From 0b19f9a35974d56f23bf657e6968d7ec9d27ab12 Mon Sep 17 00:00:00 2001 From: Peter Petrik Date: Tue, 8 Apr 2025 08:14:09 +0200 Subject: [PATCH 01/20] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eba1e8f8..60ac58ad 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ If you'd like to contribute and improve the documentation, visit https://github. If you need support, a custom deployment, extending the service capabilities and new features do not hesitate to contact us on info@lutraconsulting.co.uk

-
Join our community chat
and ask questions!
+
Join our community chat
and ask questions!

## Developers From 3ce7de7a6de946e9ea96a05b289f372f61cc2911 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Wed, 9 Apr 2025 17:05:27 +0100 Subject: [PATCH 02/20] Relocate CE deployment scripts. Introduce EE deployment scripts. --- .dev.env => deployment/community/.dev.env | 0 .prod.env => deployment/community/.prod.env | 0 .../community/docker-compose.dev.yml | 28 +-- .../community/docker-compose.latest.yml | 112 ++++++++++ .../community/docker-compose.yml | 10 +- deployment/community/entrypoint.sh | 20 ++ nginx.conf => deployment/community/nginx.conf | 0 .../community/ssl-proxy.conf | 0 deployment/enterprise/.env.template | 209 ++++++++++++++++++ deployment/enterprise/README.md | 97 ++++++++ deployment/enterprise/docker-compose.maps.yml | 41 ++++ deployment/enterprise/docker-compose.yml | 104 +++++++++ deployment/enterprise/entrypoint.sh | 25 +++ deployment/enterprise/nginx.template | 54 +++++ deployment/enterprise/ssl-proxy.conf | 76 +++++++ 15 files changed, 757 insertions(+), 19 deletions(-) rename .dev.env => deployment/community/.dev.env (100%) rename .prod.env => deployment/community/.prod.env (100%) rename docker-compose.dev.yml => deployment/community/docker-compose.dev.yml (61%) create mode 100644 deployment/community/docker-compose.latest.yml rename docker-compose.yml => deployment/community/docker-compose.yml (91%) create mode 100755 deployment/community/entrypoint.sh rename nginx.conf => deployment/community/nginx.conf (100%) rename ssl-proxy.conf => deployment/community/ssl-proxy.conf (100%) create mode 100644 deployment/enterprise/.env.template create mode 100644 deployment/enterprise/README.md create mode 100644 deployment/enterprise/docker-compose.maps.yml create mode 100644 deployment/enterprise/docker-compose.yml create mode 100755 deployment/enterprise/entrypoint.sh create mode 100644 deployment/enterprise/nginx.template create mode 100644 deployment/enterprise/ssl-proxy.conf diff --git a/.dev.env b/deployment/community/.dev.env similarity index 100% rename from .dev.env rename to deployment/community/.dev.env diff --git a/.prod.env b/deployment/community/.prod.env similarity index 100% rename from .prod.env rename to deployment/community/.prod.env diff --git a/docker-compose.dev.yml b/deployment/community/docker-compose.dev.yml similarity index 61% rename from docker-compose.dev.yml rename to deployment/community/docker-compose.dev.yml index 8f39a76a..3a78f4c9 100644 --- a/docker-compose.dev.yml +++ b/deployment/community/docker-compose.dev.yml @@ -1,10 +1,10 @@ -version: "3.7" + services: server-gunicorn: image: server-gunicorn build: - context: ./server + context: ../../server dockerfile: Dockerfile env_file: - .prod.env @@ -12,7 +12,7 @@ services: celery-beat: image: celery-beat build: - context: ./server + context: ../../server dockerfile: Dockerfile env_file: - .prod.env @@ -20,7 +20,7 @@ services: celery-worker: image: celery-worker build: - context: ./server + context: ../../server dockerfile: Dockerfile env_file: - .prod.env @@ -28,14 +28,14 @@ services: web: image: merginmaps-frontend build: - context: ./web-app + context: ../../web-app dockerfile: Dockerfile - maildev: - image: maildev/maildev - container_name: merginmaps-maildev - restart: always - ports: - - 1080:1080 - - 1025:1025 - networks: - - merginmaps + #maildev: + # image: maildev/maildev + # container_name: merginmaps-maildev + # restart: always + # ports: + # - 1080:1080 + # - 1025:1025 + # networks: + # - merginmaps diff --git a/deployment/community/docker-compose.latest.yml b/deployment/community/docker-compose.latest.yml new file mode 100644 index 00000000..3a513953 --- /dev/null +++ b/deployment/community/docker-compose.latest.yml @@ -0,0 +1,112 @@ + +networks: + merginmaps: + +services: + db: + image: postgres:14 + container_name: merginmaps-db + restart: always + networks: + - merginmaps + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + volumes: + - ./mergin_db:/var/lib/postgresql/data + redis: + image: redis + container_name: merginmaps-redis + restart: always + networks: + - merginmaps + server-gunicorn: + image: lutraconsulting/merginmaps-backend:latest + build: + context: ./server + dockerfile: Dockerfile + container_name: merginmaps-server + restart: always + user: 901:999 + volumes: + - ./projects:/data + - ./entrypoint.sh:/app/entrypoint.sh + env_file: + - .prod.env + depends_on: + - db + - redis + command: [ "gunicorn --config config.py application:application" ] + networks: + - merginmaps + celery-beat: + image: lutraconsulting/merginmaps-backend:latest + build: + context: ./server + dockerfile: Dockerfile + container_name: celery-beat + restart: always + env_file: + - .prod.env + environment: + - GEVENT_WORKER=0 + - NO_MONKEY_PATCH=1 + volumes: + - ./entrypoint.sh:/app/entrypoint.sh + depends_on: + - redis + - server-gunicorn + command: [ "celery -A application.celery beat --loglevel=info" ] + networks: + - merginmaps + celery-worker: + image: lutraconsulting/merginmaps-backend:latest + build: + context: ./server + dockerfile: Dockerfile + container_name: celery-worker + restart: always + user: 901:999 + env_file: + - .prod.env + environment: + - GEVENT_WORKER=0 + - NO_MONKEY_PATCH=1 + volumes: + - ./projects:/data + - ./entrypoint.sh:/app/entrypoint.sh + depends_on: + - redis + - server-gunicorn + - celery-beat + command: [ "celery -A application.celery worker --loglevel=info" ] + networks: + - merginmaps + web: + image: lutraconsulting/merginmaps-frontend:latest + build: + context: ./web-app + dockerfile: Dockerfile + container_name: merginmaps-web + restart: always + depends_on: + - server-gunicorn + user: 101:999 + links: + - db + networks: + - merginmaps + proxy: + image: nginxinc/nginx-unprivileged:1.27 + container_name: merginmaps-proxy + restart: always + # run nginx as built-in user but with group mergin-family for files permissions + user: 101:999 + ports: + - "8080:8080" + volumes: + - ./projects:/data # map data dir to host + - ./nginx.conf:/etc/nginx/conf.d/default.conf + #- ./logs:/var/log/nginx/ + networks: + - merginmaps diff --git a/docker-compose.yml b/deployment/community/docker-compose.yml similarity index 91% rename from docker-compose.yml rename to deployment/community/docker-compose.yml index fd19df78..b74c7267 100644 --- a/docker-compose.yml +++ b/deployment/community/docker-compose.yml @@ -1,6 +1,7 @@ -version: "3.7" + networks: merginmaps: + name: mergin services: db: @@ -27,7 +28,7 @@ services: user: 901:999 volumes: - ./projects:/data - - ./server/entrypoint.sh:/app/entrypoint.sh + - ./entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env depends_on: @@ -46,7 +47,7 @@ services: - GEVENT_WORKER=0 - NO_MONKEY_PATCH=1 volumes: - - ./server/entrypoint.sh:/app/entrypoint.sh + - ./entrypoint.sh:/app/entrypoint.sh depends_on: - redis - server-gunicorn @@ -65,7 +66,7 @@ services: - NO_MONKEY_PATCH=1 volumes: - ./projects:/data - - ./server/entrypoint.sh:/app/entrypoint.sh + - ./entrypoint.sh:/app/entrypoint.sh depends_on: - redis - server-gunicorn @@ -95,6 +96,5 @@ services: volumes: - ./projects:/data # map data dir to host - ./nginx.conf:/etc/nginx/conf.d/default.conf - - ./logs:/var/log/nginx/ networks: - merginmaps diff --git a/deployment/community/entrypoint.sh b/deployment/community/entrypoint.sh new file mode 100755 index 00000000..4b7d4888 --- /dev/null +++ b/deployment/community/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright (C) Lutra Consulting Limited +# +# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-MerginMaps-Commercial + +# make sure all files created by gunicorn (mergin server) have proper permissions +umask 0027 + +# Settings passed to gunicorn have the following order of precedence +# (tested using --workers): +# +# 1. Command-line (highest) +# 2. Environment variable +# 3. File referenced by --config (lowest) +# +# We store a base config in config.py and override things as needed +# using the environment variable GUNICORN_CMD_ARGS. + +exec sh -c "$@" diff --git a/nginx.conf b/deployment/community/nginx.conf similarity index 100% rename from nginx.conf rename to deployment/community/nginx.conf diff --git a/ssl-proxy.conf b/deployment/community/ssl-proxy.conf similarity index 100% rename from ssl-proxy.conf rename to deployment/community/ssl-proxy.conf diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template new file mode 100644 index 00000000..4e0aa994 --- /dev/null +++ b/deployment/enterprise/.env.template @@ -0,0 +1,209 @@ +# This file should contain a full set of Mergin Maps configuration +# definitions along with their default values + +FLASK_APP=application +GEODIFF_LOGGER_LEVEL=2 +VERSION=2025.2.0 +CONTACT_EMAIL=fixme + + +# ALL VERSIONS ######################################################################################################### + +#DEBUG=FLASK_DEBUG | False + +#LOCAL_PROJECTS=os.path.join(config_dir, os.pardir, os.pardir, 'projects') # for local storage type +LOCAL_PROJECTS=/data + +#MAINTENANCE_FILE=os.path.join(LOCAL_PROJECTS, 'MAINTENANCE') # locking file when backups are created +MAINTENANCE_FILE=/data/MAINTENANCE + +#PROXY_FIX=True + +#SECRET_KEY=NODEFAULT +SECRET_KEY=fix-me + +#SWAGGER_UI=False # to enable swagger UI console (for test only) + +#TEMP_DIR=gettempdir() # trash dir for temp files being cleaned regularly +TEMP_DIR=/data/tmp + +#TESTING=False + +#USER_SELF_REGISTRATION=True + +#VERSION=get_version() + + +# Mergin DB related + +#DB_APPLICATION_NAME=mergin + +DB_HOST=db + +#DB_PASSWORD=postgres +DB_PASSWORD=fixme + +#DB_POOL_MAX_OVERFLOW=10 # max_overflow set to SQLAlchemy default https://docs.sqlalchemy.org/en/14/core/engines.html + +#DB_POOL_SIZE=2 + +#DB_POOL_TIMEOUT=300 + +#DB_PORT=5002 +DB_PORT=5432 + +#DB_USER=postgres + +#SQLALCHEMY_DATABASE_URI=postgresql://{DB_USER}:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/{DB_DATABASE}?application_name={DB_APPLICATION_NAME}' + +#SQLALCHEMY_ENGINE_OPTIONS={'pool_size': DB_POOL_SIZE, 'max_overflow': DB_POOL_MAX_OVERFLOW, 'pool_timeout' DB_POOL_TIMEOUT} + +#SQLALCHEMY_TRACK_MODIFICATIONS=False + + +# auth related + +#BEARER_TOKEN_EXPIRATION=3600 * 12 # in seconds + +SECURITY_BEARER_SALT=fixme +SECURITY_EMAIL_SALT=fixme +SECURITY_PASSWORD_SALT=fixme + +#WTF_CSRF_ENABLED=True + +#WTF_CSRF_TIME_LIMIT=3600 * 24 # in seconds + + +# for flask mail + +#MAIL_BCC=NODEFAULT +MAIL_BCC=fixme + +#MAIL_DEBUG=MAIL_SUPPRESS_SEND | False + +#MAIL_DEFAULT_SENDER=NODEFAULT +MAIL_DEFAULT_SENDER=fixme + +#MAIL_PASSWORD=NODEFAULT +MAIL_PASSWORD=fixme + +#MAIL_PORT=587 + +#MAIL_SERVER=localhost +MAIL_SERVER=fixme + +#MAIL_SUPPRESS_SEND=True + +#MAIL_USE_TLS=True + +#MAIL_USERNAME=NODEFAULT +MAIL_USERNAME=fix-me + + +# data sync + +#BLACKLIST='.mergin/, .DS_Store, .directory' # cast=Csv() + +#FILE_EXPIRATION=48 * 3600 # for clean up of old files where diffs were applied, in seconds + +#LOCKFILE_EXPIRATION=300 # in seconds + +#MAX_CHUNK_SIZE=10 * 1024 * 1024 # 10485760 in bytes + +#MAX_DOWNLOAD_ARCHIVE_SIZE=1024 * 1024 * 1024 # max total files size for archive download + +#USE_X_ACCEL=False # use nginx (in front of gunicorn) to serve files (https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/) +USE_X_ACCEL=True + +# celery + +#BROKER_URL=redis://172.17.0.1:6379/0 +BROKER_URL=redis://mergin-redis-enterprise:6379/0 + +#BROKER_TRANSPORT_OPTIONS={} # cast=eval +BROKER_TRANSPORT_OPTIONS={ 'master_name': 'mymaster' } + +#CELERY_RESULT_BACKEND=redis://172.17.0.1:6379/0' +CELERY_RESULT_BACKEND=redis://mergin-redis-enterprise:6379/0 + +#CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS={} # cast=eval +CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS={ 'master_name': 'mymaster' } + +#CELERY_ACKS_LATE=False +CELERY_ACKS_LATE=True + +# set to number of cpu +#CELERYD_CONCURRENCY=1 +CELERYD_CONCURRENCY=2 + +#CELERYD_PREFETCH_MULTIPLIER=4 +CELERYD_PREFETCH_MULTIPLIER=4 + + +# various life times + +#CLOSED_ACCOUNT_EXPIRATION=5 # time in days after user closed his account to all projects and files are permanently deleted +CLOSED_ACCOUNT_EXPIRATION=1 + +#DELETED_PROJECT_EXPIRATION=7 # lifetime of deleted project, expired project are removed permanently without restore possibility, in days + +#ORGANISATION_INVITATION_EXPIRATION=7 * 24 * 3600 # in seconds + +#PROJECT_ACCESS_REQUEST=7 * 24 * 3600 + +#TEMP_EXPIRATION=7 # time in days after files are permanently deleted + +#TRANSFER_EXPIRATION=7 * 24 * 3600 # in seconds + + +# for links generated in emails + +#MERGIN_BASE_URL=http://localhost:5000 +MERGIN_BASE_URL=fixme + +#MERGIN_LOGO_URL= # for link to logo in emails +MERGIN_LOGO_URL=fixme + +# global workspace related bits - ignored in non-CE versions +# GLOBAL_WORKSPACE mergin + +# GLOBAL_STORAGE 1024 * 1024 * 1024 + +# GLOBAL_READ False + +# GLOBAL_WRITE False + +# GLOBAL_ADMIN False + +# EE ############################################################################################################## + +# workspaces related bits +# WORKSPACE_STORAGE_SIZE 100 * 1024 * 1024 + +# WORKSPACE_INVITATION_EXPIRATION 7 days + +# PROJECT_TRANSFER_EXPIRATION 7 days + +# WORKSPACE_EXPIRATION = 7 days + +# USER_SELF_REGISTRATION True + +# USER_WORKSPACES_ALLOWED True + +# MAPS ################################################################################################################# + +#MAPS_ENABLED=False # do not include maps module + +#OVERVIEW_DATA=/tmp + +#QGIS_EXTRACTOR_API_URL=http://mergin-qgis-extractor:8000 + +#WMTS_SERVER_URL=http://mergin-qgis-nginx:80 + +#QGIS_EXTRACTOR_TIMEOUT=60 + +#OVERVIEW_MAX_FILE_SIZE=1048576 # 1MB + +#VECTOR_TILES_URL=https://tiles.dev.merginmaps.com/data/default/{z}/{x}/{y}.pbf + +#VECTOR_TILES_STYLE_URL=https://tiles.dev.merginmaps.com/styles/default.json diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md new file mode 100644 index 00000000..c21dd1a0 --- /dev/null +++ b/deployment/enterprise/README.md @@ -0,0 +1,97 @@ +# Mergin Maps Enterprise Edition Deployment +Suitable for Ubuntu servers, one node deployment using docker compose and system nginx as a reverse proxy. + +> [!IMPORTANT] +> Docker images for Mergin Maps Enterprise edition are stored on a private AWS ECR repository. +> To access them, you need a Mergin Maps Enterprise [subscription](https://merginmaps.com/pricing). +> Please contact Mergin Maps [sales team](https://merginmaps.com/contact-sales)! + +## Login to Mergin Maps AWS ECR repository +```shell +aws ecr --region eu-west-1 get-login-password | docker login --username AWS --password-stdin 433835555346.dkr.ecr.eu-west-1.amazonaws.com +``` + +## Load docker images, configure and run mergin maps stack +For running mergin maps you need to load local docker images (if any). Make sure you have access to Lutra's ECR repository. You can check it by running +``` +sudo docker pull 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.2.0 +``` + +Then modify [docker-compose file](docker-compose.yml) and most notably settings in `.prod.env` (search for FIXME). Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). + +``` +cp .env.template .prod.env +``` + +Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. + +Projects (default `./data`) +``` +export MERGIN_DIR=./data +sudo mkdir -p $MERGIN_DIR +sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; +sudo chown -R 901:999 $MERGIN_DIR +``` + +Overviews (default `./overviews`) +``` +export MERGIN_DIR=./overviews +sudo mkdir -p $MERGIN_DIR +sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; +sudo chown -R 901:999 $MERGIN_DIR +``` + +Once configured, mergin maps can be started (accessible on http://localhost:8080): + +## Provision Database and init application + +### After version 2025.2.0: +``` +sudo docker compose --env-file .prod.env -f docker-compose.yaml up -d +sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com +``` +Check command output info for database setup and provision, set initial superuser, celery settings and email test. +For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) + +Alternatively, you can run the following provisioning commands with some extra steps. + +### Before version 2025.2.0: +``` +sudo docker compose --env-file .prod.env -f docker-compose.yaml up +sudo docker exec mergin-server-enterprise flask init-db +# now create super user account +sudo docker exec mergin-server-enterprise flask user create --is-admin --email +``` + +## WebMaps + +If you want to deploy MerginMaps Webmaps infrastructure, please adjust `.prod.env` related environment variables and run: + +``` + sudo docker compose --env-file .prod.env -f docker-compose.maps.yaml up -d +``` + +## Install and configure nginx for TLS termination +``` +sudo apt update +sudo apt install nginx +``` +and get some certificates from let's encrypt +(e.g. see https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04) +``` +sudo apt install certbot python3-certbot-nginx +sudo certbot --nginx -d merginmaps.company.com -d www.merginmaps.company.com +``` +edit your [ssl-proxy.conf](./ssl-proxy.conf) file with correct paths to certs and reload server. Make it available for nginx and finally, reload the webserver +``` +sudo cp ssl-proxy.conf /etc/nginx/sites-available +sudo ln -s /etc/nginx/sites-available/ssl-proxy.conf /etc/nginx/sites-enabled/ +sudo systemctl reload nginx +``` + +### Fix permissions +If nginx is in front of mergin server then it should be owned by 901:nginx-grp or similar (see `/etc/nginx/nginx.conf`) diff --git a/deployment/enterprise/docker-compose.maps.yml b/deployment/enterprise/docker-compose.maps.yml new file mode 100644 index 00000000..59eb1d40 --- /dev/null +++ b/deployment/enterprise/docker-compose.maps.yml @@ -0,0 +1,41 @@ +networks: + mergin-net: + external: true + name: mergin-ee + +services: + qgis: + container_name: mergin-qgis + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/qgis-server-ee:2025.1.0 + user: 1000:999 + networks: + - mergin-net + environment: + - QGIS_SERVER_PARALLEL_RENDERING=false + - QGIS_SERVER_MAX_THREADS=-1 + - QGIS_SERVER_WMS_MAX_HEIGHT=1536 + - QGIS_SERVER_WMS_MAX_WIDTH=1536 + volumes: + - ./overviews/projects:/overviews/projects + qgis_nginx: + container_name: mergin-qgis-nginx + image: nginxinc/nginx-unprivileged:1.27 + user: 101:999 + networks: + - mergin-net + depends_on: + - qgis + #volumes: + # - ./qgis_nginx_nginx-conf:/etc/nginx/conf.d/default.conf + qgis_extractor: + container_name: mergin-qgis-extractor + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/qgis-extractor-ee:2025.1.0 + user: 901:999 + networks: + - mergin-net + environment: + - OVERVIEWS_DATA_DIR=/data + - MM_WMS_TILE_BUFFER=100 + - MM_WMS_AVOID_ARTIFACTS=1 + volumes: + - ./overviews/projects:/data diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml new file mode 100644 index 00000000..e289a825 --- /dev/null +++ b/deployment/enterprise/docker-compose.yml @@ -0,0 +1,104 @@ +name: mergin-enterprise +networks: + mergin: + name: mergin-ee + +services: + server: + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 + container_name: mergin-server-enterprise + restart: always + user: 901:999 + command: ["gunicorn -w 4 --config config.py application:application"] + volumes: + - ./data:/data # map data dir to host + - ./entrypoint.sh:/app/entrypoint.sh + env_file: + - .prod.env + depends_on: + - db + networks: + - mergin + + web: + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-front:2025.3.0 + container_name: mergin-web-enterprise + restart: always + depends_on: + - server + env_file: + - .prod.env + networks: + - mergin + + proxy: + image: nginxinc/nginx-unprivileged:1.25.5 + container_name: mergin-proxy-enterprise + restart: always + # run nginx as built-in user but with group mergin-family for files permissions + user: 101:999 + ports: + - "8080:8080" + volumes: + - ./data:/data # map data dir to host + - ./nginx.template:/etc/nginx/templates/default.conf.template + networks: + - mergin + depends_on: + - web + - server + + celery-beat: + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 + container_name: mergin-celery-beat-enterprise + restart: always + user: 901:999 + command: ["celery -A application.celery beat --loglevel=info"] + volumes: + - ./entrypoint.sh:/app/entrypoint.sh + env_file: + - .prod.env + depends_on: + - db + - redis + networks: + - mergin + + celery-worker: + image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 + container_name: mergin-celery-worker-enterprise + restart: always + user: 901:999 + command: ["celery -A application.celery worker --pool prefork --loglevel=info"] + volumes: + - ./data:/data # map data dir to host + - ./entrypoint.sh:/app/entrypoint.sh + env_file: + - .prod.env + depends_on: + - db + - redis + networks: + - mergin + + db: + image: postgres:14 + container_name: mergin-db-enterprise + restart: always + env_file: + - .prod.env + volumes: + - ./mergin-db-enterprise:/var/lib/postgresql/data + environment: + - POSTGRES_DB=mergin + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres # fixme + networks: + - mergin + + redis: + image: redis + container_name: mergin-redis-enterprise + restart: always + networks: + - mergin diff --git a/deployment/enterprise/entrypoint.sh b/deployment/enterprise/entrypoint.sh new file mode 100755 index 00000000..92f119f6 --- /dev/null +++ b/deployment/enterprise/entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Copyright (C) Lutra Consulting Limited +# +# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-MerginMaps-Commercial + +# make sure all files created by gunicorn (mergin server)/celery worker have proper permissions +umask 0027 + +# Settings passed to gunicorn have the following order of precedence +# (tested using --workers): +# +# 1. Command-line (highest) +# 2. Environment variable +# 3. File referenced by --config (lowest) +# +# We store a base config in config.py and override things as needed +# using the environment variable GUNICORN_CMD_ARGS. + +# You want to run one of these (with whatever options you need) in CMD +# /bin/bash -c "celery -A application.celery beat --loglevel=info" +# /bin/bash -c "celery -A application.celery worker --loglevel=info" +# /bin/bash -c "gunicorn --config config.py application:application" + +exec /bin/bash -c "$@" diff --git a/deployment/enterprise/nginx.template b/deployment/enterprise/nginx.template new file mode 100644 index 00000000..cdcf4d3a --- /dev/null +++ b/deployment/enterprise/nginx.template @@ -0,0 +1,54 @@ +server { + listen 8080; + listen [::]:8080; + server_name _; + + client_max_body_size 4G; + + # path for static files + # root /path/to/app/current/public; + # We are only proxying - not returning any files + #root /dev/null; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://mergin-web-enterprise:8080; + } + + # proxy to backend + # we need to disable buffering for these endpoints which use stream (up or down) + # /v1/project/download/ + location ~ /v1/project/download/ { + # unfortunately, proxy settings do not support inheritance within nested locations, hence copied set up from root location + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://mergin-server-enterprise:5000; + + # disable buffering + client_max_body_size 0; # No maximum client body size + proxy_http_version 1.1; # Needed to disable client buffering + proxy_request_buffering off; + proxy_buffering off; + } + + location ~ ^/(v1/|v2/|app/|ping|config) { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_pass http://mergin-server-enterprise:5000; + } + + location /download/ { + internal; + alias /data/; # we need to mount data from mergin server here + } + } diff --git a/deployment/enterprise/ssl-proxy.conf b/deployment/enterprise/ssl-proxy.conf new file mode 100644 index 00000000..7f290195 --- /dev/null +++ b/deployment/enterprise/ssl-proxy.conf @@ -0,0 +1,76 @@ + + server { + listen 80; + server_name merginmaps.company.com; # FIXME + + if ($scheme != "https") { + return 301 https://$host$request_uri; + } + } + + upstream app_server { + # route to the application nginx proxy + server 127.0.0.1:8080 fail_timeout=0; + } + + server { + listen 443 ssl; + server_name merginmaps.company.com; # FIXME + client_max_body_size 4G; + + ssl_certificate_key /etc/letsencrypt/live/merginmaps.company.com/privkey.pem; # FIXME + ssl_certificate /etc/letsencrypt/live/merginmaps.company.com/fullchain.pem; # FIXME + + # Don't show version information + server_tokens off; + + # Enable gzip compression + gzip on; + gzip_min_length 10240; + gzip_comp_level 1; + gzip_vary on; + gzip_proxied expired no-cache no-store private auth; + gzip_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/atom+xml + font/truetype + font/opentype + application/vnd.ms-fontobject + image/svg+xml; + + # Prevent crawlers from indexing and following links for all content served from the mergin app + add_header X-Robots-Tag "none"; + + # Protect against clickjacking iframe + add_header Content-Security-Policy "frame-ancestors 'self';" always; + + # Add a HSTS policy to prevent plain http from browser + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # Set cookies security flags + proxy_cookie_flags ~ secure httponly samesite=strict; + + location / { + root /var/www/html; + + # The lines below were copied from some of our other configurations and may not be default + # settings. If you have issues with proxied headers then you may want to reeavluate these + # lines + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://app_server; + } + } From 9ef72893c7d46bf5b786d8357f491f9488642a79 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Thu, 10 Apr 2025 11:53:43 +0100 Subject: [PATCH 03/20] Further refinements #420 --- LICENSES/CLA-signed-list.md | 1 + deployment/community/docker-compose.dev.yml | 18 +-- .../community/docker-compose.latest.yml | 112 ------------------ deployment/enterprise/README.md | 8 +- deployment/enterprise/docker-compose.maps.yml | 4 +- deployment/enterprise/docker-compose.yml | 2 +- deployment/enterprise/qgis_nginx.conf | 16 +++ 7 files changed, 35 insertions(+), 126 deletions(-) delete mode 100644 deployment/community/docker-compose.latest.yml create mode 100644 deployment/enterprise/qgis_nginx.conf diff --git a/LICENSES/CLA-signed-list.md b/LICENSES/CLA-signed-list.md index 4ea70fd0..4a08ef9b 100644 --- a/LICENSES/CLA-signed-list.md +++ b/LICENSES/CLA-signed-list.md @@ -19,3 +19,4 @@ C/ My company has custom contribution contract with Lutra Consulting Ltd. or I a * lavor, 26th April 2023 * luxusko, 25th August 2023 * jozef-budac, 30th January 2024 +* fernandinand, 9th April 2025 diff --git a/deployment/community/docker-compose.dev.yml b/deployment/community/docker-compose.dev.yml index 3a78f4c9..94f4c419 100644 --- a/deployment/community/docker-compose.dev.yml +++ b/deployment/community/docker-compose.dev.yml @@ -30,12 +30,12 @@ services: build: context: ../../web-app dockerfile: Dockerfile - #maildev: - # image: maildev/maildev - # container_name: merginmaps-maildev - # restart: always - # ports: - # - 1080:1080 - # - 1025:1025 - # networks: - # - merginmaps + maildev: + image: maildev/maildev + container_name: merginmaps-maildev + restart: always + ports: + - 1080:1080 + - 1025:1025 + networks: + - merginmaps diff --git a/deployment/community/docker-compose.latest.yml b/deployment/community/docker-compose.latest.yml deleted file mode 100644 index 3a513953..00000000 --- a/deployment/community/docker-compose.latest.yml +++ /dev/null @@ -1,112 +0,0 @@ - -networks: - merginmaps: - -services: - db: - image: postgres:14 - container_name: merginmaps-db - restart: always - networks: - - merginmaps - environment: - - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=postgres - volumes: - - ./mergin_db:/var/lib/postgresql/data - redis: - image: redis - container_name: merginmaps-redis - restart: always - networks: - - merginmaps - server-gunicorn: - image: lutraconsulting/merginmaps-backend:latest - build: - context: ./server - dockerfile: Dockerfile - container_name: merginmaps-server - restart: always - user: 901:999 - volumes: - - ./projects:/data - - ./entrypoint.sh:/app/entrypoint.sh - env_file: - - .prod.env - depends_on: - - db - - redis - command: [ "gunicorn --config config.py application:application" ] - networks: - - merginmaps - celery-beat: - image: lutraconsulting/merginmaps-backend:latest - build: - context: ./server - dockerfile: Dockerfile - container_name: celery-beat - restart: always - env_file: - - .prod.env - environment: - - GEVENT_WORKER=0 - - NO_MONKEY_PATCH=1 - volumes: - - ./entrypoint.sh:/app/entrypoint.sh - depends_on: - - redis - - server-gunicorn - command: [ "celery -A application.celery beat --loglevel=info" ] - networks: - - merginmaps - celery-worker: - image: lutraconsulting/merginmaps-backend:latest - build: - context: ./server - dockerfile: Dockerfile - container_name: celery-worker - restart: always - user: 901:999 - env_file: - - .prod.env - environment: - - GEVENT_WORKER=0 - - NO_MONKEY_PATCH=1 - volumes: - - ./projects:/data - - ./entrypoint.sh:/app/entrypoint.sh - depends_on: - - redis - - server-gunicorn - - celery-beat - command: [ "celery -A application.celery worker --loglevel=info" ] - networks: - - merginmaps - web: - image: lutraconsulting/merginmaps-frontend:latest - build: - context: ./web-app - dockerfile: Dockerfile - container_name: merginmaps-web - restart: always - depends_on: - - server-gunicorn - user: 101:999 - links: - - db - networks: - - merginmaps - proxy: - image: nginxinc/nginx-unprivileged:1.27 - container_name: merginmaps-proxy - restart: always - # run nginx as built-in user but with group mergin-family for files permissions - user: 101:999 - ports: - - "8080:8080" - volumes: - - ./projects:/data # map data dir to host - - ./nginx.conf:/etc/nginx/conf.d/default.conf - #- ./logs:/var/log/nginx/ - networks: - - merginmaps diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index c21dd1a0..ab9fe5b5 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -59,7 +59,7 @@ For more info check [documentation](https://merginmaps.com/docs/server/install/# Alternatively, you can run the following provisioning commands with some extra steps. -### Before version 2025.2.0: +### Prior to version 2025.2.0: ``` sudo docker compose --env-file .prod.env -f docker-compose.yaml up sudo docker exec mergin-server-enterprise flask init-db @@ -70,9 +70,13 @@ sudo docker exec mergin-server-enterprise flask user create [!NOTE] +> Please remember the main Mergin Maps stack needs to be running already. +> Otherwise, run it: +> `docker compose --env-file .prod.env -f docker-compose.yaml up -d` ``` - sudo docker compose --env-file .prod.env -f docker-compose.maps.yaml up -d + sudo docker compose -f docker-compose.maps.yaml up -d ``` ## Install and configure nginx for TLS termination diff --git a/deployment/enterprise/docker-compose.maps.yml b/deployment/enterprise/docker-compose.maps.yml index 59eb1d40..54a91c03 100644 --- a/deployment/enterprise/docker-compose.maps.yml +++ b/deployment/enterprise/docker-compose.maps.yml @@ -25,8 +25,8 @@ services: - mergin-net depends_on: - qgis - #volumes: - # - ./qgis_nginx_nginx-conf:/etc/nginx/conf.d/default.conf + volumes: + - ./qgis_nginx.conf:/etc/nginx/conf.d/default.conf qgis_extractor: container_name: mergin-qgis-extractor image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/qgis-extractor-ee:2025.1.0 diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml index e289a825..749c4c77 100644 --- a/deployment/enterprise/docker-compose.yml +++ b/deployment/enterprise/docker-compose.yml @@ -32,7 +32,7 @@ services: - mergin proxy: - image: nginxinc/nginx-unprivileged:1.25.5 + image: nginxinc/nginx-unprivileged:1.27 container_name: mergin-proxy-enterprise restart: always # run nginx as built-in user but with group mergin-family for files permissions diff --git a/deployment/enterprise/qgis_nginx.conf b/deployment/enterprise/qgis_nginx.conf new file mode 100644 index 00000000..29c1afe4 --- /dev/null +++ b/deployment/enterprise/qgis_nginx.conf @@ -0,0 +1,16 @@ +server { + listen 80; + server_name _; + + location / { + proxy_buffers 16 16k; + proxy_buffer_size 16k; + gzip off; + include fastcgi_params; + fastcgi_pass qgis:5555; + # Wait up to 10 seconds for the qgis-server fastcgi application + # to return a response. + fastcgi_read_timeout 10s; + } + +} From b12545f6ac504bf1207fb903ee1ea7e3b4e85371 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Fri, 11 Apr 2025 11:56:51 +0100 Subject: [PATCH 04/20] add README for CE. Move current development.md file --- README.md | 4 +- deployment/community/README.md | 54 +++++++++++++++++++ .../community/development.md | 0 3 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 deployment/community/README.md rename development.md => deployment/community/development.md (100%) diff --git a/README.md b/README.md index 60ac58ad..6fbc30d3 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ Admin users can enter the admin interface available at `/admin` URL which provid ### Contributing -Contributions are welcomed! You can set up development environment by following a guide in [development.md](./development.md). Before you create your first pull request, we kindly ask you to sign the CLA with your GitHub user name and date [here](LICENSES/CLA-signed-list.md). +Contributions are welcomed! You can set up development environment by following a guide in [development.md](./deployment/community/development.md). Before you create your first pull request, we kindly ask you to sign the CLA with your GitHub user name and date [here](LICENSES/CLA-signed-list.md). ## Documentation @@ -93,7 +93,7 @@ If you need support, a custom deployment, extending the service capabilities and Contributions are welcome! -More information for developers can be found in the dedicated [development](development.md) page. +More information for developers can be found in the dedicated [development](./deployment/community/development.md) page. Client side modules: - [Python](https://github.com/MerginMaps/python-api-client) client library + CLI diff --git a/deployment/community/README.md b/deployment/community/README.md new file mode 100644 index 00000000..c271c771 --- /dev/null +++ b/deployment/community/README.md @@ -0,0 +1,54 @@ +# Mergin Maps Community Edition Deployment +Suitable for Ubuntu servers, one node deployment using docker compose and system nginx as a reverse proxy. + +> [!IMPORTANT] +> You need to have Docker installed on your system. +> If you don't have, follow the official [documentation](https://docs.docker.com/engine/install/) + +Then modify [docker-compose file](docker-compose.yml) and most notably settings in `.prod.env` (search for FIXME). Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). + +Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. + +Projects (default `./projects`) +``` +export MERGIN_DIR=./projects +sudo mkdir -p $MERGIN_DIR +sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; +sudo chown -R 901:999 $MERGIN_DIR +``` + +Once configured, mergin maps can be started (accessible on http://localhost:8080): + +## Provision Database and init application + +``` +sudo docker compose --env-file .prod.env -f docker-compose.yaml up -d +sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com +``` +Check command output info for database setup and provision, set initial superuser, celery settings and email test. +For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) + +Alternatively, you can run the following provisioning commands with some extra steps. + +## Install and configure nginx for TLS termination +``` +sudo apt update +sudo apt install nginx +``` +and get some certificates from let's encrypt +(e.g. see https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04) +``` +sudo apt install certbot python3-certbot-nginx +sudo certbot --nginx -d merginmaps.company.com -d www.merginmaps.company.com +``` +edit your [ssl-proxy.conf](./ssl-proxy.conf) file with correct paths to certs and reload server. Make it available for nginx and finally, reload the webserver +``` +sudo cp ssl-proxy.conf /etc/nginx/sites-available +sudo ln -s /etc/nginx/sites-available/ssl-proxy.conf /etc/nginx/sites-enabled/ +sudo systemctl reload nginx +``` + +### Fix permissions +If nginx is in front of mergin server then it should be owned by 901:nginx-grp or similar (see `/etc/nginx/nginx.conf`) diff --git a/development.md b/deployment/community/development.md similarity index 100% rename from development.md rename to deployment/community/development.md From bb641369e1fd0fcdcf60d01fc77d41809919f9f0 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Fri, 11 Apr 2025 14:56:06 +0100 Subject: [PATCH 05/20] Introduce common folder to standardize deployment across versions. --- .gitignore | 2 + deployment/common/check_permissions.sh | 14 ++++ .../{community => common}/entrypoint.sh | 0 deployment/{community => common}/nginx.conf | 6 +- .../{community => common}/ssl-proxy.conf | 0 .../community/{.prod.env => .env.template} | 5 +- deployment/community/README.md | 15 +++- deployment/community/docker-compose.yml | 19 ++--- deployment/enterprise/README.md | 10 +++ deployment/enterprise/docker-compose.maps.yml | 1 + deployment/enterprise/docker-compose.yml | 12 ++- deployment/enterprise/entrypoint.sh | 25 ------ deployment/enterprise/nginx.template | 54 ------------- deployment/enterprise/ssl-proxy.conf | 76 ------------------- 14 files changed, 61 insertions(+), 178 deletions(-) create mode 100644 deployment/common/check_permissions.sh rename deployment/{community => common}/entrypoint.sh (100%) rename deployment/{community => common}/nginx.conf (93%) rename deployment/{community => common}/ssl-proxy.conf (100%) rename deployment/community/{.prod.env => .env.template} (98%) delete mode 100755 deployment/enterprise/entrypoint.sh delete mode 100644 deployment/enterprise/nginx.template delete mode 100644 deployment/enterprise/ssl-proxy.conf diff --git a/.gitignore b/.gitignore index 4b7c63da..d3458ed5 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,8 @@ deps/ venv/ .vscode +# production env +.prod.env # generated documentation gen diff --git a/deployment/common/check_permissions.sh b/deployment/common/check_permissions.sh new file mode 100644 index 00000000..3d0d6c59 --- /dev/null +++ b/deployment/common/check_permissions.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# Changes permissions recursively at folder and files level from a provided path +# ARGS: +# 1 - The target path + + +set -e + +export MERGIN_DIR=$1 +sudo mkdir -p $MERGIN_DIR +sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; +sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; +sudo chown -R 901:999 $MERGIN_DIR diff --git a/deployment/community/entrypoint.sh b/deployment/common/entrypoint.sh similarity index 100% rename from deployment/community/entrypoint.sh rename to deployment/common/entrypoint.sh diff --git a/deployment/community/nginx.conf b/deployment/common/nginx.conf similarity index 93% rename from deployment/community/nginx.conf rename to deployment/common/nginx.conf index 2371e8e4..8e4cb3d7 100644 --- a/deployment/community/nginx.conf +++ b/deployment/common/nginx.conf @@ -22,7 +22,7 @@ server { # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; - proxy_pass http://merginmaps-web:8080; + proxy_pass http://web:8080; } # proxy to backend @@ -36,7 +36,7 @@ server { # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; - proxy_pass http://merginmaps-server:5000; + proxy_pass http://server:5000; # disable buffering client_max_body_size 0; # No maximum client body size @@ -49,7 +49,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; - proxy_pass http://merginmaps-server:5000; + proxy_pass http://server:5000; } location /download/ { diff --git a/deployment/community/ssl-proxy.conf b/deployment/common/ssl-proxy.conf similarity index 100% rename from deployment/community/ssl-proxy.conf rename to deployment/common/ssl-proxy.conf diff --git a/deployment/community/.prod.env b/deployment/community/.env.template similarity index 98% rename from deployment/community/.prod.env rename to deployment/community/.env.template index b6b3dc2a..a40e0fd1 100644 --- a/deployment/community/.prod.env +++ b/deployment/community/.env.template @@ -29,12 +29,11 @@ TEMP_DIR=/data/tmp #DB_APPLICATION_NAME=mergin -#DB_DATABASE=postgres +DB_DATABASE=mergin -#DB_HOST=localhost DB_HOST=db -#DB_PASSWORD=postgres +DB_PASSWORD=postgres #DB_POOL_MAX_OVERFLOW=10 # max_overflow set to SQLAlchemy default https://docs.sqlalchemy.org/en/14/core/engines.html diff --git a/deployment/community/README.md b/deployment/community/README.md index c271c771..e7392b52 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -7,7 +7,11 @@ Suitable for Ubuntu servers, one node deployment using docker compose and system Then modify [docker-compose file](docker-compose.yml) and most notably settings in `.prod.env` (search for FIXME). Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). -Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. +``` +cp .env.template .prod.env +``` + +Next step is to create data directory for mergin maps `projects` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. Projects (default `./projects`) ``` @@ -19,6 +23,15 @@ sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; sudo chown -R 901:999 $MERGIN_DIR ``` +You can use the auxiliary script `check_permissions.sh` in `common` folder for this. +Example, if you using the default `community` deployment folder: + +```shell + +sh deployment/community/check_permission.sh deployment/community/projects + +``` + Once configured, mergin maps can be started (accessible on http://localhost:8080): ## Provision Database and init application diff --git a/deployment/community/docker-compose.yml b/deployment/community/docker-compose.yml index b74c7267..0d3ed473 100644 --- a/deployment/community/docker-compose.yml +++ b/deployment/community/docker-compose.yml @@ -11,8 +11,9 @@ services: networks: - merginmaps environment: + - POSTGRES_DB=mergin - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=postgres + - POSTGRES_PASSWORD=postgres # !TODO Change this and also change .prod.env $DB_PASSWORD accordingly volumes: - ./mergin_db:/var/lib/postgresql/data redis: @@ -21,14 +22,14 @@ services: restart: always networks: - merginmaps - server-gunicorn: + server: image: lutraconsulting/merginmaps-backend:2025.2.2 container_name: merginmaps-server restart: always user: 901:999 volumes: - ./projects:/data - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env depends_on: @@ -47,10 +48,10 @@ services: - GEVENT_WORKER=0 - NO_MONKEY_PATCH=1 volumes: - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh depends_on: - redis - - server-gunicorn + - server command: [ "celery -A application.celery beat --loglevel=info" ] networks: - merginmaps @@ -66,10 +67,10 @@ services: - NO_MONKEY_PATCH=1 volumes: - ./projects:/data - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh depends_on: - redis - - server-gunicorn + - server - celery-beat command: [ "celery -A application.celery worker --loglevel=info" ] networks: @@ -79,7 +80,7 @@ services: container_name: merginmaps-web restart: always depends_on: - - server-gunicorn + - server user: 101:999 links: - db @@ -95,6 +96,6 @@ services: - "8080:8080" volumes: - ./projects:/data # map data dir to host - - ./nginx.conf:/etc/nginx/conf.d/default.conf + - ../common/nginx.conf:/etc/nginx/conf.d/default.conf networks: - merginmaps diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index ab9fe5b5..b49d8385 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -45,6 +45,16 @@ sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; sudo chown -R 901:999 $MERGIN_DIR ``` +You can use the auxiliary script `check_permissions.sh` in `common` folder for this. +Example, if you using the default `enterprise` deployment folder: + +```shell + +sh deployment/community/check_permission.sh deployment/community/data +sh deployment/community/check_permission.sh deployment/community/overviews + +``` + Once configured, mergin maps can be started (accessible on http://localhost:8080): ## Provision Database and init application diff --git a/deployment/enterprise/docker-compose.maps.yml b/deployment/enterprise/docker-compose.maps.yml index 54a91c03..bbf48c60 100644 --- a/deployment/enterprise/docker-compose.maps.yml +++ b/deployment/enterprise/docker-compose.maps.yml @@ -15,6 +15,7 @@ services: - QGIS_SERVER_MAX_THREADS=-1 - QGIS_SERVER_WMS_MAX_HEIGHT=1536 - QGIS_SERVER_WMS_MAX_WIDTH=1536 + - QGIS_SERVER_LOG_LEVEL=2 volumes: - ./overviews/projects:/overviews/projects qgis_nginx: diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml index 749c4c77..5dbe18e1 100644 --- a/deployment/enterprise/docker-compose.yml +++ b/deployment/enterprise/docker-compose.yml @@ -12,7 +12,7 @@ services: command: ["gunicorn -w 4 --config config.py application:application"] volumes: - ./data:/data # map data dir to host - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env depends_on: @@ -41,7 +41,7 @@ services: - "8080:8080" volumes: - ./data:/data # map data dir to host - - ./nginx.template:/etc/nginx/templates/default.conf.template + - ../common/nginx.conf:/etc/nginx/templates/default.conf.template networks: - mergin depends_on: @@ -55,7 +55,7 @@ services: user: 901:999 command: ["celery -A application.celery beat --loglevel=info"] volumes: - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env depends_on: @@ -72,7 +72,7 @@ services: command: ["celery -A application.celery worker --pool prefork --loglevel=info"] volumes: - ./data:/data # map data dir to host - - ./entrypoint.sh:/app/entrypoint.sh + - ../common/entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env depends_on: @@ -85,14 +85,12 @@ services: image: postgres:14 container_name: mergin-db-enterprise restart: always - env_file: - - .prod.env volumes: - ./mergin-db-enterprise:/var/lib/postgresql/data environment: - POSTGRES_DB=mergin - POSTGRES_USER=postgres - - POSTGRES_PASSWORD=postgres # fixme + - POSTGRES_PASSWORD=postgres # !TODO Change this and also change .prod.env $DB_PASSWORD accordingly networks: - mergin diff --git a/deployment/enterprise/entrypoint.sh b/deployment/enterprise/entrypoint.sh deleted file mode 100755 index 92f119f6..00000000 --- a/deployment/enterprise/entrypoint.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Copyright (C) Lutra Consulting Limited -# -# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-MerginMaps-Commercial - -# make sure all files created by gunicorn (mergin server)/celery worker have proper permissions -umask 0027 - -# Settings passed to gunicorn have the following order of precedence -# (tested using --workers): -# -# 1. Command-line (highest) -# 2. Environment variable -# 3. File referenced by --config (lowest) -# -# We store a base config in config.py and override things as needed -# using the environment variable GUNICORN_CMD_ARGS. - -# You want to run one of these (with whatever options you need) in CMD -# /bin/bash -c "celery -A application.celery beat --loglevel=info" -# /bin/bash -c "celery -A application.celery worker --loglevel=info" -# /bin/bash -c "gunicorn --config config.py application:application" - -exec /bin/bash -c "$@" diff --git a/deployment/enterprise/nginx.template b/deployment/enterprise/nginx.template deleted file mode 100644 index cdcf4d3a..00000000 --- a/deployment/enterprise/nginx.template +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen 8080; - listen [::]:8080; - server_name _; - - client_max_body_size 4G; - - # path for static files - # root /path/to/app/current/public; - # We are only proxying - not returning any files - #root /dev/null; - - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - # we don't want nginx trying to do something clever with - # redirects, we set the Host: header above already. - proxy_redirect off; - proxy_pass http://mergin-web-enterprise:8080; - } - - # proxy to backend - # we need to disable buffering for these endpoints which use stream (up or down) - # /v1/project/download/ - location ~ /v1/project/download/ { - # unfortunately, proxy settings do not support inheritance within nested locations, hence copied set up from root location - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - # we don't want nginx trying to do something clever with - # redirects, we set the Host: header above already. - proxy_redirect off; - proxy_pass http://mergin-server-enterprise:5000; - - # disable buffering - client_max_body_size 0; # No maximum client body size - proxy_http_version 1.1; # Needed to disable client buffering - proxy_request_buffering off; - proxy_buffering off; - } - - location ~ ^/(v1/|v2/|app/|ping|config) { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_pass http://mergin-server-enterprise:5000; - } - - location /download/ { - internal; - alias /data/; # we need to mount data from mergin server here - } - } diff --git a/deployment/enterprise/ssl-proxy.conf b/deployment/enterprise/ssl-proxy.conf deleted file mode 100644 index 7f290195..00000000 --- a/deployment/enterprise/ssl-proxy.conf +++ /dev/null @@ -1,76 +0,0 @@ - - server { - listen 80; - server_name merginmaps.company.com; # FIXME - - if ($scheme != "https") { - return 301 https://$host$request_uri; - } - } - - upstream app_server { - # route to the application nginx proxy - server 127.0.0.1:8080 fail_timeout=0; - } - - server { - listen 443 ssl; - server_name merginmaps.company.com; # FIXME - client_max_body_size 4G; - - ssl_certificate_key /etc/letsencrypt/live/merginmaps.company.com/privkey.pem; # FIXME - ssl_certificate /etc/letsencrypt/live/merginmaps.company.com/fullchain.pem; # FIXME - - # Don't show version information - server_tokens off; - - # Enable gzip compression - gzip on; - gzip_min_length 10240; - gzip_comp_level 1; - gzip_vary on; - gzip_proxied expired no-cache no-store private auth; - gzip_types - text/css - text/javascript - text/xml - text/plain - text/x-component - application/javascript - application/x-javascript - application/json - application/xml - application/rss+xml - application/atom+xml - font/truetype - font/opentype - application/vnd.ms-fontobject - image/svg+xml; - - # Prevent crawlers from indexing and following links for all content served from the mergin app - add_header X-Robots-Tag "none"; - - # Protect against clickjacking iframe - add_header Content-Security-Policy "frame-ancestors 'self';" always; - - # Add a HSTS policy to prevent plain http from browser - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - # Set cookies security flags - proxy_cookie_flags ~ secure httponly samesite=strict; - - location / { - root /var/www/html; - - # The lines below were copied from some of our other configurations and may not be default - # settings. If you have issues with proxied headers then you may want to reeavluate these - # lines - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - # we don't want nginx trying to do something clever with - # redirects, we set the Host: header above already. - proxy_redirect off; - proxy_pass http://app_server; - } - } From 4a2510ea1d048bbe08ac6ddff7be004062c5cb16 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Mon, 14 Apr 2025 10:00:29 +0200 Subject: [PATCH 06/20] bump version --- server/mergin/version.py | 2 +- server/setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/mergin/version.py b/server/mergin/version.py index efbe6d52..adc9f8b9 100644 --- a/server/mergin/version.py +++ b/server/mergin/version.py @@ -4,4 +4,4 @@ def get_version(): - return "2025.2.2" + return "2025.3.0" diff --git a/server/setup.py b/server/setup.py index fb67ae9a..2aafe85a 100644 --- a/server/setup.py +++ b/server/setup.py @@ -6,7 +6,7 @@ setup( name="mergin", - version="2025.2.2", + version="2025.3.0", url="https://github.com/MerginMaps/mergin", license="AGPL-3.0-only", author="Lutra Consulting Limited", From 24469fd7f4dd390f295ecc4ca3fbbcb59c019d61 Mon Sep 17 00:00:00 2001 From: Martin Varga Date: Wed, 16 Apr 2025 16:28:10 +0200 Subject: [PATCH 07/20] Fix username generation with long int suffixes --- server/mergin/auth/models.py | 4 ++-- server/mergin/tests/test_auth.py | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/server/mergin/auth/models.py b/server/mergin/auth/models.py index 31499ad3..e697c3f5 100644 --- a/server/mergin/auth/models.py +++ b/server/mergin/auth/models.py @@ -212,12 +212,12 @@ def generate_username(cls, email: str) -> Optional[str]: text( """ SELECT - replace(lower(username), :username, '0')::int AS suffix + replace(lower(username), :username, '0')::bigint AS suffix FROM "user" WHERE lower(username) = :username OR lower(username) SIMILAR TO :username_like - ORDER BY replace(lower(username), :username, '0')::int DESC + ORDER BY replace(lower(username), :username, '0')::bigint DESC LIMIT 1; """ ), diff --git a/server/mergin/tests/test_auth.py b/server/mergin/tests/test_auth.py index a5217f6a..b717b4e4 100644 --- a/server/mergin/tests/test_auth.py +++ b/server/mergin/tests/test_auth.py @@ -866,6 +866,10 @@ def test_username_generation(client): user = add_user("testuser1") assert User.generate_username("Testuser@example.com") == "testuser2" + # test username with crazy long int suffix + user = add_user("testuser13120931904") + assert User.generate_username("Testuser@example.com") == "testuser13120931905" + def test_server_usage(client): """Test server usage endpoint""" From 20893be54b690e8782de8fceebe771c8430e31b6 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Thu, 17 Apr 2025 09:37:15 +0100 Subject: [PATCH 08/20] address gh review remarks --- deployment/common/{check_permissions.sh => set_permissions.sh} | 0 deployment/community/.env.template | 2 +- deployment/community/README.md | 2 +- deployment/enterprise/README.md | 2 +- deployment/enterprise/docker-compose.yml | 2 ++ 5 files changed, 5 insertions(+), 3 deletions(-) rename deployment/common/{check_permissions.sh => set_permissions.sh} (100%) diff --git a/deployment/common/check_permissions.sh b/deployment/common/set_permissions.sh similarity index 100% rename from deployment/common/check_permissions.sh rename to deployment/common/set_permissions.sh diff --git a/deployment/community/.env.template b/deployment/community/.env.template index a40e0fd1..b6a37508 100644 --- a/deployment/community/.env.template +++ b/deployment/community/.env.template @@ -29,7 +29,7 @@ TEMP_DIR=/data/tmp #DB_APPLICATION_NAME=mergin -DB_DATABASE=mergin +#DB_DATABASE=mergin DB_HOST=db diff --git a/deployment/community/README.md b/deployment/community/README.md index e7392b52..e393c9e7 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -23,7 +23,7 @@ sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; sudo chown -R 901:999 $MERGIN_DIR ``` -You can use the auxiliary script `check_permissions.sh` in `common` folder for this. +You can use the auxiliary script `set_permissions.sh` in `common` folder for this. Example, if you using the default `community` deployment folder: ```shell diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index b49d8385..c023b808 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -45,7 +45,7 @@ sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; sudo chown -R 901:999 $MERGIN_DIR ``` -You can use the auxiliary script `check_permissions.sh` in `common` folder for this. +You can use the auxiliary script `set_permissions.sh` in `common` folder for this. Example, if you using the default `enterprise` deployment folder: ```shell diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml index 5dbe18e1..1d828261 100644 --- a/deployment/enterprise/docker-compose.yml +++ b/deployment/enterprise/docker-compose.yml @@ -91,6 +91,8 @@ services: - POSTGRES_DB=mergin - POSTGRES_USER=postgres - POSTGRES_PASSWORD=postgres # !TODO Change this and also change .prod.env $DB_PASSWORD accordingly + ports: + - 5432:5432 networks: - mergin From 9f7ac5890c8aa77f8a25587a87a508ad483cccf0 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 10:38:10 +0100 Subject: [PATCH 09/20] standardize container names to ease configurations --- deployment/common/nginx.conf | 6 +++--- deployment/enterprise/.env.template | 4 ++-- deployment/enterprise/docker-compose.yml | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/deployment/common/nginx.conf b/deployment/common/nginx.conf index 8e4cb3d7..2371e8e4 100644 --- a/deployment/common/nginx.conf +++ b/deployment/common/nginx.conf @@ -22,7 +22,7 @@ server { # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; - proxy_pass http://web:8080; + proxy_pass http://merginmaps-web:8080; } # proxy to backend @@ -36,7 +36,7 @@ server { # we don't want nginx trying to do something clever with # redirects, we set the Host: header above already. proxy_redirect off; - proxy_pass http://server:5000; + proxy_pass http://merginmaps-server:5000; # disable buffering client_max_body_size 0; # No maximum client body size @@ -49,7 +49,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; - proxy_pass http://server:5000; + proxy_pass http://merginmaps-server:5000; } location /download/ { diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template index 4e0aa994..c05d9632 100644 --- a/deployment/enterprise/.env.template +++ b/deployment/enterprise/.env.template @@ -118,13 +118,13 @@ USE_X_ACCEL=True # celery #BROKER_URL=redis://172.17.0.1:6379/0 -BROKER_URL=redis://mergin-redis-enterprise:6379/0 +BROKER_URL=redis://merginmaps-redis:6379/0 #BROKER_TRANSPORT_OPTIONS={} # cast=eval BROKER_TRANSPORT_OPTIONS={ 'master_name': 'mymaster' } #CELERY_RESULT_BACKEND=redis://172.17.0.1:6379/0' -CELERY_RESULT_BACKEND=redis://mergin-redis-enterprise:6379/0 +CELERY_RESULT_BACKEND=redis://merginmaps-redis:6379/0 #CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS={} # cast=eval CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS={ 'master_name': 'mymaster' } diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml index 1d828261..1edc142c 100644 --- a/deployment/enterprise/docker-compose.yml +++ b/deployment/enterprise/docker-compose.yml @@ -6,7 +6,7 @@ networks: services: server: image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 - container_name: mergin-server-enterprise + container_name: merginmaps-server restart: always user: 901:999 command: ["gunicorn -w 4 --config config.py application:application"] @@ -22,7 +22,7 @@ services: web: image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-front:2025.3.0 - container_name: mergin-web-enterprise + container_name: merginmaps-web restart: always depends_on: - server @@ -33,7 +33,7 @@ services: proxy: image: nginxinc/nginx-unprivileged:1.27 - container_name: mergin-proxy-enterprise + container_name: merginmaps-proxy restart: always # run nginx as built-in user but with group mergin-family for files permissions user: 101:999 @@ -50,7 +50,7 @@ services: celery-beat: image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 - container_name: mergin-celery-beat-enterprise + container_name: merginmaps-celery-beat restart: always user: 901:999 command: ["celery -A application.celery beat --loglevel=info"] @@ -66,7 +66,7 @@ services: celery-worker: image: 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 - container_name: mergin-celery-worker-enterprise + container_name: merginmaps-celery-worker restart: always user: 901:999 command: ["celery -A application.celery worker --pool prefork --loglevel=info"] @@ -83,7 +83,7 @@ services: db: image: postgres:14 - container_name: mergin-db-enterprise + container_name: merginmaps-db restart: always volumes: - ./mergin-db-enterprise:/var/lib/postgresql/data @@ -98,7 +98,7 @@ services: redis: image: redis - container_name: mergin-redis-enterprise + container_name: merginmaps-redis restart: always networks: - mergin From 6dc3b457004f059bf042fc415e545d6a31aa4ee1 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 10:55:04 +0100 Subject: [PATCH 10/20] relocate development readme file --- deployment/community/development.md => development.md | 3 +++ 1 file changed, 3 insertions(+) rename deployment/community/development.md => development.md (98%) diff --git a/deployment/community/development.md b/development.md similarity index 98% rename from deployment/community/development.md rename to development.md index 2d76b1dd..b51c83d4 100644 --- a/deployment/community/development.md +++ b/development.md @@ -65,6 +65,9 @@ Watching the type definitions is also useful to pick up any changes to imports o If you want to run the whole stack locally, you can use the docker. Docker will build the images from your local files and run the services. ```shell +# Enter community edition deployment folder +cd deployment/community/ + # Run the docker composition with the current Dockerfiles docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d From 67133a65b331b35cd0711908d5560fe66c64c649 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 11:13:10 +0100 Subject: [PATCH 11/20] fix permissions script path and name --- deployment/enterprise/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index c023b808..9f51f762 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -50,8 +50,8 @@ Example, if you using the default `enterprise` deployment folder: ```shell -sh deployment/community/check_permission.sh deployment/community/data -sh deployment/community/check_permission.sh deployment/community/overviews +sh set_permissions.sh data +sh set_permissions.sh overviews ``` From c84729317e88801ca6da3e6556f1f23d36abdfb4 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 11:22:18 +0100 Subject: [PATCH 12/20] still missing some more readme permissions fix --- deployment/community/README.md | 2 +- deployment/enterprise/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/community/README.md b/deployment/community/README.md index e393c9e7..10643719 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -28,7 +28,7 @@ Example, if you using the default `community` deployment folder: ```shell -sh deployment/community/check_permission.sh deployment/community/projects +sh ../common/set_permission.sh projects ``` diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index 9f51f762..5e7606bb 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -50,8 +50,8 @@ Example, if you using the default `enterprise` deployment folder: ```shell -sh set_permissions.sh data -sh set_permissions.sh overviews +sh ../common/set_permissions.sh data +sh ../common/set_permissions.sh overviews ``` From 36480b4ebb97ace2bad5cbd7abf2edf0d7bb92ab Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 11:27:31 +0100 Subject: [PATCH 13/20] typo --- deployment/community/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/community/README.md b/deployment/community/README.md index 10643719..5dce0ee9 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -28,7 +28,7 @@ Example, if you using the default `community` deployment folder: ```shell -sh ../common/set_permission.sh projects +sh ../common/set_permissions.sh projects ``` From f91321d82ce3e1e815067bd94df5eaddff4a709d Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 11:40:38 +0100 Subject: [PATCH 14/20] fix .yml files extension --- deployment/community/README.md | 4 ++-- deployment/enterprise/README.md | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deployment/community/README.md b/deployment/community/README.md index 5dce0ee9..a1404f8d 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -11,7 +11,7 @@ Then modify [docker-compose file](docker-compose.yml) and most notably settings cp .env.template .prod.env ``` -Next step is to create data directory for mergin maps `projects` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. +Next step is to create data directory for mergin maps `projects` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. Projects (default `./projects`) ``` @@ -37,7 +37,7 @@ Once configured, mergin maps can be started (accessible on http://localhost:8080 ## Provision Database and init application ``` -sudo docker compose --env-file .prod.env -f docker-compose.yaml up -d +sudo docker compose --env-file .prod.env -f docker-compose.yml up -d sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com ``` Check command output info for database setup and provision, set initial superuser, celery settings and email test. diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index 5e7606bb..719714bc 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -23,7 +23,7 @@ Then modify [docker-compose file](docker-compose.yml) and most notably settings cp .env.template .prod.env ``` -Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yaml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. +Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. Projects (default `./data`) ``` @@ -61,7 +61,7 @@ Once configured, mergin maps can be started (accessible on http://localhost:8080 ### After version 2025.2.0: ``` -sudo docker compose --env-file .prod.env -f docker-compose.yaml up -d +sudo docker compose --env-file .prod.env -f docker-compose.yml up -d sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com ``` Check command output info for database setup and provision, set initial superuser, celery settings and email test. @@ -71,7 +71,7 @@ Alternatively, you can run the following provisioning commands with some extra s ### Prior to version 2025.2.0: ``` -sudo docker compose --env-file .prod.env -f docker-compose.yaml up +sudo docker compose --env-file .prod.env -f docker-compose.yml up sudo docker exec mergin-server-enterprise flask init-db # now create super user account sudo docker exec mergin-server-enterprise flask user create --is-admin --email @@ -83,10 +83,10 @@ If you want to deploy MerginMaps Webmaps infrastructure, please adjust `.prod.en > [!NOTE] > Please remember the main Mergin Maps stack needs to be running already. > Otherwise, run it: -> `docker compose --env-file .prod.env -f docker-compose.yaml up -d` +> `docker compose --env-file .prod.env -f docker-compose.yml up -d` ``` - sudo docker compose -f docker-compose.maps.yaml up -d + sudo docker compose -f docker-compose.maps.yml up -d ``` ## Install and configure nginx for TLS termination From 7b2258ab6f4accbd8d2ce894edde3df1cac8d200 Mon Sep 17 00:00:00 2001 From: Fernando Ribeiro Date: Tue, 22 Apr 2025 11:50:07 +0100 Subject: [PATCH 15/20] fix container names --- deployment/community/README.md | 2 +- deployment/enterprise/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/community/README.md b/deployment/community/README.md index a1404f8d..11db8bfd 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -38,7 +38,7 @@ Once configured, mergin maps can be started (accessible on http://localhost:8080 ``` sudo docker compose --env-file .prod.env -f docker-compose.yml up -d -sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com +sudo docker exec merginmaps-server flask init --email myuser@mycompany.com ``` Check command output info for database setup and provision, set initial superuser, celery settings and email test. For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index 719714bc..1572f37c 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -62,7 +62,7 @@ Once configured, mergin maps can be started (accessible on http://localhost:8080 ### After version 2025.2.0: ``` sudo docker compose --env-file .prod.env -f docker-compose.yml up -d -sudo docker exec mergin-server-enterprise flask init --email myuser@mycompany.com +sudo docker exec merginmaps-server flask init --email myuser@mycompany.com ``` Check command output info for database setup and provision, set initial superuser, celery settings and email test. For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) @@ -72,9 +72,9 @@ Alternatively, you can run the following provisioning commands with some extra s ### Prior to version 2025.2.0: ``` sudo docker compose --env-file .prod.env -f docker-compose.yml up -sudo docker exec mergin-server-enterprise flask init-db +sudo docker exec merginmaps-server flask init-db # now create super user account -sudo docker exec mergin-server-enterprise flask user create --is-admin --email +sudo docker exec merginmaps-server flask user create --is-admin --email ``` ## WebMaps From a353bbda1bb29d34ed01cb7dfca52237cfb11e64 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Wed, 23 Apr 2025 09:55:42 +0200 Subject: [PATCH 16/20] Bump 2025.3.1 --- .gitignore | 2 +- server/mergin/version.py | 2 +- server/setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4b7c63da..968b4e5b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ # demo data -projects/ +projects*/ mergin_db logs diff --git a/server/mergin/version.py b/server/mergin/version.py index adc9f8b9..06f9d965 100644 --- a/server/mergin/version.py +++ b/server/mergin/version.py @@ -4,4 +4,4 @@ def get_version(): - return "2025.3.0" + return "2025.3.1" diff --git a/server/setup.py b/server/setup.py index 2aafe85a..68e46ca6 100644 --- a/server/setup.py +++ b/server/setup.py @@ -6,7 +6,7 @@ setup( name="mergin", - version="2025.3.0", + version="2025.3.1", url="https://github.com/MerginMaps/mergin", license="AGPL-3.0-only", author="Lutra Consulting Limited", From fd27488a782080fe21ff0e1da9b24b58bbdbdaea Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Wed, 23 Apr 2025 11:48:44 +0200 Subject: [PATCH 17/20] Final fixes for docker-compose and cleanup --- .gitignore | 2 +- deployment/community/README.md | 50 ++--------- deployment/community/docker-compose.dev.yml | 4 +- deployment/community/docker-compose.yml | 2 +- deployment/enterprise/.env.template | 12 +-- deployment/enterprise/README.md | 88 +++---------------- deployment/enterprise/docker-compose.maps.yml | 4 +- deployment/enterprise/docker-compose.yml | 1 + 8 files changed, 32 insertions(+), 131 deletions(-) diff --git a/.gitignore b/.gitignore index d3458ed5..6ed46894 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ # demo data -projects/ +projects*/ mergin_db logs diff --git a/deployment/community/README.md b/deployment/community/README.md index 11db8bfd..aaadcc51 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -5,63 +5,23 @@ Suitable for Ubuntu servers, one node deployment using docker compose and system > You need to have Docker installed on your system. > If you don't have, follow the official [documentation](https://docs.docker.com/engine/install/) -Then modify [docker-compose file](docker-compose.yml) and most notably settings in `.prod.env` (search for FIXME). Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). +Then modify [docker-compose file](docker-compose.yml) and create environment file `.prod.env` from `.env.template`. Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). -``` +```shell cp .env.template .prod.env ``` -Next step is to create data directory for mergin maps `projects` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. - -Projects (default `./projects`) -``` -export MERGIN_DIR=./projects -sudo mkdir -p $MERGIN_DIR -sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; -sudo chown -R 901:999 $MERGIN_DIR -``` - -You can use the auxiliary script `set_permissions.sh` in `common` folder for this. -Example, if you using the default `community` deployment folder: - -```shell +Next step is to create data directory for mergin maps `projects` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. -sh ../common/set_permissions.sh projects - -``` - -Once configured, mergin maps can be started (accessible on http://localhost:8080): +For more details about deployment please check [docs](https://merginmaps.com/docs/server/install/#deployment). ## Provision Database and init application ``` -sudo docker compose --env-file .prod.env -f docker-compose.yml up -d +sudo docker compose -f docker-compose.yml up -d sudo docker exec merginmaps-server flask init --email myuser@mycompany.com ``` Check command output info for database setup and provision, set initial superuser, celery settings and email test. For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) Alternatively, you can run the following provisioning commands with some extra steps. - -## Install and configure nginx for TLS termination -``` -sudo apt update -sudo apt install nginx -``` -and get some certificates from let's encrypt -(e.g. see https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04) -``` -sudo apt install certbot python3-certbot-nginx -sudo certbot --nginx -d merginmaps.company.com -d www.merginmaps.company.com -``` -edit your [ssl-proxy.conf](./ssl-proxy.conf) file with correct paths to certs and reload server. Make it available for nginx and finally, reload the webserver -``` -sudo cp ssl-proxy.conf /etc/nginx/sites-available -sudo ln -s /etc/nginx/sites-available/ssl-proxy.conf /etc/nginx/sites-enabled/ -sudo systemctl reload nginx -``` - -### Fix permissions -If nginx is in front of mergin server then it should be owned by 901:nginx-grp or similar (see `/etc/nginx/nginx.conf`) diff --git a/deployment/community/docker-compose.dev.yml b/deployment/community/docker-compose.dev.yml index 94f4c419..9aa77bd8 100644 --- a/deployment/community/docker-compose.dev.yml +++ b/deployment/community/docker-compose.dev.yml @@ -1,8 +1,8 @@ services: - server-gunicorn: - image: server-gunicorn + server: + image: server build: context: ../../server dockerfile: Dockerfile diff --git a/deployment/community/docker-compose.yml b/deployment/community/docker-compose.yml index 0d3ed473..9ee27549 100644 --- a/deployment/community/docker-compose.yml +++ b/deployment/community/docker-compose.yml @@ -95,7 +95,7 @@ services: ports: - "8080:8080" volumes: - - ./projects:/data # map data dir to host + - ./projects:/data # mergin maps projects data dir to host - ../common/nginx.conf:/etc/nginx/conf.d/default.conf networks: - merginmaps diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template index c05d9632..122712fe 100644 --- a/deployment/enterprise/.env.template +++ b/deployment/enterprise/.env.template @@ -192,9 +192,13 @@ MERGIN_LOGO_URL=fixme # MAPS ################################################################################################################# -#MAPS_ENABLED=False # do not include maps module +MAPS_ENABLED=False # do not include maps module -#OVERVIEW_DATA=/tmp +OVERVIEW_DATA=/overviews + +VECTOR_TILES_URL=https://tiles-ee.merginmaps.com/data/default/{z}/{x}/{y}.pbf + +VECTOR_TILES_STYLE_URL=https://tiles-ee.merginmaps.com//styles/default.json #QGIS_EXTRACTOR_API_URL=http://mergin-qgis-extractor:8000 @@ -203,7 +207,3 @@ MERGIN_LOGO_URL=fixme #QGIS_EXTRACTOR_TIMEOUT=60 #OVERVIEW_MAX_FILE_SIZE=1048576 # 1MB - -#VECTOR_TILES_URL=https://tiles.dev.merginmaps.com/data/default/{z}/{x}/{y}.pbf - -#VECTOR_TILES_STYLE_URL=https://tiles.dev.merginmaps.com/styles/default.json diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index 1572f37c..bf763aaa 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -14,98 +14,38 @@ aws ecr --region eu-west-1 get-login-password | docker login --username AWS --pa ## Load docker images, configure and run mergin maps stack For running mergin maps you need to load local docker images (if any). Make sure you have access to Lutra's ECR repository. You can check it by running ``` -sudo docker pull 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.2.0 +sudo docker pull 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 ``` -Then modify [docker-compose file](docker-compose.yml) and most notably settings in `.prod.env` (search for FIXME). Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). +Then modify [docker-compose file](docker-compose.yml) and create environment file `.prod.env` from `.env.template`. Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). -``` +```shell cp .env.template .prod.env ``` -Next step is to create data directory for mergin maps `projects` and `overviews` with proper permissions. This guide assumes data will be stored at `/mnt/data` directory. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. - -Projects (default `./data`) -``` -export MERGIN_DIR=./data -sudo mkdir -p $MERGIN_DIR -sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; -sudo chown -R 901:999 $MERGIN_DIR -``` - -Overviews (default `./overviews`) -``` -export MERGIN_DIR=./overviews -sudo mkdir -p $MERGIN_DIR -sudo find $MERGIN_DIR -type f -exec sudo chmod 640 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod 750 {} \; -sudo find $MERGIN_DIR -type d -exec sudo chmod g+s {} \; -sudo chown -R 901:999 $MERGIN_DIR -``` - -You can use the auxiliary script `set_permissions.sh` in `common` folder for this. -Example, if you using the default `enterprise` deployment folder: - -```shell +Next step is to create data directory for mergin maps `data` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. -sh ../common/set_permissions.sh data -sh ../common/set_permissions.sh overviews +For more details about deployment please check [docs](https://merginmaps.com/docs/server/install/#deployment). -``` - -Once configured, mergin maps can be started (accessible on http://localhost:8080): +## WebMaps -## Provision Database and init application +If you want to deploy MerginMaps Webmaps infrastructure, please adjust `.prod.env` related environment: -### After version 2025.2.0: ``` -sudo docker compose --env-file .prod.env -f docker-compose.yml up -d -sudo docker exec merginmaps-server flask init --email myuser@mycompany.com +MAPS_ENABLED=true ``` -Check command output info for database setup and provision, set initial superuser, celery settings and email test. -For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) -Alternatively, you can run the following provisioning commands with some extra steps. +and run the following command for creating data directory for webmaps: -### Prior to version 2025.2.0: ``` -sudo docker compose --env-file .prod.env -f docker-compose.yml up -sudo docker exec merginmaps-server flask init-db -# now create super user account -sudo docker exec merginmaps-server flask user create --is-admin --email -``` - -## WebMaps +sh ../common/set_permissions.sh map_data +``` -If you want to deploy MerginMaps Webmaps infrastructure, please adjust `.prod.env` related environment variables and run: > [!NOTE] > Please remember the main Mergin Maps stack needs to be running already. > Otherwise, run it: -> `docker compose --env-file .prod.env -f docker-compose.yml up -d` +> `docker compose -f docker-compose.yml up -d` -``` +```shell sudo docker compose -f docker-compose.maps.yml up -d -``` - -## Install and configure nginx for TLS termination -``` -sudo apt update -sudo apt install nginx -``` -and get some certificates from let's encrypt -(e.g. see https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04) -``` -sudo apt install certbot python3-certbot-nginx -sudo certbot --nginx -d merginmaps.company.com -d www.merginmaps.company.com -``` -edit your [ssl-proxy.conf](./ssl-proxy.conf) file with correct paths to certs and reload server. Make it available for nginx and finally, reload the webserver -``` -sudo cp ssl-proxy.conf /etc/nginx/sites-available -sudo ln -s /etc/nginx/sites-available/ssl-proxy.conf /etc/nginx/sites-enabled/ -sudo systemctl reload nginx -``` - -### Fix permissions -If nginx is in front of mergin server then it should be owned by 901:nginx-grp or similar (see `/etc/nginx/nginx.conf`) +``` \ No newline at end of file diff --git a/deployment/enterprise/docker-compose.maps.yml b/deployment/enterprise/docker-compose.maps.yml index bbf48c60..24cacb43 100644 --- a/deployment/enterprise/docker-compose.maps.yml +++ b/deployment/enterprise/docker-compose.maps.yml @@ -17,7 +17,7 @@ services: - QGIS_SERVER_WMS_MAX_WIDTH=1536 - QGIS_SERVER_LOG_LEVEL=2 volumes: - - ./overviews/projects:/overviews/projects + - ./map_data:/overviews qgis_nginx: container_name: mergin-qgis-nginx image: nginxinc/nginx-unprivileged:1.27 @@ -39,4 +39,4 @@ services: - MM_WMS_TILE_BUFFER=100 - MM_WMS_AVOID_ARTIFACTS=1 volumes: - - ./overviews/projects:/data + - ./map_data:/data diff --git a/deployment/enterprise/docker-compose.yml b/deployment/enterprise/docker-compose.yml index 1edc142c..cb5084c8 100644 --- a/deployment/enterprise/docker-compose.yml +++ b/deployment/enterprise/docker-compose.yml @@ -72,6 +72,7 @@ services: command: ["celery -A application.celery worker --pool prefork --loglevel=info"] volumes: - ./data:/data # map data dir to host + - ./map_data:/overviews - ../common/entrypoint.sh:/app/entrypoint.sh env_file: - .prod.env From 4cb82747c9d8714a13c0e05529457b99fe559be5 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Wed, 23 Apr 2025 12:52:48 +0200 Subject: [PATCH 18/20] cleanup version from env.template --- deployment/enterprise/.env.template | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template index 122712fe..b80561d8 100644 --- a/deployment/enterprise/.env.template +++ b/deployment/enterprise/.env.template @@ -3,7 +3,6 @@ FLASK_APP=application GEODIFF_LOGGER_LEVEL=2 -VERSION=2025.2.0 CONTACT_EMAIL=fixme From 4613ac5138e67db7d4584d2719d2fb3574055a97 Mon Sep 17 00:00:00 2001 From: Herman Snevajs Date: Wed, 23 Apr 2025 14:01:50 +0200 Subject: [PATCH 19/20] Do not user sudo docker when login with non sudo --- .gitignore | 1 + deployment/community/README.md | 11 ----------- deployment/enterprise/.env.template | 3 +-- deployment/enterprise/README.md | 10 +++++----- 4 files changed, 7 insertions(+), 18 deletions(-) diff --git a/.gitignore b/.gitignore index 6ed46894..94220ca0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # demo data projects*/ +data/ mergin_db logs diff --git a/deployment/community/README.md b/deployment/community/README.md index aaadcc51..e99b90c3 100644 --- a/deployment/community/README.md +++ b/deployment/community/README.md @@ -14,14 +14,3 @@ cp .env.template .prod.env Next step is to create data directory for mergin maps `projects` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. For more details about deployment please check [docs](https://merginmaps.com/docs/server/install/#deployment). - -## Provision Database and init application - -``` -sudo docker compose -f docker-compose.yml up -d -sudo docker exec merginmaps-server flask init --email myuser@mycompany.com -``` -Check command output info for database setup and provision, set initial superuser, celery settings and email test. -For more info check [documentation](https://merginmaps.com/docs/server/install/#initialise-database) - -Alternatively, you can run the following provisioning commands with some extra steps. diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template index b80561d8..7d45a4d8 100644 --- a/deployment/enterprise/.env.template +++ b/deployment/enterprise/.env.template @@ -39,8 +39,7 @@ TEMP_DIR=/data/tmp DB_HOST=db -#DB_PASSWORD=postgres -DB_PASSWORD=fixme +DB_PASSWORD=postgres # fixme #DB_POOL_MAX_OVERFLOW=10 # max_overflow set to SQLAlchemy default https://docs.sqlalchemy.org/en/14/core/engines.html diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index bf763aaa..9e04d41e 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -12,9 +12,9 @@ aws ecr --region eu-west-1 get-login-password | docker login --username AWS --pa ``` ## Load docker images, configure and run mergin maps stack -For running mergin maps you need to load local docker images (if any). Make sure you have access to Lutra's ECR repository. You can check it by running +For running Mergin Maps you need to load local docker images (if any). Make sure you have access to Lutra's ECR repository. You can check it by running ``` -sudo docker pull 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 +docker pull 433835555346.dkr.ecr.eu-west-1.amazonaws.com/mergin/mergin-ee-back:2025.3.0 ``` Then modify [docker-compose file](docker-compose.yml) and create environment file `.prod.env` from `.env.template`. Details about configuration can be find in [docs](https://merginmaps.com/docs/server/install/). @@ -23,13 +23,13 @@ Then modify [docker-compose file](docker-compose.yml) and create environment fil cp .env.template .prod.env ``` -Next step is to create data directory for mergin maps `data` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since mergin maps keeps all projects files, their history and also needs some space for temporary processing. +Next step is to create data directory for Mergin Maps `data` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since Mergin Maps keeps all projects files, their history and also needs some space for temporary processing. For more details about deployment please check [docs](https://merginmaps.com/docs/server/install/#deployment). ## WebMaps -If you want to deploy MerginMaps Webmaps infrastructure, please adjust `.prod.env` related environment: +If you want to deploy Mergin Maps Webmaps infrastructure, please adjust `.prod.env` related environment: ``` MAPS_ENABLED=true @@ -47,5 +47,5 @@ sh ../common/set_permissions.sh map_data > `docker compose -f docker-compose.yml up -d` ```shell - sudo docker compose -f docker-compose.maps.yml up -d + docker compose -f docker-compose.maps.yml up -d ``` \ No newline at end of file From 690be54fac44b86f0e4bbd4a683180b7e56475b9 Mon Sep 17 00:00:00 2001 From: "marcel.kocisek" Date: Wed, 23 Apr 2025 14:50:42 +0200 Subject: [PATCH 20/20] Cleanup web maps chapter --- deployment/enterprise/.env.template | 2 +- deployment/enterprise/README.md | 23 ----------------------- 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/deployment/enterprise/.env.template b/deployment/enterprise/.env.template index 7d45a4d8..1a4b4764 100644 --- a/deployment/enterprise/.env.template +++ b/deployment/enterprise/.env.template @@ -190,7 +190,7 @@ MERGIN_LOGO_URL=fixme # MAPS ################################################################################################################# -MAPS_ENABLED=False # do not include maps module +MAPS_ENABLED=True OVERVIEW_DATA=/overviews diff --git a/deployment/enterprise/README.md b/deployment/enterprise/README.md index 9e04d41e..5620c12c 100644 --- a/deployment/enterprise/README.md +++ b/deployment/enterprise/README.md @@ -26,26 +26,3 @@ cp .env.template .prod.env Next step is to create data directory for Mergin Maps `data` with proper permissions. Should you prefer a different location, please do search and replace it in config files (`.prod.env`, `docker-compose.yml`). Make sure your volume is large enough since Mergin Maps keeps all projects files, their history and also needs some space for temporary processing. For more details about deployment please check [docs](https://merginmaps.com/docs/server/install/#deployment). - -## WebMaps - -If you want to deploy Mergin Maps Webmaps infrastructure, please adjust `.prod.env` related environment: - -``` -MAPS_ENABLED=true -``` - -and run the following command for creating data directory for webmaps: - -``` -sh ../common/set_permissions.sh map_data -``` - -> [!NOTE] -> Please remember the main Mergin Maps stack needs to be running already. -> Otherwise, run it: -> `docker compose -f docker-compose.yml up -d` - -```shell - docker compose -f docker-compose.maps.yml up -d -``` \ No newline at end of file