Updating bendhouseart/ezbids:master from buti1021/ezbids:add-nginx-forwarding (#1)

* updating docker compose to use nginx for forwarding
* added nginx config and updated docker file works on mac
* added folder for certs
* had to bodge npm installs, husky, and vite to get healthy containers on osx
* updated docker compose, health checks all pass. CORS still an issue
* add nginx config
* ssl works with the addition of a cert, key, and the password for it
* create standalone production config
* consolidating variables and options into 1 launch script and 1 .env file
* updated lint check to use prettier instead of npm 'style-check' and 'lint-check'
* update package-lock.json
* bringing more in line with buti1021's PR, while 'stream-lining' env and entrypoints
* update docker ignore and build
* Update example.env
* certs and keys path as environment
* enable telemetry via build in compose_profile env var
* revert vite config changes
* remove old files

---------

Co-authored-by: Tim Budras <[email protected]>
Co-authored-by: Anthony Galassiae <[email protected]>
Co-authored-by: buti1021 <[email protected]>

Author: 4 people

.dockerignore

@@ -1,5 +1,3 @@
-ui
-handler
 workdir
 test
 bids-specification

.gitignore

@@ -4,6 +4,7 @@ node_modules
 # local env files
 .env.local
 .env.*.local
+.env
 
 # Log files
 npm-debug.log*
@@ -33,4 +34,8 @@ api/*.pub
 api/*.key
 api/ezbids.key
 api/*.js
-api/*.js.map
+api/*.js.map
+
+# ssl certs we ignore the content of the folder but keep the folder around.
+nginx/ssl/*
+!nginx/ssl/.gitkeep

.lintstagedrc.json

@@ -1,3 +1,3 @@
 {
-    "**/*.{js,json,ts,vue}": ["npm run style-check", "npm run lint-check"]
+    "**/*.{js,json,ts,vue}": ["prettier --write"]
 }

Dockerfile

@@ -4,6 +4,8 @@ COPY . /app
 
 WORKDIR /app
 
-RUN npm install -g [email protected]
+RUN npm install -g [email protected] pm2 typescript tsc-watch
 
-RUN npm install -g pm2 typescript tsc-watch
+# build the api and the ui
+RUN cd /app/api && npm install
+RUN cd /app/ui && npm install

dev.sh

@@ -0,0 +1,102 @@
+version: "3"
+networks:
+    ezbids:
+
+services:
+    mongodb:
+        container_name: brainlife_ezbids-mongodb
+        image: mongo:4.4.15
+        platform: linux/amd64
+        volumes:
+            - /data/db
+        healthcheck:
+            test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
+            interval: 10s
+            timeout: 10s
+            retries:
+                5
+        networks:
+            - ezbids
+
+    api:
+        container_name: brainlife_ezbids-api
+        build: .
+        platform: linux/amd64
+        volumes:
+            - ./api:/app/api
+            - /tmp:/tmp
+        depends_on:
+            mongodb:
+                condition: service_healthy
+        healthcheck:
+            test: ["CMD", "curl", "-f", "http://localhost:8082/health"]
+        working_dir: /app/api
+        command:
+            ./dev.sh
+        environment:
+            MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+            BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
+        networks:
+            - ezbids
+
+    handler:
+        container_name: brainlife_ezbids-handler
+        build: ./handler
+        platform: linux/amd64
+        volumes:
+            - .:/app
+            - /tmp:/tmp
+        depends_on:
+            mongodb:
+                condition: service_healthy
+            api:
+                condition: service_healthy
+        environment:
+            MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+        networks:
+            - ezbids
+        tty: true #turn on color for bids-validator output
+        command: pm2 start handler.js --attach
+
+    ui:
+        container_name: brainlife_ezbids-ui-builder
+        env_file:
+            - .env
+        build: ./ui
+        platform: linux/amd64
+        volumes:
+            - ./ui/dist:/ui/dist
+        environment:
+            VITE_APIHOST: https://${SERVER_NAME}/api
+            VITE_BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
+
+    # by default this is not enabled, add COMPOSE_PROFILES=telemetry to your .env
+    telemetry:
+        container_name: brainlife_ezbids-telemetry
+        build: ./telemetry
+        platform: linux/amd64
+        depends_on:
+            - mongodb
+        profiles: ["telemetry"]
+        networks:
+            - ezbids
+
+    nginx:
+        env_file:
+            - .env
+        container_name: brainlife_ezbids-nginx
+        depends_on:
+            - ui
+            - api
+        image: nginx:latest
+        platform: linux/amd64
+        ports:
+            - 443:443
+        networks:
+            - ezbids
+        volumes:
+            - ${SSL_CERT_PATH}:/etc/nginx/conf.d/ssl/sslcert.cert
+            - ${SSL_KEY_PATH}:/etc/nginx/conf.d/ssl/sslcert.key
+            - ${SSL_PASSWORD_PATH}:/etc/nginx/conf.d/ssl/sslpassword
+            - ./nginx/production_nginx.conf:/etc/nginx/conf.d/default.conf
+            - ./ui/dist:/usr/share/nginx/html/ezbids:ro

docker-compose-production.yml

@@ -1,4 +1,6 @@
-# version: "3"
+version: "3"
+networks:
+    ezbids:
 
 services:
     mongodb:
@@ -15,6 +17,8 @@ services:
                 5
         ports:
             - 27417:27017 #for local debugging
+        networks:
+            - ezbids
 
     api:
         container_name: brainlife_ezbids-api
@@ -36,6 +40,8 @@ services:
             BRAINLIFE_AUTHENTICATION: ${BRAINLIFE_AUTHENTICATION}
         ports:
             - 8082:8082 #localhost runs on local browser to it needs to access api via host port
+        networks:
+            - ezbids
 
     handler:
         container_name: brainlife_ezbids-handler
@@ -51,11 +57,15 @@ services:
                 condition: service_healthy
         environment:
             MONGO_CONNECTION_STRING: mongodb://mongodb:27017/ezbids
+        networks:
+            - ezbids
         tty: true #turn on color for bids-validator output
         command: pm2 start handler.js --attach --watch --ignore-watch "ui **/node_modules"
 
     ui:
         container_name: brainlife_ezbids-ui
+        env_file:
+            - .env
         build: ./ui
         platform: linux/amd64
         volumes:
@@ -67,14 +77,20 @@ services:
             test: ["CMD", "curl", "-f", "http://localhost:3000"]
         ports:
             - 3000:3000 #vite wants to be exposed on the host for HMR?
-    
+        networks:
+            - ezbids
+
     # by default this is not enabled, need to run docker compose with --profile development to enable this service
     telemetry:
         container_name: brainlife_ezbids-telemetry
         build: ./telemetry
         platform: linux/amd64
         depends_on:
             - mongodb
-        profiles: ["development"]
+        profiles: ["telemetry"]
         ports:
-            - 8000:8000 #for local debugging
+            - 8000:8000 #for local debugging
+        networks:
+            - ezbids
+
+

docker-compose.yml

@@ -0,0 +1,26 @@
+# Create/Copy this file as .env in the root of the project to set default environment variables
+
+# insert your host name here, it should match your ssl certificate and/or the output
+# of echo $HOSTNAME
+SERVER_NAME=localhost
+
+# Set the BRAINLIFE_PRODUCTION environment variable to true to use https"
+# (this will launch the services on port 443) and run with nginx/production_nginx.conf"
+# this will require providing the correct paths for the SSL_CERT_PATH, SSL_KEY_PATH and SSL_PASSWORD_PATH
+# with false the UI will run on 3000"
+BRAINLIFE_PRODUCTION=false
+
+SSL_CERT_PATH=./nginx/ssl/sslcert.cert
+SSL_KEY_PATH=./nginx/ssl/sslcert.key
+SSL_PASSWORD_PATH=./nginx/ssl/sslpassword #if your key is not encrypted use an arbitrary path here
+
+# Set the BRAINLIFE_AUTHENTICATION environment variable to true, if you're not running"
+# this with brainlife don't use."
+BRAINLIFE_AUTHENTICATION=false
+
+# Set the BRAINLIFE_DEVELOPMENT enables additional debugging output and mounts 
+# the ezbids repo/folder into the various containers default is false"
+BRAINLIFE_DEVELOPMENT=false
+
+# Define which profiles to use, e.g. set to COMPOSE_PROFILES=telemetry to enable telemetry 
+COMPOSE_PROFILES=

example.env

@@ -1,13 +1,15 @@
 FROM neurodebian:nd20.04-non-free
 
+COPY . /app
+
 SHELL ["/bin/bash", "-c"]
 
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt update && \
     apt-get update && apt-get upgrade -y
 
-RUN apt install -y parallel python3 python3-pip tree curl unzip git jq python libgl-dev python-numpy bc
+RUN apt update && apt install -y parallel python3 python3-pip tree curl unzip git jq python libgl-dev python-numpy bc
 
 RUN pip3 install numpy==1.23.0 nibabel==4.0.0 pandas matplotlib pyyaml==5.4.1 pydicom==2.3.1 natsort pydeface && \
     pip3 install quickshear mne mne-bids

handler/Dockerfile

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# check to see if a .env file exists
+if [ -f .env ]; then
+    echo ".env file exists, loading environment variables from .env file"
+else
+    echo ".env file does not exist, copying example.env to .env"
+    cp example.env .env
+fi
+
+# load the environment variables from the .env file
+source .env
+
+echo "Setting Environment Variables from .env file:"
+# display the environment variables read in from .env, could be a gotcha if 
+# the user is unclear about if the .env variables are being used. The .env variables
+# will override environment variables set in the shell as they're set once this script 
+# is run.
+while read line
+do
+  # if line does not start with # then echo the line
+  if [[ $line != \#* ]]; then
+    if [[ $line != "" ]]; then
+      echo "    ${line}"
+    fi
+  fi
+done < .env
+
+if [ $BRAINLIFE_DEVELOPMENT == true ]; then
+  # enable or disable debugging output
+  set -ex
+else
+  set -e
+fi
+
+# build local changes and mount them directly into the containers
+# api/ and ui/ are mounted as volumes  at /app within the docker-compose.yml
+(cd api && npm install)
+(cd ui && npm install)
+
+# update the bids submodule
+git submodule update --init --recursive
+
+# The main differences between the production and development docker-compose files are that the production
+# files uses https via nginx and the development file uses http.
+if [[ $BRAINLIFE_PRODUCTION == true ]]; then
+  DOCKER_COMPOSE_FILE=docker-compose-production.yml
+else
+  DOCKER_COMPOSE_FILE=docker-compose.yml
+fi
+
+mkdir -p /tmp/upload
+mkdir -p /tmp/workdir
+
+#npm run prepare-husky
+
+./generate_keys.sh
+
+# ok docker compose is now included in docker as an option for docker
+if [[ $(command -v docker-compose) ]]; then 
+    # if the older version is installed use the dash
+    docker-compose --file ${DOCKER_COMPOSE_FILE} up
+else
+    # if the newer version is installed don't use the dash
+    docker compose --file ${DOCKER_COMPOSE_FILE} up
+fi