Merge dev branch?

.npmignore

@@ -18,3 +18,4 @@
 
 # Additional .npmignore entries (not in .gitignore)
 /test
+/docker-image

.nvmrc

@@ -1 +1 @@
-v8.16.0
+v13.2.0

README.md

@@ -229,26 +229,35 @@ docker run -p 8443:8443 --name solid nodesolidserver/node-solid-server
 
 This will enable you to login to solid on https://localhost:8443 and then create a new account
 but not yet use that account. After a new account is made you will need to create an entry for 
-it in your local (/etc/)hosts file in line with the account and subdomain i.e. 
-
+it in your local (/etc/)hosts file in line with the account and subdomain, i.e. --
+```pre
 127.0.0.1 newsoliduser.localhost
-
+```
 Then you'll be able to use solid as intended.
 
 You can modify the config within the docker container as follows:
 
- - Copy the config to the current directory with: `docker cp solid:/usr/src/app/config.json .`
+ - Copy the config to the current directory with: 
+ ```
+ docker cp solid:/usr/src/app/config.json .
+ ```
  - Edit the `config.json` file
- - Copy the file back with `docker cp config.json solid:/usr/src/app/`
- - Restart the server with `docker restart solid`
+ - Copy the file back with 
+ ```
+ docker cp config.json solid:/usr/src/app/
+ ```
+ - Restart the server with 
+ ```
+ docker restart solid
+ ```
 
 If you want to help improve the Docker image, then you can build it locally with:
 ```bash
 git clone https://github.com/solid/node-solid-server
 cd node-solid-server
 docker build .
 ```
-We have automatic builds set up so commits to master will trigger a build of https://hub.docker.com/r/nodesolidserver/node-solid-server.
+We have automatic builds set up, so commits to master will trigger a build of https://hub.docker.com/r/nodesolidserver/node-solid-server.
 
 ## Library Usage
 
@@ -272,18 +281,18 @@ default settings.
 
 ```javascript
 {
- cache: 0, // Set cache time (in seconds), 0 for no cache
- live: true, // Enable live support through WebSockets
- root: './', // Root location on the filesystem to serve resources
- secret: 'node-ldp', // Express Session secret key
- cert: false, // Path to the ssl cert
- key: false, // Path to the ssl key
- mount: '/', // Where to mount Linked Data Platform
- webid: false, // Enable WebID+TLS authentication
- suffixAcl: '.acl', // Suffix for acl files
- corsProxy: false, // Where to mount the CORS proxy
- errorHandler: false, // function(err, req, res, next) to have a custom error handler
- errorPages: false // specify a path where the error pages are
+ cache:  0,  // Set cache time (in seconds), 0 for no cache
+ live:  true,  // Enable live support through WebSockets
+ root:  './',  // Root location on the filesystem to serve resources
+ secret:  'node-ldp',  // Express Session secret key
+ cert:  false,  // Path to the ssl cert
+ key:  false,  // Path to the ssl key
+ mount:  '/',  // Where to mount Linked Data Platform
+ webid:  false,  // Enable WebID+TLS authentication
+ suffixAcl:  '.acl',  // Suffix for acl files
+ corsProxy:  false,  // Where to mount the CORS proxy
+ errorHandler: false,  // function(err, req, res, next) to have a custom error handler
+ errorPages:  false  // specify a path where the error pages are
 }
 ```
 

docker-image/.dockerignore

@@ -0,0 +1,3 @@
+test/
+.pytest_cache/
+.idea

docker-image/.gitignore

@@ -0,0 +1,3 @@
+.pytest_cache/
+__pycache__
+data/

docker-image/CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# How to contribute
+
+If you want to experiment with the image and/or contribute to its development,
+please read this document.
+
+## Run tests
+
+```bash
+make test
+```
+
+The first run might take a while, since the image has to be build. Follow up test runs will be faster.
+
+## Start & stop locally
+
+Build and run a local container named solid-server via
+
+```bash
+make start
+```
+
+and stop it via 
+
+```bash
+make stop
+```
+
+## Inspect & debug
+
+To start a shell in a running container (started with `make start`) run `make attach`.
+
+To just run a shell in the built image (without starting solid) run `make inspect`.
+

docker-image/Makefile

@@ -0,0 +1,31 @@
+test: ## run testinfra tests against the project
+ docker run --rm -t \
+ -v $(shell pwd):/project \
+ -v /var/run/docker.sock:/var/run/docker.sock:ro \
+ aveltens/docker-testinfra
+
+lint: ## run hadolint against the Dockerfile
+ docker run --rm -i hadolint/hadolint < src/Dockerfile
+
+build: ## build the docker image
+ cd src && docker build --tag nodesolidserver/node-solid-server .
+
+inspect: build ## run a shell in the docker image
+ docker run --rm -it --entrypoint sh nodesolidserver/node-solid-server
+
+start: build ## start solid-server docker container
+ docker run --rm \
+ -it -d \
+ -p 8443:8443 \
+ -u "$(id -u):$(id -g)" \
+ -v $(shell pwd)/data:/opt/solid/data \
+ --name solid-server \
+ nodesolidserver/node-solid-server
+
+stop: ## stop the solid-server docker container
+ docker stop solid-server
+
+attach: ## execute a shell in the running solid-server docker container
+ docker exec -it solid-server sh
+
+.PHONY: test build inspect run attach

docker-image/README.md

@@ -0,0 +1,51 @@
+# NSS Docker image
+
+Containerized version of node-solid-server
+
+## How to use
+
+For quickly trying out this image or solid-server in general you can run:
+```bash
+docker run -p 8443:8443 nodesolidserver/node-solid-server
+```
+
+You will be able to access the server via `https://localhost:8443` then. It will use auto-generated self-signed certificates and is **not suited for production use**. For a production server you will have to create some real certificates and configure environment variables, like SOLID_SERVER_URI, SOLID_SSL_KEY and SOLID_SSL_CERT. Take a look at the examples folder [at GitHub](https://github.com/angelo-v/docker-solid-server/tree/master/examples) for details.
+
+### Environment variables
+
+All solid configuration flags can be set by an equivalent environment variable.
+The official solid-server documentation
+[explains them in detail](https://github.com/solid/node-solid-server#extra-flags-expert).
+
+### Docker compose
+
+For a productive setup you may want to use docker-compose. Example setups can be found
+in the [examples folder](https://github.com/angelo-v/docker-solid-server/tree/master/examples). Here is an overview of what is in there:
+
+#### Simple setup without proxy
+
+`./examples/docker-compose.simple.yml`
+
+Run solid-server directly on HTTPS port 443 without a proxy in between.
+You will need to have your certificates ready and mount them into the container.
+
+#### Running solid behind nginx proxy
+
+`./examples/docker-compose.nginx.yml`
+
+Run solid-server on port 8443 behind a nginx proxy on 443. You will need to setup an nginx container with letsencrypt companion [as described here](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion).
+
+#### Other setups
+
+The setup you need is not presented here? Feel free to ask, or provide a Pull Request
+with your solution.
+
+## Feedback & Discussion
+
+There is a [topic in the Solid Forum](https://forum.solidproject.org/t/official-solid-docker-image/748/5),
+you are welcome to join in.
+
+## Contributing
+
+If you would like to contribute to the development of this image,
+see [CONTRIBUTING.md](./CONTRIBUTING.md)

docker-image/examples/docker-compose.nginx.yml

@@ -0,0 +1,50 @@
+# This example assumes, that you are running a jwilders/nginx proxy
+# with certificate generation by a letsencrypt companion container
+# as described here:
+#
+# https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Docker-Compose.md
+#
+# This should provide a docker volume containing the generated certificates.
+# We will use the same cert and key as the webproxy for the actual solid server. While it seems to
+# work, I am not sure if it is actually a good idea. Please file an issue if you want to discuss this.
+
+# Adjust any line that is commented with (!):
+# 1. Change any occurrence of the domain `solid.example` to your actual domain
+# 2. Adjust the `latest` tag to a specific version you want to use.
+
+version: '3.7'
+services:
+ server:
+ image: nodesolidserver/node-solid-server:latest # (!) use specific version tag here
+
+ # this ensures automatic container start, when host reboots
+ restart: always
+
+ expose:
+ - 8443
+
+ volumes:
+ # mount local directories to the container
+ # (!) the host directories have to exist and be owned by UID 1000
+ - /opt/solid/data:/opt/solid/data
+ - /opt/solid/.db:/opt/solid/.db
+ - /opt/solid/config:/opt/solid/config
+ - nginxproxy_certs:/opt/solid/certs
+
+ environment:
+ # (!) use your actual SOLID_SERVER_URI
+ - "SOLID_SERVER_URI=https://solid.example"
+ # (!) adjust path to the letsencrypt key and cert
+ - "SOLID_SSL_KEY=/opt/solid/certs/solid.example/key.pem"
+ - "SOLID_SSL_CERT=/opt/solid/certs/solid.example/fullchain.pem"
+ # (!) use your actual host name
+ - "VIRTUAL_HOST=solid.example"
+ - "VIRTUAL_PORT=8443"
+ - "VIRTUAL_PROTO=https"
+ # (!) use your actual host name
+ - "LETSENCRYPT_HOST=solid.example"
+ - "[email protected]"
+volumes:
+ # (!) mount certificates from an external volume from your nginx setup
+ nginxproxy_certs:
+ external: true

docker-image/examples/docker-compose.simple.yml

@@ -0,0 +1,34 @@
+# This file is an example for running solid server directly on port 443 with
+# existing (letsencrypt) certificates and without reverse proxy.
+
+# To use it adjust any line that is commented with (!):
+# 1. Change any occurrence of the domain `solid.example` to your actual domain
+# 2. Adjust the `latest` tag to a specific version you want to use.
+
+version: '3.7'
+services:
+ server:
+ image: nodesolidserver/node-solid-server:latest # (!) use specific version tag here
+
+ # this ensures automatic container start, when host reboots
+ restart: always
+
+ ports:
+ - 443:8443
+
+ volumes:
+ # mount local directories to the container
+ # (!) the host directories have to exist and be owned by UID 1000
+ - /opt/solid/data:/opt/solid/data
+ - /opt/solid/.db:/opt/solid/.db
+ - /opt/solid/config:/opt/solid/config
+
+ # (!) mount existing TLS certificates, e.g. from letsencrypt
+ # (!) ensure that the key and fullchain files are readable by UID 1000
+ - /etc/letsencrypt/live/solid.example/:/opt/solid/certs
+
+ environment:
+ # (!) use your actual SOLID_SERVER_URI
+ - "SOLID_SERVER_URI=https://solid.example"
+ - "SOLID_SSL_KEY=/opt/solid/certs/key.pem"
+ - "SOLID_SSL_CERT=/opt/solid/certs/fullchain.pem"

docker-image/src/Dockerfile

@@ -0,0 +1,33 @@
+FROM node:10-alpine
+
+RUN apk add --no-cache openssl
+
+ARG SOLID_SERVER_VERSION=latest
+RUN npm install -g solid-server@${SOLID_SERVER_VERSION}
+
+# image configuration
+ENV SOLID_HOME=/opt/solid
+ENV PROCESS_USER=node
+ENV TEMPORARY_CERT_NAME=solid-temporary
+
+WORKDIR ${SOLID_HOME}
+COPY ./entrypoint.sh ./entrypoint.sh
+COPY ./checks.sh ./checks.sh
+COPY ./create-temporary-cert.sh ./create-temporary-cert.sh
+RUN chown --recursive ${PROCESS_USER}:${PROCESS_USER} ${SOLID_HOME}
+
+USER ${PROCESS_USER}
+
+# solid configuration
+ENV SOLID_ROOT=${SOLID_HOME}/data
+ENV SOLID_SSL_KEY=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.key
+ENV SOLID_SSL_CERT=${SOLID_HOME}/${TEMPORARY_CERT_NAME}.crt
+ENV SOLID_PORT=8443
+ENV SOLID_CORS_PROXY=/xss
+ENV DEBUG=solid:*
+
+VOLUME $SOLID_HOME
+
+ENTRYPOINT ["./entrypoint.sh"]
+
+CMD ["start"]

docker-image/src/checks.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+
+echo "checking preconditions..."
+
+checks_failed=0
+
+check_failed()
+{
+ checks_failed=$((checks_failed + 1))
+}
+check_if_writable()
+{
+ # checks if the given dir is writable, if it exists
+ # it's ok if the dir does not exist at all, because it will be created
+ # during solid server startup then and have the correct permissions
+ dir=$1
+ if [ -d "${dir}" ]; then
+ if [ -w "${dir}" ]; then
+ echo "✓ ${dir} is accessible by $(whoami)"
+ else
+ echo "✗ ${dir} not writable by $(whoami)"
+ check_failed
+ fi
+ fi
+}
+
+check_if_file_readable()
+{
+ # checks if the given file exists and is readable
+ file=$1
+ if [ -e "${file}" ]; then
+ if [ -r "${file}" ]; then
+ echo "✓ ${file} is accessible by $(whoami)"
+ else
+ echo "✗ ${file} not readable by $(whoami)"
+ check_failed
+ fi
+ else
+ echo "✗ ${file} does not exist"
+ check_failed
+ fi
+}
+
+check_if_writable "${SOLID_HOME}/config"
+check_if_writable "${SOLID_HOME}/data"
+check_if_writable "${SOLID_HOME}/.db"
+check_if_file_readable "${SOLID_SSL_KEY}"
+check_if_file_readable "${SOLID_SSL_CERT}"
+
+if [ "$checks_failed" -gt 0 ]; then
+ echo "Finished: ERROR"
+ exit 1
+else
+ echo "Finished: SUCCESS"
+ exit 0;
+fi