Canvas Docker

Dockerfile

FROM phusion/passenger-full:latest as build

ARG CANVAS_STABLE_VERSION
ARG PGDB
ARG PGPORT
ARG PGHOST
ARG PGUSER
ARG PGPASSWORD
ARG SMTP_HOST
ARG SMTP_PORT
ARG SMTP_USER
ARG SMTP_PASSWORD
ARG SMTP_DOMAIN
ARG SMTP_OUTGOING_ADDRESS
ARG SMTP_OUTGOING_NAME
ARG ECOSYSTEM_KEY
ARG ECOSYSTEM_SECRET
ARG RCE_APP_HOST
ARG JWK_PAST
ARG JWK_PRESENT
ARG JWK_FUTURE
ARG REDIS_URL
ARG S3_ACCESS_KEY
ARG S3_SECRET_KEY
ARG S3_BUCKET
ARG DOMAIN
ARG CANVAS_LMS_ADMIN_EMAIL
ARG CANVAS_LMS_ADMIN_PASSWORD
ARG CANVAS_LMS_ACCOUNT_NAME

ENV CANVAS_LMS_STATS_COLLECTION=opt_out
ENV NODE_OPTIONS=--openssl-legacy-provider
ENV RAILS_ENV=production
ENV NODE_ENV=production
ENV STATSD_HOST=127.0.0.1
ENV STATSD_PORT=8125
ENV STATS_PREFIX=rceapi

RUN /bin/bash -l -c "rvm install 3.1.6; rvm use 3.1.6 --default; rvm list" && \
  apt-get -y update && \
  apt-get install -y git-core software-properties-common libyaml-dev libpython2.7-dev apache2 apache2-dev zlib1g-dev \
  libxml2-dev libsqlite3-dev postgresql libpq-dev libxmlsec1-dev libidn11-dev curl make g++ dirmngr gnupg \
  apt-transport-https ca-certificates curl unzip libcurl4-openssl-dev python3-lxml libapache2-mod-passenger && \
  groupadd canvas; useradd -m -g canvas -d /opt/canvas canvas; adduser canvas rvm; newgrp && \
  a2enmod rewrite && \
  a2enmod passenger && \
  unlink /etc/apache2/sites-enabled/000-default.conf && \
  a2enmod ssl

USER canvas

RUN cd /opt/canvas; curl -o /opt/canvas/canvas.zip -L https://github.com/instructure/canvas-lms/archive/refs/heads/stable/$CANVAS_STABLE_VERSION.zip && unzip /opt/canvas/canvas.zip && mv $(unzip -qql canvas.zip | sed -r '1 {s/([ ]+[^ ]+){3}\s+//;q}') canvas && rm canvas.zip

WORKDIR /opt/canvas/canvas

RUN gem install bundler && \
  bash -l -c  "bundle config set --local path vendor/bundle" && \
  bash -l -c  bundle install && \
  yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
  find . -name .eslintrc.* -exec rm {} \; && \
  yarn cache clean && yarn install --production=false && \
  yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
  for config in amazon_s3 database dynamic_settings vault_contents cache_store redis \
  delayed_jobs domain file_store outgoing_mail security external_migration amazon_s3; \
  do cp config/$config.yml.example config/$config.yml; done && \
  echo "\n\
production:\n\
  adapter: postgresql\n\
  encoding: utf8\n\
  database: $PGDB\n\
  host: $PGHOST\n\
  username: $PGUSER\n\
  password: $PGPASSWORD\n\
  timeout: 5000\n\
" >> config/database.yml && \
  echo "\n\
production:\n\
  address: '$SMTP_HOST'\n\
  port: '$SMTP_PORT'\n\
  user_name: '$SMTP_USER'\n\
  password: '$SMTP_PASSWORD'\n\
  authentication: 'plain'\n\
  domain: '$SMTP_DOMAIN'\n\
  outgoing_address: '$SMTP_OUTGOING_ADDRESS'\n\
  default_name: '$SMTP_OUTGOING_NAME'\n\
" >> config/outgoing_mail.yml && \
  echo "\n\
production: &default\n\
  encryption_key: '$ECOSYSTEM_KEY'\n\
  lti_iss: 'https://$DOMAIN'\n\
" >> config/security.yml && \
  echo "\n\
production:\n\
  config:\n\
    canvas:\n\
      canvas:\n\
        encryption-secret: '$ECOSYSTEM_KEY'\n\
        signing-secret: '$ECOSYSTEM_SECRET'\n\
      rich-content-service:\n\
        app-host: '$RCE_APP_HOST'\n\
  store:\n\
    canvas:\n\
      lti-keys:\n\
        jwk-past.json: '$JWK_PAST'\n\
        jwk-present.json: '$JWK_PRESENT'\n\
        jwk-future.json: '$JWK_FUTURE'\n\
" >> config/dynamic_settings.yml && \
  echo "\n\
production:\n\
  "app-canvas/data/secrets":\n\
    data:\n\
      canvas_security:\n\
        encryption_secret: '$ECOSYSTEM_KEY'\n\
        signing_secret: '$ECOSYSTEM_SECRET'\n\
" >> config/vault_contents.yml && \
  echo "\n\
production:\n\
  cache_store: redis_cache_store\n\
" >> config/cache_store.yml && \
  echo "\n\
production:\n\
  url:\n\
    - $REDIS_URL\n\
" >> config/redis.yml && \
  echo "\n\
production:\n\
  storage: s3\n\
" >> config/file_store.yml && \
  echo "\n\
production:\n\
  access_key_id: $S3_ACCESS_KEY\n\
  secret_access_key: $S3_SECRET_KEY\n\
  bucket_name: $S3_BUCKET\n\
" >> config/amazon_s3.yml && \
  echo "\n\
production:\n\
  domain: '$DOMAIN'\n\
  ssl: true\n\
" >> config/domain.yml && \
  yarn gulp rev && bundle exec rake db:initial_setup && \
  mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands && \
  touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss && \
  touch Gemfile.lock && \
  touch log/production.log && \
  chown -R canvas config/environment.rb log tmp public/assets \
  app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
  app/stylesheets/brandable_css_brands Gemfile.lock config.ru && \
  bundle exec rake canvas:compile_assets && chown -R canvas public/dist/brandable_css && \
  git clone https://github.com/instructure/QTIMigrationTool.git vendor/QTIMigrationTool && \
  chmod +x vendor/QTIMigrationTool/migrate.py && \
  script/delayed_job restart && \
  cd /opt/canvas/canvas/ && git clone https://github.com/instructure/canvas-rce-api && cd canvas-rce-api && npm install --production

RUN echo "#!/bin/sh\n\
echo 'Fixing log issue'\n\
rm -f /dev/log" > /etc/my_init.d/logfix.sh
RUN chmod +x etc/my_init.d/logfix.sh

FROM phusion/passenger-full:latest

ENV CANVAS_LMS_STATS_COLLECTION=opt_out
ENV NODE_OPTIONS=--openssl-legacy-provider
ENV RAILS_ENV=production
ENV NODE_ENV=production
ENV STATSD_HOST=127.0.0.1
ENV STATSD_PORT=8125
ENV STATS_PREFIX=rceapi

RUN chown -R canvas:canvas /opt/canvas/canvas/canvas-rce-api && \
  chmod +x /opt/canvas/canvas/script/canvas_init && \
  ln -s /opt/canvas/canvas/script/canvas_init /etc/init.d/canvas_init && \
  update-rc.d canvas_init defaults && \
  /etc/init.d/canvas_init start && \
  chmod +x /opt/canvas && \
  a2enmod ssl && a2enmod proxy && a2enmod proxy_balancer && a2enmod proxy_http && \
  echo "\n\
<VirtualHost *:80>\n\
  ServerName canvas.example.com\n\
  ServerAlias canvasfiles.example.com\n\
  ServerAdmin [email protected]\n\
  DocumentRoot /opt/canvas/canvas/public\n\
  PassengerRuby /usr/local/rvm/gems/ruby-3.1.6/wrappers/ruby\n\
  ErrorLog /var/log/apache2/canvas_errors.log\n\
  LogLevel warn\n\
  CustomLog /var/log/apache2/canvas_access.log combined\n\
  PassengerPreloadBundler on\n\
  SetEnv RAILS_ENV production\n\
  <Directory /opt/canvas/canvas/public>\n\
    Options All\n\
    AllowOverride All\n\
    Require all granted\n\
  </Directory>\n\
</VirtualHost>\n\
Listen 3001\n\
<Virtualhost 127.0.0.1:3001>\n\
  ServerName 24.199.70.141\n\
  DocumentRoot /opt/canvas/canvas/public\n\
  PassengerPreloadBundler on\n\
  PassengerAppRoot /opt/canvas/canvas/canvas-rce-api\n\
  PassengerBaseURI /subapp\n\
  PassengerAppType node\n\
  PassengerStartupFile app.js\n\
  <Directory /opt/canvas/canvas/public>\n\
  Options All\n\
  AllowOverride All\n\
  Require all granted\n\
</Directory>\n\
</VirtualHost>\n\
ProxyRequests Off\n\
ProxyPreserveHost On\n\
<Proxy *>\n\
  Order deny,allow\n\
  Deny from all\n\
  Allow from  all\n\
</Proxy>\n\
<LocationMatch "/rce">\n\
  ProxyPass  http://127.0.0.1:3001 keepalive=On\n\
  ProxyPassReverse http://127.0.0.1:3001\n\
  SetEnv proxy-chain-auth On\n\
  ProxyAddHeaders Off\n\
</LocationMatch>\n\
" > /etc/apache2/sites-available/canvas.conf && \
  a2ensite canvas

COPY --from=build /opt/canvas /opt/canvas

EXPOSE 80

CMD ["apachectl", "-D", "FOREGROUND"]