deleted docker and fixed some minor issues
This commit is contained in:
parent
61b12fc30c
commit
f3b44d9cbe
14 changed files with 15 additions and 437 deletions
1
docker/.gitignore
vendored
1
docker/.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
/test/
|
|
|
@ -1,46 +0,0 @@
|
||||||
FROM alpine/git
|
|
||||||
|
|
||||||
ARG GIT_TAG
|
|
||||||
ARG SEBSERVER_VERSION
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
RUN if [ "x${GIT_TAG}" = "x" ] ; \
|
|
||||||
then git clone --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; \
|
|
||||||
else git clone -b "$GIT_TAG" --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; fi
|
|
||||||
|
|
||||||
FROM maven:3.5-jdk-8-alpine
|
|
||||||
|
|
||||||
ARG SEBSERVER_VERSION
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
COPY --from=0 /sebserver/seb-server /sebserver
|
|
||||||
RUN mvn clean install -e -P Demo -DskipTests
|
|
||||||
|
|
||||||
FROM openjdk:8-jre-alpine
|
|
||||||
|
|
||||||
ARG SEBSERVER_VERSION
|
|
||||||
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
|
|
||||||
ENV SERVER_PORT="8080"
|
|
||||||
ENV DBSERVER_PWD=
|
|
||||||
ENV GUICLIENT_PWD=
|
|
||||||
ENV INTERNAL_PWD=
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION"-SNAPSHOT.jar /sebserver
|
|
||||||
|
|
||||||
ENTRYPOINT exec java \
|
|
||||||
-Dcom.sun.management.jmxremote \
|
|
||||||
-Dcom.sun.management.jmxremote.port=9090 \
|
|
||||||
-Dcom.sun.management.jmxremote.rmi.port=9090 \
|
|
||||||
-Djava.rmi.server.hostname=127.0.0.1 \
|
|
||||||
-Dcom.sun.management.jmxremote.ssl=false \
|
|
||||||
-Dcom.sun.management.jmxremote.authenticate=false \
|
|
||||||
-jar seb-server-"${SEBSERVER_VERSION}"-SNAPSHOT.jar \
|
|
||||||
--server.port="${SERVER_PORT}" \
|
|
||||||
--spring.profiles.active=demo \
|
|
||||||
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
|
||||||
--spring.datasource.password="${DBSERVER_PWD}" \
|
|
||||||
--sebserver.webservice.api.admin.clientSecret="${GUICLIENT_PWD}" \
|
|
||||||
--sebserver.webservice.internalSecret="${INTERNAL_PWD}"
|
|
||||||
|
|
||||||
EXPOSE $SERVER_PORT 9090
|
|
|
@ -1,63 +0,0 @@
|
||||||
# overall server configuration
|
|
||||||
server.address=0.0.0.0
|
|
||||||
server.port=8080
|
|
||||||
server.servlet.context-path=/
|
|
||||||
server.servlet.session.cookie.http-only=true
|
|
||||||
server.servlet.session.tracking-modes=cookie
|
|
||||||
|
|
||||||
# database server
|
|
||||||
datastore.mariadb.server.address=seb-server-mariadb
|
|
||||||
datastore.mariadb.server.port=3306
|
|
||||||
|
|
||||||
# data source configuration
|
|
||||||
spring.datasource.username=root
|
|
||||||
spring.datasource.initialize=true
|
|
||||||
spring.datasource.initialization-mode=always
|
|
||||||
spring.datasource.url=jdbc:mariadb://${datastore.mariadb.server.address}:${datastore.mariadb.server.port}/SEBServer?useSSL=false&createDatabaseIfNotExist=true
|
|
||||||
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
|
|
||||||
spring.datasource.platform=demo
|
|
||||||
spring.datasource.hikari.initializationFailTimeout=30000
|
|
||||||
spring.datasource.hikari.connectionTimeout=30000
|
|
||||||
spring.datasource.hikari.idleTimeout=600000
|
|
||||||
spring.datasource.hikari.maxLifetime=1800000
|
|
||||||
|
|
||||||
# webservice configuration
|
|
||||||
sebserver.test.property=This is a SEB Server Demo
|
|
||||||
sebserver.webservice.distributed=false
|
|
||||||
sebserver.webservice.http.scheme=http
|
|
||||||
sebserver.webservice.http.server.name=ralph.ethz.ch
|
|
||||||
sebserver.webservice.http.redirect.gui=${sebserver.gui.entrypoint}
|
|
||||||
sebserver.webservice.api.admin.clientId=guiClient
|
|
||||||
sebserver.webservice.api.admin.endpoint=/admin-api/v1
|
|
||||||
sebserver.webservice.api.admin.accessTokenValiditySeconds=3600
|
|
||||||
sebserver.webservice.api.admin.refreshTokenValiditySeconds=-1
|
|
||||||
sebserver.webservice.api.exam.endpoint=/exam-api
|
|
||||||
sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
|
|
||||||
sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
|
|
||||||
sebserver.webservice.api.exam.accessTokenValiditySeconds=86400
|
|
||||||
sebserver.webservice.api.pagination.maxPageSize=500
|
|
||||||
# comma separated list of known possible OpenEdX API access token request endpoints
|
|
||||||
sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token
|
|
||||||
sebserver.webservice.lms.address.alias=lms.mockup.com=ralph.ethz.ch,edx.devstack.lms=ralph.ethz.ch
|
|
||||||
# write logs to
|
|
||||||
logging.file=log/sebserver.log
|
|
||||||
|
|
||||||
# actuator configuration
|
|
||||||
management.endpoints.web.base-path=/actuator
|
|
||||||
management.endpoints.web.exposure.include=logfile,loggers
|
|
||||||
|
|
||||||
# GUI server configuration
|
|
||||||
sebserver.gui.external.messages=file:/sebserver/config/messages
|
|
||||||
sebserver.gui.entrypoint=/gui
|
|
||||||
sebserver.gui.webservice.protocol=http
|
|
||||||
sebserver.gui.webservice.address=${server.address}
|
|
||||||
sebserver.gui.webservice.port=8080
|
|
||||||
sebserver.gui.webservice.apipath=/admin-api/v1
|
|
||||||
sebserver.gui.theme=css/sebserver.css
|
|
||||||
sebserver.gui.list.page.size=20
|
|
||||||
sebserver.gui.date.displayformat=MM/dd/yyyy HH:mm
|
|
||||||
sebserver.gui.date.displayformat.timezone=|ZZ
|
|
||||||
sebserver.gui.multilingual=false
|
|
||||||
sebserver.gui.languages=en
|
|
||||||
sebserver.gui.seb.client.config.download.filename=SebClientSettings.seb
|
|
||||||
sebserver.gui.seb.exam.config.download.filename=SebClientSettings.seb
|
|
|
@ -1,6 +0,0 @@
|
||||||
sebserver.overall.imprint=
|
|
||||||
sebserver.overall.imprint.markup=
|
|
||||||
sebserver.overall.about=About
|
|
||||||
sebserver.overall.about.markup=<span style='font-family: Arial, Helvetica,sans-serif;font-size: 25px;font-weight: normal;font-style: normal;color: rgb(31, 64, 122);'>SEB Server About Example</span><br/><br/><span style='font-family: Arial, Helvetica,sans-serif;font-size: 18px;font-weight: bold;font-style: normal;'>1. This is an example of how an About-Page can look like.</span><br/><br/><span style='font-family: Arial, Helvetica,sans-serif;font-size: 14px;font-weight: normal;font-style: normal;'>By simply define the markup HTML content within the message.propertie configuration of specified language</span>
|
|
||||||
sebserver.overall.help=Documentation
|
|
||||||
sebserver.overall.help.link=https://www.safeexambrowser.org/news_en.html
|
|
|
@ -1,42 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
mariadb:
|
|
||||||
image: "mariadb/server:10.3"
|
|
||||||
container_name: seb-server-mariadb
|
|
||||||
environment:
|
|
||||||
MYSQL_ROOT_PASSWORD: somePW
|
|
||||||
volumes:
|
|
||||||
- seb-server-mariadb-data:/var/lib/mysql
|
|
||||||
ports:
|
|
||||||
- 3306:3306
|
|
||||||
networks:
|
|
||||||
- ralph
|
|
||||||
|
|
||||||
seb-server:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
args:
|
|
||||||
- GIT_TAG=
|
|
||||||
- SEBSERVER_VERSION=0.4.2-beta
|
|
||||||
container_name: seb-server
|
|
||||||
environment:
|
|
||||||
- SERVER_PORT=8080
|
|
||||||
- DBSERVER_PWD=somePW
|
|
||||||
- GUICLIENT_PWD=somePW
|
|
||||||
- INTERNAL_PWD=somePW
|
|
||||||
volumes:
|
|
||||||
- ./config:/sebserver/config
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- 8080:8080
|
|
||||||
- 9090:9090
|
|
||||||
networks:
|
|
||||||
- ralph
|
|
||||||
depends_on:
|
|
||||||
- "mariadb"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
ralph:
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
seb-server-mariadb-data:
|
|
1
docker/prod/standalone/selfsigned/.gitignore
vendored
1
docker/prod/standalone/selfsigned/.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
/secrets
|
|
|
@ -1,34 +0,0 @@
|
||||||
FROM openjdk:11-jre-stretch
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y openssl
|
|
||||||
|
|
||||||
ENV OPENSSL_SUBJ="/C=CH/ST=Zurich/L=Zurich"
|
|
||||||
ENV OPENSSL_CA="${OPENSSL_SUBJ}/CN=demo-CA"
|
|
||||||
ENV OPENSSL_SERVER="${OPENSSL_SUBJ}/CN=localhost"
|
|
||||||
ENV OPENSSL_CLIENT="${OPENSSL_SUBJ}/CN=localhost"
|
|
||||||
ENV ADDITIONAL_DNS="dns:localhost,dns:127.0.0.1,dns:seb-server"
|
|
||||||
|
|
||||||
WORKDIR /certs
|
|
||||||
|
|
||||||
CMD cp -a /host/config/. /config/ \
|
|
||||||
&& secret=$(cat /config/secret) \
|
|
||||||
&& openssl genrsa -out ca-key.pem 2048 \
|
|
||||||
&& openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
|
|
||||||
&& openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_SERVER}" -keyout server-key.pem -out server-req.pem \
|
|
||||||
&& openssl rsa -in server-key.pem -out server-key.pem \
|
|
||||||
&& openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem \
|
|
||||||
&& openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_CLIENT}" -keyout client-key.pem -out client-req.pem \
|
|
||||||
&& openssl rsa -in client-key.pem -out client-key.pem \
|
|
||||||
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
|
|
||||||
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
|
|
||||||
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \
|
|
||||||
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
|
|
||||||
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \
|
|
||||||
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
|
|
||||||
&& keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
|
|
||||||
&& keytool -import -alias mariadb-client -file client-cert.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
|
|
||||||
&& keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
|
|
||||||
&& chmod 777 -R . \
|
|
||||||
&& cp seb-server-keystore.pkcs12 /host/config/ \
|
|
||||||
&& cp seb-server-truststore.pkcs12 /host/config/ \
|
|
||||||
&& rm /host/config/secret
|
|
|
@ -1,5 +0,0 @@
|
||||||
/secrets
|
|
||||||
/secret
|
|
||||||
/.secret
|
|
||||||
/seb-server-keystore.pkcs12
|
|
||||||
/seb-server-truststore.pkcs12
|
|
|
@ -1,99 +0,0 @@
|
||||||
spring.profiles.include=prod-ws,prod-gui
|
|
||||||
file.encoding=UTF-8
|
|
||||||
|
|
||||||
server.address=0.0.0.0
|
|
||||||
server.port=443
|
|
||||||
server.servlet.context-path=/
|
|
||||||
|
|
||||||
##########################################################
|
|
||||||
### Security
|
|
||||||
|
|
||||||
security.require-ssl=true
|
|
||||||
server.ssl.key-store-type=PKCS12
|
|
||||||
server.ssl.key-store=/certs/seb-server-keystore.pkcs12
|
|
||||||
server.ssl.key-store-password=${sebserver.certs.password}
|
|
||||||
server.ssl.key-password=${sebserver.certs.password}
|
|
||||||
server.ssl.trust-store=/certs/seb-server-truststore.pkcs12
|
|
||||||
server.ssl.trust-store-password=${sebserver.certs.password}
|
|
||||||
server.ssl.enabled-protocols=TLSv1,TLSv1.1,TLSv1.2
|
|
||||||
|
|
||||||
##########################################################
|
|
||||||
### SEB Server Overall
|
|
||||||
|
|
||||||
# Default logging level in the form "logging.level" + namespace=LEVEL
|
|
||||||
logging.level.ch=INFO
|
|
||||||
logging.file=/sebserver/log/sebserver.log
|
|
||||||
|
|
||||||
# If webservice or gui runs on ssl and this flag is true, an integrated redirect from http to https is activated
|
|
||||||
# Disable this if a redirect is done by a pre-processing proxy
|
|
||||||
sebserver.ssl.redirect.enabled=true
|
|
||||||
sebserver.ssl.redirect.html.port=8080
|
|
||||||
|
|
||||||
##########################################################
|
|
||||||
### SEB Server Webservice configuration
|
|
||||||
|
|
||||||
# database server
|
|
||||||
datastore.mariadb.server.address=seb-server-mariadb
|
|
||||||
datastore.mariadb.server.port=3306
|
|
||||||
|
|
||||||
# data source configuration
|
|
||||||
spring.datasource.initialize=true
|
|
||||||
spring.datasource.initialization-mode=always
|
|
||||||
spring.datasource.url=jdbc:mariadb://${datastore.mariadb.server.address}:${datastore.mariadb.server.port}/SEBServer?createDatabaseIfNotExist=true&verifyServerCertificate=false&useSSL=true&requireSSL=true&trustServerCertificate=true
|
|
||||||
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
|
|
||||||
spring.datasource.platform=prod
|
|
||||||
spring.datasource.hikari.initializationFailTimeout=30000
|
|
||||||
spring.datasource.hikari.connectionTimeout=30000
|
|
||||||
spring.datasource.hikari.idleTimeout=600000
|
|
||||||
spring.datasource.hikari.maxLifetime=1800000
|
|
||||||
spring.datasource.password=${sebserver.mariadb.password}
|
|
||||||
|
|
||||||
# webservice configuration
|
|
||||||
sebserver.webservice.api.admin.clientSecret=${sebserver.password}
|
|
||||||
sebserver.webservice.internalSecret=${sebserver.password}
|
|
||||||
sebserver.webservice.distributed=false
|
|
||||||
sebserver.webservice.http.scheme=https
|
|
||||||
sebserver.webservice.http.server.name=${server.address}
|
|
||||||
sebserver.webservice.http.redirect.gui=/gui
|
|
||||||
sebserver.webservice.api.admin.clientId=guiClient
|
|
||||||
sebserver.webservice.api.admin.endpoint=/admin-api/v1
|
|
||||||
sebserver.webservice.api.admin.accessTokenValiditySeconds=3600
|
|
||||||
sebserver.webservice.api.admin.refreshTokenValiditySeconds=25200
|
|
||||||
sebserver.webservice.api.exam.endpoint=/exam-api
|
|
||||||
sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
|
|
||||||
sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
|
|
||||||
sebserver.webservice.api.exam.accessTokenValiditySeconds=3600
|
|
||||||
sebserver.webservice.api.exam.event-handling-strategy=ASYNC_BATCH_STORE_STRATEGY
|
|
||||||
sebserver.webservice.api.exam.enable-indicator-cache=true
|
|
||||||
sebserver.webservice.api.pagination.maxPageSize=500
|
|
||||||
# comma separated list of known possible OpenEdX API access token request endpoints
|
|
||||||
sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token
|
|
||||||
|
|
||||||
# actuator configuration
|
|
||||||
management.endpoints.web.base-path=/actuator
|
|
||||||
management.endpoints.web.exposure.include=metrics,logfile,loggers,heapdump
|
|
||||||
|
|
||||||
##########################################################
|
|
||||||
### SEB Server GUI configuration
|
|
||||||
server.servlet.session.cookie.http-only=true
|
|
||||||
server.servlet.session.tracking-modes=cookie
|
|
||||||
|
|
||||||
sebserver.gui.entrypoint=/gui
|
|
||||||
sebserver.gui.webservice.protocol=https
|
|
||||||
sebserver.gui.webservice.address=localhost
|
|
||||||
sebserver.gui.webservice.port=443
|
|
||||||
sebserver.gui.webservice.apipath=/admin-api/v1
|
|
||||||
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
|
|
||||||
sebserver.gui.webservice.poll-interval=500
|
|
||||||
sebserver.gui.webservice.mock-lms-enabled=true
|
|
||||||
|
|
||||||
|
|
||||||
sebserver.gui.theme=css/sebserver.css
|
|
||||||
sebserver.gui.list.page.size=20
|
|
||||||
sebserver.gui.date.displayformat=MM/dd/yyyy HH:mm
|
|
||||||
sebserver.gui.date.displayformat.timezone=|ZZ
|
|
||||||
sebserver.gui.multilingual=false
|
|
||||||
sebserver.gui.languages=en
|
|
||||||
|
|
||||||
sebserver.gui.seb.client.config.download.filename=SEBClientSettings.seb
|
|
||||||
sebserver.gui.seb.exam.config.download.filename=SEBExamSettings.seb
|
|
|
@ -1,9 +0,0 @@
|
||||||
[mysqld]
|
|
||||||
ssl-ca=/etc/mysql/certs/ca.pem
|
|
||||||
ssl-cert=/etc/mysql/certs/server-cert.pem
|
|
||||||
ssl-key=/etc/mysql/certs/server-key.pem
|
|
||||||
|
|
||||||
[client]
|
|
||||||
ssl-ca=/etc/mysql/certs/ca.pem
|
|
||||||
ssl-cert=/etc/mysql/certs/client-cert.pem
|
|
||||||
ssl-key=/etc/mysql/certs/client-key.pem
|
|
|
@ -1,64 +0,0 @@
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
selfsigned:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
dockerfile: certs.Dockerfile
|
|
||||||
container_name: gencerts
|
|
||||||
volumes:
|
|
||||||
- seb-server-certs:/certs
|
|
||||||
- seb-server-config:/config
|
|
||||||
- ./config:/host/config
|
|
||||||
|
|
||||||
mariadb:
|
|
||||||
image: "mariadb/server:10.3"
|
|
||||||
container_name: seb-server-mariadb
|
|
||||||
volumes:
|
|
||||||
- seb-server-config:/etc/mysql/conf.d
|
|
||||||
- seb-server-certs:/etc/mysql/certs
|
|
||||||
- seb-server-mariadb-data:/var/lib/mysql
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD_FILE=/etc/mysql/conf.d/secret
|
|
||||||
ports:
|
|
||||||
- 3306:3306
|
|
||||||
networks:
|
|
||||||
- seb-server-network
|
|
||||||
depends_on:
|
|
||||||
- "selfsigned"
|
|
||||||
|
|
||||||
seb-server:
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
dockerfile: sebserver.Dockerfile
|
|
||||||
args:
|
|
||||||
- GIT_TAG=
|
|
||||||
- SEBSERVER_VERSION=0.4.2-beta-SNAPSHOT
|
|
||||||
container_name: seb-server
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- seb-server-config:/sebserver/config
|
|
||||||
- seb-server-certs:/certs
|
|
||||||
environment:
|
|
||||||
- ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
|
|
||||||
- DEBUG_MODE=false
|
|
||||||
ports:
|
|
||||||
- 443:443
|
|
||||||
- 80:8080
|
|
||||||
- 9090:9090
|
|
||||||
logging:
|
|
||||||
driver: "json-file"
|
|
||||||
options:
|
|
||||||
max-size: "200k"
|
|
||||||
max-file: "10"
|
|
||||||
networks:
|
|
||||||
- seb-server-network
|
|
||||||
depends_on:
|
|
||||||
- "mariadb"
|
|
||||||
|
|
||||||
networks:
|
|
||||||
seb-server-network:
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
seb-server-mariadb-data:
|
|
||||||
seb-server-certs:
|
|
||||||
seb-server-config:
|
|
|
@ -1,58 +0,0 @@
|
||||||
# Clone git repository form specified tag
|
|
||||||
FROM alpine/git
|
|
||||||
|
|
||||||
ARG GIT_TAG
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
RUN if [ "x${GIT_TAG}" = "x" ] ; \
|
|
||||||
then git clone --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; \
|
|
||||||
else git clone -b "$GIT_TAG" --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; fi
|
|
||||||
|
|
||||||
# Build with maven (skip tests)
|
|
||||||
FROM maven:latest
|
|
||||||
|
|
||||||
ARG SEBSERVER_VERSION
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
COPY --from=0 /sebserver/seb-server /sebserver
|
|
||||||
RUN mvn clean install -DskipTests
|
|
||||||
|
|
||||||
FROM openjdk:11-jre-stretch
|
|
||||||
|
|
||||||
ARG SEBSERVER_VERSION
|
|
||||||
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
|
|
||||||
ENV DEBUG_MODE=false
|
|
||||||
|
|
||||||
WORKDIR /sebserver
|
|
||||||
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
|
|
||||||
|
|
||||||
CMD if [ "${DEBUG_MODE}" = "true" ] ; \
|
|
||||||
then secret=$(cat /sebserver/config/secret) && exec java \
|
|
||||||
-Xms64M \
|
|
||||||
-Xmx1G \
|
|
||||||
-Djavax.net.debug=ssl \
|
|
||||||
-Dcom.sun.management.jmxremote \
|
|
||||||
-Dcom.sun.management.jmxremote.port=9090 \
|
|
||||||
-Dcom.sun.management.jmxremote.rmi.port=9090 \
|
|
||||||
-Djava.rmi.server.hostname=127.0.0.1 \
|
|
||||||
# TODO secure the JMX connection (cueenrtly there is a premission problem with the secret file
|
|
||||||
-Dcom.sun.management.jmxremote.ssl=false \
|
|
||||||
-Dcom.sun.management.jmxremote.authenticate=false \
|
|
||||||
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
|
||||||
--spring.profiles.active=prod \
|
|
||||||
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
|
||||||
--sebserver.certs.password="${secret}" \
|
|
||||||
--sebserver.mariadb.password="${secret}" \
|
|
||||||
--sebserver.password="${secret}" ; \
|
|
||||||
else secret=$(cat /sebserver/config/secret) && exec java \
|
|
||||||
-Xms64M \
|
|
||||||
-Xmx1G \
|
|
||||||
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
|
||||||
--spring.profiles.active=prod \
|
|
||||||
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
|
||||||
--sebserver.certs.password="${secret}" \
|
|
||||||
--sebserver.mariadb.password="${secret}" \
|
|
||||||
--sebserver.password="${secret}" ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
EXPOSE 443 8080 9090
|
|
|
@ -137,7 +137,6 @@ public class SebExamConfigPropForm implements TemplateComposer {
|
||||||
}
|
}
|
||||||
|
|
||||||
final EntityGrantCheck entityGrant = this.currentUser.entityGrantCheck(examConfig);
|
final EntityGrantCheck entityGrant = this.currentUser.entityGrantCheck(examConfig);
|
||||||
final boolean readGrant = entityGrant.r();
|
|
||||||
final boolean writeGrant = entityGrant.w();
|
final boolean writeGrant = entityGrant.w();
|
||||||
final boolean modifyGrant = entityGrant.m();
|
final boolean modifyGrant = entityGrant.m();
|
||||||
final boolean isReadonly = pageContext.isReadonly();
|
final boolean isReadonly = pageContext.isReadonly();
|
||||||
|
@ -208,19 +207,19 @@ public class SebExamConfigPropForm implements TemplateComposer {
|
||||||
urlLauncher.openURL(downloadURL);
|
urlLauncher.openURL(downloadURL);
|
||||||
return action;
|
return action;
|
||||||
})
|
})
|
||||||
.publishIf(() -> readGrant && isReadonly)
|
.publishIf(() -> modifyGrant && isReadonly)
|
||||||
|
|
||||||
.newAction(ActionDefinition.SEB_EXAM_CONFIG_GET_CONFIG_KEY)
|
.newAction(ActionDefinition.SEB_EXAM_CONFIG_GET_CONFIG_KEY)
|
||||||
.withEntityKey(entityKey)
|
.withEntityKey(entityKey)
|
||||||
.withExec(SebExamConfigPropForm.getConfigKeyFunction(this.pageService))
|
.withExec(SebExamConfigPropForm.getConfigKeyFunction(this.pageService))
|
||||||
.noEventPropagation()
|
.noEventPropagation()
|
||||||
.publishIf(() -> readGrant && isReadonly)
|
.publishIf(() -> modifyGrant && isReadonly)
|
||||||
|
|
||||||
.newAction(ActionDefinition.SEB_EXAM_CONFIG_IMPORT_CONFIG)
|
.newAction(ActionDefinition.SEB_EXAM_CONFIG_IMPORT_CONFIG)
|
||||||
.withEntityKey(entityKey)
|
.withEntityKey(entityKey)
|
||||||
.withExec(SebExamConfigPropForm.importConfigFunction(this.pageService))
|
.withExec(SebExamConfigPropForm.importConfigFunction(this.pageService))
|
||||||
.noEventPropagation()
|
.noEventPropagation()
|
||||||
.publishIf(() -> readGrant && isReadonly)
|
.publishIf(() -> modifyGrant && isReadonly)
|
||||||
|
|
||||||
.newAction(ActionDefinition.SEB_EXAM_CONFIG_SAVE)
|
.newAction(ActionDefinition.SEB_EXAM_CONFIG_SAVE)
|
||||||
.withEntityKey(entityKey)
|
.withEntityKey(entityKey)
|
||||||
|
|
|
@ -86,6 +86,9 @@ public class ActivitiesPane implements TemplateComposer {
|
||||||
//--------------------------------------------------------------------------------------
|
//--------------------------------------------------------------------------------------
|
||||||
// ---- SEB ADMIN ----------------------------------------------------------------------
|
// ---- SEB ADMIN ----------------------------------------------------------------------
|
||||||
|
|
||||||
|
final boolean isServerOrInstAdmin = this.currentUser.get()
|
||||||
|
.hasAnyRole(UserRole.SEB_SERVER_ADMIN, UserRole.INSTITUTIONAL_ADMIN);
|
||||||
|
|
||||||
// SEB Server Administration
|
// SEB Server Administration
|
||||||
final TreeItem sebadmin = this.widgetFactory.treeItemLocalized(
|
final TreeItem sebadmin = this.widgetFactory.treeItemLocalized(
|
||||||
navigation,
|
navigation,
|
||||||
|
@ -119,7 +122,7 @@ public class ActivitiesPane implements TemplateComposer {
|
||||||
|
|
||||||
// User Account
|
// User Account
|
||||||
// if current user has role seb-server admin or institutional-admin, show list
|
// if current user has role seb-server admin or institutional-admin, show list
|
||||||
if (this.currentUser.get().hasAnyRole(UserRole.SEB_SERVER_ADMIN, UserRole.INSTITUTIONAL_ADMIN)) {
|
if (isServerOrInstAdmin) {
|
||||||
|
|
||||||
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
|
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
|
||||||
sebadmin,
|
sebadmin,
|
||||||
|
@ -132,7 +135,7 @@ public class ActivitiesPane implements TemplateComposer {
|
||||||
} else {
|
} else {
|
||||||
// otherwise show the user account form for current user
|
// otherwise show the user account form for current user
|
||||||
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
|
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
|
||||||
sebadmin,
|
navigation,
|
||||||
ActivityDefinition.USER_ACCOUNT.displayName);
|
ActivityDefinition.USER_ACCOUNT.displayName);
|
||||||
injectActivitySelection(
|
injectActivitySelection(
|
||||||
userAccounts,
|
userAccounts,
|
||||||
|
@ -157,9 +160,13 @@ public class ActivitiesPane implements TemplateComposer {
|
||||||
.create());
|
.create());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (sebadmin.getItemCount() > 0) {
|
||||||
sebadmin.setExpanded(this.currentUser.get().hasAnyRole(
|
sebadmin.setExpanded(this.currentUser.get().hasAnyRole(
|
||||||
UserRole.SEB_SERVER_ADMIN,
|
UserRole.SEB_SERVER_ADMIN,
|
||||||
UserRole.INSTITUTIONAL_ADMIN));
|
UserRole.INSTITUTIONAL_ADMIN));
|
||||||
|
} else {
|
||||||
|
sebadmin.dispose();
|
||||||
|
}
|
||||||
|
|
||||||
// ---- SEB ADMIN ----------------------------------------------------------------------
|
// ---- SEB ADMIN ----------------------------------------------------------------------
|
||||||
//--------------------------------------------------------------------------------------
|
//--------------------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in a new issue