Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add script to start docker dependencies #233

Merged
merged 5 commits into from
Sep 7, 2024
Merged

chore: add script to start docker dependencies #233

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
58a2b70
chore: add script to start docker dependencies
Nictheboy Jun 23, 2024
0196158
docs: add cheese-start.sh
Nictheboy Aug 27, 2024
6783e40
docs: update README and scripts
Nictheboy Sep 6, 2024
a0bf3cf
docs: update README
Nictheboy Sep 6, 2024
192342b
docs: update README
Nictheboy Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions docs/scripts/cheese.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# The port that the app will listen to
PORT=3000

# The secret used to sign the JWT token
# You MUST change this secret to your own secret!
# Otherwise, your app will be as insecure as with an empty admin password!
JWT_SECRET="test-secret"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure JWT secrets are secure.

The JWT_SECRET is hardcoded with a placeholder value. Ensure this is changed in production environments to a strong, unique secret.

# Example of setting JWT_SECRET securely
JWT_SECRET=$(openssl rand -base64 32)


DB_HOST=localhost # set DB_HOST to database to use with docker
DB_USERNAME=postgres
DB_PASSWORD=postgres # your passowrd
DB_PASSWORD_URL_FORMAT=postgres # password in url-format, see https://github.com/prisma/prisma/discussions/15679
DB_PORT=5432
DB_NAME=postgres

# The connection URL of the database for Prisma
# See https://www.prisma.io/docs/orm/reference/connection-urls for more information
# Keep align with the TypeORM configuration
PRISMA_DATABASE_URL="postgresql://${DB_USERNAME}:${DB_PASSWORD_URL_FORMAT}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public&connection_limit=16"

# The maximum amount of time the interactive transaction can run before being canceled and rolled back.
# See: https://github.com/prisma/prisma/releases/tag/5.10.0
# See: https://github.com/prisma/prisma/issues/15028
PRISMA_TRANSACTION_TIMEOUT=60000 # 60s

# The configuration for Elasticsearch
ELASTICSEARCH_NODE=http://localhost:9200/
ELASTICSEARCH_MAX_RETRIES=10
ELASTICSEARCH_REQUEST_TIMEOUT=60000
ELASTICSEARCH_PING_TIMEOUT=60000
ELASTICSEARCH_SNIFF_ON_START=true
ELASTICSEARCH_AUTH_USERNAME=elastic
ELASTICSEARCH_AUTH_PASSWORD=elastic
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure Elasticsearch credentials are secure.

The Elasticsearch credentials (ELASTICSEARCH_AUTH_USERNAME and ELASTICSEARCH_AUTH_PASSWORD) are hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
ELASTICSEARCH_AUTH_USERNAME=$ELASTICSEARCH_AUTH_USERNAME
ELASTICSEARCH_AUTH_PASSWORD=$ELASTICSEARCH_AUTH_PASSWORD


# The configuration for uploaded files
FILE_UPLOAD_PATH=/tmp/app/uploads
DEFAULT_AVATAR_NAME=default.jpg


# The configuration for CORS
CORS_ORIGINS=http://localhost:3000 # use `,` to separate multiple origins
CORS_METHODS=GET,POST,PUT,PATCH,DELETE
CORS_HEADERS=Content-Type,Authorization
CORS_CREDENTIALS=true

# additionally setup the following if you want to use docker-compose
# to setup environment
POSTGRES_DB=${DB_NAME}
POSTGRES_USER=${DB_USERNAME}
POSTGRES_PASSWORD=${DB_PASSWORD}

# Email configuration:
EMAIL_SMTP_HOST=smtp.example.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_SSL_ENABLE=true
EMAIL_SMTP_USERNAME=user@example.com
EMAIL_SMTP_PASSWORD=a_super_strong_password
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure email credentials are secure.

The email password is hardcoded with a placeholder value. Ensure this is changed in production environments to a strong, unique password.

# Example of setting EMAIL_SMTP_PASSWORD securely
EMAIL_SMTP_PASSWORD=$(openssl rand -base64 32)

EMAIL_DEFAULT_FROM='"No Reply" <noreply@example.com>'

# Email test configuration:
# Enabling email test means when you run test, emails will be sent.
EMAILTEST_ENABLE=false
EMAILTEST_RECEIVER=developer@example.com
3 changes: 3 additions & 0 deletions docs/scripts/dependency-restart.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh
sudo systemctl start docker
sudo docker restart elasticsearch postgres
32 changes: 32 additions & 0 deletions docs/scripts/dependency-start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/sh
sudo systemctl start docker.service
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider removing sudo for Docker commands.

Using sudo with Docker commands is generally not recommended as it can lead to security risks and is unnecessary if the user is part of the docker group. Consider adding the user to the docker group instead.

# Add the user to the docker group to avoid using sudo
sudo usermod -aG docker $USER


sudo docker run -d \
--name elasticsearch \
-e discovery.type=single-node \
-e xpack.security.enabled=true \
-e ELASTIC_USERNAME=elastic \
-e ELASTIC_PASSWORD=elastic \
--health-cmd="curl http://localhost:9200/_cluster/health" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=10 \
-p 9200:9200 \
docker.elastic.co/elasticsearch/elasticsearch:8.12.1
Comment on lines +4 to +15
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure Elasticsearch credentials are secure.

The Elasticsearch credentials (ELASTIC_USERNAME and ELASTIC_PASSWORD) are hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
-e ELASTIC_USERNAME=$ELASTIC_USERNAME \
-e ELASTIC_PASSWORD=$ELASTIC_PASSWORD \


sudo docker run -d \
--name postgres \
-e POSTGRES_PASSWORD=postgres \
--health-cmd="pg_isready" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=5 \
-p 5432:5432 \
postgres
Comment on lines +17 to +25
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure PostgreSQL credentials are secure.

The PostgreSQL password is hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
-e POSTGRES_PASSWORD=$POSTGRES_PASSWORD \

echo "Wait for 5 seconds please..."
sleep 5
sudo docker exec -i postgres bash << EOF
sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
Comment on lines +28 to +31
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid inline configuration changes for PostgreSQL.

Modifying PostgreSQL configuration files directly within the container can lead to issues with container immutability and reproducibility. Consider using a custom Docker image or a volume to manage configuration changes.

# Consider creating a custom Docker image with the necessary configurations
# or mounting a configuration file using a volume.

sudo docker restart --time 0 postgres
Loading