diff --git a/Makefile b/Makefile index 32396e21..a8e0dcad 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,8 @@ EXISTE_LOCAL_FONTES := $(shell docker volume ls | grep $(VOLUME_FONTES) ) EXISTE_LOCAL_ARQUIVOS_EXTERNOS := $(shell docker volume ls | grep $(VOLUME_ARQUIVOSEXTERNOS) ) EXISTE_LOCAL_SOLR := $(shell docker volume ls | grep $(VOLUME_SOLR) ) +qtd := "2" + DIR := ${CURDIR} COMMMADCOMPOSE = docker-compose -f orquestrators/docker-compose/docker-compose.yml @@ -13,10 +15,13 @@ help: ## Lista de comandos disponiveis e descricao. Voce pode usar TAB para co @fgrep -h "##" $(MAKEFILE_LIST) | fgrep -v fgrep | sed -e 's/\\$$//' | sed -e 's/##//' -criar_volumes: criar_volume_fontes criar_volume_banco criar_volume_arquivos_externos criar_volume_solr +criar_volumes: criar_volume_fontes criar_volume_certs criar_volume_banco criar_volume_arquivos_externos criar_volume_solr criar_volume_fontes: ## Monte o volume docker com os fontes que serao consumidos pelo projeto docker run --rm -v $(LOCALIZACAO_FONTES_SEI):/source -v $(VOLUME_FONTES):/opt -w /source alpine sh -c "cp -R infra sei sip /opt/" + +criar_volume_certs: ## Monte o volume docker com os certs que serao consumidos pelo projeto + docker run --rm -v ${CURDIR}/orquestrators/docker-compose/cert0.pem:/cert0.pem -v $(LOCALIZACAO_CERTS):/source -v $(VOLUME_CERTS):/certs -w /source alpine sh -c "cp /cert0.pem /certs/" criar_volume_banco: ## Monte o volume docker com os fontes que serao consumidos pelo projeto @@ -46,10 +51,86 @@ endif build_docker_compose: ## Construa o docker-compose.yml baseado no arquivo envlocal.env rm -f orquestrators/docker-compose/docker-compose.yml - + envsubst < orquestrators/docker-compose/docker-compose-template.yml > orquestrators/docker-compose/docker-compose.yml +ifeq ("$(APP_PORTA_80_MAP_EXPOR)", "true") + sed -i'' -e "s|#ports:|ports:|" orquestrators/docker-compose/docker-compose.yml + +ifneq ("$(APP_PORTA_80_MAP_EXPOR)", "") + sed -i'' -e "s|# - $(APP_PORTA_80_MAP)| - $(APP_PORTA_80_MAP)|" orquestrators/docker-compose/docker-compose.yml +else + sed -i'' -e "|# - $(APP_PORTA_80_MAP)|d" orquestrators/docker-compose/docker-compose.yml +endif + sed -i'' -e "s|nada|nada|" orquestrators/docker-compose/docker-compose.yml +endif + +ifeq ("$(APP_PORTA_443_MAP_EXPOR)", "true") + sed -i'' -e "s|#ports:|ports:|" orquestrators/docker-compose/docker-compose.yml + +ifneq ("$(APP_PORTA_443_MAP_EXPOR)", "") + sed -i'' -e "s|# - $(APP_PORTA_443_MAP)| - $(APP_PORTA_443_MAP)|" orquestrators/docker-compose/docker-compose.yml +else + sed -i'' -e "|# - $(APP_PORTA_443_MAP)|d" orquestrators/docker-compose/docker-compose.yml +endif + sed -i'' -e "s|nada|nada|" orquestrators/docker-compose/docker-compose.yml +endif + +ifeq ("$(APP_PROTOCOLO)", "https") + sed -i'' -e "s|#- EXCLUDE_PORTS=80|- EXCLUDE_PORTS=80|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|#- EXTRA_ROUTE_SETTINGS=ssl verify none|- EXTRA_ROUTE_SETTINGS=ssl verify none|" orquestrators/docker-compose/docker-compose.yml +endif +ifeq ("$(APP_PROTOCOLO)", "http") + sed -i'' -e "s|#- EXCLUDE_PORTS=443|- EXCLUDE_PORTS=443|" orquestrators/docker-compose/docker-compose.yml +endif + +ifeq ("$(BALANCEADOR_PRESENTE)", "true") + sed -i'' -e "s|#balanceador:|balanceador:|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# image: dockercloud/haproxy| image: dockercloud/haproxy|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# links:| links:|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - app| - app|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - solr| - solr|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# environment:| environment:|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - EXTRA_FRONTEND_SETTINGS_80=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root| - EXTRA_FRONTEND_SETTINGS_80=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - EXTRA_FRONTEND_SETTINGS_443=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root| - EXTRA_FRONTEND_SETTINGS_443=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - CERT_FOLDER=/certs| - CERT_FOLDER=/certs|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# volumes_from:| volumes_from:|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - storage-certs| - storage-certs|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# volumes:| volumes:|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# - /var/run/docker.sock:/var/run/docker.sock| - /var/run/docker.sock:/var/run/docker.sock|g" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|nada|nada|" orquestrators/docker-compose/docker-compose.yml +endif + +ifeq ("$(JOD_PRESENTE)", "true") + sed -i'' -e "s|#jod: #servicejod|jod: #servicejod|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|# image: ${DOCKER_IMAGE_JOD} #servicejod| image: ${DOCKER_IMAGE_JOD} #servicejod|" orquestrators/docker-compose/docker-compose.yml + sed -i'' -e "s|#- jod:jod #servicejod|- jod:jod #servicejod|g" orquestrators/docker-compose/docker-compose.yml +endif + +ifeq ("$(BALANCEADOR_PRESENTE)", "true") + +ifeq ("$(BALANCEADOR_PORTA_80_MAP_EXPOR)", "true") + sed -i'' -e "s|# ports:| ports:|" orquestrators/docker-compose/docker-compose.yml +ifneq ("$(BALANCEADOR_PORTA_80_MAP_EXPOR)", "") + sed -i'' -e "s|# - $(BALANCEADOR_PORTA_80_MAP)| - $(BALANCEADOR_PORTA_80_MAP)|" orquestrators/docker-compose/docker-compose.yml +else + sed -i'' -e "|# - $(BALANCEADOR_PORTA_80_MAP)|d" orquestrators/docker-compose/docker-compose.yml +endif +endif + +ifeq ("$(BALANCEADOR_PORTA_443_MAP_EXPOR)", "true") + sed -i'' -e "s|# ports:| ports:|" orquestrators/docker-compose/docker-compose.yml +ifneq ("$(BALANCEADOR_PORTA_443_MAP_EXPOR)", "") + sed -i'' -e "s|# - $(BALANCEADOR_PORTA_443_MAP)| - $(BALANCEADOR_PORTA_443_MAP)|" orquestrators/docker-compose/docker-compose.yml +else + sed -i'' -e "|# - $(BALANCEADOR_PORTA_443_MAP)|d" orquestrators/docker-compose/docker-compose.yml +endif +endif + +endif + + run: ## roda na sequencia build_docker_compose e up -d ifeq ("$(EXISTE_LOCAL_DB)", "") @@ -70,35 +151,56 @@ else $(COMMMADCOMPOSE) up -d endif +scale: ## escala os nohs de aplicacao do SEI para 2. Caso vc queira mais de 2 basta usar o comando make qtd=3 scale, substituindo o 3 pelo numero desejado, ou o comando docker-compose scale app=x na pasta orquestrators/docker-compose + + @echo "escala os nohs de aplicacao do SEI para 2. Caso vc queira mais de 2 basta usar o comando make qtd=3 scale, substituindo o 3 pelo numero desejado, ou o comando docker-compose scale app=3 na pasta orquestrators/docker-compose" + + +ifeq ("$(BALANCEADOR_PRESENTE)", "true") + $(COMMMADCOMPOSE) scale app=$(qtd) +else + echo "Scale nao efetuado. Precisa de um balanceador" +endif + + stop: ## docker-compose stop e docker-compose rm -f - make build_docker_compose $(COMMMADCOMPOSE) stop $(COMMMADCOMPOSE) rm -f logs: ## docker-compose logs -f pressione ctrol+c para sair $(COMMMADCOMPOSE) logs -f +logs_app: ## docker-compose logs -f app pressione ctrol+c para sair + $(COMMMADCOMPOSE) logs -f app + +logs_app-atualizador: ## docker-compose logs -f app pressione ctrol+c para sair + $(COMMMADCOMPOSE) logs -f app-atualizador + clear: ## para o projeto e remove tds os volumes criados make stop $(COMMMADCOMPOSE) down -v apagar_volumes: make apagar_volume_fontes + make apagar_volume_certs make apagar_volume_banco make apagar_volume_arquivos_externos make apagar_volume_solr apagar_volume_fontes: ## Monte o volume docker com os fontes que serao consumidos pelo projeto - docker volume rm $(VOLUME_FONTES) + docker volume rm $(VOLUME_FONTES) || true + +apagar_volume_certs: ## Monte o volume docker com os fontes que serao consumidos pelo projeto + docker volume rm $(VOLUME_CERTS) || true apagar_volume_banco: ## Apagar volume do banco - docker volume rm $(VOLUME_DB) + docker volume rm $(VOLUME_DB) || true apagar_volume_arquivos_externos: ## Apagar volume Arquivos Externos - docker volume rm $(VOLUME_ARQUIVOSEXTERNOS) + docker volume rm $(VOLUME_ARQUIVOSEXTERNOS) || true apagar_volume_solr: ## Apagar volume Solr - docker volume rm $(VOLUME_SOLR) + docker volume rm $(VOLUME_SOLR) || true diff --git a/containeres/app/files/conf/ConfiguracaoSEI.php b/containeres/app/files/conf/ConfiguracaoSEI.php index d220a252..7b994023 100644 --- a/containeres/app/files/conf/ConfiguracaoSEI.php +++ b/containeres/app/files/conf/ConfiguracaoSEI.php @@ -34,7 +34,7 @@ public function getArrConfiguracoes(){ 'PaginaLogin' => getenv('APP_PROTOCOLO').'://'.getenv('APP_HOST').'/sip/login.php', 'SipWsdl' => getenv('APP_PROTOCOLO').'://'.getenv('APP_HOST').'/sip/controlador_ws.php?servico=sip', 'ChaveAcesso' => getenv('APP_SEI_CHAVE_ACESSO'), - 'https' => false), + 'https' => (getenv('APP_PROTOCOLO') == 'https' ? true : false)), 'BancoSEI' => array( 'Servidor' => 'db', diff --git a/containeres/app/files/conf/ConfiguracaoSip.php b/containeres/app/files/conf/ConfiguracaoSip.php index 6e1d3a96..ed4085ec 100644 --- a/containeres/app/files/conf/ConfiguracaoSip.php +++ b/containeres/app/files/conf/ConfiguracaoSip.php @@ -25,7 +25,7 @@ public function getArrConfiguracoes(){ 'PaginaLogin' => getenv('APP_PROTOCOLO').'://'.getenv('APP_HOST').'/sip/login.php', 'SipWsdl' => getenv('APP_PROTOCOLO').'://'.getenv('APP_HOST').'/sip/controlador_ws.php?servico=sip', 'ChaveAcesso' => getenv('APP_SIP_CHAVE_ACESSO'), //ATEN��O: gerar uma nova chave para o SIP ap�s a instala��o (ver documento de instala��o) - 'https' => false), + 'https' => (getenv('APP_PROTOCOLO') == 'https' ? true : false)), 'BancoSip' => array( 'Servidor' => 'db', diff --git a/containeres/app/files/conf/sei.conf b/containeres/app/files/conf/sei.conf index ffe1fcb2..29d5cc7c 100644 --- a/containeres/app/files/conf/sei.conf +++ b/containeres/app/files/conf/sei.conf @@ -41,4 +41,38 @@ SetEnvIfNoCase user-agent "Microsoft Data Access Internet Publishing Provider Pr Require all granted + + + + + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/sei.crt + SSLCertificateChainFile /etc/pki/tls/certs/sei-ca.pem + SSLCertificateKeyFile /etc/pki/tls/private/sei.key + + DocumentRoot /var/www/html + + ServerAdmin admin@dominio.gov.br + ServerName localhost + + DirectoryIndex index.php index.html + IndexIgnore * + + EnableSendfile Off + HostnameLookups Off + ServerSignature Off + AddDefaultCharset iso-8859-1 + + # Bloqueia acesso à qualquer arquivo ou diretório externo ao DocumentRoot + + AllowOverride None + Require all denied + + + + AllowOverride None + Options None + Require all granted + + \ No newline at end of file diff --git a/containeres/app/files/scripts-e-automatizadores/entrypoint-atualizador.sh b/containeres/app/files/scripts-e-automatizadores/entrypoint-atualizador.sh index 11138677..45871266 100755 --- a/containeres/app/files/scripts-e-automatizadores/entrypoint-atualizador.sh +++ b/containeres/app/files/scripts-e-automatizadores/entrypoint-atualizador.sh @@ -161,6 +161,72 @@ fi +# Gera certificados caso necessário para desenvolvimento +if [ ! -d "/certs/seiapp" ]; then + echo "Diretorio /certs nao encontrado, criando ..." + mkdir -p /certs/seiapp +fi + +echo "Verificando se certificados existem no diretorio /certs...." +if [ ! -f /certs/seiapp/sei-ca.pem ] || [ ! -f /certs/seiapp/sei.crt ]; then + echo "Arquivos de cert nao encontrados criando auto assinados ..." + + cd /certs/seiapp + + echo "Criando CA" + openssl genrsa -out sei-ca-key.pem 2048 + openssl req -x509 -new -nodes -key sei-ca-key.pem \ + -days 10000 -out sei-ca.pem -subj "/CN=sei-dev" + + echo "Criando certificados para o dominio: $APP_HOST" + openssl genrsa -out sei.key 2048 + openssl req -new -nodes -key sei.key \ + -days 10000 -out sei.csr -subj "/CN=$APP_HOST" + openssl x509 -req -in sei.csr -CA sei-ca.pem \ + -CAkey sei-ca-key.pem -CAcreateserial \ + -out sei.crt -days 10000 -extensions v3_req + + cat /certs/seiapp/sei-ca.pem >> /etc/ssl/certs/cacert.pem + echo "Adicionada nova CA ao TrustStore\n" +else + echo "Arquivos de cert encontrados vamos tentar utilizá-los..." +fi + +cd /certs/seiapp +cp sei.crt /etc/pki/tls/certs/sei.crt +cp sei-ca.pem /etc/pki/tls/certs/sei-ca.pem +cp sei.key /etc/pki/tls/private/sei.key +cat sei.crt sei.key >> /etc/pki/tls/certs/sei.pem + +echo "Incluindo TrustStore no sistema" +#cp /icpbrasil/*.crt /etc/pki/ca-trust/source/anchors/ +cp sei-ca.pem /etc/pki/ca-trust/source/anchors/ +update-ca-trust extract +update-ca-trust enable + +echo "Atualizar sequences! todo ajeitar a base de ref e retirar isso" +# copiado do sei-vagrant do guilhermao +# Atualizar os endereços de host definidos para na inicialização e sincronização de sequências +php -r " + require_once '/opt/sip/web/Sip.php'; + \$conexao = BancoSip::getInstance(); + \$conexao->setBolScript(true); + \$objScriptRN = new ScriptRN(); + \$objScriptRN->atualizarSequencias(); +" || exit 1 + +echo "atualizar sequences do SEI" +# Atualizar os endereços de host definidos para na inicialização e sincronização de sequências +php -r " + require_once '/opt/sei/web/SEI.php'; + \$conexao = BancoSEI::getInstance(); + \$conexao->setBolScript(true); + \$objScriptRN = new ScriptRN(); + \$objScriptRN->atualizarSequencias(); +" +echo "Finalizacao de atualizacao de sequences" + + #atualizar #/usr/sbin/httpd -DFOREGROUND & #sleep 3 diff --git a/containeres/app/files/scripts-e-automatizadores/entrypoint.sh b/containeres/app/files/scripts-e-automatizadores/entrypoint.sh index 14c99021..e77fd92f 100755 --- a/containeres/app/files/scripts-e-automatizadores/entrypoint.sh +++ b/containeres/app/files/scripts-e-automatizadores/entrypoint.sh @@ -107,6 +107,51 @@ do sleep 5 done + +# Gera certificados caso necessário para desenvolvimento +if [ ! -d "/certs/seiapp" ]; then + echo "Diretorio /certs nao encontrado, criando ..." + mkdir -p /certs/seiapp +fi + +echo "Verificando se certificados existem no diretorio /certs...." +if [ ! -f /certs/seiapp/sei-ca.pem ] || [ ! -f /certs/seiapp/sei.crt ]; then + echo "Arquivos de cert nao encontrados criando auto assinados ..." + + cd /certs/seiapp + + echo "Criando CA" + openssl genrsa -out sei-ca-key.pem 2048 + openssl req -x509 -new -nodes -key sei-ca-key.pem \ + -days 10000 -out sei-ca.pem -subj "/CN=sei-dev" + + echo "Criando certificados para o dominio: $APP_HOST" + openssl genrsa -out sei.key 2048 + openssl req -new -nodes -key sei.key \ + -days 10000 -out sei.csr -subj "/CN=$APP_HOST" + openssl x509 -req -in sei.csr -CA sei-ca.pem \ + -CAkey sei-ca-key.pem -CAcreateserial \ + -out sei.crt -days 10000 -extensions v3_req + + cat /certs/seiapp/sei-ca.pem >> /etc/ssl/certs/cacert.pem + echo "Adicionada nova CA ao TrustStore\n" +else + echo "Arquivos de cert encontrados vamos tentar utilizá-los..." +fi + +cd /certs/seiapp +cp sei.crt /etc/pki/tls/certs/sei.crt +cp sei-ca.pem /etc/pki/tls/certs/sei-ca.pem +cp sei.key /etc/pki/tls/private/sei.key +cat sei.crt sei.key >> /etc/pki/tls/certs/sei.pem + +echo "Incluindo TrustStore no sistema" +#cp /icpbrasil/*.crt /etc/pki/ca-trust/source/anchors/ +cp sei-ca.pem /etc/pki/ca-trust/source/anchors/ +update-ca-trust extract +update-ca-trust enable + + echo "Atualizador finalizado procedendo com a subida do apache..." #atualizar diff --git a/envlocal-example-mysql.env b/envlocal-example-mysql.env index 707f8c5a..9d576c99 100644 --- a/envlocal-example-mysql.env +++ b/envlocal-example-mysql.env @@ -1,3 +1,10 @@ +############################################## +# ATENCAO ESTE ARQUIVO ESTA DESATUALIZADO PARA ESSA VERSAO AINDA NAO ATUALIZAMOS, AGUARDAR PROX VERSAO +# USAR ARQUIVO envlocal.env enquanto isso +############################################## + + + # lista de parametros do projeto # indica onde esta o codigo fonte de dados no host hospedeiro(vm ou maquina onde vc quer subir o projeto). diff --git a/envlocal-example-oracle.env b/envlocal-example-oracle.env index d863b371..5d8bd5d8 100644 --- a/envlocal-example-oracle.env +++ b/envlocal-example-oracle.env @@ -1,3 +1,10 @@ +############################################## +# ATENCAO ESTE ARQUIVO ESTA DESATUALIZADO PARA ESSA VERSAO AINDA NAO ATUALIZAMOS, AGUARDAR PROX VERSAO +# USAR ARQUIVO envlocal.env enquanto isso +############################################## + + + # lista de parametros do projeto # indica onde esta o codigo fonte de dados no host hospedeiro(vm ou maquina onde vc quer subir o projeto). @@ -88,8 +95,8 @@ export MODULO_ESTATISTICAS_CHAVE=seipublico # MODULO WSSEI -#export MODULO_WSSEI_INSTALAR=true -#export MODULO_WSSEI_VERSAO=compatsei4.0.0 -#export MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message -#export MODULO_WSSEI_ID_APP=4 -#export MODULO_WSSEI_CHAVE= \ No newline at end of file +export MODULO_WSSEI_INSTALAR=true +export MODULO_WSSEI_VERSAO=compatsei4.0.0 +export MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message +export MODULO_WSSEI_ID_APP=4 +export MODULO_WSSEI_CHAVE=pegueachavenacentraldesservicospen \ No newline at end of file diff --git a/envlocal-example-sqlserver.env b/envlocal-example-sqlserver.env index 0985b136..848b036d 100644 --- a/envlocal-example-sqlserver.env +++ b/envlocal-example-sqlserver.env @@ -1,3 +1,10 @@ +############################################## +# ATENCAO ESTE ARQUIVO ESTA DESATUALIZADO PARA ESSA VERSAO AINDA NAO ATUALIZAMOS, AGUARDAR PROX VERSAO +# USAR ARQUIVO envlocal.env enquanto isso +############################################## + + + # lista de parametros do projeto # indica onde esta o codigo fonte de dados no host hospedeiro(vm ou maquina onde vc quer subir o projeto). diff --git a/envlocal.env b/envlocal.env index a276becc..b3e1b211 100644 --- a/envlocal.env +++ b/envlocal.env @@ -7,25 +7,49 @@ # O caminho deve ser absoluto do seu host # o caminho deve ser informado completo ate antes das pastas infra sei e sip # por ex, caso o seu fonte esteja no ~/FontesSEI entao informe como abaixo -# nesse caso dentro do ~/FontesSEI estao as pastas infra sei e sip +# nesse caso dentro do ~/sei/FontesSEI estao as pastas infra sei e sip # retire os arquivos de ConfiguracaoSEI.php e ConfiguracaoSip.php ou deixe eles com permissao de escrita, o conteiner vai manipula-los -LOCALIZACAO_FONTES_SEI=~/FontesSEI +LOCALIZACAO_FONTES_SEI=~/sei/FontesSEI +# por enquanto apenas crie essa localizacao ai no seu host, a adicao de certs sera automatica e auto assinado. Prox versao aceitara certs de terceiros +# apenas crie o dir vazio abaixo ai na sua maquina no caminho indicado +LOCALIZACAO_CERTS=~/sei/certs + + +# BALANCEADOR +# Para habilitar/desabilitar o https ou http do SEI deixe os valores aqui default, altere apenas o parametro APP_PROTOCOLO +# na secao mais abaixo para http ou https (default https) +# interface de administracao do solr e haproxy serao sempre https +export BALANCEADOR_PRESENTE=true +export BALANCEADOR_PORTA_80_MAP_EXPOR=true +export BALANCEADOR_PORTA_80_MAP=80:80 +export BALANCEADOR_PORTA_443_MAP_EXPOR=true +export BALANCEADOR_PORTA_443_MAP=443:443 + +export BALANCEADOR_CERT_FILE=/certs/sei.pem + +# indica se o make vai incluir e expor portas locais 80 e 443 no app - muito cuidado para nao conflitar com as portas do balanceador +# apenas ative aqui se escolher subir sem o balanceador e apenas 1 noh +export APP_PORTA_80_MAP_EXPOR=false +export APP_PORTA_80_MAP=80:80 +export APP_PORTA_443_MAP_EXPOR=false +export APP_PORTA_443_MAP=443:443 + +export JOD_PRESENTE=true +export JOD_MAIL_CATCHER=false -# indica se o make vai incluir e expor portas locais 80 e 443 no app - parametro ainda nao utilizado nessa versao -# parametro ainda n funciona -PORTAS_LOCAIS_APP=true # indica se o make vai deixar o build no docker-compose, no rancher n funciona com o build - parametro ainda nao utilizado nessa versao # parametro ainda n funciona DOCKER_COMPOSE_BUILD=true #Images -export DOCKER_IMAGE_APP=processoeletronico/sei4-app:1.0.0 +export DOCKER_IMAGE_APP=processoeletronico/sei4-app:1.1.0 export DOCKER_IMAGE_BD=processoeletronico/sei4-mysql5.7:1.0 export DOCKER_IMAGE_SOLR=processoeletronico/sei4-solr8.2.0:1.0 export DOCKER_IMAGE_MEMCACHED=memcached export DOCKER_IMAGE_JOD=processoeletronico/vagrant-sei4_jod +export DOCKER_IMAGE_SMTP=processoeletronico/vagrant_sei4_mailcatcher #Volumes export VOLUME_DB=local-storage-db @@ -47,15 +71,18 @@ export VOLUME_FONTES=local-fontes-storage #caso nao deseje volume acima passe o dir aqui ou outro volume export VOLUME_FONTES_MOUNT=local-fontes-storage +export VOLUME_CERTS=local-certs-storage +#caso nao deseje volume acima passe o dir aqui ou outro volume +export VOLUME_CERTS_MOUNT=local-certs-storage + export VOLUME_SOLR=local-volume-solr export SOLR_DATA_DIRECTORY=/dados # App -export APP_PROTOCOLO=http -export APP_PROTOCOLO=http +export APP_PROTOCOLO=https export APP_HOST=localhost -export APP_ORGAO=ABC +export APP_ORGAO=ME export APP_ORGAO_DESCRICAO="Orgao Processo Eletronico - MySql" export APP_NOMECOMPLEMENTO="SEI - PEN - DTH" export APP_DB_TIPO=MySql @@ -68,6 +95,20 @@ export APP_DB_SEI_USERNAME=sei_user export APP_DB_SEI_PASSWORD=sei_user export APP_DB_ROOT_USERNAME=root export APP_DB_ROOT_PASSWORD=root +# email do sei +# vars abaixo de email ainda n funcionam, apenas na prox versao +export APP_MAIL_TIPO=2 #1 = sendmail (neste caso n�o � necess�rio configurar os atributos abaixo), 2 = SMTP +export APP_MAIL_SMTP=smtp +export APP_MAIL_PORTA=1025 +export APP_MAIL_CODIFICACAO=8bit +export APP_MAIL_MAXDESTINATARIOS=999 +export APP_MAIL_MAXTAMANHOANEXOSMB=999 +export APP_MAIL_SEGURANCA= +export APP_MAIL_AUTENTICAR= false +export APP_MAIL_USUARIO= +export APP_MAIL_SENHA= +export APP_MAIL_PROTEGIDO= +# chaves do SEI e SIP export APP_SIP_CHAVE_ACESSO=d27791b8b33226ca19662539e9eb77edf604bd61d7f51c28f1f6387bb8413d1d9f0960d5 export APP_SEI_CHAVE_ACESSO=7babf862dd3c172174e8e81ae7559e81a11ba933a3ddbb979eb9e56bc7d424603179ff17 @@ -85,13 +126,17 @@ export APP_SEI_CHAVE_ACESSO=7babf862dd3c172174e8e81ae7559e81a11ba933a3ddbb979eb9 export MODULO_ESTATISTICAS_INSTALAR=true export MODULO_ESTATISTICAS_VERSAO=CompatibilidadeSEI4.0.0 export MODULO_ESTATISTICAS_URL=https://estatistica.dev.processoeletronico.gov.br +# aqui a sigla e chave abaixo sao funcionais para qualquer sei +# porem na sua instalacao do orgao vc devera solicitar a chave e sigla abrindo chamado de acordo com as orientacoes +# da pagina do modulo no github export MODULO_ESTATISTICAS_SIGLA=SEIPUBLICO export MODULO_ESTATISTICAS_CHAVE=seipublico # MODULO WSSEI -export MODULO_WSSEI_INSTALAR=true -export MODULO_WSSEI_VERSAO=compatsei4.0.0 -export MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message -export MODULO_WSSEI_ID_APP=4 -export MODULO_WSSEI_CHAVE=pegueachavenacentraldesservicospen +# o módulo wssei instala mas ainda nao esta funcional no sei4.0 +#export MODULO_WSSEI_INSTALAR=true +#export MODULO_WSSEI_VERSAO=compatsei4.0.0 +#export MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message +#export MODULO_WSSEI_ID_APP=4 +#export MODULO_WSSEI_CHAVE=pegueachavenacentraldesservicospen diff --git a/orquestrators/docker-compose/cert0.pem b/orquestrators/docker-compose/cert0.pem new file mode 100644 index 00000000..e91e7e05 --- /dev/null +++ b/orquestrators/docker-compose/cert0.pem @@ -0,0 +1,50 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxDbvdDEZVT+VvJ3JDrwx7swGXLWOgZh9mooyh3r9A8hv7gaG +Pw/nXIe8yY1rGtjNkwv8nq/yDXaoaX3C4t0zVcTMKod1Gfw3kYT/mK1An8C24dSq +HxsUjvq7Am16b2UyCpgDQV5ewA70IgOySQ5sQ3OmcsqB8IHw53otmN6z9ZdRSEq7 +FeOqlpApCOAGuo6bttFcD4Ka/jz3I46s0bSsvwblHXvAnnmT6hLv2ROMSJ/Pzt3N +1Z1zVhOpx7W7BUBuawbKQTvyWaE8E3u9GEVKCovST3oZb2n+WvNQUx9f4nVGXD0s +VcpJl27358Nv2i2LPwuArNPuLkD6r+tVgN5tMwIDAQABAoIBAH3IKaB2iSLY7AhJ +rcXAZtIKAFoWGRCCzKHwzYuEEAYIy5funsh2TX5HlYIvIeXH7aDCImMnrydqVXOq +pu//lRT6X1c0FqFdydGDTMZ26eJ/C72hMp1WIsu1d4SK4d3fJUEdSZjyAhNkgqP7 +cqLamBR1YtJbdwjSg7gf3nMM8JgSFS5dyxcbWF2qWyp93XfmnuTSw0muimBtZHTT +dKfqXqz0wO4QGERlCWqpv6VxMucmsx0LJ23NxEPbiss0tzUht7Df/gisug1Oe3MP +1/ewJaOvvwuBB2q7ss1n2jr4hkxTaiv6h3Mm/Zk+GNo2H0HXzGbp4weI6zdunyhI +9NVwtsECgYEA4uJh+FytpCAalEG+naWZ2Fi2P3ypmxU5bJrICE9tln74M1jJYeA/ +epoylq7MqrSmClQ2AWYc+7JtxEb1rHPzxFaQUyy3brRZxDTpXKEx2wcs06tpxTgd +iqAooVe27o/S69hf6jMtrmUwplvUvaX7kNwLYoC07qrP2zoiCMczeVsCgYEA3WT9 +QBLLg53z9InAIlZ5DFKEpnqb2E8LdRJX4NBgvKfSKYyhXgJFa/dObnkSpUZPdOA7 +gId0RIqd+7DeEinmPWenMgZKcFQ7fvoq3cyOBtb6Q8UjitCwhbX/jYxRpS95+ZuZ +rDmU4AboiKFEEbnLeMYRGD2lc99rCbmkj7C8ywkCgYEA3TshjKvSJVeokygIVnBD +s1HNY9qLB02K0PucUX4hvb3RB0BsHaQsQcBZ09RefZXo0emLP5HycPtrTRhkNeRa +rfg6gt/3fVserNNrOYd0tb4pV7ytRkGRjLre43RETBqx8Ibr/9InmQXSimTA7KwM +wRPPhh06T/7+7yWgSi7zYkECgYA6hRY32H/440h3q+2gZfELI8iyZJhLHeGuaVHX +N91KIKX5m5WPztPgzPbrVo9qJmKcRyUTPTqrX2SRAdhBPtgABST5oRYOCQXM831f +MVGdVzfBsBtL9wuh3FCXbq6qFhmMs+dz0aibatgOPWpLsSuqWdhs6uaP8U9Ou8ZW +wOW2WQKBgARB0T67mc8K9+mJnC++FxQ+snRFkveKwqL1QP3P0L3NvHunl+LDVPe6 ++eHXlEPhkHEGckSt1SlIKgzQvRdAgj+NkP39YdAjhaMEH+AmH6IzeDZ1IeEZDg3E +XFmR64L9ILXXkELlAI5gxn8z6sIrhSiE0ttlFnIV0EJJQTPJw5Li +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDxDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJhYTEL +MAkGA1UECBMCYWExCzAJBgNVBAcTAmFhMQswCQYDVQQKEwJhYTELMAkGA1UECxMC +YWExFzAVBgNVBAMTDnd3dy5rb2h6ZWUueHl6MREwDwYJKoZIhvcNAQkBFgJhYTAe +Fw0xNzEyMjEwNDE0MDBaFw0yODEyMjEwNDE0MDBaMG0xCzAJBgNVBAYTAmFhMQsw +CQYDVQQIEwJhYTELMAkGA1UEBxMCYWExCzAJBgNVBAoTAmFhMQswCQYDVQQLEwJh +YTEXMBUGA1UEAxMOd3d3LmtvaHplZS54eXoxETAPBgkqhkiG9w0BCQEWAmFhMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDbvdDEZVT+VvJ3JDrwx7swG +XLWOgZh9mooyh3r9A8hv7gaGPw/nXIe8yY1rGtjNkwv8nq/yDXaoaX3C4t0zVcTM +Kod1Gfw3kYT/mK1An8C24dSqHxsUjvq7Am16b2UyCpgDQV5ewA70IgOySQ5sQ3Om +csqB8IHw53otmN6z9ZdRSEq7FeOqlpApCOAGuo6bttFcD4Ka/jz3I46s0bSsvwbl +HXvAnnmT6hLv2ROMSJ/Pzt3N1Z1zVhOpx7W7BUBuawbKQTvyWaE8E3u9GEVKCovS +T3oZb2n+WvNQUx9f4nVGXD0sVcpJl27358Nv2i2LPwuArNPuLkD6r+tVgN5tMwID +AQABo28wbTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTcNn58ungDMPtmoMFhBYXG +LtfpGDALBgNVHQ8EBAMCBeAwEQYJYIZIAYb4QgEBBAQDAgZAMB4GCWCGSAGG+EIB +DQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggEBAC0SVGGgcYIn +HsFlXSdzzTA8PFA7AULRYwuIxzYzF0FtfZwuFdoCUZX8MKXPjVwReN0fclSWKQiV +WpnKxZki3aseS54gLhlZKhiyk8ibsV5nWarr5I0YA8OBR26Z+PCaYVEubxtdr/0x +Dkq4H6VIbVJFPdqvE0CYOl74BJ4M8p3dWxtodUhDt82kSXnXrdjomj7nbr4YEH/3 +S/LVXZahMYuUM2RP1WPRoax/j9dSukMkL0Nd78PXVmx/jKPT+oysX3/bQ8OgWzdv +o4vtB7hnKU28Oo7/tzb4HxHrN4Ov2L2D03d54Y47QNceZVaDa3hlygKTtaZa0wm+ +CjcPERzBvWo= +-----END CERTIFICATE----- diff --git a/orquestrators/docker-compose/docker-compose-template.yml b/orquestrators/docker-compose/docker-compose-template.yml index b5026072..db8b2645 100644 --- a/orquestrators/docker-compose/docker-compose-template.yml +++ b/orquestrators/docker-compose/docker-compose-template.yml @@ -6,6 +6,8 @@ volumes: external: true ${VOLUME_SOLR}: external: true + ${VOLUME_CERTS}: + external: true ${VOLUME_FONTES}: external: true @@ -23,9 +25,16 @@ services: io.rancher.container.start_once: "true" volumes: - ${VOLUME_FONTES_MOUNT}:/opt:rw + + storage-certs: + image: "busybox:latest" + labels: + io.rancher.container.start_once: "true" + volumes: + - ${VOLUME_CERTS_MOUNT}:/certs:rw - jod: - image: ${DOCKER_IMAGE_JOD} + #jod: #servicejod + # image: ${DOCKER_IMAGE_JOD} #servicejod memcached: image: ${DOCKER_IMAGE_MEMCACHED} @@ -41,6 +50,9 @@ services: solr: image: ${DOCKER_IMAGE_SOLR} + environment: + - VIRTUAL_HOST=http://${APP_HOST}/solr*,https://${APP_HOST}/solr* + - FORCE_SSL=true volumes: - ${VOLUME_SOLR}:${SOLR_DATA_DIRECTORY} @@ -51,6 +63,7 @@ services: volumes_from: - storage-arquivosexternos - storage-fontes + - storage-certs labels: io.rancher.container.pull_image: always io.rancher.container.start_once: 'true' @@ -86,16 +99,18 @@ services: - db:db - memcached:memcached - solr:solr - - jod:jod + #- jod:jod #servicejod app: image: ${DOCKER_IMAGE_APP} entrypoint: "/entrypoint.sh" - ports: - - "80:80" + #ports: + # - ${APP_PORTA_80_MAP} + # - ${APP_PORTA_443_MAP} volumes_from: - storage-arquivosexternos - storage-fontes - app-atualizador + - storage-certs labels: io.rancher.container.pull_image: always io.rancher.sidekicks: storage-arquivosexternos,storage-fontes,app-atualizador @@ -127,8 +142,29 @@ services: - MODULO_WSSEI_URL_NOTIFICACAO=${MODULO_WSSEI_URL_NOTIFICACAO} - MODULO_WSSEI_ID_APP=${MODULO_WSSEI_ID_APP} - MODULO_WSSEI_CHAVE=${MODULO_WSSEI_CHAVE} + - VIRTUAL_HOST=https://${APP_HOST}/sei*,https://${APP_HOST}/sip*,https://${APP_HOST}/infra*,http://${APP_HOST}/sei*,http://${APP_HOST}/sip*,http://${APP_HOST}/infra* + #- EXCLUDE_PORTS=443 + #- EXCLUDE_PORTS=80 + #- EXTRA_ROUTE_SETTINGS=ssl verify none + - COOKIE=SRV insert indirect nocache links: - db:db - memcached:memcached - solr:solr - - jod:jod \ No newline at end of file + #- jod:jod #servicejod + #balanceador: + # image: dockercloud/haproxy + # links: + # - app + # - solr + # environment: + # - EXTRA_FRONTEND_SETTINGS_80=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root + # - EXTRA_FRONTEND_SETTINGS_443=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://${APP_HOST}/sei/ if is_root + # - CERT_FOLDER=/certs + # volumes_from: + # - storage-certs + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock + # ports: + # - ${BALANCEADOR_PORTA_80_MAP} + # - ${BALANCEADOR_PORTA_443_MAP} \ No newline at end of file diff --git a/orquestrators/docker-compose/docker-compose.yml b/orquestrators/docker-compose/docker-compose.yml index 5a690663..58082850 100644 --- a/orquestrators/docker-compose/docker-compose.yml +++ b/orquestrators/docker-compose/docker-compose.yml @@ -6,6 +6,8 @@ volumes: external: true local-volume-solr: external: true + local-certs-storage: + external: true local-fontes-storage: external: true @@ -23,9 +25,16 @@ services: io.rancher.container.start_once: "true" volumes: - local-fontes-storage:/opt:rw + + storage-certs: + image: "busybox:latest" + labels: + io.rancher.container.start_once: "true" + volumes: + - local-certs-storage:/certs:rw - jod: - image: processoeletronico/vagrant-sei4_jod + #jod: #servicejod + # image: processoeletronico/vagrant-sei4_jod #servicejod memcached: image: memcached @@ -41,23 +50,27 @@ services: solr: image: processoeletronico/sei4-solr8.2.0:1.0 + environment: + - VIRTUAL_HOST=http://sou.cristao.jesus.br/solr*,https://sou.cristao.jesus.br/solr* + - FORCE_SSL=true volumes: - local-volume-solr:/dados app-atualizador: - image: processoeletronico/sei4-app:1.0.0 + image: processoeletronico/sei4-app:1.1.0 entrypoint: "/entrypoint-atualizador.sh" volumes_from: - storage-arquivosexternos - storage-fontes + - storage-certs labels: io.rancher.container.pull_image: always io.rancher.container.start_once: 'true' environment: - - APP_PROTOCOLO=http - - APP_HOST=localhost - - APP_ORGAO=ABC + - APP_PROTOCOLO=https + - APP_HOST=sou.cristao.jesus.br + - APP_ORGAO=ME - APP_ORGAO_DESCRICAO="Orgao Processo Eletronico - MySql" - APP_NOMECOMPLEMENTO="SEI - PEN - DTH" - APP_DB_TIPO=MySql @@ -77,32 +90,34 @@ services: - MODULO_ESTATISTICAS_URL=https://estatistica.dev.processoeletronico.gov.br - MODULO_ESTATISTICAS_SIGLA=SEIPUBLICO - MODULO_ESTATISTICAS_CHAVE=seipublico - - MODULO_WSSEI_INSTALAR=true - - MODULO_WSSEI_VERSAO=compatsei4.0.0 - - MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message - - MODULO_WSSEI_ID_APP=4 - - MODULO_WSSEI_CHAVE=pegueachavenacentraldesservicospen + - MODULO_WSSEI_INSTALAR= + - MODULO_WSSEI_VERSAO= + - MODULO_WSSEI_URL_NOTIFICACAO= + - MODULO_WSSEI_ID_APP= + - MODULO_WSSEI_CHAVE= links: - db:db - memcached:memcached - solr:solr - - jod:jod + #- jod:jod #servicejod app: - image: processoeletronico/sei4-app:1.0.0 + image: processoeletronico/sei4-app:1.1.0 entrypoint: "/entrypoint.sh" - ports: - - "80:80" + #ports: + # - 80:80 + # - 443:443 volumes_from: - storage-arquivosexternos - storage-fontes - app-atualizador + - storage-certs labels: io.rancher.container.pull_image: always io.rancher.sidekicks: storage-arquivosexternos,storage-fontes,app-atualizador environment: - - APP_PROTOCOLO=http - - APP_HOST=localhost - - APP_ORGAO=ABC + - APP_PROTOCOLO=https + - APP_HOST=sou.cristao.jesus.br + - APP_ORGAO=ME - APP_ORGAO_DESCRICAO="Orgao Processo Eletronico - MySql" - APP_NOMECOMPLEMENTO="SEI - PEN - DTH" - APP_DB_TIPO=MySql @@ -122,13 +137,34 @@ services: - MODULO_ESTATISTICAS_URL=https://estatistica.dev.processoeletronico.gov.br - MODULO_ESTATISTICAS_SIGLA=SEIPUBLICO - MODULO_ESTATISTICAS_CHAVE=seipublico - - MODULO_WSSEI_INSTALAR=true - - MODULO_WSSEI_VERSAO=compatsei4.0.0 - - MODULO_WSSEI_URL_NOTIFICACAO=https://app-push-gestao-api.dev.nuvem.gov.br/mba-mmmessage/message - - MODULO_WSSEI_ID_APP=4 - - MODULO_WSSEI_CHAVE=pegueachavenacentraldesservicospen + - MODULO_WSSEI_INSTALAR= + - MODULO_WSSEI_VERSAO= + - MODULO_WSSEI_URL_NOTIFICACAO= + - MODULO_WSSEI_ID_APP= + - MODULO_WSSEI_CHAVE= + - VIRTUAL_HOST=https://sou.cristao.jesus.br/sei*,https://sou.cristao.jesus.br/sip*,https://sou.cristao.jesus.br/infra*,http://sou.cristao.jesus.br/sei*,http://sou.cristao.jesus.br/sip*,http://sou.cristao.jesus.br/infra* + #- EXCLUDE_PORTS=443 + - EXCLUDE_PORTS=80 + - EXTRA_ROUTE_SETTINGS=ssl verify none + - COOKIE=SRV insert indirect nocache links: - db:db - memcached:memcached - solr:solr - - jod:jod \ No newline at end of file + #- jod:jod #servicejod + balanceador: + image: dockercloud/haproxy + links: + - app + - solr + environment: + - EXTRA_FRONTEND_SETTINGS_80=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://sou.cristao.jesus.br/sei/ if is_root + - EXTRA_FRONTEND_SETTINGS_443=use_backend stats if { path_beg -i /haproxy }, acl is_root path -i /, redirect code 301 location http://sou.cristao.jesus.br/sei/ if is_root + - CERT_FOLDER=/certs + volumes_from: + - storage-certs + volumes: + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 80:80 + - 443:443