Capture new templates for docker based installation [WIP]

Tasks still need to be adjusted

README.md

@@ -5,3 +5,6 @@ Other documentation sources:
 - http://docs.alerta.io/en/latest/index.html
 - http://alerta.io
 
+# Docker based Installation
+
+- [Extending the image for Python packages](https://github.com/alerta/docker-alerta/blob/master/Dockerfile)

templates/config.js

-// Intentionally empty

templates/config.json

 {
   "endpoint": "https://{{ alerta_domain }}/api",
+  "base_path": "/",
   "provider": "gitlab",
   "client_id": "{{ alerta_gitlab.client_id }}",
   "gitlab_url": "https://{{ alerta_gitlab.domain }}"

templates/docker-compose.yml

+version: '2.1'
+services:
+  web:
+    image: alerta/alerta-web
+    ports:
+      - "8091:8080"
+    depends_on:
+      - db
+    volumes:
+      - ./config/alerta.conf:/app/alerta.conf
+      - ./config/alertad.conf:/app/alertad.conf
+      - ./config/config.json:/web/config.json
+      - ./plugins/gitlab.py:/venv/lib/python3.7/site-packages/alerta/plugins/gitlab.py
+    environment:
+      - DATABASE_URL=postgres://postgres:postgres@db:5432/monitoring
+      - BASE_URL=https://alerta.lakedrops.com/api
+      - ALERTA_CONF_FILE=/app/alerta.conf
+    restart: always
+  db:
+    image: postgres
+    volumes:
+      - ./pg-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: monitoring
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    restart: always

templates/nginx.default

-server {
-  listen 80;
-  listen [::]:80;
-  #  server_name {{ alerta_domain }};
-  #  return 301 https://{{ alerta_domain }}$request_uri;
-  location /.well-known {
-    alias /var/www/html/.well-known;
-  }
-}
-
-server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  #server_name {{ alerta_domain }};
-
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-  ssl_prefer_server_ciphers on;
-  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-  ssl_ecdh_curve secp384r1;
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_tickets off;
-  ssl_stapling on;
-  ssl_stapling_verify on;
-  resolver 8.8.8.8 8.8.4.4 valid=300s;
-  resolver_timeout 5s;
-  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
-  add_header X-Frame-Options DENY;
-  add_header X-Content-Type-Options nosniff;
-  #ssl_dhparam /etc/ssl/certs/dhparam.pem;
-
-  ssl_certificate /etc/letsencrypt/live/{{ alerta_domain }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ alerta_domain }}/privkey.pem;
-
-  location /api { try_files $uri @api; }
-  location @api {
-    include uwsgi_params;
-    uwsgi_pass unix:/tmp/uwsgi.sock;
-    proxy_set_header Host $host:$server_port;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  }
-
-  location / {
-    proxy_pass http://127.0.0.1:8999;
-  }
-}

templates/uwsgi.ini

-[uwsgi]
-chdir = /var/www/alerta
-mount = /api=wsgi.py
-callable = app
-manage-script-name = true
-
-master = true
-processes = 5
-logger = syslog:alertad
-
-socket = /tmp/uwsgi.sock
-chmod-socket = 664
-uid = www-data
-gid = www-data
-vacuum = true
-
-die-on-term = true

templates/uwsgi.service

-[Unit]
-Description=uWSGI service
-
-[Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi.ini
-
-[Install]
-WantedBy=multi-user.target

templates/vhost.conf

+<VirtualHost *:80>
+  Include /etc/apache2/conf-available/global-redirect.conf
+
+  ServerAdmin webmaster@paragon-es.de
+  ServerName  alerta.lakedrops.com
+
+  Include /etc/apache2/conf-available/redirect-ssl.conf
+  Include /etc/apache2/conf-available/letsencrypt-redirect.conf
+
+  ErrorLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-error.log
+  LogLevel warn
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+  CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log combined env=!forwarded
+  CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log proxy env=forwarded
+</VirtualHost>
+
+<VirtualHost *:443>
+  Include /etc/apache2/conf-available/global-redirect.conf
+
+  ServerAdmin webmaster@paragon-es.de
+  ServerName  alerta.lakedrops.com
+
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  FileETag None
+  Header unset ETag
+  Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
+  Header set Pragma "no-cache"
+  Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
+
+  RequestHeader set Host alerta.lakedrops.com
+  RequestHeader set X_FORWARDED_PROTO 'https'
+  RequestHeader set X-Forwarded-Ssl on
+  RequestHeader set X-Forwarded-For alerta.lakedrops.com
+
+  DocumentRoot /var/www/html
+
+  <Proxy *>
+    Include /etc/apache2/conf-available/global-deny.conf
+  </Proxy>
+
+  RewriteEngine on
+  RewriteCond ${HTTP:Upgrade} websocket [NC]
+  RewriteCond ${HTTP:Connection} upgrade [NC]
+  RewriteRule .* "wss:/localhost:8091/$1" [P,L]
+
+  ProxyPass / http://localhost:8091/
+  ProxyPassReverse / http://localhost:8091/
+  ProxyPreserveHost On
+
+  ErrorLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-error.log
+  LogLevel warn
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+  CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log combined env=!forwarded
+  CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log proxy env=forwarded
+
+  <IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresDefault A14400
+    ExpiresByType text/html A900
+  </IfModule>
+
+  SetEnvIf X-Forwarded-Proto https HTTPS=on
+
+  BrowserMatch "MSIE [2-6]" \
+    nokeepalive ssl-unclean-shutdown \
+    downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  SSLEngine on
+  Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateFile /etc/letsencrypt/live/alerta.lakedrops.com/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/alerta.lakedrops.com/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/alerta.lakedrops.com/chain.pem
+</VirtualHost>

templates/wsgi.py

-from alerta import app