Skip to content

Docker Compose installation

Jump to bottom Edit New page
Mathieu Rampant edited this page May 21, 2024 · 10 revisions

We recommend using docker compose as it greatly simplifies the management and maintenance of docker containers.

Configuration

Given the following directory structure:

|--- docker-compose.yml           # Docker-compose master configuration of all containers
|--- nemo/
|    |--- settings.py             # Nemo settings
|--- nginx/
|    |--- nginx.conf              # Nginx configuration
|    |--- server.crt              # Optional certificate
|    |--- server.key              # Optional private key
|    |--- server.keytab           # Optional Kerberos keytab config file

here is an example of docker-compose.yml:

version: '3'
services:
  nginx:
    container_name: "nginx"
    image: nanofab/nginx:3.1.0
    ports:
      - "80:80"
    volumes:
      - ./nginx:/root/nginx
      - ./nemo/static:/root/nginx/nemo
    restart: always
  nemo:
    container_name: "nemo"
    image: nanofab/nemo:4.5.5
    volumes:
      - ./nemo:/nemo
    restart: unless-stopped

and an example of nginx.conf:

daemon off;
worker_processes auto;
worker_cpu_affinity auto;
events {}

http {
	server_tokens off; # Don't send the nginx version number in error pages and server header
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

	# Timeouts, do not keep connections open longer then necessary to reduce resource usage and deny Slowloris type attacks.
	client_body_timeout 4s; # Maximum time between packets the client can pause when sending nginx any data
	client_header_timeout 4s; # Maximum time the client has to send the entire header to nginx
	keepalive_timeout 75s; # Timeout which a single keep-alive client connection will stay open
	send_timeout 24s; # Maximum time between packets nginx is allowed to pause when sending the client data

	log_format meaningful '$remote_addr $request_method $request_uri "$http_user_agent" $http_referer $request_length $bytes_sent $request_time';

	# TLS
	ssl_protocols TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	# HTTPS
	# Uncomment the following lines for HTTPS:
	# ssl_certificate server.crt;
	# ssl_certificate_key server.key;

	# Kerberos authentication
	# Uncomment the following 2 lines to enable it:
	# auth_gss on;
	# auth_gss_keytab server.keytab;
	# Uncomment this only if you want basic fallback when user doesn't have a valid Kerberos ticket
	# auth_gss_allow_basic_fallback off;

	# Docker internal DNS address
	resolver 127.0.0.11 ipv6=off;

	types {
		application/javascript js;
		text/css css;
		image/x-icon ico;
		text/plain txt;
		application/json map;
		application/font-woff woff;
		application/font-woff2 woff2;
		application/vnd.ms-fontobject eot;
		application/x-font-ttf ttf;
		image/svg+xml svg;
		image/png png;
	}
	default_type application/octet-stream;

	# NEMO
	server {
		listen 80;
		#auth_gss off;
		#server_name ;
		set $upstream http://nemo:8000;

		location / {
			#auth_gss on;
			proxy_set_header Host $host;
			proxy_set_header X-Forwarded-Host $server_name;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto https;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header Connection "";
			proxy_http_version 1.1;
			proxy_pass $upstream;
		}

		# NEMO RESTful API
		location /api {
			auth_gss off;
			proxy_set_header Host $host;
			proxy_set_header X-Forwarded-Host $server_name;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto https;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header Connection "";
			proxy_http_version 1.1;
			proxy_pass $upstream;
		}

		location = /favicon.ico { alias /root/nginx/nemo/favicon.ico; }
		location /static { alias /root/nginx/nemo; }
	}
}

an example of nemo's settings.py can be found here

Usage

run docker compose up -d in the base folder to start everything

(first time only, create a superuser) run docker exec --interactive --tty nemo django-admin createsuperuser

run docker compose down to stop and remove all containers

Add a custom footer

Setup and use

Development

Deployment

Database support

Rest API

Policies and general information

Clone this wiki locally