deleted docker and fixed some minor issues

This commit is contained in:
anhefti 2019-10-10 09:29:48 +02:00
parent 61b12fc30c
commit f3b44d9cbe
14 changed files with 15 additions and 437 deletions

1
docker/.gitignore vendored
View file

@ -1 +0,0 @@
/test/

View file

@ -1,46 +0,0 @@
FROM alpine/git
ARG GIT_TAG
ARG SEBSERVER_VERSION
WORKDIR /sebserver
RUN if [ "x${GIT_TAG}" = "x" ] ; \
then git clone --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; \
else git clone -b "$GIT_TAG" --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; fi
FROM maven:3.5-jdk-8-alpine
ARG SEBSERVER_VERSION
WORKDIR /sebserver
COPY --from=0 /sebserver/seb-server /sebserver
RUN mvn clean install -e -P Demo -DskipTests
FROM openjdk:8-jre-alpine
ARG SEBSERVER_VERSION
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
ENV SERVER_PORT="8080"
ENV DBSERVER_PWD=
ENV GUICLIENT_PWD=
ENV INTERNAL_PWD=
WORKDIR /sebserver
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION"-SNAPSHOT.jar /sebserver
ENTRYPOINT exec java \
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=9090 \
-Dcom.sun.management.jmxremote.rmi.port=9090 \
-Djava.rmi.server.hostname=127.0.0.1 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
-jar seb-server-"${SEBSERVER_VERSION}"-SNAPSHOT.jar \
--server.port="${SERVER_PORT}" \
--spring.profiles.active=demo \
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
--spring.datasource.password="${DBSERVER_PWD}" \
--sebserver.webservice.api.admin.clientSecret="${GUICLIENT_PWD}" \
--sebserver.webservice.internalSecret="${INTERNAL_PWD}"
EXPOSE $SERVER_PORT 9090

View file

@ -1,63 +0,0 @@
# overall server configuration
server.address=0.0.0.0
server.port=8080
server.servlet.context-path=/
server.servlet.session.cookie.http-only=true
server.servlet.session.tracking-modes=cookie
# database server
datastore.mariadb.server.address=seb-server-mariadb
datastore.mariadb.server.port=3306
# data source configuration
spring.datasource.username=root
spring.datasource.initialize=true
spring.datasource.initialization-mode=always
spring.datasource.url=jdbc:mariadb://${datastore.mariadb.server.address}:${datastore.mariadb.server.port}/SEBServer?useSSL=false&createDatabaseIfNotExist=true
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
spring.datasource.platform=demo
spring.datasource.hikari.initializationFailTimeout=30000
spring.datasource.hikari.connectionTimeout=30000
spring.datasource.hikari.idleTimeout=600000
spring.datasource.hikari.maxLifetime=1800000
# webservice configuration
sebserver.test.property=This is a SEB Server Demo
sebserver.webservice.distributed=false
sebserver.webservice.http.scheme=http
sebserver.webservice.http.server.name=ralph.ethz.ch
sebserver.webservice.http.redirect.gui=${sebserver.gui.entrypoint}
sebserver.webservice.api.admin.clientId=guiClient
sebserver.webservice.api.admin.endpoint=/admin-api/v1
sebserver.webservice.api.admin.accessTokenValiditySeconds=3600
sebserver.webservice.api.admin.refreshTokenValiditySeconds=-1
sebserver.webservice.api.exam.endpoint=/exam-api
sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
sebserver.webservice.api.exam.accessTokenValiditySeconds=86400
sebserver.webservice.api.pagination.maxPageSize=500
# comma separated list of known possible OpenEdX API access token request endpoints
sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token
sebserver.webservice.lms.address.alias=lms.mockup.com=ralph.ethz.ch,edx.devstack.lms=ralph.ethz.ch
# write logs to
logging.file=log/sebserver.log
# actuator configuration
management.endpoints.web.base-path=/actuator
management.endpoints.web.exposure.include=logfile,loggers
# GUI server configuration
sebserver.gui.external.messages=file:/sebserver/config/messages
sebserver.gui.entrypoint=/gui
sebserver.gui.webservice.protocol=http
sebserver.gui.webservice.address=${server.address}
sebserver.gui.webservice.port=8080
sebserver.gui.webservice.apipath=/admin-api/v1
sebserver.gui.theme=css/sebserver.css
sebserver.gui.list.page.size=20
sebserver.gui.date.displayformat=MM/dd/yyyy HH:mm
sebserver.gui.date.displayformat.timezone=|ZZ
sebserver.gui.multilingual=false
sebserver.gui.languages=en
sebserver.gui.seb.client.config.download.filename=SebClientSettings.seb
sebserver.gui.seb.exam.config.download.filename=SebClientSettings.seb

View file

@ -1,6 +0,0 @@
sebserver.overall.imprint=
sebserver.overall.imprint.markup=
sebserver.overall.about=About
sebserver.overall.about.markup=<span style='font-family: Arial, Helvetica,sans-serif;font-size: 25px;font-weight: normal;font-style: normal;color: rgb(31, 64, 122);'>SEB Server About Example</span><br/><br/><span style='font-family: Arial, Helvetica,sans-serif;font-size: 18px;font-weight: bold;font-style: normal;'>1. This is an example of how an About-Page can look like.</span><br/><br/><span style='font-family: Arial, Helvetica,sans-serif;font-size: 14px;font-weight: normal;font-style: normal;'>By simply define the markup HTML content within the message.propertie configuration of specified language</span>
sebserver.overall.help=Documentation
sebserver.overall.help.link=https://www.safeexambrowser.org/news_en.html

View file

@ -1,42 +0,0 @@
version: '3'
services:
mariadb:
image: "mariadb/server:10.3"
container_name: seb-server-mariadb
environment:
MYSQL_ROOT_PASSWORD: somePW
volumes:
- seb-server-mariadb-data:/var/lib/mysql
ports:
- 3306:3306
networks:
- ralph
seb-server:
build:
context: .
args:
- GIT_TAG=
- SEBSERVER_VERSION=0.4.2-beta
container_name: seb-server
environment:
- SERVER_PORT=8080
- DBSERVER_PWD=somePW
- GUICLIENT_PWD=somePW
- INTERNAL_PWD=somePW
volumes:
- ./config:/sebserver/config
ports:
- 8080:8080
- 9090:9090
networks:
- ralph
depends_on:
- "mariadb"
networks:
ralph:
volumes:
seb-server-mariadb-data:

View file

@ -1 +0,0 @@
/secrets

View file

@ -1,34 +0,0 @@
FROM openjdk:11-jre-stretch
RUN apt-get update && apt-get install -y openssl
ENV OPENSSL_SUBJ="/C=CH/ST=Zurich/L=Zurich"
ENV OPENSSL_CA="${OPENSSL_SUBJ}/CN=demo-CA"
ENV OPENSSL_SERVER="${OPENSSL_SUBJ}/CN=localhost"
ENV OPENSSL_CLIENT="${OPENSSL_SUBJ}/CN=localhost"
ENV ADDITIONAL_DNS="dns:localhost,dns:127.0.0.1,dns:seb-server"
WORKDIR /certs
CMD cp -a /host/config/. /config/ \
&& secret=$(cat /config/secret) \
&& openssl genrsa -out ca-key.pem 2048 \
&& openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
&& openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_SERVER}" -keyout server-key.pem -out server-req.pem \
&& openssl rsa -in server-key.pem -out server-key.pem \
&& openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem \
&& openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_CLIENT}" -keyout client-key.pem -out client-req.pem \
&& openssl rsa -in client-key.pem -out client-key.pem \
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
&& keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
&& keytool -import -alias mariadb-client -file client-cert.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
&& keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
&& chmod 777 -R . \
&& cp seb-server-keystore.pkcs12 /host/config/ \
&& cp seb-server-truststore.pkcs12 /host/config/ \
&& rm /host/config/secret

View file

@ -1,5 +0,0 @@
/secrets
/secret
/.secret
/seb-server-keystore.pkcs12
/seb-server-truststore.pkcs12

View file

@ -1,99 +0,0 @@
spring.profiles.include=prod-ws,prod-gui
file.encoding=UTF-8
server.address=0.0.0.0
server.port=443
server.servlet.context-path=/
##########################################################
### Security
security.require-ssl=true
server.ssl.key-store-type=PKCS12
server.ssl.key-store=/certs/seb-server-keystore.pkcs12
server.ssl.key-store-password=${sebserver.certs.password}
server.ssl.key-password=${sebserver.certs.password}
server.ssl.trust-store=/certs/seb-server-truststore.pkcs12
server.ssl.trust-store-password=${sebserver.certs.password}
server.ssl.enabled-protocols=TLSv1,TLSv1.1,TLSv1.2
##########################################################
### SEB Server Overall
# Default logging level in the form "logging.level" + namespace=LEVEL
logging.level.ch=INFO
logging.file=/sebserver/log/sebserver.log
# If webservice or gui runs on ssl and this flag is true, an integrated redirect from http to https is activated
# Disable this if a redirect is done by a pre-processing proxy
sebserver.ssl.redirect.enabled=true
sebserver.ssl.redirect.html.port=8080
##########################################################
### SEB Server Webservice configuration
# database server
datastore.mariadb.server.address=seb-server-mariadb
datastore.mariadb.server.port=3306
# data source configuration
spring.datasource.initialize=true
spring.datasource.initialization-mode=always
spring.datasource.url=jdbc:mariadb://${datastore.mariadb.server.address}:${datastore.mariadb.server.port}/SEBServer?createDatabaseIfNotExist=true&verifyServerCertificate=false&useSSL=true&requireSSL=true&trustServerCertificate=true
spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
spring.datasource.platform=prod
spring.datasource.hikari.initializationFailTimeout=30000
spring.datasource.hikari.connectionTimeout=30000
spring.datasource.hikari.idleTimeout=600000
spring.datasource.hikari.maxLifetime=1800000
spring.datasource.password=${sebserver.mariadb.password}
# webservice configuration
sebserver.webservice.api.admin.clientSecret=${sebserver.password}
sebserver.webservice.internalSecret=${sebserver.password}
sebserver.webservice.distributed=false
sebserver.webservice.http.scheme=https
sebserver.webservice.http.server.name=${server.address}
sebserver.webservice.http.redirect.gui=/gui
sebserver.webservice.api.admin.clientId=guiClient
sebserver.webservice.api.admin.endpoint=/admin-api/v1
sebserver.webservice.api.admin.accessTokenValiditySeconds=3600
sebserver.webservice.api.admin.refreshTokenValiditySeconds=25200
sebserver.webservice.api.exam.endpoint=/exam-api
sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
sebserver.webservice.api.exam.accessTokenValiditySeconds=3600
sebserver.webservice.api.exam.event-handling-strategy=ASYNC_BATCH_STORE_STRATEGY
sebserver.webservice.api.exam.enable-indicator-cache=true
sebserver.webservice.api.pagination.maxPageSize=500
# comma separated list of known possible OpenEdX API access token request endpoints
sebserver.webservice.lms.openedx.api.token.request.paths=/oauth2/access_token
# actuator configuration
management.endpoints.web.base-path=/actuator
management.endpoints.web.exposure.include=metrics,logfile,loggers,heapdump
##########################################################
### SEB Server GUI configuration
server.servlet.session.cookie.http-only=true
server.servlet.session.tracking-modes=cookie
sebserver.gui.entrypoint=/gui
sebserver.gui.webservice.protocol=https
sebserver.gui.webservice.address=localhost
sebserver.gui.webservice.port=443
sebserver.gui.webservice.apipath=/admin-api/v1
# defines the polling interval that is used to poll the webservice for client connection data on a monitored exam page
sebserver.gui.webservice.poll-interval=500
sebserver.gui.webservice.mock-lms-enabled=true
sebserver.gui.theme=css/sebserver.css
sebserver.gui.list.page.size=20
sebserver.gui.date.displayformat=MM/dd/yyyy HH:mm
sebserver.gui.date.displayformat.timezone=|ZZ
sebserver.gui.multilingual=false
sebserver.gui.languages=en
sebserver.gui.seb.client.config.download.filename=SEBClientSettings.seb
sebserver.gui.seb.exam.config.download.filename=SEBExamSettings.seb

View file

@ -1,9 +0,0 @@
[mysqld]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/server-cert.pem
ssl-key=/etc/mysql/certs/server-key.pem
[client]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/client-cert.pem
ssl-key=/etc/mysql/certs/client-key.pem

View file

@ -1,64 +0,0 @@
version: '3'
services:
selfsigned:
build:
context: .
dockerfile: certs.Dockerfile
container_name: gencerts
volumes:
- seb-server-certs:/certs
- seb-server-config:/config
- ./config:/host/config
mariadb:
image: "mariadb/server:10.3"
container_name: seb-server-mariadb
volumes:
- seb-server-config:/etc/mysql/conf.d
- seb-server-certs:/etc/mysql/certs
- seb-server-mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD_FILE=/etc/mysql/conf.d/secret
ports:
- 3306:3306
networks:
- seb-server-network
depends_on:
- "selfsigned"
seb-server:
build:
context: .
dockerfile: sebserver.Dockerfile
args:
- GIT_TAG=
- SEBSERVER_VERSION=0.4.2-beta-SNAPSHOT
container_name: seb-server
volumes:
- seb-server-config:/sebserver/config
- seb-server-certs:/certs
environment:
- ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
- DEBUG_MODE=false
ports:
- 443:443
- 80:8080
- 9090:9090
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
networks:
- seb-server-network
depends_on:
- "mariadb"
networks:
seb-server-network:
volumes:
seb-server-mariadb-data:
seb-server-certs:
seb-server-config:

View file

@ -1,58 +0,0 @@
# Clone git repository form specified tag
FROM alpine/git
ARG GIT_TAG
WORKDIR /sebserver
RUN if [ "x${GIT_TAG}" = "x" ] ; \
then git clone --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; \
else git clone -b "$GIT_TAG" --depth 1 https://github.com/SafeExamBrowser/seb-server.git ; fi
# Build with maven (skip tests)
FROM maven:latest
ARG SEBSERVER_VERSION
WORKDIR /sebserver
COPY --from=0 /sebserver/seb-server /sebserver
RUN mvn clean install -DskipTests
FROM openjdk:11-jre-stretch
ARG SEBSERVER_VERSION
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
ENV DEBUG_MODE=false
WORKDIR /sebserver
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
CMD if [ "${DEBUG_MODE}" = "true" ] ; \
then secret=$(cat /sebserver/config/secret) && exec java \
-Xms64M \
-Xmx1G \
-Djavax.net.debug=ssl \
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=9090 \
-Dcom.sun.management.jmxremote.rmi.port=9090 \
-Djava.rmi.server.hostname=127.0.0.1 \
# TODO secure the JMX connection (cueenrtly there is a premission problem with the secret file
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
-jar seb-server-"${SEBSERVER_VERSION}".jar \
--spring.profiles.active=prod \
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
--sebserver.certs.password="${secret}" \
--sebserver.mariadb.password="${secret}" \
--sebserver.password="${secret}" ; \
else secret=$(cat /sebserver/config/secret) && exec java \
-Xms64M \
-Xmx1G \
-jar seb-server-"${SEBSERVER_VERSION}".jar \
--spring.profiles.active=prod \
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
--sebserver.certs.password="${secret}" \
--sebserver.mariadb.password="${secret}" \
--sebserver.password="${secret}" ; \
fi
EXPOSE 443 8080 9090

View file

@ -137,7 +137,6 @@ public class SebExamConfigPropForm implements TemplateComposer {
} }
final EntityGrantCheck entityGrant = this.currentUser.entityGrantCheck(examConfig); final EntityGrantCheck entityGrant = this.currentUser.entityGrantCheck(examConfig);
final boolean readGrant = entityGrant.r();
final boolean writeGrant = entityGrant.w(); final boolean writeGrant = entityGrant.w();
final boolean modifyGrant = entityGrant.m(); final boolean modifyGrant = entityGrant.m();
final boolean isReadonly = pageContext.isReadonly(); final boolean isReadonly = pageContext.isReadonly();
@ -208,19 +207,19 @@ public class SebExamConfigPropForm implements TemplateComposer {
urlLauncher.openURL(downloadURL); urlLauncher.openURL(downloadURL);
return action; return action;
}) })
.publishIf(() -> readGrant && isReadonly) .publishIf(() -> modifyGrant && isReadonly)
.newAction(ActionDefinition.SEB_EXAM_CONFIG_GET_CONFIG_KEY) .newAction(ActionDefinition.SEB_EXAM_CONFIG_GET_CONFIG_KEY)
.withEntityKey(entityKey) .withEntityKey(entityKey)
.withExec(SebExamConfigPropForm.getConfigKeyFunction(this.pageService)) .withExec(SebExamConfigPropForm.getConfigKeyFunction(this.pageService))
.noEventPropagation() .noEventPropagation()
.publishIf(() -> readGrant && isReadonly) .publishIf(() -> modifyGrant && isReadonly)
.newAction(ActionDefinition.SEB_EXAM_CONFIG_IMPORT_CONFIG) .newAction(ActionDefinition.SEB_EXAM_CONFIG_IMPORT_CONFIG)
.withEntityKey(entityKey) .withEntityKey(entityKey)
.withExec(SebExamConfigPropForm.importConfigFunction(this.pageService)) .withExec(SebExamConfigPropForm.importConfigFunction(this.pageService))
.noEventPropagation() .noEventPropagation()
.publishIf(() -> readGrant && isReadonly) .publishIf(() -> modifyGrant && isReadonly)
.newAction(ActionDefinition.SEB_EXAM_CONFIG_SAVE) .newAction(ActionDefinition.SEB_EXAM_CONFIG_SAVE)
.withEntityKey(entityKey) .withEntityKey(entityKey)

View file

@ -86,6 +86,9 @@ public class ActivitiesPane implements TemplateComposer {
//-------------------------------------------------------------------------------------- //--------------------------------------------------------------------------------------
// ---- SEB ADMIN ---------------------------------------------------------------------- // ---- SEB ADMIN ----------------------------------------------------------------------
final boolean isServerOrInstAdmin = this.currentUser.get()
.hasAnyRole(UserRole.SEB_SERVER_ADMIN, UserRole.INSTITUTIONAL_ADMIN);
// SEB Server Administration // SEB Server Administration
final TreeItem sebadmin = this.widgetFactory.treeItemLocalized( final TreeItem sebadmin = this.widgetFactory.treeItemLocalized(
navigation, navigation,
@ -119,7 +122,7 @@ public class ActivitiesPane implements TemplateComposer {
// User Account // User Account
// if current user has role seb-server admin or institutional-admin, show list // if current user has role seb-server admin or institutional-admin, show list
if (this.currentUser.get().hasAnyRole(UserRole.SEB_SERVER_ADMIN, UserRole.INSTITUTIONAL_ADMIN)) { if (isServerOrInstAdmin) {
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized( final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
sebadmin, sebadmin,
@ -132,7 +135,7 @@ public class ActivitiesPane implements TemplateComposer {
} else { } else {
// otherwise show the user account form for current user // otherwise show the user account form for current user
final TreeItem userAccounts = this.widgetFactory.treeItemLocalized( final TreeItem userAccounts = this.widgetFactory.treeItemLocalized(
sebadmin, navigation,
ActivityDefinition.USER_ACCOUNT.displayName); ActivityDefinition.USER_ACCOUNT.displayName);
injectActivitySelection( injectActivitySelection(
userAccounts, userAccounts,
@ -157,9 +160,13 @@ public class ActivitiesPane implements TemplateComposer {
.create()); .create());
} }
if (sebadmin.getItemCount() > 0) {
sebadmin.setExpanded(this.currentUser.get().hasAnyRole( sebadmin.setExpanded(this.currentUser.get().hasAnyRole(
UserRole.SEB_SERVER_ADMIN, UserRole.SEB_SERVER_ADMIN,
UserRole.INSTITUTIONAL_ADMIN)); UserRole.INSTITUTIONAL_ADMIN));
} else {
sebadmin.dispose();
}
// ---- SEB ADMIN ---------------------------------------------------------------------- // ---- SEB ADMIN ----------------------------------------------------------------------
//-------------------------------------------------------------------------------------- //--------------------------------------------------------------------------------------