Skip to content

Commit

Permalink
Merge pull request #237 from getodk/release
Browse files Browse the repository at this point in the history 
Changes for v1.3
  • Loading branch information
@matthew-white
matthew-white authored Sep 30, 2021
2 parents e16b795 + 4c698a9 commit 0fe596d
Show file tree
Hide file tree
Showing 12 changed files with 59 additions and 18 deletions.
2 changes: 1 addition & 1 deletion client
Submodule client updated 296 files
10 changes: 8 additions & 2 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ services:
POSTGRES_DATABASE: odk
restart: always
mail:
image: "itsissa/namshi-smtp:4.89-2.deb9u5"
image: "itsissa/namshi-smtp:4.92-8.deb10u6"
volumes:
- ./files/dkim/config:/etc/exim4/_docker_additional_macros:ro
- ./files/dkim/rsa.private:/etc/exim4/domain.key:ro
Expand All @@ -35,6 +35,8 @@ services:
- SYSADMIN_EMAIL=${SYSADMIN_EMAIL}
command: [ "./wait-for-it.sh", "postgres:5432", "--", "./start-odk.sh" ]
restart: always
logging:
driver: local
nginx:
build:
context: .
Expand All @@ -52,8 +54,12 @@ services:
healthcheck:
test: [ "CMD-SHELL", "nc -z localhost 80 || exit 1" ]
restart: always
logging:
driver: local
options:
max-file: "30"
pyxform:
image: 'getodk/pyxform-http:v1.5.1'
image: 'ghcr.io/getodk/pyxform-http:v1.6.0'
restart: always
secrets:
volumes:
Expand Down
8 changes: 4 additions & 4 deletions enketo.dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM enketo/enketo-express:2.7.3
FROM ghcr.io/enketo/enketo-express:3.0.1

ENV ENKETO_SRC_DIR=/srv/src/enketo_express
WORKDIR ${ENKETO_SRC_DIR}
Expand All @@ -15,11 +15,11 @@ COPY files/enketo/config.json.template ${ENKETO_SRC_DIR}/config/config.json
COPY files/enketo/start-enketo.sh ${ENKETO_SRC_DIR}/start-enketo.sh

RUN apt-get update; apt-get install gettext-base
RUN grunt

RUN npm install --production
RUN npm install
RUN grunt
RUN npm prune --production

EXPOSE 8005

CMD ./start-enketo.sh

2 changes: 1 addition & 1 deletion files/nginx/odk-setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ CNAME=$([ "$SSL_TYPE" = "customssl" ] && echo "local" || echo "$DOMAIN") \
if [ "$SSL_TYPE" = "letsencrypt" ]
then
echo "starting nginx with certbot.."
/bin/bash /scripts/entrypoint.sh
/bin/bash /scripts/start_nginx_certbot.sh
elif [ "$SSL_TYPE" = "upstream" ]
then
perl -i -ne 's/listen 443.*/listen 80;/; print if ! /ssl_/' /etc/nginx/conf.d/odk.conf
Expand Down
19 changes: 15 additions & 4 deletions files/nginx/odk.conf.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,17 @@ server {
ssl_certificate_key /etc/${SSL_TYPE}/live/${CNAME}/privkey.pem;
ssl_trusted_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;

ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

ssl_dhparam /etc/dh/nginx.pem;

server_tokens off;
add_header Strict-Transport-Security "max-age=31536000";
add_header Strict-Transport-Security "max-age=63072000" always;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;

client_max_body_size 100m;
Expand Down Expand Up @@ -45,6 +49,13 @@ server {

location / {
root /usr/share/nginx/html;

location /version.txt {
add_header Cache-Control no-cache;
}
location /index.html {
add_header Cache-Control no-cache;
}
}
}

1 change: 1 addition & 0 deletions files/service/crontab
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
0 3 * * * root /usr/odk/run-analytics.sh
0 2 * * * root /usr/odk/run-backup.sh
0 1 * * 0 root /usr/odk/reap-sessions.sh
17 changes: 17 additions & 0 deletions files/service/pm2.config.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
module.exports = {
apps: [{
name: 'service',
script: './lib/bin/run-server.js',

// the default is 1600ms; we aren't that impatient:
kill_timeout: 30000,

// log to stdout/stderr:
out_file: '/proc/1/fd/1',
error_file: '/proc/1/fd/2',

// per Unitech/pm2#2045 this resolves a conflict w node-config:
instance_var: 'INSTANCE_ID'
}]
};

5 changes: 5 additions & 0 deletions files/service/scripts/run-analytics.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/sh

cd /usr/odk
/usr/local/bin/node lib/bin/run-analytics.js >/proc/1/fd/1 2>/proc/1/fd/2

3 changes: 1 addition & 2 deletions files/service/scripts/start-odk.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,5 @@ fi
echo "using $WORKER_COUNT worker(s) based on available memory ($MEMTOT).."

echo "starting server."
mkdir -p /var/log/odk
node node_modules/naught/lib/main.js start --remove-old-ipc true --worker-count $WORKER_COUNT --daemon-mode false --log /var/log/odk/naught.log --stdout /proc/1/fd/1 --stderr /proc/1/fd/2 lib/bin/run-server.js
pm2-runtime ./pm2.config.js --instances $WORKER_COUNT

4 changes: 2 additions & 2 deletions nginx.dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM node:12.6.0 as intermediate
FROM node:14.17.6 as intermediate

COPY ./ ./
RUN files/prebuild/write-version.sh
RUN files/prebuild/build-frontend.sh


FROM staticfloat/nginx-certbot@sha256:113300163d871119a261738964d7d8f24a478a605d56888a82e9f45fb353698d
FROM jonasal/nginx-certbot:2.4

EXPOSE 80
EXPOSE 443
Expand Down
2 changes: 1 addition & 1 deletion server
Submodule server updated 80 files
+1 −1 .circleci/config.yml
+2 −0 .eslintrc.json
+8 −0 Makefile
+14 −8 README.md
+6 −1 config/default.json
+165 −27 docs/api.md
+1 −2 lib/bin/backup.js
+25 −0 lib/bin/run-analytics.js
+180 −0 lib/data/analytics.js
+1 −1 lib/data/briefcase.js
+16 −5 lib/data/client-audits.js
+2 −0 lib/data/odata-filter.js
+19 −8 lib/data/odata.js
+13 −7 lib/data/schema.js
+251 −1 lib/data/submission.js
+66 −0 lib/external/odk-analytics.js
+93 −25 lib/external/sentry.js
+1 −3 lib/external/slonik.js
+1 −0 lib/formats/odata.js
+1 −0 lib/http/service.js
+1 −0 lib/model/container.js
+1 −1 lib/model/frames.js
+68 −0 lib/model/frames/config.js
+4 −3 lib/model/migrate.js
+16 −0 lib/model/migrations/20210716-01-config-value-jsonb.js
+25 −0 lib/model/migrations/20210721-01-add-config-set-verb.js
+81 −0 lib/model/migrations/20210817-01-disallow-structure-downcast-to-string.js
+30 −0 lib/model/migrations/20210825-01-add-analytics-read-verb.js
+27 −0 lib/model/migrations/20210903-01-backfill-encrypted-client-audits.js
+70 −0 lib/model/migrations/20210927-01-revert-disallow-structure-downcast.js
+464 −0 lib/model/query/analytics.js
+3 −3 lib/model/query/audits.js
+12 −5 lib/model/query/client-audits.js
+13 −6 lib/model/query/configs.js
+5 −1 lib/model/query/forms.js
+3 −1 lib/model/query/submission-attachments.js
+20 −0 lib/resources/analytics.js
+1 −1 lib/resources/backup.js
+57 −6 lib/resources/config.js
+9 −14 lib/resources/forms.js
+24 −14 lib/resources/sessions.js
+47 −26 lib/resources/submissions.js
+47 −0 lib/task/analytics.js
+2 −5 lib/task/config.js
+3 −3 lib/task/google.js
+1 −1 lib/task/reap-sessions.js
+2 −1 lib/task/task.js
+2 −2 lib/util/crypto.js
+49 −5 lib/util/db.js
+28 −2 lib/util/http.js
+12 −4 lib/util/problem.js
+1,146 −792 package-lock.json
+7 −6 package.json
+10 −1 test/assertions.js
+23 −0 test/integration/api/analytics.js
+1 −1 test/integration/api/app-users.js
+45 −28 test/integration/api/audits.js
+213 −9 test/integration/api/config.js
+64 −4 test/integration/api/forms.js
+79 −8 test/integration/api/odata.js
+1 −1 test/integration/api/public-links.js
+20 −1 test/integration/api/sessions.js
+116 −5 test/integration/api/submissions.js
+599 −0 test/integration/other/analytics-queries.js
+45 −3 test/integration/other/encryption.js
+5 −1 test/integration/setup.js
+77 −0 test/integration/task/analytics.js
+5 −17 test/integration/task/config.js
+3 −3 test/integration/task/reap-sessions.js
+83 −0 test/unit/data/analytics.js
+65 −8 test/unit/data/odata.js
+31 −0 test/unit/data/schema.js
+533 −2 test/unit/data/submission.js
+570 −0 test/unit/external/sanitize-sentry.js
+8 −0 test/unit/formats/odata.js
+2 −1 test/unit/http/endpoint.js
+142 −0 test/unit/model/frames/config.js
+165 −0 test/unit/util/db.js
+32 −0 test/util/odk-analytics-mock.js
+3 −1 test/util/util.js
4 changes: 3 additions & 1 deletion service.dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:12.6.0
FROM node:14.17.6

WORKDIR /usr/odk

Expand All @@ -11,9 +11,11 @@ COPY files/service/crontab /etc/cron.d/odk

COPY server/package*.json ./
RUN npm install --production
RUN npm install pm2 -g

COPY server/ ./
COPY files/service/scripts/ ./
COPY files/service/pm2.config.js ./

COPY files/service/config.json.template /usr/share/odk/
COPY files/service/odk-cmd /usr/bin/
Expand Down

0 comments on commit 0fe596d

Please sign in to comment.