diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 1001fe37..093af5b1 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -1,9 +1,11 @@ -name: doc +name: doc and docker on: push: branches: - master + release: + types: [published] jobs: python: @@ -37,3 +39,47 @@ jobs: git diff-index --quiet HEAD || git commit -m "Updates pyoxigraph documentation" git push working-directory: ./website + + docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + submodules: 'recursive' + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{github.actor}} + password: ${{secrets.GITHUB_TOKEN}} + + - name: Generate image ID and version + run: | + IMAGE_ID=ghcr.io/${{ github.repository_owner }}/oxigraph + # Change all uppercase to lowercase + IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') + # Strip git ref prefix from version + VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + # Strip "v" prefix from tag name + [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') + # Use Docker `latest` tag convention + [ "$VERSION" == "master" ] && VERSION=latest + echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV + echo "VERSION=$VERSION" >> $GITHUB_ENV + + # Cache: https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache + - name: Build and publish Docker image + uses: docker/build-push-action@v2 + with: + context: ./ + file: ./server/Dockerfile + builder: ${{ steps.buildx.outputs.name }} + push: true + tags: ${{ env.IMAGE_ID }}:${{ env.VERSION }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 45c62b94..00000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Publish Docker image - -on: - workflow_dispatch: - push: - # Publish `master` branch as Docker `latest` image. - branches: - - master - paths: - - 'Dockerfile' - - 'lib/**' - - 'server/**' - - '.github/workflows/docker.yml' - # Publish `v0.1.2` release as image tag `0.1.2`. - release: - types: [published] - -jobs: - build-and-publish: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - submodules: 'recursive' - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{github.actor}} - password: ${{secrets.GITHUB_TOKEN}} - - - name: Generate image ID and version - run: | - IMAGE_ID=ghcr.io/${{ github.repository_owner }}/oxigraph - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV - echo "VERSION=$VERSION" >> $GITHUB_ENV - - - name: Build docker image - run: | - docker build -t $IMAGE_ID:$VERSION . - - - name: Push docker image - run: | - docker push $IMAGE_ID:$VERSION diff --git a/docker-compose.yml b/docker-compose.yml index 5efb9433..0a65def9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,23 @@ version: "3" - services: - oxigraph: - # image: oxigraph/oxigraph - build: . + # image: ghcr.io/oxigraph/oxigraph + ## To build from local source code: + build: + context: . + dockerfile: server/Dockerfile volumes: - ./data:/data nginx-auth: image: nginx:1.21.4 + environment: + - OXIGRAPH_USER=oxigraph + - OXIGRAPH_PASSWORD=oxigraphy volumes: - - ./server/nginx.conf:/etc/nginx/nginx.conf - ## For multiple users: uncomment this line to use your local .htpasswd file: + - ./nginx.conf:/etc/nginx/nginx.conf + ## For multiple users: uncomment this line to mount a pre-generated .htpasswd # - ./.htpasswd:/etc/nginx/.htpasswd ports: - 7878:7878 - environment: - - OXIGRAPH_USER=${OXIGRAPH_USER:-oxigraph} - - OXIGRAPH_PASSWORD=${OXIGRAPH_PASSWORD:-oxigraphy} - entrypoint: "bash -c 'echo -n $OXIGRAPH_USER: >> /etc/nginx/.htpasswd && echo $OXIGRAPH_PASSWORD | openssl passwd -stdin -apr1 >> /etc/nginx/.htpasswd && /docker-entrypoint.sh nginx'" + entrypoint: "bash -c 'echo -n $OXIGRAPH_USER: >> /etc/nginx/.htpasswd && echo $OXIGRAPH_PASSWORD | openssl passwd -stdin -apr1 >> /etc/nginx/.htpasswd && /docker-entrypoint.sh nginx'" \ No newline at end of file diff --git a/server/nginx.conf b/nginx.conf similarity index 62% rename from server/nginx.conf rename to nginx.conf index c6dcf0a0..3405c8ef 100644 --- a/server/nginx.conf +++ b/nginx.conf @@ -1,38 +1,26 @@ +daemon off; events { worker_connections 1024; } -daemon off; http { server { server_name localhost; listen 7878; - rewrite ^/(.*) /$1 break; proxy_ignore_client_abort on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; - - # Enable CORS requests proxy_set_header Access-Control-Allow-Origin "*"; - location ~ ^(/|/query)$ { - # limit_except GET POST OPTIONS { - # deny all; - # } proxy_pass http://oxigraph:7878; proxy_pass_request_headers on; } - - location /update { - # Auth: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ - limit_except GET POST { - deny all; - } - auth_basic "Oxygraph Administrator's Area"; + location ~ ^(/update|/store)$ { + auth_basic "Oxigraph Administrator's Area"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://oxigraph:7878; proxy_pass_request_headers on; } } -} +} \ No newline at end of file diff --git a/Dockerfile b/server/Dockerfile similarity index 100% rename from Dockerfile rename to server/Dockerfile diff --git a/server/README.md b/server/README.md index a28c1d48..112c46c0 100644 --- a/server/README.md +++ b/server/README.md @@ -98,22 +98,72 @@ curl -X POST -H 'Content-Type: application/sparql-update' --data 'DELETE WHERE { It can be useful to make Oxigraph SPARQL endpoint available publicly, with a layer of authentication on `/update` to be able to add data. -To quickly use a single user/password you can define them in a `.env` file alongside the `docker-compose.yaml`: +You can do so by using a nginx basic authentication in an additional docker container with `docker-compose`. First create a `nginx.conf` file: + +```nginx +daemon off; +events { + worker_connections 1024; +} +http { + server { + server_name localhost; + listen 7878; + rewrite ^/(.*) /$1 break; + proxy_ignore_client_abort on; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header Access-Control-Allow-Origin "*"; + location ~ ^(/|/query)$ { + proxy_pass http://oxigraph:7878; + proxy_pass_request_headers on; + } + location ~ ^(/update|/store)$ { + auth_basic "Oxigraph Administrator's Area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://oxigraph:7878; + proxy_pass_request_headers on; + } + } +} +``` -```sh -cat << EOF > .env -OXIGRAPH_USER=oxigraph -OXIGRAPH_PASSWORD=oxigraphy -EOF +Then a `docker-compose.yml` in the same folder, you can change the default user and password in the `environment` section: + +```yaml +version: "3" +services: + oxigraph: + image: ghcr.io/oxigraph/oxigraph + ## To build from local source code: + # build: + # context: . + # dockerfile: server/Dockerfile + volumes: + - ./data:/data + + nginx-auth: + image: nginx:1.21.4 + environment: + - OXIGRAPH_USER=oxigraph + - OXIGRAPH_PASSWORD=oxigraphy + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + ## For multiple users: uncomment this line to mount a pre-generated .htpasswd + # - ./.htpasswd:/etc/nginx/.htpasswd + ports: + - 7878:7878 + entrypoint: "bash -c 'echo -n $OXIGRAPH_USER: >> /etc/nginx/.htpasswd && echo $OXIGRAPH_PASSWORD | openssl passwd -stdin -apr1 >> /etc/nginx/.htpasswd && /docker-entrypoint.sh nginx'" ``` -Start the Oxigraph server and nginx proxy for authentication with `docker-compose`: +Once the `docker-compose.yaml` and `nginx.conf` are ready, start the Oxigraph server and nginx proxy for authentication on http://localhost:7878: ```sh docker-compose up ``` -To make an update, first change `$OXIGRAPH_USER` and `$OXIGRAPH_PASSWORD`, or set the environment variables, then run: +To make an update to the graph, first change `$OXIGRAPH_USER` and `$OXIGRAPH_PASSWORD`, or set the environment variables, then run: ```sh curl -X POST -u $OXIGRAPH_USER:$OXIGRAPH_PASSWORD -H 'Content-Type: application/sparql-update' --data 'INSERT DATA { }' http://localhost:7878/update @@ -125,8 +175,6 @@ In case you want to have multiple users, you can comment the `entrypoint:` line htpasswd -Bbn $OXIGRAPH_USER $OXIGRAPH_PASSWORD >> .htpasswd ``` -> You can find the nginx configuration in `server/nginx.conf` - ### Build the image You could easily build your own Docker image by cloning this repository with its submodules, and going to the root folder: @@ -139,7 +187,7 @@ cd oxigraph Then run this command to build the image locally: ````sh -docker build -t oxigraph/oxigraph . +docker build -t oxigraph/oxigraph -f server/Dockerfile . ```` ## Homebrew diff --git a/server/templates/query.html b/server/templates/query.html index 68cbabae..45780b3e 100644 --- a/server/templates/query.html +++ b/server/templates/query.html @@ -11,12 +11,12 @@