diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index 8f380799..e8b908bd 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -1,112 +1,192 @@ -FROM maven:3.8.4-openjdk-17-slim AS build-server +## +## Create custom JRE for running Openblocks server application +## +FROM eclipse-temurin:17-jdk-jammy AS jre-build +RUN jlink --add-modules java.base,java.compiler,java.datatransfer,java.desktop,java.instrument,java.logging,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto,jdk.accessibility,jdk.charsets,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.dynalink,jdk.httpserver,jdk.incubator.foreign,jdk.incubator.vector,jdk.internal.vm.ci,jdk.jdwp.agent,jdk.jfr,jdk.jsobject,jdk.localedata,jdk.management,jdk.management.agent,jdk.management.jfr,jdk.naming.dns,jdk.naming.rmi,jdk.net,jdk.nio.mapmode,jdk.sctp,jdk.security.auth,jdk.security.jgss,jdk.unsupported,jdk.xml.dom,jdk.zipfs,jdk.attach \ + --output /build/jre \ + --no-man-pages \ + --no-header-files \ + --compress=2 + +## +## Build Openblocks api-service application +## +FROM maven:3.8-eclipse-temurin-17-alpine AS build-api-service COPY ./server/api-service /openblocks-server WORKDIR /openblocks-server RUN --mount=type=cache,target=/root/.m2 mvn -f pom.xml clean package -DskipTests -FROM node:slim AS build-client -COPY ./client /openblocks-client -WORKDIR /openblocks-client -RUN yarn --immutable +# Create required folder structure +RUN mkdir -p /openblocks/api-service/plugins /openblocks/api-service/config /openblocks/api-service/logs -ARG REACT_APP_COMMIT_ID=test -ARG REACT_APP_ENV=production -ARG REACT_APP_EDITION=community -RUN yarn build +# Define openblocks main jar and plugin jars +ARG JAR_FILE=/openblocks-server/openblocks-server/target/openblocks-server-1.0-SNAPSHOT.jar +ARG PLUGIN_JARS=/openblocks-server/openblocks-plugins/*/target/*.jar -FROM node:slim AS build-node -COPY ./server/node-service /openblocks-node -WORKDIR /openblocks-node -RUN yarn --immutable -RUN yarn build +# Copy Java runtime for running server +COPY --from=jre-build /build/jre /openblocks/api-service/jre -FROM openjdk:17-slim AS jre-build -RUN jlink --add-modules java.base,java.compiler,java.datatransfer,java.desktop,java.instrument,java.logging,java.management,java.management.rmi,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.se,java.security.jgss,java.security.sasl,java.smartcardio,java.sql,java.sql.rowset,java.transaction.xa,java.xml,java.xml.crypto,jdk.accessibility,jdk.charsets,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.dynalink,jdk.httpserver,jdk.incubator.foreign,jdk.incubator.vector,jdk.internal.vm.ci,jdk.jdwp.agent,jdk.jfr,jdk.jsobject,jdk.localedata,jdk.management,jdk.management.agent,jdk.management.jfr,jdk.naming.dns,jdk.naming.rmi,jdk.net,jdk.nio.mapmode,jdk.sctp,jdk.security.auth,jdk.security.jgss,jdk.unsupported,jdk.xml.dom,jdk.zipfs,jdk.attach \ - --output /build/jre \ - --no-man-pages \ - --no-header-files \ - --compress=2 +# Copy openblocks server application and plugins +RUN cp ${JAR_FILE} /openblocks/api-service/server.jar \ + && cp ${PLUGIN_JARS} /openblocks/api-service/plugins/ + +# Copy openblocks server configuration +COPY server/api-service/openblocks-server/src/main/resources/selfhost/ce/application.yml /openblocks/api-service/config/ +COPY server/api-service/openblocks-server/src/main/resources/selfhost/ce/application-selfhost.yml /openblocks/api-service/config/ -FROM ubuntu:20.04 +# Add bootstrapfile +COPY deploy/docker/api-service/entrypoint.sh /openblocks/api-service/entrypoint.sh +COPY deploy/docker/api-service/init.sh /openblocks/api-service/init.sh +RUN chmod +x /openblocks/api-service/*.sh + +## +## Intermediary Openblocks api-service image +## +## To create a separate image out of it, build it with: +## DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-api-service --target openblocks-ce-api-service . +## +FROM ubuntu:jammy as openblocks-ce-api-service LABEL maintainer="openblocks" -# Update APT packages - Base Layer python-setuptools -RUN apt-get update && DEBIAN_FRONTEND=noninteractive \ - apt-get install --no-install-recommends -y \ - supervisor curl nginx wget netcat software-properties-common gettext python3-pip git gnupg vim iputils-ping gosu\ - && add-apt-repository ppa:redislabs/redis \ - && apt-get remove -y git python3-pip \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends gosu \ + && rm -rf /var/cache/apt/lists \ + && addgroup --system --gid 9001 openblocks \ + && adduser --system --disabled-password --no-create-home --uid 9001 --gid 9001 openblocks + +# Copy openblocks server configuration +COPY --chown=openblocks:openblocks --from=build-api-service /openblocks/api-service /openblocks/api-service + +EXPOSE 8080 +CMD [ "sh" , "/openblocks/api-service/entrypoint.sh" ] -# Install MongoDB v4.0.5, Redis - Service Layer -RUN wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - +############################################################################# -RUN echo "deb [ arch=amd64,arm64 ]http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list \ - && apt-get remove wget -y +## +## Build openblocks node service +## +FROM ubuntu:jammy as build-node-service -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - \ - && apt-get -y install --no-install-recommends -y mongodb-org=4.4.6 redis nodejs \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* +RUN apt update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y curl xz-utils ca-certificates \ + && mkdir -p /openblocks/node-service/nodejs +# Download and extract nodejs +RUN curl -fsSL 'https://nodejs.org/dist/v19.4.0/node-v19.4.0-linux-x64.tar.xz' | tar --directory /openblocks/node-service/nodejs --strip-components=1 -Jxf - + +# Install yarn +ENV PATH="/openblocks/node-service/nodejs/bin:${PATH}" +#RUN export PATH=${PATH}:/openblocks/node-service/nodejs/bin \ RUN npm install -g yarn -# Clean up cache file - Service layer -RUN rm -rf \ - /root/.cache \ - /root/.npm \ - /root/.pip \ - /usr/local/share/doc \ - /usr/share/doc \ - /usr/share/man \ - /var/lib/apt/lists/* \ - /tmp/* +# Copy and build the node-service app +COPY server/node-service/ /openblocks/node-service/app/ +WORKDIR /openblocks/node-service/app/ +RUN yarn --immutable +RUN yarn build -# Define volumes - Service Layer -VOLUME [ "/openblocks-stacks" ] +# Copy startup script +COPY deploy/docker/node-service/entrypoint.sh /openblocks/node-service/entrypoint.sh +COPY deploy/docker/node-service/init.sh /openblocks/node-service/init.sh +RUN chmod +x /openblocks/node-service/*.sh + +## +## Intermediary Openblocks node service image +## +## To create a separate image out of it, build it with: +## DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-node-service --target openblocks-ce-node-service . +## +FROM ubuntu:jammy as openblocks-ce-node-service +LABEL maintainer="openblocks" -ENV OPENBLOCKS_SERVER_PROXY_PASS http://localhost:8080 -ENV OPENBLOCKS_NODE_PROXY_PASS http://localhost:6060 +RUN apt-get update && apt-get install -y --no-install-recommends gosu \ + && rm -rf /var/cache/apt/lists \ + && addgroup --system --gid 9001 openblocks \ + && adduser --system --disabled-password --no-create-home --uid 9001 --gid 9001 openblocks -# copy jre -COPY --from=jre-build /build/jre /app +COPY --from=build-node-service /openblocks/node-service /openblocks/node-service -ARG JAR_FILE=/openblocks-server/openblocks-server/target/openblocks-server-1.0-SNAPSHOT.jar -ARG PLUGIN_JARS=/openblocks-server/openblocks-plugins/*/target/*.jar +EXPOSE 6060 +CMD [ "/bin/sh", "/openblocks/node-service/entrypoint.sh" ] + +############################################################################# + +## +## Build openblocks client application +## +FROM node:19.4-slim AS build-client +COPY ./client /openblocks-client +WORKDIR /openblocks-client +RUN yarn --immutable + +# curl is required for yarn build to succeed, because it calls it while building client +RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates + +ARG REACT_APP_COMMIT_ID=test +ARG REACT_APP_ENV=production +ARG REACT_APP_EDITION=community +RUN yarn build -RUN mkdir -p /openblocks /openblocks/plugins /var/www/openblocks /env2 -COPY --from=build-server ${JAR_FILE} /openblocks/server/api-service/server.jar -COPY --from=build-server ${PLUGIN_JARS} /openblocks/server/api-service/plugins/ +## +## Intermediary Openblocks client image +## +## To create a separate image out of it, build it with: +## DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-frontend --target openblocks-ce-frontend . +## +FROM nginx:1.23.3 as openblocks-ce-frontend +LABEL maintainer="openblocks" -# copy tace-fe build -COPY --from=build-client /openblocks-client/packages/openblocks/build/ /openblocks/client/ +# Change default nginx user into openblocks user +RUN usermod --login openblocks --uid 9001 nginx \ + && groupmod --new-name openblocks --gid 9001 nginx -# copy node-service -COPY --from=build-node /openblocks-node /openblocks/server/node-service -COPY ./deploy/docker/scripts/start-node-service.sh /openblocks/server/node-service/start-node-service.sh +# Copy openblocks client data +COPY --chown=openblocks:openblocks --from=build-client /openblocks-client/packages/openblocks/build/ /openblocks/client -# copy nginx conf -COPY ./deploy/docker/templates/nginx/* /openblocks/nginx/ -COPY ./deploy/docker/scripts/start-nginx.sh /openblocks/nginx/start-nginx.sh +# Copy additional nginx init scripts +COPY deploy/docker/frontend/00-change-nginx-user.sh /docker-entrypoint.d/00-change-nginx-user.sh +COPY deploy/docker/frontend/01-update-nginx-conf.sh /docker-entrypoint.d/01-update-nginx-conf.sh -# copy redis conf -COPY ./deploy/docker/templates/redis.conf /etc/redis/redis.conf +RUN chmod +x /docker-entrypoint.d/00-change-nginx-user.sh && \ + chmod +x /docker-entrypoint.d/01-update-nginx-conf.sh -# Add process config to be run by supervisord -COPY ./deploy/docker/templates/supervisord.conf /etc/supervisor/supervisord.conf -COPY ./deploy/docker/templates/supervisord/* /etc/supervisor/conf.d/ +COPY deploy/docker/frontend/nginx.conf /etc/nginx/nginx.conf +EXPOSE 3000 -# copy application.yml -COPY ./server/api-service/openblocks-server/src/main/resources/selfhost/ce/application.yml /openblocks/env/ -COPY ./server/api-service/openblocks-server/src/main/resources/selfhost/ce/application-selfhost.yml /openblocks/env2/ +############################################################################# -# Add bootstrapfile -COPY ./deploy/docker/entrypoint.sh /openblocks/ -RUN chmod +x /openblocks/entrypoint.sh +## +## Build Openblocks all-in-one image +## +FROM openblocks-ce-frontend +LABEL maintainer="openblocks" + +# Install required packages +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y bash gnupg curl lsb-release \ + && curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb bullseye main" | tee /etc/apt/sources.list.d/redis.list \ + && curl -fsSL https://www.mongodb.org/static/pgp/server-4.4.asc | gpg --dearmor -o /usr/share/keyrings/mongodb-archive-keyring.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/mongodb-archive-keyring.gpg] http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list \ + && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends -y \ + mongodb-org=4.4.6 \ + redis \ + supervisor \ + gosu \ + && rm -rf /var/cache/apt/lists + +# Add openblocks api-service +COPY --chown=openblocks:openblocks --from=openblocks-ce-api-service /openblocks/api-service /openblocks/api-service + +# Add openblocks node-service +COPY --chown=openblocks:openblocks --from=openblocks-ce-node-service /openblocks/node-service /openblocks/node-service + +# Add services configuration +COPY --chown=openblocks:openblocks deploy/docker/all-in-one/etc /openblocks/etc + +# Add startup script +COPY --chown=openblocks:openblocks deploy/docker/all-in-one/entrypoint.sh /openblocks/entrypoint.sh EXPOSE 3000 -ENTRYPOINT [ "sh" , "/openblocks/entrypoint.sh" ] -CMD ["/usr/bin/supervisord", "-n" , "-c" , "/etc/supervisor/supervisord.conf"] +ENTRYPOINT [ "/bin/sh" , "/openblocks/entrypoint.sh" ] +CMD ["/usr/bin/supervisord", "-n" , "-c" , "/openblocks/etc/supervisord.conf"] diff --git a/deploy/docker/README.md b/deploy/docker/README.md new file mode 100644 index 00000000..5603800a --- /dev/null +++ b/deploy/docker/README.md @@ -0,0 +1,118 @@ +# Openblocks docker image + +Included Dockerfile can be used to build an **all-in-one** image with all required services installed and running within one container, or separate images for frontend and backend services. + +For examples on running the all-in-one image or the multi image deployment see **deploy/docker/docker-compose.yaml** and **deploy/docker/docker-compose-multi.yaml** + + +## all-in-one image + +This image contains all services needed to run Openblocks platform in one container. + +### Building the image + +This is the default target and can be built by running following command from project root: + +``` +DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce . +``` + +### Configuration + +Image can be configured by setting environment variables. + +| Environment variable | Description | Value | +| --------------------------------| --------------------------------------------------------------------| ------------------------------------------------------- | +| `REDIS_ENABLED` | If **true** redis server is started in the container | `true` | +| `MONGODB_ENABLED` | If **true** mongo database is started in the container | `true` | +| `API_SERVICE_ENABLED` | If **true** openblocks api-service is started in the container | `true` | +| `NODE_SERVICE_ENABLED` | If **true** openblocks node-service is started in the container | `true` | +| `FRONTEND_ENABLED` | If **true** openblocks web frontend is started in the container | `true` | +| `PUID` | ID of user running services. It will own all created logs and data. | `9001` | +| `PGID` | ID of group of the user running services. | `9001` | +| `MONGODB_URI` | Mongo database connection string | `mongodb://localhost:27017/openblocks?authSource=admin` | +| `REDIS_URL` | Redis server URL | `redis://localhost:6379` | +| `JS_EXECUTOR_URI` | Node service URL | `http://localhost:6060` | +| `ENABLE_USER_SIGN_UP` | Enable registration of new users | `true` | +| `ENCRYPTION_PASSWORD` | Encryption password | `openblocks.dev` | +| `ENCRYPTION_SALT` | Salt used for encrypting password | `openblocks.dev` | +| `CORS_ALLOWED_DOMAINS` | CORS allowed domains | `*` | +| `OPENBLOCKS_API_SERVICE_URL` | Openblocks API service URL | `http://localhost:8080` | +| `OPENBLOCKS_NODE_SERVICE_URL` | Openblocks Node service (js executor) URL | `http://localhost:6060` | + + +## Building api-service image + +Standalone Openblocks api-service image. + +### Building the image + +From project root run: + +``` +DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-api-service --target openblocks-ce-api-service . +``` + +### Configuration + +Image can be configured by setting environment variables. + +| Environment variable | Description | Value | +| --------------------------------| --------------------------------------------------------------------| ------------------------------------------------------- | +| `PUID` | ID of user running services. It will own all created logs and data. | `9001` | +| `PGID` | ID of group of the user running services. | `9001` | +| `MONGODB_URI` | Mongo database connection string | `mongodb://localhost:27017/openblocks?authSource=admin` | +| `REDIS_URL` | Redis server URL | `redis://localhost:6379` | +| `JS_EXECUTOR_URI` | Node service URL | `http://localhost:6060` | +| `ENABLE_USER_SIGN_UP` | Enable registration of new users | `true` | +| `ENCRYPTION_PASSWORD` | Encryption password | `openblocks.dev` | +| `ENCRYPTION_SALT` | Salt used for encrypting password | `openblocks.dev` | +| `CORS_ALLOWED_DOMAINS` | CORS allowed domains | `*` | + + +## Building node-service image + +Standalone Openblocks node-service (JS executor) image. + +### Building the image + +From project root run: + +``` +DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-node-service --target openblocks-ce-node-service . +``` + +### Configuration + +Image can be configured by setting environment variables. + +| Environment variable | Description | Value | +| --------------------------------| --------------------------------------------------------------------| ------------------------------------------------------- | +| `PUID` | ID of user running services. It will own all created logs and data. | `9001` | +| `PGID` | ID of group of the user running services. | `9001` | +| `OPENBLOCKS_API_SERVICE_URL` | Openblocks API service URL | `http://localhost:8080` | + +## Building web frontend image + +Standalone Openblocks web frontend image. + +### Building the image + +From project root run: + +``` +DOCKER_BUILDKIT=1 docker build -f deploy/docker/Dockerfile -t openblocksdev/openblocks-ce-frontend --target openblocks-ce-frontend . +``` + +### Configuration + +Image can be configured by setting environment variables. + +| Environment variable | Description | Value | +| --------------------------------| --------------------------------------------------------------------| ------------------------------------------------------- | +| `PUID` | ID of user running services. It will own all created logs and data. | `9001` | +| `PGID` | ID of group of the user running services. | `9001` | +| `OPENBLOCKS_API_SERVICE_URL` | Openblocks API service URL | `http://localhost:8080` | +| `OPENBLOCKS_NODE_SERVICE_URL` | Openblocks Node service (js executor) URL | `http://localhost:6060` | + + diff --git a/deploy/docker/all-in-one/entrypoint.sh b/deploy/docker/all-in-one/entrypoint.sh new file mode 100644 index 00000000..6546bfcb --- /dev/null +++ b/deploy/docker/all-in-one/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +set -e + +export USER_ID=${PUID:=9001} +export GROUP_ID=${PGID:=9001} + +# Update ID of openblocks user if required +if [ ! `id --user openblocks` -eq ${USER_ID} ]; then + usermod --uid ${USER_ID} openblocks + echo "ID for openblocks user changed to: ${USER_ID}" +fi; + +# Update ID of openblocks group if required +if [ ! `id --group openblocks` -eq ${GROUP_ID} ]; then + groupmod --gid ${GROUP_ID} openblocks + echo "ID for openblocks group changed to: ${GROUP_ID}" +fi; + +LOGS="/openblocks-stacks/logs" +DATA="/openblocks-stacks/data" +# Create folder for holding application logs and data +mkdir -p ${LOGS}/redis \ + ${LOGS}/mongodb \ + ${LOGS}/api-service \ + ${LOGS}/node-service \ + ${LOGS}/frontend \ + ${DATA}/redis \ + ${DATA}/mongodb + +# Update owner of logs and data +chown -R ${USER_ID}:${GROUP_ID} /openblocks-stacks/ /openblocks/etc + + +# Enable services +SUPERVISOR_AVAILABLE="/openblocks/etc/supervisord/conf-available" +SUPERVISOR_ENABLED="/openblocks/etc/supervisord/conf-enabled" + +# Recreate links to enabled services +rm -f ${SUPERVISOR_ENABLED}/*.conf + +# Enable redis if configured to run +if [ "${REDIS_ENABLED:=true}" = "true" ]; then + ln ${SUPERVISOR_AVAILABLE}/01-redis.conf ${SUPERVISOR_ENABLED}/01-redis.conf +fi; + +# Enable mongodb if configured to run +if [ "${MONGODB_ENABLED:=true}" = "true" ]; then + ln ${SUPERVISOR_AVAILABLE}/02-mongodb.conf ${SUPERVISOR_ENABLED}/02-mongodb.conf +fi; + +# Enable api-service if configured to run +if [ "${API_SERVICE_ENABLED:=true}" = "true" ]; then + ln ${SUPERVISOR_AVAILABLE}/10-api-service.conf ${SUPERVISOR_ENABLED}/10-api-service.conf +fi; + +# Enable node-service if configured to run +if [ "${NODE_SERVICE_ENABLED:=true}" = "true" ]; then + ln ${SUPERVISOR_AVAILABLE}/11-node-service.conf ${SUPERVISOR_ENABLED}/11-node-service.conf +fi; + +# Enable forntend if configured to run +if [ "${FRONTEND_ENABLED:=true}" = "true" ]; then + ln ${SUPERVISOR_AVAILABLE}/20-frontend.conf ${SUPERVISOR_ENABLED}/20-frontend.conf +fi; + +# Handle CMD command +"$@" diff --git a/deploy/docker/templates/redis.conf b/deploy/docker/all-in-one/etc/redis/redis.conf similarity index 99% rename from deploy/docker/templates/redis.conf rename to deploy/docker/all-in-one/etc/redis/redis.conf index 34899398..1f23f3d6 100644 --- a/deploy/docker/templates/redis.conf +++ b/deploy/docker/all-in-one/etc/redis/redis.conf @@ -351,7 +351,7 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # Redis to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null -logfile /var/log/redis/redis-server.log +#logfile /var/log/redis/redis-server.log # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. diff --git a/deploy/docker/templates/supervisord.conf b/deploy/docker/all-in-one/etc/supervisord.conf similarity index 94% rename from deploy/docker/templates/supervisord.conf rename to deploy/docker/all-in-one/etc/supervisord.conf index aad3bd1b..ab4d9541 100644 --- a/deploy/docker/templates/supervisord.conf +++ b/deploy/docker/all-in-one/etc/supervisord.conf @@ -32,7 +32,7 @@ serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket ; include files themselves. [include] -files = /etc/supervisor/conf.d/*.conf +files = /openblocks/etc/supervisord/conf-enabled/*.conf # ; This event listener is used to capture processes log # ; and forward to container log using supervisor_stdout @@ -41,4 +41,4 @@ files = /etc/supervisor/conf.d/*.conf # command = supervisor_stdout # buffer_size = 100 # events = PROCESS_LOG -# result_handler = supervisor_stdout:event_handler \ No newline at end of file +# result_handler = supervisor_stdout:event_handler diff --git a/deploy/docker/templates/supervisord/redis.conf b/deploy/docker/all-in-one/etc/supervisord/conf-available/01-redis.conf similarity index 68% rename from deploy/docker/templates/supervisord/redis.conf rename to deploy/docker/all-in-one/etc/supervisord/conf-available/01-redis.conf index b06ed431..e290f505 100644 --- a/deploy/docker/templates/supervisord/redis.conf +++ b/deploy/docker/all-in-one/etc/supervisord/conf-available/01-redis.conf @@ -1,6 +1,7 @@ [program:redis] -directory=/etc/redis -command=redis-server redis.conf --daemonize no +user=openblocks +directory=/openblocks/etc/redis +command=redis-server /openblocks/etc/redis/redis.conf --daemonize no priority=5 autostart=true autorestart=true @@ -13,4 +14,4 @@ stderr_logfile_maxbytes=10MB stdout_logfile_backups=5 stderr_logfile_backups=5 stdout_events_enabled=true -stderr_events_enabled=true \ No newline at end of file +stderr_events_enabled=true diff --git a/deploy/docker/templates/supervisord/mongodb.conf b/deploy/docker/all-in-one/etc/supervisord/conf-available/02-mongodb.conf similarity index 71% rename from deploy/docker/templates/supervisord/mongodb.conf rename to deploy/docker/all-in-one/etc/supervisord/conf-available/02-mongodb.conf index 2271027d..1a11c412 100644 --- a/deploy/docker/templates/supervisord/mongodb.conf +++ b/deploy/docker/all-in-one/etc/supervisord/conf-available/02-mongodb.conf @@ -1,6 +1,7 @@ [program:mongodb] +user=openblocks directory=/openblocks-stacks/data/mongodb -command=mongod --port 27017 --dbpath . --logpath log --bind_ip localhost +command=mongod --port 27017 --dbpath /openblocks-stacks/data/mongodb --logpath log --bind_ip localhost priority=10 autostart=true autorestart=true @@ -13,4 +14,4 @@ stderr_logfile_maxbytes=10MB stdout_logfile_backups=5 stderr_logfile_backups=5 stdout_events_enabled=true -stderr_events_enabled=true \ No newline at end of file +stderr_events_enabled=true diff --git a/deploy/docker/templates/supervisord/node.conf b/deploy/docker/all-in-one/etc/supervisord/conf-available/10-api-service.conf similarity index 60% rename from deploy/docker/templates/supervisord/node.conf rename to deploy/docker/all-in-one/etc/supervisord/conf-available/10-api-service.conf index 05c1b4bb..7ea39f9e 100644 --- a/deploy/docker/templates/supervisord/node.conf +++ b/deploy/docker/all-in-one/etc/supervisord/conf-available/10-api-service.conf @@ -1,8 +1,9 @@ -[program:node] -directory=/openblocks/server/node-service -command=/openblocks/server/node-service/start-node-service.sh - -priority=12 +[program:api-service] +# privileges will be dropped in entrypoint +user=root +directory=/openblocks/api-service +command=/openblocks/api-service/entrypoint.sh +priority=15 autostart=true autorestart=true startsecs=10 @@ -14,4 +15,4 @@ stderr_logfile_maxbytes=10MB stdout_logfile_backups=5 stderr_logfile_backups=5 stdout_events_enabled=true -stderr_events_enabled=true \ No newline at end of file +stderr_events_enabled=true diff --git a/deploy/docker/all-in-one/etc/supervisord/conf-available/11-node-service.conf b/deploy/docker/all-in-one/etc/supervisord/conf-available/11-node-service.conf new file mode 100644 index 00000000..cacf37bc --- /dev/null +++ b/deploy/docker/all-in-one/etc/supervisord/conf-available/11-node-service.conf @@ -0,0 +1,18 @@ +[program:node-service] +# privileges will be dropped in entrypoint +user=root +directory=/openblocks/node-service +command=/openblocks/node-service/entrypoint.sh +priority=15 +autostart=true +autorestart=true +startsecs=10 +startretries=3 +stdout_logfile=/openblocks-stacks/logs/%(program_name)s/%(program_name)s.log +redirect_stderr=true +stdout_logfile_maxbytes=10MB +stderr_logfile_maxbytes=10MB +stdout_logfile_backups=5 +stderr_logfile_backups=5 +stdout_events_enabled=true +stderr_events_enabled=true diff --git a/deploy/docker/templates/supervisord/frontend.conf b/deploy/docker/all-in-one/etc/supervisord/conf-available/20-frontend.conf similarity index 71% rename from deploy/docker/templates/supervisord/frontend.conf rename to deploy/docker/all-in-one/etc/supervisord/conf-available/20-frontend.conf index e926ea88..292c4f7e 100644 --- a/deploy/docker/templates/supervisord/frontend.conf +++ b/deploy/docker/all-in-one/etc/supervisord/conf-available/20-frontend.conf @@ -1,9 +1,11 @@ [program:frontend] -command=/openblocks/nginx/start-nginx.sh -priority=25 +# privileges will be dropped in entrypoint +user=root +command=/docker-entrypoint.sh nginx -g "daemon off;" +priority=15 autostart=true autorestart=true -startsecs=0 +startsecs=10 startretries=3 stdout_logfile=/openblocks-stacks/logs/%(program_name)s/%(program_name)s.log redirect_stderr=true @@ -13,4 +15,3 @@ stdout_logfile_backups=5 stderr_logfile_backups=5 stdout_events_enabled=true stderr_events_enabled=true -stopsignal=QUIT diff --git a/deploy/docker/api-service/entrypoint.sh b/deploy/docker/api-service/entrypoint.sh new file mode 100644 index 00000000..79316573 --- /dev/null +++ b/deploy/docker/api-service/entrypoint.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +export USER_ID="${PUID:=9001}" +export GROUP_ID="${PGID:=9001}" + +# Run init script +echo "Initializing api-service..." +/openblocks/api-service/init.sh + +APP_JAR="${APP_JAR:=/openblocks/api-service/server.jar}" +JAVA_HOME=/openblocks/api-service/jre +JAVA_OPTS="${JAVA_OPTS:=}" +CUSTOM_APP_PROPERTIES="${APP_PROPERTIES}" +CONTEXT_PATH=${CONTEXT_PATH:=/} + +echo +echo "Running openblocks api-server with:" +echo " user id: ${USER_ID}" +echo " group id: ${GROUP_ID}" +echo " base path: ${CONTEXT_PATH}" +echo +${JAVA_HOME}/bin/java -version +echo + +cd /openblocks/api-service +exec gosu ${USER_ID}:${GROUP_ID} ${JAVA_HOME}/bin/java \ + -Djava.security.egd=file:/dev/./urandom \ + -Dhttps.protocols=TLSv1.1,TLSv1.2 \ + -Dlog4j2.formatMsgNoLookups=true \ + -Dspring.config.location="file:///openblocks/api-service/config/application.yml,file:///openblocks/api-service/config/application-selfhost.yml" \ + ${JAVA_OPTS} \ + -jar "${APP_JAR}" --spring.webflux.base-path=${CONTEXT_PATH} ${CUSTOM_APP_PROPERTIES} + diff --git a/deploy/docker/api-service/init.sh b/deploy/docker/api-service/init.sh new file mode 100644 index 00000000..35065db7 --- /dev/null +++ b/deploy/docker/api-service/init.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -e + +API_SERVICE_ROOT=/openblocks/api-service + +# Update ID of openblocks user if required +if [ ! `id --user openblocks` -eq ${USER_ID} ]; then + usermod --uid ${USER_ID} openblocks + echo "ID for openblocks user changed to: ${USER_ID}" + DO_CHOWN="true" +fi; + +# Update ID of openblocks group if required +if [ ! `id --group openblocks` -eq ${GROUP_ID} ]; then + groupmod --gid ${GROUP_ID} openblocks + echo "ID for openblocks group changed to: ${GROUP_ID}" + DO_CHOWN="true" +fi; + +# Update api-server installation owner +if [ "${DO_CHOWN}" = "true" ]; then + chown -R ${USER_ID}:${GROUP_ID} ${API_SERVICE_ROOT} +fi; + +# Link log files to /dev/null +# - we don't need log files, because all logs are also printed to console +if [ ! -e ${API_SERVICE_ROOT}/logs/main.log ]; then + ln -s /dev/null ${API_SERVICE_ROOT}/logs/main.log + chmod 777 ${API_SERVICE_ROOT}/logs/main.log +fi; + +if [ ! -e ${API_SERVICE_ROOT}/logs/query-error.log ]; then + ln -s /dev/null ${API_SERVICE_ROOT}/logs/query-error.log + chmod 777 ${API_SERVICE_ROOT}/logs/query-error.log +fi; + +echo "Openblocks api-service setup finished." diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml new file mode 100644 index 00000000..5a75dc81 --- /dev/null +++ b/deploy/docker/docker-compose-multi.yaml @@ -0,0 +1,79 @@ +version: "3" +services: + + ## + ## Start services required for Openblocks (MongoDB and Redis) + ## + mongodb: + image: "mongo:4.4" + container_name: mongodb + environment: + MONGO_INITDB_DATABASE: openblocks + MONGO_INITDB_ROOT_USERNAME: openblocks + MONGO_INITDB_ROOT_PASSWORD: secret123 + # Uncomment to save database data into local 'mongodata' folder + # volumes: + # - ./mogodata:/data/db + restart: unless-stopped + + redis: + image: redis:7-alpine + container_name: redis + + + ## + ## Start Openblocks backend services (api-service and node-service) + ## + openblocks-api-service: + image: openblocksdev/openblocks-ce-api-service:latest + container_name: openblocks-api-service + # Enabled ports to be able to access backend from host + # ports: + # - "8080:8080" + environment: + PUID: "9001" + PGID: "9001" + MONGODB_URI: "mongodb://openblocks:secret123@mongodb/openblocks?authSource=admin" + REDIS_URL: "redis://redis:6379" + JS_EXECUTOR_URI: "http://openblocks-node-service:6060" + ENABLE_USER_SIGN_UP: "true" + ENCRYPTION_PASSWORD: "openblocks.dev" + ENCRYPTION_SALT: "openblocks.dev" + CORS_ALLOWED_DOMAINS: "*" + restart: unless-stopped + depends_on: + - mongodb + - redis + + openblocks-node-service: + image: openblocksdev/openblocks-ce-node-service:latest + container_name: openblocks-node-service + # Enabled ports to be able to access backend from host + # ports: + # - "6060:6060" + environment: + PUID: "9001" + PGID: "9001" + OPENBLOCKS_API_SERVICE_URL: "http://openblocks-api-service:8080" + restart: unless-stopped + depends_on: + - openblocks-api-service + + ## + ## Start Openblocks web frontend + ## + openblocks-frontend: + image: openblocksdev/openblocks-ce-frontend:latest + container_name: openblocks-frontend + ports: + - "3000:3000" + environment: + PUID: "9001" + PGID: "9001" + OPENBLOCKS_API_SERVICE_URL: "http://openblocks-api-service:8080" + OPENBLOCKS_NODE_SERVICE_URL: "http://openblocks-node-service:6060" + restart: unless-stopped + depends_on: + - openblocks-node-service + - openblocks-api-service + diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml new file mode 100644 index 00000000..9e9173f2 --- /dev/null +++ b/deploy/docker/docker-compose.yaml @@ -0,0 +1,37 @@ +version: "3" +services: + + ## + ## Start Openblocks (all-in-one) + ## + openblocks-api-service: + image: openblocksdev/openblocks-ce:latest + container_name: openblocks + ports: + - "3000:3000" + environment: + # enable services + REDIS_ENABLED: "true" + MONGODB_ENABLED: "true" + API_SERVICE_ENABLED: "true" + NODE_SERVICE_ENABLED: "true" + FRONTEND_ENABLED: "true" + # generic parameters + PUID: "1000" + PGID: "1000" + # api-service parameters + #MONGODB_URI: "mongodb://openblocks:secret123@mongodb/openblocks?authSource=admin" + MONGODB_URI: "mongodb://localhost:27017/openblocks?authSource=admin" + REDIS_URL: "redis://localhost:6379" + JS_EXECUTOR_URI: "http://localhost:6060" + ENABLE_USER_SIGN_UP: "true" + ENCRYPTION_PASSWORD: "openblocks.dev" + ENCRYPTION_SALT: "openblocks.dev" + CORS_ALLOWED_DOMAINS: "*" + # api and node service parameters + OPENBLOCKS_API_SERVICE_URL: "http://localhost:8080" + OPENBLOCKS_NODE_SERVICE_URL: "http://localhost:6060" + volumes: + - ./openblocks-stacks:/openblocks-stacks + restart: unless-stopped + diff --git a/deploy/docker/entrypoint.sh b/deploy/docker/entrypoint.sh deleted file mode 100755 index 86a912af..00000000 --- a/deploy/docker/entrypoint.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -set -e - -init_directory() { - # Create sub-directory to store services log in the container mounting folder - mkdir -p /openblocks-stacks/logs/backend - mkdir -p /openblocks-stacks/logs/frontend - mkdir -p /openblocks-stacks/logs/mongodb - mkdir -p /openblocks-stacks/logs/redis - mkdir -p /openblocks-stacks/logs/node - mkdir -p /openblocks-stacks/data/redis - mkdir -p /openblocks-stacks/data/mongodb -} - -init_configuration() { - echo "Init configuration" - CONFIG_PATH="/openblocks-stacks/configuration" - YML_PATH="$CONFIG_PATH/application-selfhost.yml" - if ! [ -e "$YML_PATH" ]; then - echo "yml configuration not exist" - mkdir -p "$CONFIG_PATH" - cp /openblocks/env2/application-selfhost.yml $CONFIG_PATH/ - fi -} - -add_user() { - USER_ID=${LOCAL_USER_ID:-9001} - GROUP_ID=$USER_ID - USER_NAME="openblocks_$USER_ID" - GROUP_NAME=$USER_NAME - echo "Starting with UID : $USER_ID" - groupadd -g $GROUP_ID $GROUP_NAME || true - useradd -u $USER_ID -g $GROUP_ID $USER_NAME || true - chown -R $USER_ID:$GROUP_ID /openblocks /openblocks-stacks /etc/nginx /var /etc/redis /etc/supervisor - chown $USER_ID:$GROUP_ID /run -} - -init_directory -init_configuration -add_user - -# Handle CMD command -exec gosu $USER_NAME "$@" diff --git a/deploy/docker/frontend/00-change-nginx-user.sh b/deploy/docker/frontend/00-change-nginx-user.sh new file mode 100644 index 00000000..00347235 --- /dev/null +++ b/deploy/docker/frontend/00-change-nginx-user.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +set -e + +USER_ID=${PUID:=9001} +GROUP_ID=${PGID:=9001} +CLIENT_ROOT=/openblocks/client + +# Update ID of openblocks user if required +if [ ! `id --user openblocks` -eq ${USER_ID} ]; then + usermod --uid ${USER_ID} openblocks + echo "ID for openblocks user changed to: ${USER_ID}" + DO_CHOWN="true" +fi; + +# Update ID of openblocks group if required +if [ ! `id --group openblocks` -eq ${GROUP_ID} ]; then + groupmod --gid ${GROUP_ID} openblocks + echo "ID for openblocks group changed to: ${GROUP_ID}" + DO_CHOWN="true" +fi; + +# Update api-server installation owner +if [ "${DO_CHOWN}" = "true" ]; then + chown -R ${USER_ID}:${GROUP_ID} ${CLIENT_ROOT} + echo "Openblocks client files owner modified." +fi; + diff --git a/deploy/docker/frontend/01-update-nginx-conf.sh b/deploy/docker/frontend/01-update-nginx-conf.sh new file mode 100644 index 00000000..98a3d9ac --- /dev/null +++ b/deploy/docker/frontend/01-update-nginx-conf.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +sed -i "s@__OPENBLOCKS_API_SERVICE_URL__@${OPENBLOCKS_API_SERVICE_URL:=http://localhost:8080}@" /etc/nginx/nginx.conf +sed -i "s@__OPENBLOCKS_NODE_SERVICE_URL__@${OPENBLOCKS_NODE_SERVICE_URL:=http://localhost:6060}@" /etc/nginx/nginx.conf + +echo "nginx config updated with:" +echo " Openblocks api service URL: ${OPENBLOCKS_API_SERVICE_URL}" +echo " Openblocks node service URL: ${OPENBLOCKS_NODE_SERVICE_URL}" diff --git a/deploy/docker/templates/nginx/nginx-root.conf.template b/deploy/docker/frontend/nginx.conf similarity index 58% rename from deploy/docker/templates/nginx/nginx-root.conf.template rename to deploy/docker/frontend/nginx.conf index 8dd21bbe..42164295 100644 --- a/deploy/docker/templates/nginx/nginx-root.conf.template +++ b/deploy/docker/frontend/nginx.conf @@ -1,14 +1,13 @@ -worker_processes 1; +user openblocks; -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; +worker_processes 1; events { worker_connections 1024; } - http { + include /etc/nginx/mime.types; default_type application/octet-stream; @@ -27,14 +26,33 @@ http { 'upstream_connect_time=$upstream_connect_time ' 'upstream_header_time=$upstream_header_time'; - access_log /var/log/nginx/access.log main; - + keepalive_timeout 65; sendfile on; #tcp_nopush on; - keepalive_timeout 65; + server { + listen 3000 default_server; + root /openblocks/client; + + + location / { + try_files $uri /index.html; + + if ($request_filename ~* .*.(html|htm)$) { + add_header Cache-Control no-cache; + } + } - #gzip on; + location /api { + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_pass __OPENBLOCKS_API_SERVICE_URL__; + } - include /etc/nginx/conf.d/*.conf; + location /node-service/plugin-icons { + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_pass __OPENBLOCKS_NODE_SERVICE_URL__; + } + } } diff --git a/deploy/docker/node-service/entrypoint.sh b/deploy/docker/node-service/entrypoint.sh new file mode 100755 index 00000000..624da30c --- /dev/null +++ b/deploy/docker/node-service/entrypoint.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e + +export USER_ID=${PUID:=9001} +export GROUP_ID=${PGID:=9001} +export PATH="/openblocks/node-service/nodejs/bin:${PATH}" +export API_HOST="${OPENBLOCKS_API_SERVICE_URL:=http://localhost:8080}" + +# Run init script +echo "Initializing node-service..." +/openblocks/node-service/init.sh + +cd /openblocks/node-service/app + +echo +echo "Running Openblocks node-service with:" +echo " API service host: ${API_HOST}" +echo " user id: ${USER_ID}" +echo " group id: ${GROUP_ID}" +echo + +exec gosu ${USER_ID}:${GROUP_ID} yarn start + diff --git a/deploy/docker/node-service/init.sh b/deploy/docker/node-service/init.sh new file mode 100644 index 00000000..d0b12f40 --- /dev/null +++ b/deploy/docker/node-service/init.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +NODE_SERVICE_ROOT=/openblocks/node-service + +# Update ID of openblocks user if required +if [ ! `id --user openblocks` -eq ${USER_ID} ]; then + usermod --uid ${USER_ID} openblocks + echo "ID for openblocks user changed to: ${USER_ID}" + DO_CHOWN="true" +fi; + +# Update ID of openblocks group if required +if [ ! `id --group openblocks` -eq ${GROUP_ID} ]; then + groupmod --gid ${GROUP_ID} openblocks + echo "ID for openblocks group changed to: ${GROUP_ID}" + DO_CHOWN="true" +fi; + +# Update node-server installation owner +if [ "${DO_CHOWN}" = "true" ]; then + echo "Changing node-service owner to ${USER_ID}:${GROUP_ID}" + chown -R ${USER_ID}:${GROUP_ID} ${NODE_SERVICE_ROOT} +fi; + +echo "Openblocks node-service setup finished." diff --git a/deploy/docker/scripts/start-nginx.sh b/deploy/docker/scripts/start-nginx.sh deleted file mode 100755 index 7365f9f4..00000000 --- a/deploy/docker/scripts/start-nginx.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -# This script is baked into the Dockerfile and is used to boot Nginx when the Docker container starts -# Refer: /app/client/Dockerfile -set -o errexit -set -o xtrace - -cp /openblocks/nginx/nginx-root.conf.template /etc/nginx/nginx.conf - -if [ -e "/openblocks-stacks/ssl/fullchain.pem" ] && [ -e "/openblocks-stacks/ssl/privkey.pem" ]; - then - envsubst '$OPENBLOCKS_SERVER_PROXY_PASS,$OPENBLOCKS_NODE_PROXY_PASS' < /openblocks/nginx/nginx-app-https.conf.template > /etc/nginx/conf.d/default.conf - else - envsubst '$OPENBLOCKS_SERVER_PROXY_PASS,$OPENBLOCKS_NODE_PROXY_PASS' < /openblocks/nginx/nginx-app-http.conf.template > /etc/nginx/conf.d/default.conf -fi - -exec nginx -g 'daemon off;' diff --git a/deploy/docker/scripts/start-node-service.sh b/deploy/docker/scripts/start-node-service.sh deleted file mode 100755 index 3597d910..00000000 --- a/deploy/docker/scripts/start-node-service.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -API_HOST=http://localhost:8080 yarn start \ No newline at end of file diff --git a/deploy/docker/templates/nginx/nginx-app-http.conf.template b/deploy/docker/templates/nginx/nginx-app-http.conf.template deleted file mode 100644 index 75c31f93..00000000 --- a/deploy/docker/templates/nginx/nginx-app-http.conf.template +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen 3000 default_server; - root /openblocks/client; - location / { - try_files $uri /index.html; - if ($request_filename ~* .*.(html|htm)$) { - add_header Cache-Control no-cache; - } - } - location /api { - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass ${OPENBLOCKS_SERVER_PROXY_PASS}; - } - location /node-service/plugin-icons { - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass ${OPENBLOCKS_NODE_PROXY_PASS}; - } -} diff --git a/deploy/docker/templates/nginx/nginx-app-https.conf.template b/deploy/docker/templates/nginx/nginx-app-https.conf.template deleted file mode 100644 index 20486699..00000000 --- a/deploy/docker/templates/nginx/nginx-app-https.conf.template +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 3443 ssl; - ssl_certificate /openblocks-stacks/ssl/fullchain.pem; - ssl_certificate_key /openblocks-stacks/ssl/privkey.pem; - - root /openblocks/client; - location / { - try_files $uri /index.html; - if ($request_filename ~* .*.(html|htm)$) { - add_header Cache-Control no-cache; - } - } - location /api { - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass ${OPENBLOCKS_SERVER_PROXY_PASS}; - } - location /node-service/plugin-icons { - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass ${OPENBLOCKS_NODE_PROXY_PASS}; - } -} - diff --git a/deploy/docker/templates/supervisord/backend.conf b/deploy/docker/templates/supervisord/backend.conf deleted file mode 100644 index 648a7fb8..00000000 --- a/deploy/docker/templates/supervisord/backend.conf +++ /dev/null @@ -1,17 +0,0 @@ -[program:backend] -directory=/openblocks/server/api-service -# Ref -Dlog4j2.formatMsgNoLookups=true https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot -command=/app/bin/java -Djava.security.egd="file:/dev/./urandom" -Dlog4j2.formatMsgNoLookups=true -Dspring.config.location="file:///openblocks/env/application.yml,file:///openblocks-stacks/configuration/application-selfhost.yml" -jar server.jar -priority=15 -autostart=true -autorestart=true -startsecs=10 -startretries=3 -stdout_logfile=/openblocks-stacks/logs/%(program_name)s/%(program_name)s.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -stderr_logfile_maxbytes=10MB -stdout_logfile_backups=5 -stderr_logfile_backups=5 -stdout_events_enabled=true -stderr_events_enabled=true