From 002ee2a5c387a5ed57f42a57cd01555c7fe78542 Mon Sep 17 00:00:00 2001 From: rhiaro Date: Sun, 1 May 2016 10:04:12 -0400 Subject: [PATCH 1/4] Dockerfile and instructions --- Dockerfile | 32 ++++++++++++++++++++++++++++++++ README.md | 27 ++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..1c3ff0ad0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +FROM node:5.11-wheezy + +ARG admin_user + +WORKDIR /opt/ldnode/certs +RUN openssl genrsa 2048 > ssl-key.pem +RUN openssl req -new -x509 -nodes -sha256 -days 3650 -key ssl-key.pem -subj '/CN=*.localhost' > ssl-cert.pem + +COPY . /src +RUN cd /src; npm install + +WORKDIR /src/data +RUN echo $'@prefix n0: . \n\ +@prefix n2: .\n\ +\n\ +<#owner>\n\ + a n0:Authorization;\n\ + n0:accessTo <./>;\n\ + n0:agent ' + $admin_user + '\n\ + n0:defaultForNew <./>;\n\ + n0:mode n0:Control, n0:Read, n0:Write.\n\ +<#everyone>\n\ + a n0:Authorization;\n\ + n0: n2:Agent;\n\ + n0:accessTo <./>;\n\ + n0:defaultForNew <./>;\n\ + n0:mode n0:Read.' > .acl + +EXPOSE 8443 + +CMD ["node", "/src/bin/ldnode.js", "--port=8443", "--ssl-key=/opt/ldnode/certs/ssl-key.pem", "--ssl-cert=/opt/ldnode/certs/ssl-cert.pem"] + diff --git a/README.md b/README.md index ee5a9a7e0..32f0625a3 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,32 @@ $ openssl genrsa 2048 > ../localhost.key $ openssl req -new -x509 -nodes -sha256 -days 3650 -key ../localhost.key -subj '/CN=*.localhost' > ../localhost.cert ``` +### Single-user server with Docker + +(First, install [Docker](https://docker.com)). + +Self-signed SSL cert and key are generated at build time (not for production! You can override this during the `run` step). The root ACL is also generated, with the owner being the WebID passed in: + +```bash +$ sudo docker build --build-arg admin_user=https://yourwebsite.com/#me -t ldnode . +``` + +This `admin_user` needs to be a real WebID with the corresponding certificate installed in your browser. + +Then `run`, mounting the directory in which your data will be contained (this can be anywhere on your local machine): + +```bash +$ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data --name my-ldnode ldnode +``` + +If you already have an SSL cert (eg. from LetsEncrypt), make sure they are named `ssl-cert.pem` and `ssl-key.pem` and mount the containing directory for those as well: + +```bash +$ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/opt/ldnode/certs --name my-ldnode ldnode +``` + +Go to `https://localhost:8443` and you should be good to go. + ### Run multi-user server (intermediate) You can run `ldnode` so that new users can sign up, in other words, get their WebIDs _username.yourdomain.com_. @@ -86,7 +112,6 @@ $ ldnode --port 8080 --ssl-key key.pem --ssl-cert cert.pem --no-webid **Note:** if you want to run on HTTP, do not pass the `--ssl-*` flags, but keep `--no-webid` - ### Extra flags (expert) The command line tool has the following options From c5df357129d167805b8a89b9dc5c163d66b489e4 Mon Sep 17 00:00:00 2001 From: rhiaro Date: Sun, 1 May 2016 10:04:12 -0400 Subject: [PATCH 2/4] Dockerfile and instructions --- Dockerfile | 32 ++++++++++++++++++++++++++++++++ README.md | 27 ++++++++++++++++++++++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..1c3ff0ad0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +FROM node:5.11-wheezy + +ARG admin_user + +WORKDIR /opt/ldnode/certs +RUN openssl genrsa 2048 > ssl-key.pem +RUN openssl req -new -x509 -nodes -sha256 -days 3650 -key ssl-key.pem -subj '/CN=*.localhost' > ssl-cert.pem + +COPY . /src +RUN cd /src; npm install + +WORKDIR /src/data +RUN echo $'@prefix n0: . \n\ +@prefix n2: .\n\ +\n\ +<#owner>\n\ + a n0:Authorization;\n\ + n0:accessTo <./>;\n\ + n0:agent ' + $admin_user + '\n\ + n0:defaultForNew <./>;\n\ + n0:mode n0:Control, n0:Read, n0:Write.\n\ +<#everyone>\n\ + a n0:Authorization;\n\ + n0: n2:Agent;\n\ + n0:accessTo <./>;\n\ + n0:defaultForNew <./>;\n\ + n0:mode n0:Read.' > .acl + +EXPOSE 8443 + +CMD ["node", "/src/bin/ldnode.js", "--port=8443", "--ssl-key=/opt/ldnode/certs/ssl-key.pem", "--ssl-cert=/opt/ldnode/certs/ssl-cert.pem"] + diff --git a/README.md b/README.md index c3ff27f20..805d9c76f 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,32 @@ $ openssl genrsa 2048 > ../localhost.key $ openssl req -new -x509 -nodes -sha256 -days 3650 -key ../localhost.key -subj '/CN=*.localhost' > ../localhost.cert ``` +### Single-user server with Docker + +(First, install [Docker](https://docker.com)). + +Self-signed SSL cert and key are generated at build time (not for production! You can override this during the `run` step). The root ACL is also generated, with the owner being the WebID passed in: + +```bash +$ sudo docker build --build-arg admin_user=https://yourwebsite.com/#me -t ldnode . +``` + +This `admin_user` needs to be a real WebID with the corresponding certificate installed in your browser. + +Then `run`, mounting the directory in which your data will be contained (this can be anywhere on your local machine): + +```bash +$ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data --name my-ldnode ldnode +``` + +If you already have an SSL cert (eg. from LetsEncrypt), make sure they are named `ssl-cert.pem` and `ssl-key.pem` and mount the containing directory for those as well: + +```bash +$ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/opt/ldnode/certs --name my-ldnode ldnode +``` + +Go to `https://localhost:8443` and you should be good to go. + ### Run multi-user server (intermediate) You can run `ldnode` so that new users can sign up, in other words, get their WebIDs _username.yourdomain.com_. @@ -79,7 +105,6 @@ $ ldnode --port 8080 --ssl-key key.pem --ssl-cert cert.pem --no-webid **Note:** if you want to run on HTTP, do not pass the `--ssl-*` flags, but keep `--no-webid` - ### Extra flags (expert) The command line tool has the following options From c7868b4d8707c8ccb4edd5ef2f4e02b470def2a6 Mon Sep 17 00:00:00 2001 From: rhiaro Date: Mon, 2 May 2016 14:20:30 -0400 Subject: [PATCH 3/4] Cleanup, remove acl --- Dockerfile | 34 +++++++++------------------------- README.md | 30 ++++++++++++++++++++++++------ 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1c3ff0ad0..197186cd2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,16 @@ FROM node:5.11-wheezy -ARG admin_user +ARG owner -WORKDIR /opt/ldnode/certs -RUN openssl genrsa 2048 > ssl-key.pem -RUN openssl req -new -x509 -nodes -sha256 -days 3650 -key ssl-key.pem -subj '/CN=*.localhost' > ssl-cert.pem +RUN cd /opt \ + && mkdir -p ldnode/certs && cd ldnode/certs \ + && openssl genrsa 2048 > ssl-key.pem \ + && openssl req -new -x509 -nodes -sha256 -days 3650 -key ssl-key.pem -subj '/CN=*.localhost' > ssl-cert.pem COPY . /src -RUN cd /src; npm install +RUN cd /src && mkdir data \ + && npm install -WORKDIR /src/data -RUN echo $'@prefix n0: . \n\ -@prefix n2: .\n\ -\n\ -<#owner>\n\ - a n0:Authorization;\n\ - n0:accessTo <./>;\n\ - n0:agent ' + $admin_user + '\n\ - n0:defaultForNew <./>;\n\ - n0:mode n0:Control, n0:Read, n0:Write.\n\ -<#everyone>\n\ - a n0:Authorization;\n\ - n0: n2:Agent;\n\ - n0:accessTo <./>;\n\ - n0:defaultForNew <./>;\n\ - n0:mode n0:Read.' > .acl - -EXPOSE 8443 - -CMD ["node", "/src/bin/ldnode.js", "--port=8443", "--ssl-key=/opt/ldnode/certs/ssl-key.pem", "--ssl-cert=/opt/ldnode/certs/ssl-cert.pem"] +ENTRYPOINT ["node", "/src/bin/ldnode.js"] +CMD ["--port=8443", "--ssl-key=/opt/ldnode/certs/ssl-key.pem", "--ssl-cert=/opt/ldnode/certs/ssl-cert.pem", "--root=/src/data"] diff --git a/README.md b/README.md index 805d9c76f..bf4adc251 100644 --- a/README.md +++ b/README.md @@ -54,23 +54,21 @@ $ openssl req -new -x509 -nodes -sha256 -days 3650 -key ../localhost.key -subj ' ### Single-user server with Docker -(First, install [Docker](https://docker.com)). +(First, install [Docker](https://docs.docker.com/engine/installation/)). -Self-signed SSL cert and key are generated at build time (not for production! You can override this during the `run` step). The root ACL is also generated, with the owner being the WebID passed in: +Self-signed SSL cert and key are generated at build time (not for production! You can override this during the `run` step). ```bash -$ sudo docker build --build-arg admin_user=https://yourwebsite.com/#me -t ldnode . +$ sudo docker build -t ldnode . ``` -This `admin_user` needs to be a real WebID with the corresponding certificate installed in your browser. - Then `run`, mounting the directory in which your data will be contained (this can be anywhere on your local machine): ```bash $ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data --name my-ldnode ldnode ``` -If you already have an SSL cert (eg. from LetsEncrypt), make sure they are named `ssl-cert.pem` and `ssl-key.pem` and mount the containing directory for those as well: +If you already have an SSL cert (eg. from LetsEncrypt), make sure they are named `ssl-cert.pem` and `ssl-key.pem` and mount the containing directory (which doesn't contain anything else) for those as well: ```bash $ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/opt/ldnode/certs --name my-ldnode ldnode @@ -78,6 +76,26 @@ $ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/ Go to `https://localhost:8443` and you should be good to go. +If you have an existing WebID (with corresponding cert installed) that you want to use as the owner, include this `.acl` in your local `data` directory: + +``` +@prefix n0: . +@prefix n1: . + +<#owner> + a n0:Authorization; + n0:accessTo <./>; + n0:agent ; + n0:defaultForNew <./>; + n0:mode n0:Control, n0:Read, n0:Write. +<#everyone> + a n0:Authorization; + n0: n1:Agent; + n0:accessTo <./>; + n0:defaultForNew <./>; + n0:mode n0:Read. +``` + ### Run multi-user server (intermediate) You can run `ldnode` so that new users can sign up, in other words, get their WebIDs _username.yourdomain.com_. From c3fc0a6a58117ca7e8d78ad98300df3d642a10b8 Mon Sep 17 00:00:00 2001 From: rhiaro Date: Mon, 2 May 2016 16:38:17 -0400 Subject: [PATCH 4/4] Update readme with owner --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bf4adc251..1c8ecfbe7 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,15 @@ $ sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/ Go to `https://localhost:8443` and you should be good to go. -If you have an existing WebID (with corresponding cert installed) that you want to use as the owner, include this `.acl` in your local `data` directory: +#### With owner + +If you have an existing WebID (with corresponding cert installed) that you want to use as the owner, you can either run with all the args: + +``` +sudo docker run -d -p 8443:8443 -v /path/to/data:/src/data -v /path/to/certs:/opt/ldnode/certs --name my-ldnode ldnode --owner=YOUR WEBID HERE --port 8443 --ssl-key /opt/ldnode/certs/ssl-key.pem --ssl-cert /opt/ldnode/certs/ssl-cert.pem --root=/src/data +``` + +OR include this `.acl` in your local `data` directory: ``` @prefix n0: .