diff --git a/CHANGELOG.md b/CHANGELOG.md index c3d99a1bc..6744006ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Changelog ## Next +* Rework install.sh * Set restart policy for redis docker container * Add setting to disable websockets and always use HTTP for collaborative editing * Fix error while sorting finding templates by created/updated date diff --git a/deploy/caddy/docker-compose.yml b/deploy/caddy/docker-compose.yml new file mode 100644 index 000000000..51f9a5f51 --- /dev/null +++ b/deploy/caddy/docker-compose.yml @@ -0,0 +1,17 @@ +# Do not modify. This file is automatically generated. +# Changes will be overwritten. +services: + caddy: + image: caddy:latest + container_name: 'sysreptor-caddy' + restart: unless-stopped + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - type: volume + source: sysreptor-caddy-data + target: /data + network_mode: "host" + +volumes: + sysreptor-caddy-data: + name: sysreptor-caddy-data diff --git a/deploy/caddy/setup.sh b/deploy/caddy/setup.sh new file mode 100644 index 000000000..a77f32c0b --- /dev/null +++ b/deploy/caddy/setup.sh @@ -0,0 +1,85 @@ +#!/bin/bash +cd `dirname "$BASH_SOURCE"` +if + test -f Caddyfile +then + echo "Caddyfile exists. Skipping web server setup." + read -p "Press any key to continue installation..." + echo "" + cd - >/dev/null + return 2>/dev/null || exit -1 # return if script is source, exit if in process +fi +while [[ "$SYSREPTOR_WEBSERVER" != [yY] && "$SYSREPTOR_WEBSERVER" != [nN] ]] +do + echo "" + echo "SysReptor runs on localhost (127.0.0.1) by default." + read -p "Should we setup a webserver (Caddy in Docker) for you to expose it to your local network or the Internet? [y/n]: " SYSREPTOR_WEBSERVER + if [[ "$SYSREPTOR_WEBSERVER" == [yY] ]] + then + while [[ "$SYSREPTOR_LETSENCRYPT" != [yY] && "$SYSREPTOR_LETSENCRYPT" != [nN] ]] + do + echo "" + echo "Should we take care of your webserver HTTPS certificate using LetsEncrypt?" + echo "For this, you must set up:" + echo " 1. a valid domain name resolving to your public IP address" + echo " 2. port 80 of your must be publicly reachable" + read -p "Want a LetsEncrypt webserver certificate? [y/n]: " SYSREPTOR_LETSENCRYPT + done + while ! case "$SYSREPTOR_CADDY_PORT" in ''|*[!0-9]*) false;;esac; + do + if [[ "$SYSREPTOR_LETSENCRYPT" == [yY] ]] + then + default_port=443 + else + default_port=80 + fi + read -p "What port should the webserver use? [$default_port] " SYSREPTOR_CADDY_PORT + SYSREPTOR_CADDY_PORT=${SYSREPTOR_CADDY_PORT:-$default_port} + if [[ "$SYSREPTOR_CADDY_PORT" -lt 1 || "$SYSREPTOR_CADDY_PORT" -gt 65535 ]] + then + echo "Invalid port number. Please enter a valid port number between 1 and 65535." + SYSREPTOR_CADDY_PORT="" + elif [[ "$SYSREPTOR_CADDY_PORT" -eq 8000 ]] + then + echo "The Django app uses port 8000 on 127.0.0.1. Please use a different port." + SYSREPTOR_CADDY_PORT="" + fi + done + if [[ "$SYSREPTOR_LETSENCRYPT" == [yY] ]] + then + while [ -z "$SYSREPTOR_CADDY_FQDN" ] + do + read -p "What is your publicly reachable fully qualified domain name (e.g., sysreptor.example.com)? " SYSREPTOR_CADDY_FQDN + done + fi + fi +done +if [[ "$SYSREPTOR_WEBSERVER" == [nN] ]] +then + echo "Okay. Won't set up a webserver." +else + # Create config + echo """# Do not modify. This file is automatically generated. +# Changes will be overwritten. +$SYSREPTOR_CADDY_FQDN:$SYSREPTOR_CADDY_PORT + +reverse_proxy http://127.0.0.1:8000""" > Caddyfile + echo "Setting up your web server..." + + docker_compose_file="../docker-compose.yml" + include_caddy=" - caddy/docker-compose.yml" + if ! grep -q "^$include_caddy" "$docker_compose_file" + then + # Include Caddy in docker-compose.yml + sed -i "s#include:#include:\n$include_caddy#" "$docker_compose_file" + fi +fi +docker container stop sysreptor-caddy 1>/dev/null 2>&1 && docker container rm sysreptor-caddy 1>/dev/null 2>&1 || true +echo "" +cd - >/dev/null +return 2>/dev/null || true # return if script is source + +cd `dirname "$BASH_SOURCE"` +cd .. +docker compose up -d +cd - >/dev/null diff --git a/deploy/docker-compose.override.yml b/deploy/docker-compose.override.yml index f23c255d2..a13a1d084 100644 --- a/deploy/docker-compose.override.yml +++ b/deploy/docker-compose.override.yml @@ -1,35 +1,5 @@ -name: sysreptor - -services: - app: - environment: - SPELLCHECK_URL: http://languagetool:8010/ - depends_on: - languagetool: - condition: service_started - languagetool: - build: - context: ../languagetool - args: - CA_CERTIFICATES: ${SYSREPTOR_CA_CERTIFICATES-} - container_name: 'sysreptor-languagetool' - init: true - environment: - languagetool_dbHost: db - languagetool_dbName: reportcreator - languagetool_dbUsername: reportcreator - languagetool_dbPassword: reportcreator - HTTP_PROXY: ${HTTP_PROXY-} - HTTPS_PROXY: ${HTTPS_PROXY-} - expose: - - 8010 - healthcheck: - test: ["CMD", "curl", "-f", "-so", "/dev/null", "http://localhost:8010/v2/languages"] - interval: 30s - timeout: 30s - retries: 5 - start_period: 10s - restart: unless-stopped - depends_on: - db: - condition: service_healthy \ No newline at end of file +# This file is included due to legacy reasons +# It makes sure that Docker starts the languagetool container for Pro customers +# We will delete this file in July 2025 +include: + - languagetool/docker-compose.yml diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 3d5d1e337..9814b2435 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -1,80 +1,4 @@ -# Do not modify. This file is automatically generated. -# Changes will be overwritten. name: sysreptor -services: - db: - image: 'postgres:14' - container_name: 'sysreptor-db' - environment: - POSTGRES_USER: reportcreator - POSTGRES_PASSWORD: reportcreator - POSTGRES_DB: reportcreator - PGDATA: /data - volumes: - - type: volume - source: db-data - target: /data - expose: - - 5432 - healthcheck: - test: ["CMD-SHELL", "pg_isready -U reportcreator"] - interval: 2s - timeout: 5s - retries: 30 - restart: unless-stopped - stop_grace_period: 120s - redis: - image: bitnami/redis:7.2 - environment: - REDIS_PASSWORD: reportcreator - expose: - - 6379 - restart: unless-stopped - app: - build: - context: ../ - target: api - args: - VERSION: ${SYSREPTOR_VERSION} - CA_CERTIFICATES: ${SYSREPTOR_CA_CERTIFICATES-} - container_name: 'sysreptor-app' - init: true - volumes: - - type: volume - source: app-data - target: /data - expose: - - 8000 - ports: - - ${BIND_PORT:-127.0.0.1:8000:8000} - environment: - DATABASE_HOST: db - DATABASE_NAME: reportcreator - DATABASE_USER: reportcreator - DATABASE_PASSWORD: reportcreator - REDIS_URL: redis://:reportcreator@redis:6379/0 - HTTP_PROXY: ${HTTP_PROXY-} - HTTPS_PROXY: ${HTTPS_PROXY-} - env_file: app.env - restart: unless-stopped - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/utils/healthcheck/"] - interval: 30s - timeout: 30s - retries: 5 - start_period: 10s - depends_on: - db: - condition: service_healthy - redis: - condition: service_started - - -volumes: - db-data: - name: sysreptor-db-data - external: true - app-data: - name: sysreptor-app-data - external: true +include: + - sysreptor/docker-compose.yml diff --git a/deploy/languagetool/docker-compose.yml b/deploy/languagetool/docker-compose.yml new file mode 100644 index 000000000..b91c5606d --- /dev/null +++ b/deploy/languagetool/docker-compose.yml @@ -0,0 +1,29 @@ +# Do not modify. This file is automatically generated. +# Changes will be overwritten. +services: + languagetool: + build: + context: ../../languagetool + args: + CA_CERTIFICATES: ${SYSREPTOR_CA_CERTIFICATES-} + container_name: 'sysreptor-languagetool' + init: true + environment: + languagetool_dbHost: db + languagetool_dbName: reportcreator + languagetool_dbUsername: reportcreator + languagetool_dbPassword: reportcreator + HTTP_PROXY: ${HTTP_PROXY-} + HTTPS_PROXY: ${HTTPS_PROXY-} + expose: + - 8010 + healthcheck: + test: ["CMD", "curl", "-f", "-so", "/dev/null", "http://localhost:8010/v2/languages"] + interval: 30s + timeout: 30s + retries: 5 + start_period: 10s + restart: unless-stopped + depends_on: + db: + condition: service_healthy \ No newline at end of file diff --git a/deploy/sysreptor.nginx b/deploy/nginx/sysreptor.nginx similarity index 87% rename from deploy/sysreptor.nginx rename to deploy/nginx/sysreptor.nginx index 4ac098e1b..1e72e11b2 100644 --- a/deploy/sysreptor.nginx +++ b/deploy/nginx/sysreptor.nginx @@ -24,7 +24,7 @@ server { ssl_stapling on; ssl_stapling_verify on; - # Timeouts for long running websocket connections and long PDF rendering tasks + # Timeouts for long running websocket connections and long PDF rendering tasks proxy_read_timeout 5m; proxy_send_timeout 5m; client_max_body_size 0; @@ -35,6 +35,6 @@ server { # Websockets proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header Connection "Upgrade"; } } diff --git a/deploy/sysreptor/docker-compose.yml b/deploy/sysreptor/docker-compose.yml new file mode 100644 index 000000000..23c9a5614 --- /dev/null +++ b/deploy/sysreptor/docker-compose.yml @@ -0,0 +1,80 @@ +# Do not modify. This file is automatically generated. +# Changes will be overwritten. +name: sysreptor + +services: + db: + image: 'postgres:14' + container_name: 'sysreptor-db' + environment: + POSTGRES_USER: reportcreator + POSTGRES_PASSWORD: reportcreator + POSTGRES_DB: reportcreator + PGDATA: /data + volumes: + - type: volume + source: db-data + target: /data + expose: + - 5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U reportcreator"] + interval: 2s + timeout: 5s + retries: 30 + restart: unless-stopped + stop_grace_period: 120s + redis: + image: bitnami/redis:7.2 + container_name: 'sysreptor-redis' + environment: + REDIS_PASSWORD: reportcreator + expose: + - 6379 + restart: unless-stopped + app: + build: + context: ../.. + target: api + args: + VERSION: ${SYSREPTOR_VERSION} + CA_CERTIFICATES: ${SYSREPTOR_CA_CERTIFICATES-} + SPELLCHECK_URL: ${SYSREPTOR_SPELLCHECK_URL:-http://languagetool:8010/} + container_name: 'sysreptor-app' + init: true + volumes: + - type: volume + source: app-data + target: /data + expose: + - 8000 + ports: + - ${BIND_PORT:-127.0.0.1:8000:8000} + environment: + DATABASE_HOST: db + DATABASE_NAME: reportcreator + DATABASE_USER: reportcreator + DATABASE_PASSWORD: reportcreator + REDIS_URL: redis://:reportcreator@redis:6379/0 + HTTP_PROXY: ${HTTP_PROXY-} + HTTPS_PROXY: ${HTTPS_PROXY-} + env_file: ../app.env + restart: unless-stopped + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/utils/healthcheck/"] + interval: 30s + timeout: 30s + retries: 5 + start_period: 10s + depends_on: + db: + condition: service_healthy + + +volumes: + db-data: + name: sysreptor-db-data + external: true + app-data: + name: sysreptor-app-data + external: true diff --git a/docs/docs/finding-templates/overview.md b/docs/docs/finding-templates/overview.md index 4c9efc7ff..807ceaa74 100644 --- a/docs/docs/finding-templates/overview.md +++ b/docs/docs/finding-templates/overview.md @@ -27,4 +27,4 @@ You can hide these fields in the template editor to focus on the relevant fields Markdown fields allow pasting images from your clipboard: -![Paste image to markdown field](../images/show/images_in_templates.gif) \ No newline at end of file +![Paste image to markdown field](../images/show/images_in_templates.gif) diff --git a/docs/docs/install.sh b/docs/docs/install.sh index e6e23a675..ad001559f 100644 --- a/docs/docs/install.sh +++ b/docs/docs/install.sh @@ -21,7 +21,7 @@ do error=0 fi done -if +if ! docker compose version >/dev/null 2>&1 then echo "docker compose v2 is not installed." @@ -32,11 +32,12 @@ if test 0 -eq "$docker" then echo "Follow the installation instructions at https://docs.docker.com/engine/install/ubuntu/" + exit -1 fi if test 0 -eq "$error" then - echo "See prerequisites at https://docs.sysreptor.com/setup/installation/#installation-via-script" + echo 'Install dependencies using "apt install -y sed curl openssl uuid-runtime coreutils"' exit -1 fi if @@ -66,6 +67,7 @@ then echo "Download did not succeed..." exit -5 fi + echo "Unpacking sysreptor.tar.gz..." tar xzf sysreptor.tar.gz @@ -73,28 +75,72 @@ cd sysreptor/deploy if test -f app.env then - echo "deploy/app.env exists. Will not create new secrets." + echo "deploy/app.env exists. Won't update configuration." + echo "Find configuration options at https://docs.sysreptor.com/setup/configuration/ for manual editing." + read -p "Press any key to continue installation..." + echo "" else + if [ ! -n "$SYSREPTOR_LICENSE" ] + then + read -p "License key (leave blank for Community Edition; you can upgrade anytime later): " SYSREPTOR_LICENSE + fi + + while [[ $SYSREPTOR_ENCRYPT != [yY] && $SYSREPTOR_ENCRYPT != [nN] ]] + do + read -p "Encrypt files and database? [y/n]: " SYSREPTOR_ENCRYPT + if [[ $SYSREPTOR_ENCRYPT == [yY] ]] + then + echo "We will generate secret keys using OpenSSL and store them in deploy/app.env." + echo "If you lose this file, your data won't be recoverable." + read -p "Did you understand that you will lose all data if your app.env is gone? [y/n]: " SYSREPTOR_ENCRYPT + if [[ $SYSREPTOR_ENCRYPT == [nN] ]] + then + echo "All clear, we won't encrypt your stored data." + fi + fi + done + + # Delete docker-compose.override.yml because that's needed for existing PRO installations only due to legacy reasons + # ...not for new installations + rm docker-compose.override.yml 2>/dev/null || true + echo "Creating app.env..." cp app.env.example app.env - echo "Generating secret key..." + echo "Generating Django secret key..." secret_key="SECRET_KEY=\"$(openssl rand -base64 64 | tr -d '\n=')\"" sed -i'' -e "s#.*SECRET_KEY=.*#$secret_key#" app.env - echo "Generating data at rest encryption keys..." - KEY_ID=$(uuidgen) - encryption_keys="ENCRYPTION_KEYS=[{\"id\": \"${KEY_ID}\", \"key\": \"$(openssl rand -base64 32)\", \"cipher\": \"AES-GCM\", \"revoked\": false}]" - default_encryption_key_id="DEFAULT_ENCRYPTION_KEY_ID=\"${KEY_ID}\"" - sed -i'' -e "s#.*ENCRYPTION_KEYS=.*#$encryption_keys#" app.env - sed -i'' -e "s#.*DEFAULT_ENCRYPTION_KEY_ID=.*#$default_encryption_key_id#" app.env + if [[ $SYSREPTOR_ENCRYPT == [yY] ]] + then + echo "Generating data at rest encryption keys..." + KEY_ID=$(uuidgen) + encryption_keys="ENCRYPTION_KEYS=[{\"id\": \"${KEY_ID}\", \"key\": \"$(openssl rand -base64 32)\", \"cipher\": \"AES-GCM\", \"revoked\": false}]" + default_encryption_key_id="DEFAULT_ENCRYPTION_KEY_ID=\"${KEY_ID}\"" + sed -i'' -e "s#.*ENCRYPTION_KEYS=.*#$encryption_keys#" app.env + sed -i'' -e "s#.*DEFAULT_ENCRYPTION_KEY_ID=.*#$default_encryption_key_id#" app.env + fi + + if [ -n "$SYSREPTOR_LICENSE" ] + then + echo "Adding your license key..." + sed -i'' -e "s#.*LICENSE=.*#LICENSE='$SYSREPTOR_LICENSE'#" app.env + + docker_compose_file="docker-compose.yml" + include_languagetool=" - languagetool/docker-compose.yml" + if ! grep -q "^$include_languagetool" "$docker_compose_file" + then + echo "Enable languagetool..." + sed -i "s#include:#include:\n$include_languagetool#" "$docker_compose_file" + fi + fi fi -if [ -n "$SYSREPTOR_LICENSE" ] + +# Webserver setup (Caddy) +if + test -f ./caddy/setup.sh then - echo "Adding your license key..." - sed -i'' -e "s#.*LICENSE=.*#LICENSE='$SYSREPTOR_LICENSE'#" app.env -else - echo "No license key found. Going with Community edition." + source caddy/setup.sh || true # do not exit on error fi echo "Creating docker volumes..." @@ -107,15 +153,8 @@ echo "Build and launch SysReptor via docker compose..." echo "We are downloading and installing all dependencies." echo "This may take a few minutes." -if [ -n "$SYSREPTOR_LICENSE" ] -then - compose_args="" -else - compose_args="-f docker-compose.yml" -fi - if - ! docker compose $compose_args up -d + ! docker compose up -d then echo "Ups. Something did not work while bringing up your containers." exit -2 @@ -149,10 +188,44 @@ echo "All imported." echo "" echo "Very nice." -echo "You can now login at http://127.0.0.1:8000" +if [ -z "$SYSREPTOR_CADDY_PORT" ] +then + SYSREPTOR_CADDY_PORT=8000 +fi +if [ -z "$SYSREPTOR_CADDY_FQDN" ] +then + echo "You can now login at http://127.0.0.1:$SYSREPTOR_CADDY_PORT" +else + echo "You can now login at https://$SYSREPTOR_CADDY_FQDN:$SYSREPTOR_CADDY_PORT" +fi echo "Username: reptor" echo "Password: $password" + +while [[ $CONFIRM != [yY] ]] +do + read -p "Copy your password now. Copied? [y/n]: " CONFIRM + if [[ $CONFIRM == [nN] ]] + then + echo "C'mon. Copy it. It's a good password." + fi +done + +if [[ -n "$encryption_keys" && -n "$default_encryption_key_id" ]] +then + CONFIRM="" + echo "" + echo "Those are your encryption keys:" + echo "$encryption_keys" + echo "$default_encryption_key_id" + while [[ $CONFIRM != [yY] ]] + do + read -p "Backup your encryption keys now. Done? [y/n]: " CONFIRM + if [[ $CONFIRM == [nN] ]] + then + echo "Not your keys, not your data. Backup them!" + fi + done +fi + echo "" echo "This was easy, wasn't it?" -echo "We recommend to setup a web server with HTTPS." -echo "Find instructions at: https://docs.sysreptor.com/setup/webserver/" \ No newline at end of file diff --git a/docs/docs/setup/configuration.md b/docs/docs/setup/configuration.md index c7aa62af7..918de0c17 100644 --- a/docs/docs/setup/configuration.md +++ b/docs/docs/setup/configuration.md @@ -3,16 +3,9 @@ After making changes, go to `sysreptor/deploy` and restart the containers: -=== "Professional" - ```shell - docker compose up -d - ``` - -=== "Community" - ```shell - docker compose -f docker-compose.yml up -d - ``` - +```shell +docker compose up -d +``` :octicons-cloud-24: Cloud · We take care of all configurations. If you want to change anything, please [contact us](../contact-us.md){ target=_blank }. diff --git a/docs/docs/setup/installation.md b/docs/docs/setup/installation.md index 9ec2b06ce..3674e109b 100755 --- a/docs/docs/setup/installation.md +++ b/docs/docs/setup/installation.md @@ -1,12 +1,12 @@ -# Prerequisites -## Server +## Prerequisites +### Server :octicons-server-24: Self-Hosted * Ubuntu * 4GB RAM * Latest [Docker](https://docs.docker.com/engine/install/ubuntu/){ target=_blank } (with docker-compose-plugin) -## Client +### Client :octicons-cloud-24: Cloud · :octicons-server-24: Self-Hosted * Network connection to the server @@ -17,14 +17,14 @@ * Safari -# Installation +## Installation :octicons-server-24: Self-Hosted -=== "Installation via Script" +=== "Easy Script Installation" Installation via script is the easiest option. You need (official) [Docker](https://docs.docker.com/engine/install/ubuntu/){ target=_blank } installed. - Install additional requirements of script installation: + Install additional requirements: ```shell sudo apt update sudo apt install -y sed curl openssl uuid-runtime coreutils @@ -33,16 +33,9 @@ The user running the installation script must have the permission to use docker. Download and run: - === "Professional" - ```shell - export SYSREPTOR_LICENSE='your_license_key' - curl -s https://docs.sysreptor.com/install.sh | bash - ``` - - === "Community" - ```shell - curl -s https://docs.sysreptor.com/install.sh | bash - ``` + ```shell + curl -s https://docs.sysreptor.com/install.sh | bash + ``` The installation script creates a new `sysreptor` directory holding the source code and everything you need. It will build a docker image, create volumes and secrets and bring up your containers. @@ -68,7 +61,7 @@ printf "SECRET_KEY=\"$(openssl rand -base64 64 | tr -d '\n=')\"\n" ``` - Generate data at rest encryption keys and add to `app.env`: + Optional: If you want to encrypt sensitive data at rest (data in the database and uploaded files and images), generate encryption keys and add to `app.env`: ```shell KEY_ID=$(uuidgen) && printf "ENCRYPTION_KEYS=[{\"id\": \"${KEY_ID}\", \"key\": \"$(openssl rand -base64 32)\", \"cipher\": \"AES-GCM\", \"revoked\": false}]\nDEFAULT_ENCRYPTION_KEY_ID=\"${KEY_ID}\"\n" ``` @@ -78,24 +71,26 @@ LICENSE="" ``` + Optional: Professional installations need an additional docker container for the spell check. Add `languagetool/docker-compose.yml` to `docker-compose.yml` in the `deploy` directory: + ``` + name: sysreptor + + include: + - sysreptor/docker-compose.yml + - languagetool/docker-compose.yml + ``` + Create docker volumes: ```shell docker volume create sysreptor-db-data docker volume create sysreptor-app-data ``` - Build Docker image and run container: - === "Professional" - ```shell - docker compose up -d - ``` - - === "Community" - ```shell - docker compose -f docker-compose.yml up -d - ``` + Build Docker image and run container from the `deploy` directory: - `-f docker-compose.yml` is specified for Community only to avoid inclusion of Docker Compose Override. This avoids to run an additional Docker container for spell checking and saves resources. + ```shell + docker compose up -d + ``` Add initial superuser: ```shell @@ -118,14 +113,8 @@ curl -s "$url" | docker compose exec --no-TTY app python3 manage.py importdemodata --type=template ``` - Access your application at http://127.0.0.1:8000/. We recommend [using a webserver](../setup/webserver.md) like Caddy (recommended), nginx or Apache to prevent [potential vulnerabilities](../insights/vulnerabilities.md) and to enable HTTPS. Further [configurations](../setup/configuration.md) can be edited in `sysreptor/deploy/app.env`. - -# Upgrade to Professional -1. Add your license key to `deploy/app.env` (`LICENSE='your_license_key'`) -2. `cd` to `deploy/` and run `docker compose up -d` -3. Enjoy diff --git a/docs/docs/setup/network.md b/docs/docs/setup/network.md index 5c3754f0f..63580f7cc 100644 --- a/docs/docs/setup/network.md +++ b/docs/docs/setup/network.md @@ -13,18 +13,11 @@ export BIND_PORT="8000:8000" # Bind to all interfaces export BIND_PORT="1.1.1.1:8000:8000" # Bind to dedicated interface ``` -=== "Professional" - ```bash linenums="1" title="Export port variable and run container" - export BIND_PORT="127.0.0.1:8000:8000" - cd deploy - docker compose up -d - ``` -=== "Community" - ```bash linenums="1" title="Export port variable and run container" - export BIND_PORT="127.0.0.1:8000:8000" - cd deploy - docker compose -f docker-compose.yml up -d - ``` +```bash linenums="1" title="Export port variable and run container" +export BIND_PORT="127.0.0.1:8000:8000" +cd deploy +docker compose up -d +``` Binding SysReptor to a publicly reachable network port exposes the application to untrusted networks without encryption. We recommend setting up a [web server](webserver.md). @@ -34,44 +27,28 @@ Make sure that environment variables are set persistently, e.g. by adding the `e We pass the proxy environment variables (`HTTP_PROXY` and `HTTPS_PROXY`) from your host system into the Docker containers. To use a proxy, set those variables on your host system and start your containers from the `deploy` directory. -=== "Professional" - ```bash title="Export proxy variables and run container" - export HTTP_PROXY="http://192.168.0.111:8080" - export HTTPS_PROXY="http://192.168.0.111:8080" - cd deploy - docker compose up -d - ``` -=== "Community" - ```bash title="Export proxy variables and run container" - export HTTP_PROXY="http://192.168.0.111:8080" - export HTTPS_PROXY="http://192.168.0.111:8080" - cd deploy - docker compose -f docker-compose.yml up -d - ``` +```bash title="Export proxy variables and run container" +export HTTP_PROXY="http://192.168.0.111:8080" +export HTTPS_PROXY="http://192.168.0.111:8080" +cd deploy +docker compose up -d +``` !!! info "The proxy server must be reachable from container" Make sure that the proxy server is reachable from inside your docker container. Loopback addresses (e. g. `127.0.0.1`) or `localhost` will not work. - Make sure that environment variables are set persistently, e.g. by adding the `export` command to your `~/.profile`. ### CA Certificates Your proxy server will probably not have a publicly trusted CA certificate. Build your Docker image with custom CA certificates: -=== "Professional" - ```bash title="Set CA certificate, build and run" - cd deploy - export SYSREPTOR_CA_CERTIFICATES="-----BEGIN CERTIFICATE-----\nMIIDqDCCApCgAwIBAgIFAMjv7sswDQYJKoZIhv..." - docker compose up -d --build - ``` -=== "Community" - ```bash title="Set CA certificate, build and run" - cd deploy - export SYSREPTOR_CA_CERTIFICATES="-----BEGIN CERTIFICATE-----\nMIIDqDCCApCgAwIBAgIFAMjv7sswDQYJKoZIhv..." - docker compose -f docker-compose.yml up -d --build - ``` +```bash title="Set CA certificate, build and run" +cd deploy +export SYSREPTOR_CA_CERTIFICATES="-----BEGIN CERTIFICATE-----\nMIIDqDCCApCgAwIBAgIFAMjv7sswDQYJKoZIhv..." +docker compose up -d --build +``` Make sure that environment variables are set persistently, e.g. by adding the `export` command to your `~/.profile`. \ No newline at end of file diff --git a/docs/docs/setup/updates.md b/docs/docs/setup/updates.md index e37e932c5..d8fda976a 100644 --- a/docs/docs/setup/updates.md +++ b/docs/docs/setup/updates.md @@ -14,7 +14,7 @@ We recommend to create a [backup](backups.md) of your installation before updati Your current SysReptor directory will be renamed for backup purposes. The script will download the newer version and place it into the directory where the old version was. - It will then copy your `app.env` to the right location of your newer version. The new docker images are build and launched. + It will then copy your `app.env` and the `docker-compose.yml` to the `deploy` directory of your newer version. The new docker images are build and launched. ```shell title="Run update script:" bash sysreptor/update.sh @@ -27,14 +27,11 @@ We recommend to create a [backup](backups.md) of your installation before updati tar xzf sysreptor.tar.gz ``` - Copy `deploy/app.env` from your old installation to the new installation. + Copy `deploy/app.env` and `deploy/docker-compose.yml` from your old installation to the new installation. `cd` to `sysreptor/deploy`. Then, build Docker images and launch containers: - ```shell title="Community:" - docker compose -f docker-compose.yml up -d --build - ``` - ```shell title="Professional:" + ```shell docker compose up -d --build ``` diff --git a/docs/docs/setup/upgrade-to-professional.md b/docs/docs/setup/upgrade-to-professional.md new file mode 100644 index 000000000..f473692d5 --- /dev/null +++ b/docs/docs/setup/upgrade-to-professional.md @@ -0,0 +1,15 @@ +# Upgrade to PRO + +:octicons-server-24: Self-Hosted + +1. Add your license key to `deploy/app.env` (`LICENSE='your_license_key'`) +2. Add `languagetool/docker-compose.yml` to `docker-compose.yml` in the `deploy` directory: + ``` + name: sysreptor + + include: + - sysreptor/docker-compose.yml + - languagetool/docker-compose.yml + ``` +3. `cd` to `deploy/` and run `docker compose up -d` +4. Enjoy diff --git a/docs/docs/setup/webserver.md b/docs/docs/setup/webserver.md index c38855844..34d94e815 100644 --- a/docs/docs/setup/webserver.md +++ b/docs/docs/setup/webserver.md @@ -5,66 +5,48 @@ The Django webserver is not recommended due to missing transport encryption, missing performance and security tests. We recommend a webserver like Caddy, nginx or Apache and to enable https. -=== "Caddy (recommended)" - [Caddy](https://caddyserver.com/){ target=_blank } is an open-source webserver with automatic HTTPS written in Go. +## Easy setup with Caddy (recommended) - Setup your DNS A-record pointing to your server. Make sure that ports 443 and 80 are publicly available. (You need port 80 for getting your LetEncrypt certificate.) +You can run `setup.sh` in `deploy/caddy` to set up an additional Docker container with Caddy as a webserver. - Create a `docker-compose.yml` (e.g. in a `caddy` directory outside your SysReptor files): +``` +bash deploy/caddy/setup.sh +``` - ```yml - version: '3.9' - name: caddy +### Optional: LetsEncrypt HTTPS certificate +If you want Caddy to take care of your LetsEncrypt certificate, you must set up: - services: - caddy: - image: caddy:latest - container_name: 'sysreptor-caddy' - restart: unless-stopped - command: caddy reverse-proxy --from https://:443 --to http://127.0.0.1:8000 - volumes: - - type: volume - source: sysreptor-caddy-data - target: /data - network_mode: "host" + 1. a valid domain name resolving to your public IP address + 2. port 80 of your must be publicly reachable - volumes: - sysreptor-caddy-data: - name: sysreptor-caddy-data - ``` +## nginx - Don't forget to replace `` by your domain. - - `docker compose up -d` and enjoy. +Install nginx on your host system: -=== "nginx" +```shell +sudo apt-get update +sudo apt-get install -y nginx +``` - You can install nginx on your host system: +Copy our nginx boilerplate configuration from the `deploy/nginx` directory to your nginx directory: - ```shell - sudo apt-get update - sudo apt-get install nginx - ``` +```shell +sudo cp deploy/nginx/sysreptor.nginx /etc/nginx/sites-available/ +sudo ln -s /etc/nginx/sites-available/sysreptor.nginx /etc/nginx/sites-enabled/ +sudo rm /etc/nginx/sites-enabled/default +``` - Copy our nginx boilerplate configuration from the `deploy` directory to your nginx directory: +You can optionally generate self-signed certificates: +```shell +sudo apt-get update +sudo apt-get install -y ssl-cert +sudo make-ssl-cert generate-default-snakeoil +``` - ```shell - sudo cp deploy/sysreptor.nginx /etc/nginx/sites-available/ - sudo ln -s /etc/nginx/sites-available/sysreptor.nginx /etc/nginx/sites-enabled/ - sudo rm /etc/nginx/sites-enabled/default - ``` +Modify `sysreptor.nginx` and update the certificate paths in case you have trusted certificates (recommended). - You can optionally generate self-signed certificates: - ```shell - sudo apt-get update - sudo apt-get install ssl-cert - sudo make-ssl-cert generate-default-snakeoil - ``` - - Modify `sysreptor.nginx` and update the certificate paths in case you have trusted certificates (recommended). - - (Re)Start nginx: - ```shell - sudo systemctl restart nginx - # sudo /etc/init.d/nginx restart - ``` +(Re)Start nginx: +```shell +sudo systemctl restart nginx +# sudo /etc/init.d/nginx restart +``` diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 5bbd04458..3bc266177 100755 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -11,6 +11,7 @@ nav: - Network Settings: setup/network.md - Updates: setup/updates.md - Backups: setup/backups.md + - Upgrade to PRO: setup/upgrade-to-professional.md - Writing Reports: - Markdown Syntax: reporting/markdown-features.md - Version History: reporting/version-history.md diff --git a/update.sh b/update.sh index ea2c34a11..3db5be3c5 100755 --- a/update.sh +++ b/update.sh @@ -103,18 +103,31 @@ mkdir "$sysreptor_directory" tar xzf sysreptor.tar.gz -C "$sysreptor_directory" --strip-components=1 echo "Copy your app.env..." cp "${backup_copy}/deploy/app.env" "${sysreptor_directory}/deploy/app.env" +if grep "sysreptor/docker.yml" "${backup_copy}/deploy/docker-compose.yml" +then + # Copy docker-compose.yml if it is not the old version (2024.58 and earlier) + echo "Copy your docker-compose.yml..." + cp "${backup_copy}/deploy/docker-compose.yml" "${sysreptor_directory}/deploy/docker-compose.yml" +fi echo "Build and launch SysReptor via docker compose..." echo "We are downloading and installing all dependencies." echo "This may take a few minutes." + +# Remove deprecated docker-compose.override.yml which is there for legacy reasons +rm "${sysreptor_directory}/deploy/docker-compose.override.yml" 2>/dev/null || true if grep "^LICENSE=" "${sysreptor_directory}/deploy/app.env" then - compose_args="" -else - compose_args="-f docker-compose.yml" + # This if-statement will be removed July 2025 + include_languagetool=" - languagetool/docker.yml" + if ! grep -q "^$include_languagetool" "${sysreptor_directory}/deploy/docker-compose.yml" + then + # Include languagetool in docker-compose.yml + sed -i "s#include:#include:\n$include_languagetool#" "${sysreptor_directory}/deploy/docker-compose.yml" + fi fi if cd "$sysreptor_directory"/deploy - ! docker compose $compose_args build --no-cache --pull || ! docker compose $compose_args up -d + ! docker compose build --no-cache --pull || ! docker compose up -d then echo "Ups. Something did not work while building and launching your containers." error_cleanup