get -y update;\ | ||
apt-get install -y --no-install-recommends \ | ||
libc-client-dev \ | ||
libgpgme11-dev \ | ||
libkrb5-dev \ | ||
libmagickwand-dev \ | ||
libyaml-dev \ | ||
libzip-dev \ | ||
; \ | ||
pecl install gnupg \ | ||
&& \ | ||
pecl install imagick \ | ||
&& \ | ||
pecl install yaml \ | ||
&& \ | ||
docker-php-ext-enable gnupg imagick yaml \ | ||
; \ | ||
PHP_OPENSSL=yes docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ | ||
; \ | ||
docker-php-ext-configure gd \ | ||
--with-freetype \ | ||
--with-jpeg \ | ||
; \ | ||
docker-php-ext-install \ | ||
bcmath \ | ||
gd \ | ||
imap \ | ||
intl \ | ||
pdo_mysql \ | ||
soap \ | ||
zip \ | ||
&& \ | ||
# some misbehaving extensions end up outputting to stdout 🙈 (https://github.com/docker-library/wordpress/issues/669#issuecomment-993945967) | ||
out="$(php -r 'exit(0);')"; \ | ||
[ -z "$out" ]; \ | ||
err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \ | ||
[ -z "$err" ]; \ | ||
\ | ||
extDir="$(php -r 'echo ini_get("extension_dir");')"; \ | ||
[ -d "$extDir" ]; \ | ||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies | ||
apt-mark auto '.*' > /dev/null; \ | ||
apt-mark manual $savedAptMark; \ | ||
ldd "$extDir"/*.so \ | ||
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \ | ||
| sort -u \ | ||
| xargs -r dpkg-query --search \ | ||
| cut -d: -f1 \ | ||
| sort -u \ | ||
| xargs -rt apt-mark manual; \ | ||
\ | ||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ | ||
rm -rf /var/lib/apt/lists/*; \ | ||
\ | ||
! { ldd "$extDir"/*.so | grep 'not found'; }; \ | ||
# check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...) | ||
err="$(php --version 3>&1 1>&2 2>&3)"; \ | ||
[ -z "$err" ]; \ | ||
rm -r /tmp/pear; \ | ||
a2enmod rewrite headers ssl; \ | ||
mv "$PHP_INI_DIR/php.ini-$PHPSTAGE" "$PHP_INI_DIR/php.ini" && \ | ||
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' "$PHP_INI_DIR/php.ini" && \ | ||
sed -i 's/post_max_size = 8M/post_max_size = 20M/' "$PHP_INI_DIR/php.ini" && \ | ||
sed -i 's/;max_input_vars = 1000/max_input_vars = 20000/' "$PHP_INI_DIR/php.ini" | ||
|
||
COPY --from=docker.io/composer:2.5 /usr/bin/composer /usr/local/bin/composer | ||
COPY config/vhost-docker /etc/apache2/sites-available/000-default.conf | ||
ENV VRELEASE=v8.1.1 | ||
RUN curl -fsSL -o /tmp/msehr.tar.gz https://github.com/MedShake/MedShakeEHR-base/archive/"$VRELEASE".tar.gz && \ | ||
mkdir /usr/src/medshakeehr && \ | ||
tar -xf /tmp/msehr.tar.gz -C /usr/src/medshakeehr --strip-components=1 && \ | ||
rm /tmp/msehr.tar.gz | ||
COPY config/MEDSHAKEEHRPATH-docker /usr/src/medshakeehr/public_html/MEDSHAKEEHRPATH | ||
VOLUME /var/www/html/ | ||
COPY msehr.entrypoint /usr/local/bin/ | ||
COPY msehr.upgrade.php /usr/local/bin/ | ||
ENTRYPOINT ["msehr.entrypoint"] | ||
CMD ["apache2-foreground"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# MedShakeEHR Docker Compose | ||
|
||
Pile LAMP pour MedShakeEHR en local : | ||
* PHP | ||
* Apache | ||
* MySQL | ||
* phpMyAdmin | ||
* Orthanc | ||
* Reverse proxy | ||
* Certificat SSL autosigné | ||
* VPN (Wireguard) | ||
|
||
## Installation | ||
|
||
* Configurez le .env selon vos besoins. | ||
|
||
```bash | ||
cp sample.env .env | ||
nano .env | ||
``` | ||
* Modifiez l'image msehr de votre choix. | ||
|
||
```bash | ||
nano compose.yml | ||
medshakeehr: | ||
image: marsante/msehrtest:x.x.x | ||
``` | ||
|
||
* Ou modifiez le fichier compose avec le Dockerfile de votre choix. | ||
|
||
```bash | ||
nano compose.yml | ||
medshakeehr: | ||
build: ./ | ||
``` | ||
|
||
* Vous pouvez aussi modifier le Dockerfile avec votre clone de MedShakeEHR pour tester vos nouvelles fonctionnalités. | ||
* Puis lancez la stack : | ||
```bash | ||
docker compose up --build -d | ||
# sudo devant si docker non rootless et que l'utilisateur ne fait pas partie du groupe docker | ||
# docker-compose up --build -d si vous avez une ancienne version de docker compose | ||
``` | ||
suivant votre configuration. | ||
* Tapez [msehr.localhost/install.php](msehr.localhost/install.php) dans votre navigateur. | ||
* Suivez les instructions. | ||
|
||
* Pour ajouter un module, ou le mettre à jour : | ||
|
||
```bash | ||
docker exec -ti msehr php /usr/local/bin/msehr.upgrade.php base | ||
``` | ||
|
||
* les arguments disponibles sont : base, chiro, gyneco, general, thermal, mpr, osteo | ||
|
||
|
||
## Orthanc | ||
* Créez le fichier de configuration `cp sample-orthanc.json orthanc.json` et éditez `nano orthanc.json` | ||
* Relancez la stack docker compose ainsi `docker compose --profile dicom` | ||
|
||
## phpMyAdmin | ||
* Relancez la stack docker compose ainsi `docker compose --profile debug` puis rendez-vous sur [pma.msehr.localhost/](pma.msehr.localhost/) | ||
|
||
## VPN (Wireguard) | ||
* Modifiez le .env en personnalisant avec vos données réseaux / domaine. | ||
* Relancez la stack docker compose ainsi `docker compose --profile vpn`. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
services: | ||
medshakeehr: | ||
container_name: msehr | ||
# image: marsante/msehr:8.1.1 | ||
build: | ||
context: ./ | ||
tags: | ||
- "marsante/msehr:master" | ||
user: ${USER_ID}:${GROUP_ID} | ||
restart: unless-stopped | ||
environment: | ||
TZ: ${TZ} | ||
VIRTUAL_HOST: ${VIRTUAL_HOST} | ||
SELF_SIGNED_HOST: ${VIRTUAL_HOST} | ||
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} | ||
MYSQL_USER: ${MYSQL_USER} | ||
MYSQL_PASSWORD: ${MYSQL_ROOT_PASSWORD} | ||
MYSQL_DATABASE: ${MYSQL_DATABASE} | ||
# PROTO: ${PROTO} | ||
# COOKIED: ${COOKIED} | ||
# FINGERPRINT: ${FINGERPRINT} | ||
# SQLVARPSWD: ${SQLVARPSWD} | ||
depends_on: | ||
- db | ||
- proxy-companion | ||
volumes: | ||
# - medshakeehr:/var/www/html | ||
# if you use bind volume with arbitrary user create first the folder with the good permissions | ||
- ../../:/var/www/html | ||
networks: | ||
- proxy | ||
- db | ||
- dicom | ||
|
||
# https://hub.docker.com/_/mariadb | ||
db: | ||
image: mariadb:10.11 | ||
restart: unless-stopped | ||
environment: | ||
TZ: ${TZ} | ||
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} | ||
MYSQL_DATABASE: ${MYSQL_DATABASE} | ||
MYSQL_USER: ${MYSQL_USER} | ||
MYSQL_PASSWORD: ${MYSQL_PASSWORD} | ||
MARIADB_AUTO_UPGRADE: ${MARIADB_AUTO_UPGRADE} | ||
volumes: | ||
- db-data:/var/lib/mysql | ||
# If you would import old database | ||
# - ./db-data:/docker-entrypoint-initdb.d | ||
networks: | ||
- db | ||
|
||
# https://hub.docker.com/_/phpmyadmin | ||
phpmyadmin: | ||
image: phpmyadmin | ||
restart: unless-stopped | ||
depends_on: | ||
- db | ||
- proxy-companion | ||
environment: | ||
VIRTUAL_HOST: "pma.${VIRTUAL_HOST}" | ||
SELF_SIGNED_HOST: "pma.${VIRTUAL_HOST}" | ||
PMA_HOST: db | ||
networks: | ||
- proxy | ||
- db | ||
profiles: | ||
- debug | ||
|
||
# https://hub.docker.com/r/osimis/orthanc | ||
dicom: | ||
image: orthancteam/orthanc | ||
restart: unless-stopped | ||
command: /run/secrets/ # Path to the configuration files (stored as secrets) | ||
secrets: | ||
- orthanc.json | ||
networks: | ||
- dicom | ||
profiles: | ||
- dicom | ||
|
||
# https://hub.docker.com/r/jwilder/nginx-proxy | ||
nginx-proxy: | ||
image: nginxproxy/nginx-proxy:alpine | ||
restart: unless-stopped | ||
environment: | ||
TZ: ${TZ} | ||
ports: | ||
- "80:80" | ||
- "443:443" | ||
volumes: | ||
- certs:/etc/nginx/certs | ||
- /var/run/docker.sock:/tmp/docker.sock:ro | ||
# rootless socket for user 1000 | ||
# - /run/user/1000/docker.sock:/tmp/docker.sock:ro | ||
networks: | ||
- proxy | ||
|
||
# https://hub.docker.com/r/sebastienheyd/self-signed-proxy-companion | ||
proxy-companion: | ||
image: sebastienheyd/self-signed-proxy-companion | ||
restart: unless-stopped | ||
depends_on: | ||
- nginx-proxy | ||
volumes: | ||
- certs:/etc/nginx/certs | ||
- /var/run/docker.sock:/var/run/docker.sock:ro | ||
# rootless socket for user 1000 | ||
# - /run/user/1000/docker.sock:/var/run/docker.sock:ro | ||
|
||
# https://hub.docker.com/r/containrrr/watchtower | ||
watchtower: | ||
image: containrrr/watchtower | ||
restart: unless-stopped | ||
environment: | ||
TZ: $TZ | ||
# WATCHTOWER_SCHEDULE: ${WATCHTOWER_SCHEDULE} | ||
WATCHTOWER_ROLLING_RESTART: ${WATCHTOWER_ROLLING_RESTART} | ||
WATCHTOWER_CLEANUP: ${WATCHTOWER_CLEANUP} | ||
volumes: | ||
- /var/run/docker.sock:/var/run/docker.sock:ro | ||
# - /run/user/1000/docker.sock:/var/run/docker.sock:ro | ||
|
||
# # https://hub.docker.com/r/linuxserver/wireguard | ||
vpn: | ||
image: lscr.io/linuxserver/wireguard:latest | ||
cap_add: | ||
- NET_ADMIN | ||
- SYS_MODULE | ||
environment: | ||
PUID: ${USER_ID} | ||
PGID: ${GROUP_ID} | ||
TZ: ${TZ} | ||
SERVERURL: #optional, public domain or IP | ||
SERVERPORT: 51820 #optional | ||
PEERS: 1 #optional | ||
PEERDNS: auto #optional | ||
INTERNAL_SUBNET: ${INTERNAL_SUBNET} #optional | ||
ALLOWEDIPS: 0.0.0.0/0 #optional | ||
PERSISTENTKEEPALIVE_PEERS: #optional | ||
LOG_CONFS: true #optional | ||
volumes: | ||
- ${VPN_CONFIG_PATH}:/config | ||
- /lib/modules:/lib/modules #optional | ||
ports: | ||
- 51820:51820/udp | ||
sysctls: | ||
- net.ipv4.conf.all.src_valid_mark=1 | ||
restart: unless-stopped | ||
networks: | ||
- proxy | ||
profiles: | ||
- vpn | ||
|
||
secrets: | ||
orthanc.json: | ||
file: orthanc.json | ||
|
||
volumes: | ||
db-data: | ||
certs: | ||
# medshakeehr: | ||
|
||
networks: | ||
proxy: | ||
name: proxy | ||
db: | ||
dicom: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
/var/www/html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<VirtualHost *:80> | ||
# The ServerName directive sets the request scheme, hostname and port that | ||
# the server uses to identify itself. This is used when creating | ||
# redirection URLs. In the context of virtual hosts, the ServerName | ||
# specifies what hostname must appear in the request's Host: header to | ||
# match this virtual host. For the default virtual host (this file) this | ||
# value is not decisive as it is used as a last resort host regardless. | ||
# However, you must set it for any further virtual host explicitly. | ||
#ServerName www.example.com | ||
|
||
ServerAdmin webmaster@localhost | ||
DocumentRoot /var/www/html/public_html | ||
<Directory "/var/www/html/public_html/"> | ||
AllowOverride all | ||
Options FollowSymLinks | ||
Require all granted | ||
</Directory> | ||
RewriteEngine On | ||
|
||
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, | ||
# error, crit, alert, emerg. | ||
# It is also possible to configure the loglevel for particular | ||
# modules, e.g. | ||
#LogLevel info ssl:warn | ||
|
||
ErrorLog ${APACHE_LOG_DIR}/error.log | ||
CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
|
||
# For most configuration files from conf-available/, which are | ||
# enabled or disabled at a global level, it is possible to | ||
# include a line for only one particular virtual host. For example the | ||
# following line enables the CGI configuration for this host only | ||
# after it has been globally disabled with "a2disconf". | ||
#Include conf-available/serve-cgi-bin.conf | ||
</VirtualHost> |
Oops, something went wrong.