kevincolten · October 5, 2024 15:47
diff --git a/.env.example b/.env.example
 CANVAS_STABLE_VERSION=2024-08-28

 PGHOST=
 PGPORT=
 PGUSER=
 PGPASSWORD=
 PGDB=

 RCE_APP_HOST="/rce"

 REDIS_URL=

 CANVAS_LMS_ADMIN_EMAIL=[email protected]
 CANVAS_LMS_ADMIN_PASSWORD=Hello1234!
 CANVAS_LMS_ACCOUNT_NAME="Canvas Admin"
 CANVAS_LMS_STATS_COLLECTION=opt_out

 ECOSYSTEM_KEY="mysecrete-afdasdfsadfdsafsda"
 ECOSYSTEM_SECRET="mysecrete-afdasdfsadfdsafsda"

 DOMAIN=canvas.domain.com

 SMTP_HOST=
 SMTP_PORT=
 SMTP_USER=
 SMTP_PASSWORD=
 SMTP_DOMAIN=
 SMTP_OUTGOING_ADDRESS=
 SMTP_OUTGOING_NAME=

 JWK_PAST=

 JWK_PRESENT=

 JWK_FUTURE=

 S3_BUCKET=s3_bucket
 S3_ACCESS_KEY=s3_bucket
 S3_SECRET_KEY=s3_bucket

diff --git a/Dockerfile b/Dockerfile
 FROM ubuntu:20.04

 ARG CANVAS_STABLE_VERSION
 ARG PGDB
 ARG PGPORT
 ARG PGHOST
 ARG PGUSER
 ARG PGPASSWORD
 ARG SMTP_HOST
 ARG SMTP_PORT
 ARG SMTP_USER
 ARG SMTP_PASSWORD
 ARG SMTP_DOMAIN
 ARG SMTP_OUTGOING_ADDRESS
 ARG SMTP_OUTGOING_NAME
 ARG ECOSYSTEM_KEY
 ARG ECOSYSTEM_SECRET
 ARG RCE_APP_HOST
 ARG JWK_PAST
 ARG JWK_PRESENT
 ARG JWK_FUTURE
 ARG REDIS_URL
 ARG S3_ACCESS_KEY
 ARG S3_SECRET_KEY
 ARG S3_BUCKET
 ARG DOMAIN
 ARG CANVAS_LMS_ADMIN_EMAIL
 ARG CANVAS_LMS_ADMIN_PASSWORD
 ARG CANVAS_LMS_ACCOUNT_NAME

 ENV CANVAS_LMS_STATS_COLLECTION=opt_out
 ENV NODE_OPTIONS=--openssl-legacy-provider
 ENV RAILS_ENV=production
 ENV NODE_ENV=production
 ENV STATSD_HOST=127.0.0.1
 ENV STATSD_PORT=8125
 ENV STATS_PREFIX=rceapi
 ENV DEBIAN_FRONTEND=noninteractive
 ENV TZ=America/Los_Angeles
 ENV DEBCONF_NONINTERACTIVE_SEEN=true

 RUN apt-get -y update && apt-get install -y git-core software-properties-common libyaml-dev libpython2.7-dev apache2 \
  apache2-dev zlib1g-dev libxml2-dev libsqlite3-dev postgresql libpq-dev libxmlsec1-dev libidn11-dev make g++ curl \
  dirmngr gnupg apt-transport-https ca-certificates unzip libcurl4-openssl-dev python3-lxml libapache2-mod-passenger

 RUN groupadd canvas; useradd -m -g canvas -s /bin/bash -d /opt/canvas canvas; adduser canvas rvm; adduser canvas nvm; newgrp && \
  a2enmod rewrite && \
  a2enmod passenger && \
  unlink /etc/apache2/sites-enabled/000-default.conf && \
  a2enmod ssl

 ENV NVM_DIR=/usr/local/nvm
 ENV NODE_VERSION=v20.10.0
 ENV NODE_PATH=$NVM_DIR/versions/node/$NODE_VERSION/bin
 ENV PATH=$NODE_PATH:$PATH

 RUN mkdir -p $NVM_DIR && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
 RUN /bin/bash -c "source $NVM_DIR/nvm.sh && nvm install $NODE_VERSION && nvm use --delete-prefix $NODE_VERSION"

 # Ensure nvm environment variables are set for canvas user
 RUN echo 'export NVM_DIR="$NVM_DIR"' >> /opt/canvas/.bashrc && \
  echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> /opt/canvas/.bashrc && \
  echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> /opt/canvas/.bashrc

 RUN curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
  curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
  curl -sSL https://get.rvm.io | bash -s stable && \
  /bin/bash -l -c "source /etc/profile.d/rvm.sh && rvm requirements && rvm install 3.1.6 && rvm use 3.1.6 --default"

 RUN chown -R canvas:canvas /usr/local/rvm /usr/local/nvm/versions/node/v20.10.0/lib/node_modules/ /usr/local/nvm/versions/node/v20.10.0/bin/

 ENV PATH="/usr/local/rvm/rubies/ruby-3.1.6/bin:/usr/local/rvm/bin:$PATH"
 ENV GEM_HOME="/usr/local/rvm/gems/ruby-3.1.6"
 ENV GEM_PATH="/usr/local/rvm/gems/ruby-3.1.6:/usr/local/rvm/gems/ruby-3.1.6@global"

 USER canvas

 RUN cd /opt/canvas; curl -o /opt/canvas/canvas.zip -L https://github.com/instructure/canvas-lms/archive/refs/heads/stable/$CANVAS_STABLE_VERSION.zip && unzip /opt/canvas/canvas.zip && mv $(unzip -qql canvas.zip | sed -r '1 {s/([ ]+[^ ]+){3}\s+//;q}') canvas && rm canvas.zip

 WORKDIR /opt/canvas/canvas

 RUN bash -l -c  "bundle config set --local path vendor/bundle" && \
  gem install bundler && bash -l -c bundle install && \
  npm install -g yarn && yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
  find . -name .eslintrc.* -exec rm {} \; && \
  yarn cache clean && yarn install --production=false && \
  yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
  for config in amazon_s3 database dynamic_settings vault_contents cache_store redis \
  delayed_jobs domain file_store outgoing_mail security external_migration amazon_s3; \
  do cp config/$config.yml.example config/$config.yml; done && \
  echo "\n\
 production:\n\
  adapter: postgresql\n\
  encoding: utf8\n\
  database: $PGDB\n\
  host: $PGHOST\n\
  username: $PGUSER\n\
  password: $PGPASSWORD\n\
  timeout: 5000\n\
 " >> config/database.yml && \
  echo "\n\
 production:\n\
  address: '$SMTP_HOST'\n\
  port: '$SMTP_PORT'\n\
  user_name: '$SMTP_USER'\n\
  password: '$SMTP_PASSWORD'\n\
  authentication: 'plain'\n\
  domain: '$SMTP_DOMAIN'\n\
  outgoing_address: '$SMTP_OUTGOING_ADDRESS'\n\
  default_name: '$SMTP_OUTGOING_NAME'\n\
 " >> config/outgoing_mail.yml && \
  echo "\n\
 production: &default\n\
  encryption_key: '$ECOSYSTEM_KEY'\n\
  lti_iss: 'https://$DOMAIN'\n\
 " >> config/security.yml && \
  echo "\n\
 production:\n\
  config:\n\
    canvas:\n\
      canvas:\n\
        encryption-secret: '$ECOSYSTEM_KEY'\n\
        signing-secret: '$ECOSYSTEM_SECRET'\n\
      rich-content-service:\n\
        app-host: '$RCE_APP_HOST'\n\
  store:\n\
    canvas:\n\
      lti-keys:\n\
        jwk-past.json: '$JWK_PAST'\n\
        jwk-present.json: '$JWK_PRESENT'\n\
        jwk-future.json: '$JWK_FUTURE'\n\
 " >> config/dynamic_settings.yml && \
  echo "\n\
 production:\n\
  "app-canvas/data/secrets":\n\
    data:\n\
      canvas_security:\n\
        encryption_secret: '$ECOSYSTEM_KEY'\n\
        signing_secret: '$ECOSYSTEM_SECRET'\n\
 " >> config/vault_contents.yml && \
  echo "\n\
 production:\n\
  cache_store: redis_cache_store\n\
 " >> config/cache_store.yml && \
  echo "\n\
 production:\n\
  url:\n\
    - $REDIS_URL\n\
 " >> config/redis.yml && \
  echo "\n\
 production:\n\
  storage: s3\n\
 " >> config/file_store.yml && \
  echo "\n\
 production:\n\
  access_key_id: $S3_ACCESS_KEY\n\
  secret_access_key: $S3_SECRET_KEY\n\
  bucket_name: $S3_BUCKET\n\
 " >> config/amazon_s3.yml && \
  echo "\n\
 production:\n\
  domain: '$DOMAIN'\n\
  ssl: true\n\
 " >> config/domain.yml && \
  yarn gulp rev && bundle exec rake db:initial_setup && \
  mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands && \
  touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss && \
  touch Gemfile.lock && \
  touch log/production.log && \
  chown -R canvas config/environment.rb log tmp public/assets \
  app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
  app/stylesheets/brandable_css_brands Gemfile.lock config.ru && \
  bundle exec rake canvas:compile_assets && chown -R canvas public/dist/brandable_css && \
  git clone https://github.com/instructure/QTIMigrationTool.git vendor/QTIMigrationTool && \
  chmod +x vendor/QTIMigrationTool/migrate.py && \
  script/delayed_job restart && \
  cd /opt/canvas/canvas/ && git clone https://github.com/instructure/canvas-rce-api && cd canvas-rce-api && npm install --production

 ENV CANVAS_LMS_STATS_COLLECTION=opt_out
 ENV NODE_OPTIONS=--openssl-legacy-provider
 ENV RAILS_ENV=production
 ENV NODE_ENV=production
 ENV STATSD_HOST=127.0.0.1
 ENV STATSD_PORT=8125
 ENV STATS_PREFIX=rceapi

 USER root

 RUN chown -R canvas:canvas /opt/canvas/canvas/canvas-rce-api && \
  chmod +x /opt/canvas/canvas/script/canvas_init && \
  ln -s /opt/canvas/canvas/script/canvas_init /etc/init.d/canvas_init && \
  a2enmod ssl && a2enmod proxy && a2enmod proxy_balancer && a2enmod proxy_http

 RUN gem install passenger

 RUN echo "\n\
 <VirtualHost *:80>\n\
  ServerName canvas.example.com\n\
  ServerAlias canvasfiles.example.com\n\
  ServerAdmin [email protected]\n\
  DocumentRoot /opt/canvas/canvas/public\n\
  PassengerRuby /usr/local/rvm/gems/ruby-3.1.6/wrappers/ruby\n\
  ErrorLog /var/log/apache2/canvas_errors.log\n\
  LogLevel warn\n\
  CustomLog /var/log/apache2/canvas_access.log combined\n\
  SetEnv RAILS_ENV production\n\
  <Directory /opt/canvas/canvas/public>\n\
    Options All\n\
    AllowOverride All\n\
    Require all granted\n\
  </Directory>\n\
 </VirtualHost>\n\
 Listen 3001\n\
 <Virtualhost 127.0.0.1:3001>\n\
  ServerName 24.199.70.141\n\
  DocumentRoot /opt/canvas/canvas/public\n\
  PassengerAppRoot /opt/canvas/canvas/canvas-rce-api\n\
  PassengerBaseURI /subapp\n\
  PassengerAppType node\n\
  PassengerStartupFile app.js\n\
  <Directory /opt/canvas/canvas/public>\n\
  Options All\n\
  AllowOverride All\n\
  Require all granted\n\
 </Directory>\n\
 </VirtualHost>\n\
 ProxyRequests Off\n\
 ProxyPreserveHost On\n\
 <Proxy *>\n\
  Order deny,allow\n\
  Deny from all\n\
  Allow from  all\n\
 </Proxy>\n\
 <LocationMatch "/rce">\n\
  ProxyPass  http://127.0.0.1:3001 keepalive=On\n\
  ProxyPassReverse http://127.0.0.1:3001\n\
  SetEnv proxy-chain-auth On\n\
  ProxyAddHeaders Off\n\
 </LocationMatch>\n\
 " > /etc/apache2/sites-available/canvas.conf && \
  a2ensite canvas

 USER canvas

 RUN update-rc.d canvas_init defaults && \
  /etc/init.d/canvas_init start && \
  chmod +x /opt/canvas

 USER root

 EXPOSE 80

 CMD ["apachectl", "-D", "FOREGROUND"]
	CANVAS_STABLE_VERSION=2024-08-28

	PGHOST=
	PGPORT=
	PGUSER=
	PGPASSWORD=
	PGDB=

	RCE_APP_HOST="/rce"

	REDIS_URL=

	CANVAS_LMS_ADMIN_EMAIL=[email protected]
	CANVAS_LMS_ADMIN_PASSWORD=Hello1234!
	CANVAS_LMS_ACCOUNT_NAME="Canvas Admin"
	CANVAS_LMS_STATS_COLLECTION=opt_out

	ECOSYSTEM_KEY="mysecrete-afdasdfsadfdsafsda"
	ECOSYSTEM_SECRET="mysecrete-afdasdfsadfdsafsda"

	DOMAIN=canvas.domain.com

	SMTP_HOST=
	SMTP_PORT=
	SMTP_USER=
	SMTP_PASSWORD=
	SMTP_DOMAIN=
	SMTP_OUTGOING_ADDRESS=
	SMTP_OUTGOING_NAME=

	JWK_PAST=

	JWK_PRESENT=

	JWK_FUTURE=

	S3_BUCKET=s3_bucket
	S3_ACCESS_KEY=s3_bucket
	S3_SECRET_KEY=s3_bucket
	FROM ubuntu:20.04

	ARG CANVAS_STABLE_VERSION
	ARG PGDB
	ARG PGPORT
	ARG PGHOST
	ARG PGUSER
	ARG PGPASSWORD
	ARG SMTP_HOST
	ARG SMTP_PORT
	ARG SMTP_USER
	ARG SMTP_PASSWORD
	ARG SMTP_DOMAIN
	ARG SMTP_OUTGOING_ADDRESS
	ARG SMTP_OUTGOING_NAME
	ARG ECOSYSTEM_KEY
	ARG ECOSYSTEM_SECRET
	ARG RCE_APP_HOST
	ARG JWK_PAST
	ARG JWK_PRESENT
	ARG JWK_FUTURE
	ARG REDIS_URL
	ARG S3_ACCESS_KEY
	ARG S3_SECRET_KEY
	ARG S3_BUCKET
	ARG DOMAIN
	ARG CANVAS_LMS_ADMIN_EMAIL
	ARG CANVAS_LMS_ADMIN_PASSWORD
	ARG CANVAS_LMS_ACCOUNT_NAME

	ENV CANVAS_LMS_STATS_COLLECTION=opt_out
	ENV NODE_OPTIONS=--openssl-legacy-provider
	ENV RAILS_ENV=production
	ENV NODE_ENV=production
	ENV STATSD_HOST=127.0.0.1
	ENV STATSD_PORT=8125
	ENV STATS_PREFIX=rceapi
	ENV DEBIAN_FRONTEND=noninteractive
	ENV TZ=America/Los_Angeles
	ENV DEBCONF_NONINTERACTIVE_SEEN=true

	RUN apt-get -y update && apt-get install -y git-core software-properties-common libyaml-dev libpython2.7-dev apache2 \
	apache2-dev zlib1g-dev libxml2-dev libsqlite3-dev postgresql libpq-dev libxmlsec1-dev libidn11-dev make g++ curl \
	dirmngr gnupg apt-transport-https ca-certificates unzip libcurl4-openssl-dev python3-lxml libapache2-mod-passenger

	RUN groupadd canvas; useradd -m -g canvas -s /bin/bash -d /opt/canvas canvas; adduser canvas rvm; adduser canvas nvm; newgrp && \
	a2enmod rewrite && \
	a2enmod passenger && \
	unlink /etc/apache2/sites-enabled/000-default.conf && \
	a2enmod ssl

	ENV NVM_DIR=/usr/local/nvm
	ENV NODE_VERSION=v20.10.0
	ENV NODE_PATH=$NVM_DIR/versions/node/$NODE_VERSION/bin
	ENV PATH=$NODE_PATH:$PATH

	RUN mkdir -p $NVM_DIR && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh \| bash
	RUN /bin/bash -c "source $NVM_DIR/nvm.sh && nvm install $NODE_VERSION && nvm use --delete-prefix $NODE_VERSION"

	# Ensure nvm environment variables are set for canvas user
	RUN echo 'export NVM_DIR="$NVM_DIR"' >> /opt/canvas/.bashrc && \
	echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> /opt/canvas/.bashrc && \
	echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> /opt/canvas/.bashrc

	RUN curl -sSL https://rvm.io/mpapis.asc \| gpg --import - && \
	curl -sSL https://rvm.io/pkuczynski.asc \| gpg --import - && \
	curl -sSL https://get.rvm.io \| bash -s stable && \
	/bin/bash -l -c "source /etc/profile.d/rvm.sh && rvm requirements && rvm install 3.1.6 && rvm use 3.1.6 --default"

	RUN chown -R canvas:canvas /usr/local/rvm /usr/local/nvm/versions/node/v20.10.0/lib/node_modules/ /usr/local/nvm/versions/node/v20.10.0/bin/

	ENV PATH="/usr/local/rvm/rubies/ruby-3.1.6/bin:/usr/local/rvm/bin:$PATH"
	ENV GEM_HOME="/usr/local/rvm/gems/ruby-3.1.6"
	ENV GEM_PATH="/usr/local/rvm/gems/ruby-3.1.6:/usr/local/rvm/gems/ruby-3.1.6@global"

	USER canvas

	RUN cd /opt/canvas; curl -o /opt/canvas/canvas.zip -L https://github.com/instructure/canvas-lms/archive/refs/heads/stable/$CANVAS_STABLE_VERSION.zip && unzip /opt/canvas/canvas.zip && mv $(unzip -qql canvas.zip \| sed -r '1 {s/([ ]+[^ ]+){3}\s+//;q}') canvas && rm canvas.zip

	WORKDIR /opt/canvas/canvas

	RUN bash -l -c "bundle config set --local path vendor/bundle" && \
	gem install bundler && bash -l -c bundle install && \
	npm install -g yarn && yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
	find . -name .eslintrc.* -exec rm {} \; && \
	yarn cache clean && yarn install --production=false && \
	yarn config set network-timeout 800000 && yarn config set network-concurrency 1 && \
	for config in amazon_s3 database dynamic_settings vault_contents cache_store redis \
	delayed_jobs domain file_store outgoing_mail security external_migration amazon_s3; \
	do cp config/$config.yml.example config/$config.yml; done && \
	echo "\n\
	production:\n\
	adapter: postgresql\n\
	encoding: utf8\n\
	database: $PGDB\n\
	host: $PGHOST\n\
	username: $PGUSER\n\
	password: $PGPASSWORD\n\
	timeout: 5000\n\
	" >> config/database.yml && \
	echo "\n\
	production:\n\
	address: '$SMTP_HOST'\n\
	port: '$SMTP_PORT'\n\
	user_name: '$SMTP_USER'\n\
	password: '$SMTP_PASSWORD'\n\
	authentication: 'plain'\n\
	domain: '$SMTP_DOMAIN'\n\
	outgoing_address: '$SMTP_OUTGOING_ADDRESS'\n\
	default_name: '$SMTP_OUTGOING_NAME'\n\
	" >> config/outgoing_mail.yml && \
	echo "\n\
	production: &default\n\
	encryption_key: '$ECOSYSTEM_KEY'\n\
	lti_iss: 'https://$DOMAIN'\n\
	" >> config/security.yml && \
	echo "\n\
	production:\n\
	config:\n\
	canvas:\n\
	canvas:\n\
	encryption-secret: '$ECOSYSTEM_KEY'\n\
	signing-secret: '$ECOSYSTEM_SECRET'\n\
	rich-content-service:\n\
	app-host: '$RCE_APP_HOST'\n\
	store:\n\
	canvas:\n\
	lti-keys:\n\
	jwk-past.json: '$JWK_PAST'\n\
	jwk-present.json: '$JWK_PRESENT'\n\
	jwk-future.json: '$JWK_FUTURE'\n\
	" >> config/dynamic_settings.yml && \
	echo "\n\
	production:\n\
	"app-canvas/data/secrets":\n\
	data:\n\
	canvas_security:\n\
	encryption_secret: '$ECOSYSTEM_KEY'\n\
	signing_secret: '$ECOSYSTEM_SECRET'\n\
	" >> config/vault_contents.yml && \
	echo "\n\
	production:\n\
	cache_store: redis_cache_store\n\
	" >> config/cache_store.yml && \
	echo "\n\
	production:\n\
	url:\n\
	- $REDIS_URL\n\
	" >> config/redis.yml && \
	echo "\n\
	production:\n\
	storage: s3\n\
	" >> config/file_store.yml && \
	echo "\n\
	production:\n\
	access_key_id: $S3_ACCESS_KEY\n\
	secret_access_key: $S3_SECRET_KEY\n\
	bucket_name: $S3_BUCKET\n\
	" >> config/amazon_s3.yml && \
	echo "\n\
	production:\n\
	domain: '$DOMAIN'\n\
	ssl: true\n\
	" >> config/domain.yml && \
	yarn gulp rev && bundle exec rake db:initial_setup && \
	mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands && \
	touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss && \
	touch Gemfile.lock && \
	touch log/production.log && \
	chown -R canvas config/environment.rb log tmp public/assets \
	app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
	app/stylesheets/brandable_css_brands Gemfile.lock config.ru && \
	bundle exec rake canvas:compile_assets && chown -R canvas public/dist/brandable_css && \
	git clone https://github.com/instructure/QTIMigrationTool.git vendor/QTIMigrationTool && \
	chmod +x vendor/QTIMigrationTool/migrate.py && \
	script/delayed_job restart && \
	cd /opt/canvas/canvas/ && git clone https://github.com/instructure/canvas-rce-api && cd canvas-rce-api && npm install --production

	ENV CANVAS_LMS_STATS_COLLECTION=opt_out
	ENV NODE_OPTIONS=--openssl-legacy-provider
	ENV RAILS_ENV=production
	ENV NODE_ENV=production
	ENV STATSD_HOST=127.0.0.1
	ENV STATSD_PORT=8125
	ENV STATS_PREFIX=rceapi

	USER root

	RUN chown -R canvas:canvas /opt/canvas/canvas/canvas-rce-api && \
	chmod +x /opt/canvas/canvas/script/canvas_init && \
	ln -s /opt/canvas/canvas/script/canvas_init /etc/init.d/canvas_init && \
	a2enmod ssl && a2enmod proxy && a2enmod proxy_balancer && a2enmod proxy_http

	RUN gem install passenger

	RUN echo "\n\
	<VirtualHost *:80>\n\
	ServerName canvas.example.com\n\
	ServerAlias canvasfiles.example.com\n\
	ServerAdmin [email protected]\n\
	DocumentRoot /opt/canvas/canvas/public\n\
	PassengerRuby /usr/local/rvm/gems/ruby-3.1.6/wrappers/ruby\n\
	ErrorLog /var/log/apache2/canvas_errors.log\n\
	LogLevel warn\n\
	CustomLog /var/log/apache2/canvas_access.log combined\n\
	SetEnv RAILS_ENV production\n\
	<Directory /opt/canvas/canvas/public>\n\
	Options All\n\
	AllowOverride All\n\
	Require all granted\n\
	</Directory>\n\
	</VirtualHost>\n\
	Listen 3001\n\
	<Virtualhost 127.0.0.1:3001>\n\
	ServerName 24.199.70.141\n\
	DocumentRoot /opt/canvas/canvas/public\n\
	PassengerAppRoot /opt/canvas/canvas/canvas-rce-api\n\
	PassengerBaseURI /subapp\n\
	PassengerAppType node\n\
	PassengerStartupFile app.js\n\
	<Directory /opt/canvas/canvas/public>\n\
	Options All\n\
	AllowOverride All\n\
	Require all granted\n\
	</Directory>\n\
	</VirtualHost>\n\
	ProxyRequests Off\n\
	ProxyPreserveHost On\n\
	<Proxy *>\n\
	Order deny,allow\n\
	Deny from all\n\
	Allow from all\n\
	</Proxy>\n\
	<LocationMatch "/rce">\n\
	ProxyPass http://127.0.0.1:3001 keepalive=On\n\
	ProxyPassReverse http://127.0.0.1:3001\n\
	SetEnv proxy-chain-auth On\n\
	ProxyAddHeaders Off\n\
	</LocationMatch>\n\
	" > /etc/apache2/sites-available/canvas.conf && \
	a2ensite canvas

	USER canvas

	RUN update-rc.d canvas_init defaults && \
	/etc/init.d/canvas_init start && \
	chmod +x /opt/canvas

	USER root

	EXPOSE 80

	CMD ["apachectl", "-D", "FOREGROUND"]