From a2b8267cd56abc4ac273798f581c037179f510a5 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Thu, 16 Nov 2017 19:19:19 -0500 Subject: [PATCH 01/21] Environmental variables, nginx templates --- .env | 3 +++ .gitignore | 1 + Dockerfile | 2 +- docker-compose.yml | 7 +++++-- nginx/.gitignore | 2 ++ nginx/{nginx.conf => nginx.conf.template} | 3 +-- start.sh | 14 +++++++++++++- webodm.sh | 11 +++++++++++ 8 files changed, 37 insertions(+), 6 deletions(-) create mode 100644 .env create mode 100644 nginx/.gitignore rename nginx/{nginx.conf => nginx.conf.template} (96%) diff --git a/.env b/.env new file mode 100644 index 00000000..267b2443 --- /dev/null +++ b/.env @@ -0,0 +1,3 @@ +HOST=webodm.localhost +PORT=8000 +APP_MEDIA_DIR=appmedia diff --git a/.gitignore b/.gitignore index 1ef28f69..cdbf6af3 100644 --- a/.gitignore +++ b/.gitignore @@ -93,3 +93,4 @@ node_modules/ webpack-stats.json pip-selfcheck.json .idea/ +package-lock.json diff --git a/Dockerfile b/Dockerfile index c660d544..0b73a535 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN printf "deb http://mirror.steadfast.net/debian/ stable main contrib n RUN printf "deb http://mirror.steadfast.net/debian/ testing main contrib non-free\ndeb-src http://mirror.steadfast.net/debian/ testing main contrib non-free" > /etc/apt/sources.list.d/testing.list # Install GDAL, nginx -RUN apt-get update && apt-get install -t testing -y binutils libproj-dev gdal-bin nginx +RUN apt-get update && apt-get install -t testing -y binutils libproj-dev gdal-bin nginx gettext-base WORKDIR /webodm/nodeodm/external/node-OpenDroneMap RUN npm install diff --git a/docker-compose.yml b/docker-compose.yml index 593a477a..8457bf48 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,9 +19,12 @@ services: container_name: webapp entrypoint: /bin/bash -c "chmod +x /webodm/*.sh && /bin/bash -c \"/webodm/wait-for-it.sh db:5432 -- /webodm/start.sh\"" volumes: - - appmedia:/webodm/app/media + - ${MEDIA_DIR}:/webodm/app/media ports: - - "8000:8000" + - "${PORT}:8000" depends_on: - db + environment: + - PORT + - HOST restart: on-failure:10 \ No newline at end of file diff --git a/nginx/.gitignore b/nginx/.gitignore new file mode 100644 index 00000000..077ba2b0 --- /dev/null +++ b/nginx/.gitignore @@ -0,0 +1,2 @@ +ssl/ +*.conf diff --git a/nginx/nginx.conf b/nginx/nginx.conf.template similarity index 96% rename from nginx/nginx.conf rename to nginx/nginx.conf.template index 18b39fbd..b107206b 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf.template @@ -31,8 +31,7 @@ http { listen 8000 deferred; client_max_body_size 0; - # set the correct host(s) for your site - server_name webodm.localhost; + server_name $HOST; keepalive_timeout 5; diff --git a/start.sh b/start.sh index 3abaac25..b467ce59 100755 --- a/start.sh +++ b/start.sh @@ -74,7 +74,19 @@ if [ "$1" = "--setup-devenv" ] || [ "$2" = "--setup-devenv" ] || [ "$1" = "--no- else if [ -e /webodm ] && [ ! -e /webodm/build/static ]; then echo -e "\033[91mWARN:\033[39m /webodm/build/static does not exist, CSS, JS and other files might not be available." - fi + fi + + # If this is invoked outside docker, we need to make sure + # envsubst returns a valid config file... + export HOST="${HOST:=webodm.localhost}" + + echo "Generating nginx configurations from templates..." + for templ in nginx/*.template + do + echo "- $templ" + envsubst '\$HOST \$OTHER_VAR' < $templ > ${templ%.*} + done + nginx -c $(pwd)/nginx/nginx.conf gunicorn webodm.wsgi --bind unix:/tmp/gunicorn.sock --timeout 360 --preload fi diff --git a/webodm.sh b/webodm.sh index a0910343..e3a20ae0 100755 --- a/webodm.sh +++ b/webodm.sh @@ -16,6 +16,11 @@ if [[ $platform = "Windows" ]]; then export COMPOSE_CONVERT_WINDOWS_PATHS=1 fi +# Set default ENV variables +export PORT="${WEBODM_PORT:=8000}" +export HOST="${WEBODM_HOST:=webodm.localhost}" +export MEDIA_DIR="${WEBODM_MEDIA_DIR:=appmedia}" + usage(){ echo "Usage: $0 [options]" echo @@ -121,6 +126,12 @@ resetpassword(){ if [[ $1 = "start" ]]; then environment_check echo "Starting WebODM..." + + + echo -e "Host: \033[92m\033[1m$PORT\033[0m\033[39m" + echo -e "Port: \033[92m\033[1m$HOST\033[0m\033[39m" + echo -e "Media dir: \033[92m\033[1m$HOST\033[0m\033[39m" + start elif [[ $1 = "stop" ]]; then environment_check From b9076d1e0eef3ab64115dc629cba059bbeb6c3ce Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Thu, 16 Nov 2017 19:27:55 -0500 Subject: [PATCH 02/21] Env vars tweaks --- .env | 2 +- start.sh | 9 ++++----- webodm.sh | 9 ++++----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.env b/.env index 267b2443..3c532618 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ -HOST=webodm.localhost +HOST=localhost PORT=8000 APP_MEDIA_DIR=appmedia diff --git a/start.sh b/start.sh index b467ce59..6498bf77 100755 --- a/start.sh +++ b/start.sh @@ -58,6 +58,9 @@ if [[ "$1" = "--create-default-pnode" ]]; then echo "from nodeodm.models import ProcessingNode; ProcessingNode.objects.update_or_create(hostname='node-odm-1', defaults={'hostname': 'node-odm-1', 'port': 3000})" | python manage.py shell fi +export HOST="${HOST:=localhost}" +export PORT="${PORT:=8000}" + (sleep 5; echo echo -e "\033[92m" echo "Congratulations! └@(・◡・)@┐" @@ -65,7 +68,7 @@ echo ========================== echo -e "\033[39m" echo "If there are no errors, WebODM should be up and running!" echo -e "\033[93m" -echo Open a web browser and navigate to http://localhost:8000 +echo Open a web browser and navigate to http://$HOST:$PORT echo -e "\033[39m" echo -e "\033[91mNOTE:\033[39m Windows users using docker should replace localhost with the IP of their docker machine's IP. To find what that is, run: docker-machine ip") & @@ -76,10 +79,6 @@ else echo -e "\033[91mWARN:\033[39m /webodm/build/static does not exist, CSS, JS and other files might not be available." fi - # If this is invoked outside docker, we need to make sure - # envsubst returns a valid config file... - export HOST="${HOST:=webodm.localhost}" - echo "Generating nginx configurations from templates..." for templ in nginx/*.template do diff --git a/webodm.sh b/webodm.sh index e3a20ae0..8f48a44d 100755 --- a/webodm.sh +++ b/webodm.sh @@ -18,7 +18,7 @@ fi # Set default ENV variables export PORT="${WEBODM_PORT:=8000}" -export HOST="${WEBODM_HOST:=webodm.localhost}" +export HOST="${WEBODM_HOST:=localhost}" export MEDIA_DIR="${WEBODM_MEDIA_DIR:=appmedia}" usage(){ @@ -127,10 +127,9 @@ if [[ $1 = "start" ]]; then environment_check echo "Starting WebODM..." - - echo -e "Host: \033[92m\033[1m$PORT\033[0m\033[39m" - echo -e "Port: \033[92m\033[1m$HOST\033[0m\033[39m" - echo -e "Media dir: \033[92m\033[1m$HOST\033[0m\033[39m" + echo "Host: $PORT" + echo "Port: $HOST" + echo "Media dir: $MEDIA_DIR" start elif [[ $1 = "stop" ]]; then From 5f8a85e7ec2d0a50c6ee7db1515a4d59ae978116 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Thu, 16 Nov 2017 19:33:10 -0500 Subject: [PATCH 03/21] Swap host/port, better description --- webodm.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/webodm.sh b/webodm.sh index 8f48a44d..fc972504 100755 --- a/webodm.sh +++ b/webodm.sh @@ -126,11 +126,16 @@ resetpassword(){ if [[ $1 = "start" ]]; then environment_check echo "Starting WebODM..." - - echo "Host: $PORT" - echo "Port: $HOST" - echo "Media dir: $MEDIA_DIR" - + echo "" + echo "Using the following environment:" + echo "============" + echo "Host: $HOST" + echo "Port: $PORT" + echo "Media directory: $MEDIA_DIR" + echo "============" + echo "Make sure to issue a $0 down if you decide to change the environment." + echo "" + start elif [[ $1 = "stop" ]]; then environment_check From c7cb95f38604840af381355672e6915a629da414 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Thu, 16 Nov 2017 19:45:29 -0500 Subject: [PATCH 04/21] Fixed travis build --- .env | 2 +- webodm.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.env b/.env index 3c532618..ea34ae2a 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ HOST=localhost PORT=8000 -APP_MEDIA_DIR=appmedia +MEDIA_DIR=appmedia diff --git a/webodm.sh b/webodm.sh index fc972504..d8c69ac2 100755 --- a/webodm.sh +++ b/webodm.sh @@ -16,7 +16,7 @@ if [[ $platform = "Windows" ]]; then export COMPOSE_CONVERT_WINDOWS_PATHS=1 fi -# Set default ENV variables +# Set default env variables export PORT="${WEBODM_PORT:=8000}" export HOST="${WEBODM_HOST:=localhost}" export MEDIA_DIR="${WEBODM_MEDIA_DIR:=appmedia}" @@ -135,7 +135,7 @@ if [[ $1 = "start" ]]; then echo "============" echo "Make sure to issue a $0 down if you decide to change the environment." echo "" - + start elif [[ $1 = "stop" ]]; then environment_check From b46ae07b5a02dd40c07dad03d0435781a3b56d49 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 13:42:34 -0500 Subject: [PATCH 05/21] Lets Encrypt support --- .env | 4 ++ .gitignore | 1 + Dockerfile | 25 ++++---- docker-compose.ssl-manual.yml | 7 +++ docker-compose.ssl.yml | 14 +++++ nginx/.gitignore | 1 + nginx/crontab | 4 ++ nginx/letsencrypt-autogen.sh | 43 +++++++++++++ nginx/nginx-ssl.conf.template | 88 ++++++++++++++++++++++++++ start.sh | 17 ++++- webodm.sh | 115 +++++++++++++++++++++++++++++----- 11 files changed, 292 insertions(+), 27 deletions(-) create mode 100644 docker-compose.ssl-manual.yml create mode 100644 docker-compose.ssl.yml create mode 100644 nginx/crontab create mode 100644 nginx/letsencrypt-autogen.sh create mode 100644 nginx/nginx-ssl.conf.template diff --git a/.env b/.env index ea34ae2a..54a2639f 100644 --- a/.env +++ b/.env @@ -1,3 +1,7 @@ HOST=localhost PORT=8000 MEDIA_DIR=appmedia +SSL=NO +SSL_KEY= +SSL_CERT= +SSL_INSECURE_PORT_REDIRECT=80 diff --git a/.gitignore b/.gitignore index cdbf6af3..d7660349 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ webpack-stats.json pip-selfcheck.json .idea/ package-lock.json +.cronenv diff --git a/Dockerfile b/Dockerfile index 0b73a535..2253c94e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,17 +8,7 @@ ENV PYTHONPATH $PYTHONPATH:/webodm RUN mkdir /webodm WORKDIR /webodm -# Install pip reqs -ADD requirements.txt /webodm/ -RUN pip install -r requirements.txt - -ADD . /webodm/ - -RUN git submodule update --init - -# Install Node.js RUN curl --silent --location https://deb.nodesource.com/setup_6.x | bash - -RUN apt-get install -y nodejs # Configure use of testing branch of Debian RUN printf "Package: *\nPin: release a=stable\nPin-Priority: 900\n" > /etc/apt/preferences.d/stable.pref @@ -26,8 +16,19 @@ RUN printf "Package: *\nPin: release a=testing\nPin-Priority: 750\n" > /etc/apt/ RUN printf "deb http://mirror.steadfast.net/debian/ stable main contrib non-free\ndeb-src http://mirror.steadfast.net/debian/ stable main contrib non-free" > /etc/apt/sources.list.d/stable.list RUN printf "deb http://mirror.steadfast.net/debian/ testing main contrib non-free\ndeb-src http://mirror.steadfast.net/debian/ testing main contrib non-free" > /etc/apt/sources.list.d/testing.list -# Install GDAL, nginx -RUN apt-get update && apt-get install -t testing -y binutils libproj-dev gdal-bin nginx gettext-base +# Install Node.js GDAL, nginx, letsencrypt +RUN apt-get update && apt-get install -t testing -y binutils libproj-dev gdal-bin nginx && apt-get install nodejs gettext-base cron certbot + +# Install pip reqs +ADD requirements.txt /webodm/ +RUN pip install -r requirements.txt + +ADD . /webodm/ + +# Setup cron +RUN ln -s /webodm/nginx/crontab /etc/cron.d/nginx-cron && chmod 0644 /webodm/nginx/crontab && service cron start + +RUN git submodule update --init WORKDIR /webodm/nodeodm/external/node-OpenDroneMap RUN npm install diff --git a/docker-compose.ssl-manual.yml b/docker-compose.ssl-manual.yml new file mode 100644 index 00000000..0321f2f5 --- /dev/null +++ b/docker-compose.ssl-manual.yml @@ -0,0 +1,7 @@ +# This configuration adds the volumes necessary for SSL manual setup +version: '2' +services: + webapp: + volumes: + - ${SSL_KEY}:/webodm/nginx/ssl/key.pem + - ${SSL_CERT}:/webodm/nginx/ssl/cert.pem diff --git a/docker-compose.ssl.yml b/docker-compose.ssl.yml new file mode 100644 index 00000000..dc9a3e41 --- /dev/null +++ b/docker-compose.ssl.yml @@ -0,0 +1,14 @@ +# This configuration adds support for SSL +version: '2' +volumes: + letsencrypt: + driver: local +services: + webapp: + ports: + - "${SSL_INSECURE_PORT_REDIRECT}:8080" + volumes: + - letsencrypt:/webodm/nginx/letsencrypt + environment: + - SSL + - SSL_KEY \ No newline at end of file diff --git a/nginx/.gitignore b/nginx/.gitignore index 077ba2b0..4aee8d40 100644 --- a/nginx/.gitignore +++ b/nginx/.gitignore @@ -1,2 +1,3 @@ ssl/ +letsencrypt/ *.conf diff --git a/nginx/crontab b/nginx/crontab new file mode 100644 index 00000000..41844f37 --- /dev/null +++ b/nginx/crontab @@ -0,0 +1,4 @@ +# Automatically renew the SSL certificate (if needed) +0 0 1 * * root source /webodm/.cronenv; bash -c "/webodm/nginx/letsencrypt-autogen.sh" + +# An empty line is required at the end of this file for a valid cron file. diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh new file mode 100644 index 00000000..e6df519f --- /dev/null +++ b/nginx/letsencrypt-autogen.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -eo pipefail +__dirname=$(cd $(dirname "$0"); pwd -P) +cd ${__dirname} + +hash certbot 2>/dev/null || not_found=true +if [ $not_found ]; then + echo "Certbot not found. You need to install certbot to use this script." + exit 1 +fi + +if [ "$SSL" = "NO" ] || [ ! -z "$SSL_KEY" ]; then + echo "SSL not enabled, or manual SSL key specified, exiting." + exit 1 +fi + +DOMAIN="${HOST:=$1}" +if [ -z $DOMAIN ]; then + echo "Usage: $0 " + exit 1 +fi + +# Generate/update certificate +certbot certonly --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep + +# Create ssl dir if necessary +if [ ! -e ssl/ ]; then + mkdir ssl +fi + +# Update symlinks +if [ -e ssl/key.pem ]; then + rm ssl/key.pem +fi + +if [ -e ssl/cert.pem ]; then + rm ssl/cert.pem +fi + +if [ -e "letsencrypt/live/$DOMAIN" ]; then + ln -vs "letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem + ln -vs "letsencrypt/live/$DOMAIN/chain.pem" ssl/cert.pem +fi \ No newline at end of file diff --git a/nginx/nginx-ssl.conf.template b/nginx/nginx-ssl.conf.template new file mode 100644 index 00000000..0517354e --- /dev/null +++ b/nginx/nginx-ssl.conf.template @@ -0,0 +1,88 @@ +worker_processes 1; + +# Change this if running outside docker! +user root root; +pid /tmp/nginx.pid; +error_log /tmp/nginx.error.log; + +events { + worker_connections 1024; # increase if you have lots of clients + accept_mutex off; # set to 'on' if nginx worker_processes > 1 + use epoll; +} + +http { + include /etc/nginx/mime.types; + + # fallback in case we can't determine a type + default_type application/octet-stream; + access_log /tmp/nginx.access.log combined; + sendfile on; + + upstream app_server { + # fail_timeout=0 means we always retry an upstream even if it failed + # to return a good HTTP response + + # for UNIX domain socket setups + server unix:/tmp/gunicorn.sock fail_timeout=0; + } + + # Redirect all non-encrypted to encrypted + server { + server_name $HOST; + listen 8080; + return 301 https://$HOST:$PORT$request_uri; + } + + server { + listen 8000 deferred; + client_max_body_size 0; + + server_name $HOST; + + ssl on; + ssl_certificate /webodm/nginx/ssl/cert.pem + ssl_certificate_key /webodm/nginx/ssl/key.pem + + keepalive_timeout 5; + + proxy_connect_timeout 360s; + proxy_read_timeout 360s; + + # path for static files + location /static { + root /webodm/build; + } + + # path for certain media files that don't need permissions enforced + location /media/CACHE { + root /webodm/app; + } + location /media/settings { + autoindex on; + root /webodm/app; + } + + location / { + # CORS settings + + # These settings are VERY permissive, consider tightening them + + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; + add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # enable this if and only if you use HTTPS + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Host $http_host; + + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://app_server; + } + } +} diff --git a/start.sh b/start.sh index 6498bf77..58e8d4dc 100755 --- a/start.sh +++ b/start.sh @@ -61,6 +61,9 @@ fi export HOST="${HOST:=localhost}" export PORT="${PORT:=8000}" +# Dump environment to .cronenv +printenv > .cronenv + (sleep 5; echo echo -e "\033[92m" echo "Congratulations! └@(・◡・)@┐" @@ -86,7 +89,19 @@ else envsubst '\$HOST \$OTHER_VAR' < $templ > ${templ%.*} done - nginx -c $(pwd)/nginx/nginx.conf + # Check if we need to auto-generate SSL certs via letsencrypt + if [ "$SSL" = "YES" ] && [ -z "$SSL_KEY" ]; then + bash -c "nginx/letsencrypt-autogen.sh" + fi + + # Check if SSL key/certs are available + conf="nginx.conf" + if [ -e nginx/ssl ]; + echo "Using nginx SSL configuration" + conf="nginx-ssl.conf" + fi + + nginx -c $(pwd)/nginx/$conf gunicorn webodm.wsgi --bind unix:/tmp/gunicorn.sock --timeout 360 --preload fi diff --git a/webodm.sh b/webodm.sh index d8c69ac2..2e93a754 100755 --- a/webodm.sh +++ b/webodm.sh @@ -1,5 +1,7 @@ #!/bin/bash set -eo pipefail +__dirname=$(cd $(dirname "$0"); pwd -P) +cd ${__dirname} platform="Linux" # Assumed uname=$(uname) @@ -16,25 +18,86 @@ if [[ $platform = "Windows" ]]; then export COMPOSE_CONVERT_WINDOWS_PATHS=1 fi -# Set default env variables -export PORT="${WEBODM_PORT:=8000}" -export HOST="${WEBODM_HOST:=localhost}" -export MEDIA_DIR="${WEBODM_MEDIA_DIR:=appmedia}" +# Load default values +source .env +DEFAULT_PORT="$PORT" +DEFAULT_HOST="$HOST" +DEFAULT_MEDIA_DIR="$MEDIA_DIR" +DEFAULT_SSL="$SSL" +DEFAULT_SSL_INSECURE_PORT_REDIRECT="$SSL_INSECURE_PORT_REDIRECT" + +# Parse args for overrides +POSITIONAL=() +while [[ $# -gt 0 ]] +do +key="$1" + +case $key in + --port) + export PORT="$2" + shift # past argument + shift # past value + ;; + --hostname) + export HOST="$2" + shift # past argument + shift # past value + ;; + --media-dir) + export MEDIA_DIR=$(realpath "$2") + shift # past argument + shift # past value + ;; + --ssl) + SSL=YES + shift # past argument + ;; + --ssl-key) + export SSL_KEY=$(realpath "$2") + shift # past argument + shift # past value + ;; + --ssl-cert) + export SSL_CERT=$(realpath "$2") + shift # past argument + shift # past value + ;; + --ssl-insecure-port-redirect) + export SSL_INSECURE_PORT_REDIRECT="$2" + shift # past argument + shift # past value + ;; + *) # unknown option + POSITIONAL+=("$1") # save it in an array for later + shift # past argument + ;; +esac +done +set -- "${POSITIONAL[@]}" # restore positional parameter usage(){ - echo "Usage: $0 [options]" + echo "Usage: $0 " echo echo "This program helps to manage the setup/teardown of the docker containers for running WebODM. We recommend that you read the full documentation of docker at https://docs.docker.com if you want to customize your setup." echo echo "Command list:" - echo " start Start WebODM" - echo " stop Stop WebODM" - echo " down Stop and remove WebODM's docker containers" - echo " update Update WebODM to the latest release" - echo " rebuild Rebuild all docker containers and perform cleanups" - echo " checkenv Do an environment check and install missing components" - echo " test Run the unit test suite (developers only)" + echo " start [options] Start WebODM" + echo " stop Stop WebODM" + echo " down Stop and remove WebODM's docker containers" + echo " update Update WebODM to the latest release" + echo " rebuild Rebuild all docker containers and perform cleanups" + echo " checkenv Do an environment check and install missing components" + echo " test Run the unit test suite (developers only)" echo " resetadminpassword Reset the administrator's password to a new one. WebODM must be running when executing this command." + echo "" + echo "Options:" + echo " --port Set the port that WebODM should bind to (default: $DEFAULT_PORT)" + echo " --hostname Set the hostname that WebODM will be accessible from (default: $DEFAULT_HOST)" + echo " --media-dir Path where processing results will be stored to (default: $DEFAULT_MEDIA_DIR (docker named volume))" + echo " --ssl Enable SSL and automatically request and install a certificate from letsencrypt.org. (default: $DEFAULT_SSL)" + echo " --ssl-key Manually specify a path to the private key file (.pem) to use with nginx to enable SSL (default: None)" + echo " --ssl-cert Manually specify a path to the certificate file (.pem) to use with nginx to enable SSL (default: None)" + echo " --ssl-insecure-port-redirect Insecure port number to redirect from when SSL is enabled (default: $DEFAULT_SSL_INSECURE_PORT_REDIRECT)" exit } @@ -79,6 +142,26 @@ run(){ start(){ command="docker-compose -f docker-compose.yml -f docker-compose.nodeodm.yml" + if [ "$SSL" = "YES" ]; then + if [ ! -z "$SSL_KEY" ] && [ ! -e "$SSL_KEY" ]; then + echo -e "\033[91mSSL key file does not exist: $SSL_KEY\033[39m" + exit 1 + fi + if [ ! -z "$SSL_CERT" ] && [ ! -e "$SSL_CERT" ]; then + echo -e "\033[91mSSL certificate file does not exist: $SSL_CERT\033[39m" + exit 1 + fi + + command+=" -f docker-compose.ssl.yml" + + method="Lets Encrypt" + if [ ! -z "$SSL_KEY" ] && [ ! -z "$SSL_CERT" ]; then + method="Manual" + command+=" -f docker-compose.ssl-manual.yml" + fi + + echo "SSL will be enabled ($method)" + fi run "$command start || $command up" } @@ -128,11 +211,15 @@ if [[ $1 = "start" ]]; then echo "Starting WebODM..." echo "" echo "Using the following environment:" - echo "============" + echo "================================" echo "Host: $HOST" echo "Port: $PORT" echo "Media directory: $MEDIA_DIR" - echo "============" + echo "SSL: $SSL" + echo "SSL key: $SSL_KEY" + echo "SSL certificate: $SSL_CERT" + echo "SSL insecure port redirect: $SSL_INSECURE_PORT_REDIRECT" + echo "================================" echo "Make sure to issue a $0 down if you decide to change the environment." echo "" From 591bfa37ab0e8ddd00cdf20c81cb5779cca45c75 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 13:48:28 -0500 Subject: [PATCH 06/21] Fixed docker build --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2253c94e..4a1abbc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ RUN printf "deb http://mirror.steadfast.net/debian/ stable main contrib n RUN printf "deb http://mirror.steadfast.net/debian/ testing main contrib non-free\ndeb-src http://mirror.steadfast.net/debian/ testing main contrib non-free" > /etc/apt/sources.list.d/testing.list # Install Node.js GDAL, nginx, letsencrypt -RUN apt-get update && apt-get install -t testing -y binutils libproj-dev gdal-bin nginx && apt-get install nodejs gettext-base cron certbot +RUN apt-get -qq update && apt-get -qq install -t testing -y binutils libproj-dev gdal-bin nginx && apt-get -qq install -y nodejs gettext-base cron certbot # Install pip reqs ADD requirements.txt /webodm/ From 68e2b2030a6f41d33490559ca4e8494ee3a42f9a Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 14:03:24 -0500 Subject: [PATCH 07/21] Letsencrypt port warning --- Dockerfile | 3 ++- webodm.sh | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4a1abbc2..7e57a33b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN mkdir /webodm WORKDIR /webodm RUN curl --silent --location https://deb.nodesource.com/setup_6.x | bash - +RUN apt-get -qq install -y nodejs # Configure use of testing branch of Debian RUN printf "Package: *\nPin: release a=stable\nPin-Priority: 900\n" > /etc/apt/preferences.d/stable.pref @@ -17,7 +18,7 @@ RUN printf "deb http://mirror.steadfast.net/debian/ stable main contrib n RUN printf "deb http://mirror.steadfast.net/debian/ testing main contrib non-free\ndeb-src http://mirror.steadfast.net/debian/ testing main contrib non-free" > /etc/apt/sources.list.d/testing.list # Install Node.js GDAL, nginx, letsencrypt -RUN apt-get -qq update && apt-get -qq install -t testing -y binutils libproj-dev gdal-bin nginx && apt-get -qq install -y nodejs gettext-base cron certbot +RUN apt-get -qq update && apt-get -qq install -t testing -y binutils libproj-dev gdal-bin nginx && apt-get -qq install -y gettext-base cron certbot # Install pip reqs ADD requirements.txt /webodm/ diff --git a/webodm.sh b/webodm.sh index 2e93a754..ef62a76e 100755 --- a/webodm.sh +++ b/webodm.sh @@ -142,6 +142,7 @@ run(){ start(){ command="docker-compose -f docker-compose.yml -f docker-compose.nodeodm.yml" + if [ "$SSL" = "YES" ]; then if [ ! -z "$SSL_KEY" ] && [ ! -e "$SSL_KEY" ]; then echo -e "\033[91mSSL key file does not exist: $SSL_KEY\033[39m" @@ -161,7 +162,19 @@ start(){ fi echo "SSL will be enabled ($method)" + + # Check port settings + # as let's encrypt cannot communicate on ports + # different than 80 or 443 + if [ "$method" = "Lets Encrypt" ]; then + if [ "$PORT" != "$DEFAULT_PORT" ]; then + echo -e "\033[93mLets Encrypt cannot run on port: $PORT, switching to 443.\033[39m" + echo "If you need to use a different port, you'll need to generate the SSL certificate files separately and use the --ssl-key and --ssl-certificate options." + fi + export PORT=443 + fi fi + run "$command start || $command up" } From 523f47654093ba28d096a7a78375c8ad92cc03eb Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 14:22:48 -0500 Subject: [PATCH 08/21] Typo, hostname check --- start.sh | 2 +- webodm.sh | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/start.sh b/start.sh index 58e8d4dc..8daa346c 100755 --- a/start.sh +++ b/start.sh @@ -96,7 +96,7 @@ else # Check if SSL key/certs are available conf="nginx.conf" - if [ -e nginx/ssl ]; + if [ -e nginx/ssl ]; then echo "Using nginx SSL configuration" conf="nginx-ssl.conf" fi diff --git a/webodm.sh b/webodm.sh index ef62a76e..7cb49ed5 100755 --- a/webodm.sh +++ b/webodm.sh @@ -161,18 +161,24 @@ start(){ command+=" -f docker-compose.ssl-manual.yml" fi - echo "SSL will be enabled ($method)" - - # Check port settings - # as let's encrypt cannot communicate on ports - # different than 80 or 443 if [ "$method" = "Lets Encrypt" ]; then + # Check port settings + # as let's encrypt cannot communicate on ports + # different than 80 or 443 if [ "$PORT" != "$DEFAULT_PORT" ]; then echo -e "\033[93mLets Encrypt cannot run on port: $PORT, switching to 443.\033[39m" echo "If you need to use a different port, you'll need to generate the SSL certificate files separately and use the --ssl-key and --ssl-certificate options." fi export PORT=443 + + # Make sure we have a hostname + if [ "$HOST" = "localhost" ]; then + echo -e "\033[91mSSL is enabled, but hostname cannot be set to $HOST. Set the --hostname argument to the domain of your WebODM server (for example: www.mywebodm.org).\033[39m" + exit 1 + fi fi + + echo "Will enable SSL ($method)" fi run "$command start || $command up" From 6353b5cc39e282c98c4bfd07f673cba5dda570fc Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 14:43:06 -0500 Subject: [PATCH 09/21] Added WO_ prefix to env vars --- .env | 14 ++++---- docker-compose.ssl-manual.yml | 4 +-- docker-compose.ssl.yml | 6 ++-- docker-compose.yml | 4 +-- nginx/letsencrypt-autogen.sh | 4 +-- nginx/nginx-ssl.conf.template | 6 ++-- nginx/nginx.conf.template | 2 +- start.sh | 12 +++---- webodm.sh | 60 +++++++++++++++++------------------ 9 files changed, 56 insertions(+), 56 deletions(-) diff --git a/.env b/.env index 54a2639f..e81d6c47 100644 --- a/.env +++ b/.env @@ -1,7 +1,7 @@ -HOST=localhost -PORT=8000 -MEDIA_DIR=appmedia -SSL=NO -SSL_KEY= -SSL_CERT= -SSL_INSECURE_PORT_REDIRECT=80 +WO_HOST=localhost +WO_PORT=8000 +WO_MEDIA_DIR=appmedia +WO_SSL=NO +WO_SSL_KEY= +WO_SSL_CERT= +WO_SSL_INSECURE_PORT_REDIRECT=80 diff --git a/docker-compose.ssl-manual.yml b/docker-compose.ssl-manual.yml index 0321f2f5..ae0bb210 100644 --- a/docker-compose.ssl-manual.yml +++ b/docker-compose.ssl-manual.yml @@ -3,5 +3,5 @@ version: '2' services: webapp: volumes: - - ${SSL_KEY}:/webodm/nginx/ssl/key.pem - - ${SSL_CERT}:/webodm/nginx/ssl/cert.pem + - ${WO_SSL_KEY}:/webodm/nginx/ssl/key.pem + - ${WO_SSL_CERT}:/webodm/nginx/ssl/cert.pem diff --git a/docker-compose.ssl.yml b/docker-compose.ssl.yml index dc9a3e41..4fdd8afa 100644 --- a/docker-compose.ssl.yml +++ b/docker-compose.ssl.yml @@ -6,9 +6,9 @@ volumes: services: webapp: ports: - - "${SSL_INSECURE_PORT_REDIRECT}:8080" + - "${WO_SSL_INSECURE_PORT_REDIRECT}:8080" volumes: - letsencrypt:/webodm/nginx/letsencrypt environment: - - SSL - - SSL_KEY \ No newline at end of file + - WO_SSL + - WO_SSL_KEY \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 8457bf48..0b55e9f4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,9 +19,9 @@ services: container_name: webapp entrypoint: /bin/bash -c "chmod +x /webodm/*.sh && /bin/bash -c \"/webodm/wait-for-it.sh db:5432 -- /webodm/start.sh\"" volumes: - - ${MEDIA_DIR}:/webodm/app/media + - ${WO_MEDIA_DIR}:/webodm/app/media ports: - - "${PORT}:8000" + - "${WO_PORT}:8000" depends_on: - db environment: diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index e6df519f..8b657d54 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -9,12 +9,12 @@ if [ $not_found ]; then exit 1 fi -if [ "$SSL" = "NO" ] || [ ! -z "$SSL_KEY" ]; then +if [ "$WO_SSL" = "NO" ] || [ ! -z "$WO_SSL_KEY" ]; then echo "SSL not enabled, or manual SSL key specified, exiting." exit 1 fi -DOMAIN="${HOST:=$1}" +DOMAIN="${WO_HOST:=$1}" if [ -z $DOMAIN ]; then echo "Usage: $0 " exit 1 diff --git a/nginx/nginx-ssl.conf.template b/nginx/nginx-ssl.conf.template index 0517354e..2050d365 100644 --- a/nginx/nginx-ssl.conf.template +++ b/nginx/nginx-ssl.conf.template @@ -29,16 +29,16 @@ http { # Redirect all non-encrypted to encrypted server { - server_name $HOST; + server_name $WO_HOST; listen 8080; - return 301 https://$HOST:$PORT$request_uri; + return 301 https://$WO_HOST:$WO_PORT$request_uri; } server { listen 8000 deferred; client_max_body_size 0; - server_name $HOST; + server_name $WO_HOST; ssl on; ssl_certificate /webodm/nginx/ssl/cert.pem diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template index b107206b..45705bf5 100644 --- a/nginx/nginx.conf.template +++ b/nginx/nginx.conf.template @@ -31,7 +31,7 @@ http { listen 8000 deferred; client_max_body_size 0; - server_name $HOST; + server_name $WO_HOST; keepalive_timeout 5; diff --git a/start.sh b/start.sh index 8daa346c..99df6b28 100755 --- a/start.sh +++ b/start.sh @@ -58,8 +58,8 @@ if [[ "$1" = "--create-default-pnode" ]]; then echo "from nodeodm.models import ProcessingNode; ProcessingNode.objects.update_or_create(hostname='node-odm-1', defaults={'hostname': 'node-odm-1', 'port': 3000})" | python manage.py shell fi -export HOST="${HOST:=localhost}" -export PORT="${PORT:=8000}" +export WO_HOST="${WO_HOST:=localhost}" +export WO_PORT="${WO_PORT:=8000}" # Dump environment to .cronenv printenv > .cronenv @@ -71,7 +71,7 @@ echo ========================== echo -e "\033[39m" echo "If there are no errors, WebODM should be up and running!" echo -e "\033[93m" -echo Open a web browser and navigate to http://$HOST:$PORT +echo Open a web browser and navigate to http://$WO_HOST:$WO_PORT echo -e "\033[39m" echo -e "\033[91mNOTE:\033[39m Windows users using docker should replace localhost with the IP of their docker machine's IP. To find what that is, run: docker-machine ip") & @@ -85,12 +85,12 @@ else echo "Generating nginx configurations from templates..." for templ in nginx/*.template do - echo "- $templ" - envsubst '\$HOST \$OTHER_VAR' < $templ > ${templ%.*} + echo "- ${templ%.*}" + envsubst '\$WO_PORT \$WO_HOST' < $templ > ${templ%.*} done # Check if we need to auto-generate SSL certs via letsencrypt - if [ "$SSL" = "YES" ] && [ -z "$SSL_KEY" ]; then + if [ "$WO_SSL" = "YES" ] && [ -z "$WO_SSL_KEY" ]; then bash -c "nginx/letsencrypt-autogen.sh" fi diff --git a/webodm.sh b/webodm.sh index 7cb49ed5..dae0e49d 100755 --- a/webodm.sh +++ b/webodm.sh @@ -20,11 +20,11 @@ fi # Load default values source .env -DEFAULT_PORT="$PORT" -DEFAULT_HOST="$HOST" -DEFAULT_MEDIA_DIR="$MEDIA_DIR" -DEFAULT_SSL="$SSL" -DEFAULT_SSL_INSECURE_PORT_REDIRECT="$SSL_INSECURE_PORT_REDIRECT" +DEFAULT_PORT="$WO_PORT" +DEFAULT_HOST="$WO_HOST" +DEFAULT_MEDIA_DIR="$WO_MEDIA_DIR" +DEFAULT_SSL="$WO_SSL" +DEFAULT_SSL_INSECURE_PORT_REDIRECT="$WO_SSL_INSECURE_PORT_REDIRECT" # Parse args for overrides POSITIONAL=() @@ -34,36 +34,36 @@ key="$1" case $key in --port) - export PORT="$2" + export WO_PORT="$2" shift # past argument shift # past value ;; --hostname) - export HOST="$2" + export WO_HOST="$2" shift # past argument shift # past value ;; --media-dir) - export MEDIA_DIR=$(realpath "$2") + export WO_MEDIA_DIR=$(realpath "$2") shift # past argument shift # past value ;; --ssl) - SSL=YES + WO_SSL=YES shift # past argument ;; --ssl-key) - export SSL_KEY=$(realpath "$2") + export WO_SSL_KEY=$(realpath "$2") shift # past argument shift # past value ;; --ssl-cert) - export SSL_CERT=$(realpath "$2") + export WO_SSL_CERT=$(realpath "$2") shift # past argument shift # past value ;; --ssl-insecure-port-redirect) - export SSL_INSECURE_PORT_REDIRECT="$2" + export WO_SSL_INSECURE_PORT_REDIRECT="$2" shift # past argument shift # past value ;; @@ -143,20 +143,20 @@ run(){ start(){ command="docker-compose -f docker-compose.yml -f docker-compose.nodeodm.yml" - if [ "$SSL" = "YES" ]; then - if [ ! -z "$SSL_KEY" ] && [ ! -e "$SSL_KEY" ]; then - echo -e "\033[91mSSL key file does not exist: $SSL_KEY\033[39m" + if [ "$WO_SSL" = "YES" ]; then + if [ ! -z "$WO_SSL_KEY" ] && [ ! -e "$WO_SSL_KEY" ]; then + echo -e "\033[91mSSL key file does not exist: $WO_SSL_KEY\033[39m" exit 1 fi - if [ ! -z "$SSL_CERT" ] && [ ! -e "$SSL_CERT" ]; then - echo -e "\033[91mSSL certificate file does not exist: $SSL_CERT\033[39m" + if [ ! -z "$WO_SSL_CERT" ] && [ ! -e "$WO_SSL_CERT" ]; then + echo -e "\033[91mSSL certificate file does not exist: $WO_SSL_CERT\033[39m" exit 1 fi command+=" -f docker-compose.ssl.yml" method="Lets Encrypt" - if [ ! -z "$SSL_KEY" ] && [ ! -z "$SSL_CERT" ]; then + if [ ! -z "$WO_SSL_KEY" ] && [ ! -z "$WO_SSL_CERT" ]; then method="Manual" command+=" -f docker-compose.ssl-manual.yml" fi @@ -165,15 +165,15 @@ start(){ # Check port settings # as let's encrypt cannot communicate on ports # different than 80 or 443 - if [ "$PORT" != "$DEFAULT_PORT" ]; then - echo -e "\033[93mLets Encrypt cannot run on port: $PORT, switching to 443.\033[39m" + if [ "$WO_PORT" != "$DEFAULT_PORT" ]; then + echo -e "\033[93mLets Encrypt cannot run on port: $WO_PORT, switching to 443.\033[39m" echo "If you need to use a different port, you'll need to generate the SSL certificate files separately and use the --ssl-key and --ssl-certificate options." fi - export PORT=443 + export WO_PORT=443 # Make sure we have a hostname - if [ "$HOST" = "localhost" ]; then - echo -e "\033[91mSSL is enabled, but hostname cannot be set to $HOST. Set the --hostname argument to the domain of your WebODM server (for example: www.mywebodm.org).\033[39m" + if [ "$WO_HOST" = "localhost" ]; then + echo -e "\033[91mSSL is enabled, but hostname cannot be set to $WO_HOST. Set the --hostname argument to the domain of your WebODM server (for example: www.mywebodm.org).\033[39m" exit 1 fi fi @@ -231,13 +231,13 @@ if [[ $1 = "start" ]]; then echo "" echo "Using the following environment:" echo "================================" - echo "Host: $HOST" - echo "Port: $PORT" - echo "Media directory: $MEDIA_DIR" - echo "SSL: $SSL" - echo "SSL key: $SSL_KEY" - echo "SSL certificate: $SSL_CERT" - echo "SSL insecure port redirect: $SSL_INSECURE_PORT_REDIRECT" + echo "Host: $WO_HOST" + echo "Port: $WO_PORT" + echo "Media directory: $WO_MEDIA_DIR" + echo "SSL: $WO_SSL" + echo "SSL key: $WO_SSL_KEY" + echo "SSL certificate: $WO_SSL_CERT" + echo "SSL insecure port redirect: $WO_SSL_INSECURE_PORT_REDIRECT" echo "================================" echo "Make sure to issue a $0 down if you decide to change the environment." echo "" From 6709a2c27017fa8adcd712d39705f74acdfac382 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 14:56:24 -0500 Subject: [PATCH 10/21] Environment vars fix, execute permissions fix --- Dockerfile | 2 +- docker-compose.yml | 4 ++-- webodm.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e57a33b..d1bf5ecd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN pip install -r requirements.txt ADD . /webodm/ # Setup cron -RUN ln -s /webodm/nginx/crontab /etc/cron.d/nginx-cron && chmod 0644 /webodm/nginx/crontab && service cron start +RUN ln -s /webodm/nginx/crontab /etc/cron.d/nginx-cron && chmod 0644 /webodm/nginx/crontab && service cron start && chmod +x /webodm/nginx/letsencrypt-autogen.sh RUN git submodule update --init diff --git a/docker-compose.yml b/docker-compose.yml index 0b55e9f4..79a529a0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,6 @@ services: depends_on: - db environment: - - PORT - - HOST + - WO_PORT + - WO_HOST restart: on-failure:10 \ No newline at end of file diff --git a/webodm.sh b/webodm.sh index dae0e49d..7af25fd6 100755 --- a/webodm.sh +++ b/webodm.sh @@ -49,7 +49,7 @@ case $key in shift # past value ;; --ssl) - WO_SSL=YES + export WO_SSL=YES shift # past argument ;; --ssl-key) From 275ea5f0f659bb2fb31188bda7214e35d7ead2a8 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 15:18:17 -0500 Subject: [PATCH 11/21] Certbot port fix --- nginx/letsencrypt-autogen.sh | 6 +++--- start.sh | 7 ++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index 8b657d54..2db44682 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -21,7 +21,7 @@ if [ -z $DOMAIN ]; then fi # Generate/update certificate -certbot certonly --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep +certbot certonly --tls-sni-01-port $WO_PORT --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep # Create ssl dir if necessary if [ ! -e ssl/ ]; then @@ -38,6 +38,6 @@ if [ -e ssl/cert.pem ]; then fi if [ -e "letsencrypt/live/$DOMAIN" ]; then - ln -vs "letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem - ln -vs "letsencrypt/live/$DOMAIN/chain.pem" ssl/cert.pem + ln -vs "../letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem + ln -vs "../letsencrypt/live/$DOMAIN/chain.pem" ssl/cert.pem fi \ No newline at end of file diff --git a/start.sh b/start.sh index 99df6b28..2e9905bc 100755 --- a/start.sh +++ b/start.sh @@ -64,6 +64,11 @@ export WO_PORT="${WO_PORT:=8000}" # Dump environment to .cronenv printenv > .cronenv +proto="http" +if [ "$WO_SSL" = "YES" ]; then + proto="https" +fi + (sleep 5; echo echo -e "\033[92m" echo "Congratulations! └@(・◡・)@┐" @@ -71,7 +76,7 @@ echo ========================== echo -e "\033[39m" echo "If there are no errors, WebODM should be up and running!" echo -e "\033[93m" -echo Open a web browser and navigate to http://$WO_HOST:$WO_PORT +echo Open a web browser and navigate to $proto://$WO_HOST:$WO_PORT echo -e "\033[39m" echo -e "\033[91mNOTE:\033[39m Windows users using docker should replace localhost with the IP of their docker machine's IP. To find what that is, run: docker-machine ip") & From 80d34e25a13c693de789830c712ef71143f5503b Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 15:33:55 -0500 Subject: [PATCH 12/21] Nginx configuration tweak, symlink fix --- nginx/letsencrypt-autogen.sh | 2 +- nginx/nginx-ssl.conf.template | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index 2db44682..92945f55 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -39,5 +39,5 @@ fi if [ -e "letsencrypt/live/$DOMAIN" ]; then ln -vs "../letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem - ln -vs "../letsencrypt/live/$DOMAIN/chain.pem" ssl/cert.pem + ln -vs "../letsencrypt/live/$DOMAIN/fullchain.pem" ssl/cert.pem fi \ No newline at end of file diff --git a/nginx/nginx-ssl.conf.template b/nginx/nginx-ssl.conf.template index 2050d365..5349e53c 100644 --- a/nginx/nginx-ssl.conf.template +++ b/nginx/nginx-ssl.conf.template @@ -41,8 +41,8 @@ http { server_name $WO_HOST; ssl on; - ssl_certificate /webodm/nginx/ssl/cert.pem - ssl_certificate_key /webodm/nginx/ssl/key.pem + ssl_certificate /webodm/nginx/ssl/cert.pem; + ssl_certificate_key /webodm/nginx/ssl/key.pem; keepalive_timeout 5; From 24146ff4475a855b019a63697bf535894377d58b Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 15:46:26 -0500 Subject: [PATCH 13/21] Crontab fix --- nginx/letsencrypt-autogen.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index 92945f55..f61f36d1 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -20,6 +20,14 @@ if [ -z $DOMAIN ]; then exit 1 fi +# Stop nginx if needed (free the port used by the standalone server) +nginx_was_running="NO" +pgrep nginx +if [ $? -eq 0]; then + killall nginx + nginx_was_running="YES" +fi + # Generate/update certificate certbot certonly --tls-sni-01-port $WO_PORT --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep @@ -40,4 +48,10 @@ fi if [ -e "letsencrypt/live/$DOMAIN" ]; then ln -vs "../letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem ln -vs "../letsencrypt/live/$DOMAIN/fullchain.pem" ssl/cert.pem -fi \ No newline at end of file +fi + +# Restart nginx if necessary +if [ "$nginx_was_running" = "YES" ]; then + echo "Restarting nginx..." + nginx -c $(pwd)/nginx-ssl.conf +fi From 8cecfac319a94ee12baf839c8cb59581f1dc0fdf Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 15:49:35 -0500 Subject: [PATCH 14/21] Cerbot port fix, nginx restart logic --- nginx/letsencrypt-autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index f61f36d1..ab5bf550 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -29,7 +29,7 @@ if [ $? -eq 0]; then fi # Generate/update certificate -certbot certonly --tls-sni-01-port $WO_PORT --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep +certbot certonly --tls-sni-01-port 8000 --work-dir ./letsencrypt --config-dir ./letsencrypt --logs-dir ./letsencrypt --standalone -d $DOMAIN --register-unsafely-without-email --agree-tos --keep # Create ssl dir if necessary if [ ! -e ssl/ ]; then From 204cade39327d78b298abaf73b28bcdb8842c5b6 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 15:56:18 -0500 Subject: [PATCH 15/21] Typo --- nginx/letsencrypt-autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index ab5bf550..d5642070 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -23,7 +23,7 @@ fi # Stop nginx if needed (free the port used by the standalone server) nginx_was_running="NO" pgrep nginx -if [ $? -eq 0]; then +if [ $? -eq 0 ]; then killall nginx nginx_was_running="YES" fi From 2c74b9f17382e0a2690e6b041e35c235089977bb Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 16:16:52 -0500 Subject: [PATCH 16/21] Changed script invokation --- nginx/letsencrypt-autogen.sh | 2 +- start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index d5642070..f35ebbe8 100644 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -22,7 +22,7 @@ fi # Stop nginx if needed (free the port used by the standalone server) nginx_was_running="NO" -pgrep nginx +pgrep nginx > /dev/null if [ $? -eq 0 ]; then killall nginx nginx_was_running="YES" diff --git a/start.sh b/start.sh index 2e9905bc..d5a38349 100755 --- a/start.sh +++ b/start.sh @@ -96,7 +96,7 @@ else # Check if we need to auto-generate SSL certs via letsencrypt if [ "$WO_SSL" = "YES" ] && [ -z "$WO_SSL_KEY" ]; then - bash -c "nginx/letsencrypt-autogen.sh" + source ./nginx/letsencrypt-autogen.sh fi # Check if SSL key/certs are available From 8d9b60f458c3a6806be2719eb7f799b910f09cb3 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 16:29:45 -0500 Subject: [PATCH 17/21] Removed pipefail flag --- nginx/letsencrypt-autogen.sh | 1 - start.sh | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 nginx/letsencrypt-autogen.sh diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh old mode 100644 new mode 100755 index f35ebbe8..3470dfdc --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -1,5 +1,4 @@ #!/bin/bash -set -eo pipefail __dirname=$(cd $(dirname "$0"); pwd -P) cd ${__dirname} diff --git a/start.sh b/start.sh index d5a38349..cf76e3e0 100755 --- a/start.sh +++ b/start.sh @@ -96,7 +96,8 @@ else # Check if we need to auto-generate SSL certs via letsencrypt if [ "$WO_SSL" = "YES" ] && [ -z "$WO_SSL_KEY" ]; then - source ./nginx/letsencrypt-autogen.sh + echo "Launching letsencrypt-autogen.sh" + ./nginx/letsencrypt-autogen.sh fi # Check if SSL key/certs are available From 2328f9614043d5430cc529fe0c510eb0b92b1b02 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Fri, 17 Nov 2017 16:41:41 -0500 Subject: [PATCH 18/21] Cert generation warning --- nginx/letsencrypt-autogen.sh | 2 ++ start.sh | 25 +++++++++++++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/nginx/letsencrypt-autogen.sh b/nginx/letsencrypt-autogen.sh index 3470dfdc..c6cc1885 100755 --- a/nginx/letsencrypt-autogen.sh +++ b/nginx/letsencrypt-autogen.sh @@ -47,6 +47,8 @@ fi if [ -e "letsencrypt/live/$DOMAIN" ]; then ln -vs "../letsencrypt/live/$DOMAIN/privkey.pem" ssl/key.pem ln -vs "../letsencrypt/live/$DOMAIN/fullchain.pem" ssl/cert.pem +else + echo -e "\033[91mWARN: We couldn't automatically generate the SSL certificate. Review the console log. WebODM will likely be inaccessible.\033[39m" fi # Restart nginx if necessary diff --git a/start.sh b/start.sh index cf76e3e0..ad2f4f70 100755 --- a/start.sh +++ b/start.sh @@ -69,18 +69,21 @@ if [ "$WO_SSL" = "YES" ]; then proto="https" fi -(sleep 5; echo -echo -e "\033[92m" -echo "Congratulations! └@(・◡・)@┐" -echo ========================== -echo -e "\033[39m" -echo "If there are no errors, WebODM should be up and running!" -echo -e "\033[93m" -echo Open a web browser and navigate to $proto://$WO_HOST:$WO_PORT -echo -e "\033[39m" -echo -e "\033[91mNOTE:\033[39m Windows users using docker should replace localhost with the IP of their docker machine's IP. To find what that is, run: docker-machine ip") & +congrats(){ + (sleep 5; echo + echo -e "\033[92m" + echo "Congratulations! └@(・◡・)@┐" + echo ========================== + echo -e "\033[39m" + echo "If there are no errors, WebODM should be up and running!" + echo -e "\033[93m" + echo Open a web browser and navigate to $proto://$WO_HOST:$WO_PORT + echo -e "\033[39m" + echo -e "\033[91mNOTE:\033[39m Windows users using docker should replace localhost with the IP of their docker machine's IP. To find what that is, run: docker-machine ip") & +} if [ "$1" = "--setup-devenv" ] || [ "$2" = "--setup-devenv" ] || [ "$1" = "--no-gunicorn" ]; then + congrats python manage.py runserver 0.0.0.0:8000 else if [ -e /webodm ] && [ ! -e /webodm/build/static ]; then @@ -107,6 +110,8 @@ else conf="nginx-ssl.conf" fi + congrats + nginx -c $(pwd)/nginx/$conf gunicorn webodm.wsgi --bind unix:/tmp/gunicorn.sock --timeout 360 --preload fi From 9c40f2d31bff23b00e61bbcdadc8daac8db8395a Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Sat, 18 Nov 2017 10:55:22 -0500 Subject: [PATCH 19/21] Updated readme, django debug and ssl settings --- .env | 1 + README.md | 96 ++++++++++++++++++++++++++++++---------------- docker-compose.yml | 1 + webodm.sh | 5 +++ webodm/settings.py | 5 +-- 5 files changed, 71 insertions(+), 37 deletions(-) diff --git a/.env b/.env index e81d6c47..c62a75b4 100644 --- a/.env +++ b/.env @@ -5,3 +5,4 @@ WO_SSL=NO WO_SSL_KEY= WO_SSL_CERT= WO_SSL_INSECURE_PORT_REDIRECT=80 +WO_DEBUG=YES diff --git a/README.md b/README.md index cf8b1977..50def6cb 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,11 @@ A free, user-friendly, extendable application and [API](http://docs.webodm.org) for drone image processing. Generate georeferenced maps, point clouds, elevation models and textured 3D models from aerial images. It uses [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap) for processing. * [Getting Started](#getting-started) - * [Common Troubleshooting](#common-troubleshooting) * [Add More Processing Nodes](#add-more-processing-nodes) * [Security](#security) + * [Enable SSL](#enable-ssl) * [Where Are My Files Stored?](#where-are-my-files-stored) + * [Common Troubleshooting](#common-troubleshooting) * [API Docs](#api-docs) * [Run the docker version as a Linux Service](#run-the-docker-version-as-a-linux-service) * [Run it natively](#run-it-natively) @@ -16,6 +17,8 @@ A free, user-friendly, extendable application and [API](http://docs.webodm.org) * [Roadmap](#roadmap) * [Terminology](#terminology) * [Getting Help](#getting-help) + * [Support the Project](#support-the-project) + * [Become a Contributor](#become-a-contributor) ![Alt text](https://user-images.githubusercontent.com/1951843/28586405-af18e8cc-7141-11e7-9853-a7feca7c9c6b.gif) @@ -26,7 +29,6 @@ A free, user-friendly, extendable application and [API](http://docs.webodm.org) ![Alt text](https://user-images.githubusercontent.com/1951843/28586977-8588ebfe-7143-11e7-94d6-a66bf02c1517.png) -If you know Python, web technologies (JS, HTML, CSS, etc.) or both, it's easy to make a change to WebODM! Make a fork, clone the repository and run `./devenv.sh start`. That's it! See the [Development Quickstart](http://docs.webodm.org/#development-quickstart) and [Contributing](/CONTRIBUTING.md) documents for more information. All ideas are considered and people of all skill levels are welcome to contribute. ## Getting Started @@ -68,6 +70,50 @@ We recommend that you read the [Docker Documentation](https://docs.docker.com/) For Windows users an [Installer](https://www.webodm.org/installer) is also available. +### Add More Processing Nodes + +WebODM can be linked to one or more processing nodes running [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap). The default configuration already includes a "node-odm-1" processing node which runs on the same machine as WebODM, just to help you get started. As you become more familiar with WebODM, you might want to install processing nodes on separate machines. + +Adding more processing nodes will allow you to run multiple jobs in parallel. + +You **will not be able to distribute a single job across multiple processing nodes**. We are actively working to bring this feature to reality, but we're not there yet. + +### Security + +If you want to run WebODM in production, make sure to pass the `--no-debug` flag while starting WebODM: + +```bash +./webodm.sh down && ./webodm.sh start --no-debug +``` + +This will disable the `DEBUG` flag from `webodm/settings.py` within the docker container. + +### Enable SSL + +WebODM has the ability to automatically request and install a SSL certificate via [Let’s Encrypt](https://letsencrypt.org/), or you can manually specify your own key/certificate pair. + + - Setup your server DNS so that it resolves to the IP of your machine (webodm.myorg.com --> ip of server) + - Make sure port 80 and 443 are open to the outside + - Run the following: + +```bash +./webodm.sh down && ./webodm.sh start --ssl --hostname webodm.myorg.com +``` + +That's it! The certificate will automatically renew when needed. + +If you want to specify your own key/certificate pair, simply pass the `--ssl-key` and `--ssl-cert` option to `./webodm.sh`. See `./webodm.sh --help` for more information. + +### Where Are My Files Stored? + +When using Docker, all processing results are stored in a docker volume and are not available on the host filesystem. If you want to store your files on the host filesystem instead of a docker volume, you need to pass a path via the `--media-dir` option: + +```bash +./webodm.sh down && ./webodm.sh start --media-dir /home/user/webodm_data +``` + +Note that existing task results will not be available after the change. Refer to the [Migrate Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) section of the Docker documentation for information on migrating existing task results. + ### Common Troubleshooting Sympthoms | Possible Solutions @@ -82,38 +128,6 @@ Getting a `No space left on device` error, but hard drive has enough space left Have you had other issues? Please [report them](https://github.com/OpenDroneMap/WebODM/issues/new) so that we can include them in this document. -### Add More Processing Nodes - -WebODM can be linked to one or more processing nodes running [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap). The default configuration already includes a "node-odm-1" processing node which runs on the same machine as WebODM, just to help you get started. As you become more familiar with WebODM, you might want to install processing nodes on separate machines. - -Adding more processing nodes will allow you to run multiple jobs in parallel. - -You **will not be able to distribute a single job across multiple processing nodes**. We are actively working to bring this feature to reality, but we're not there yet. - -### Security - -If you want to run WebODM in production, make sure to disable the `DEBUG` flag from `webodm/settings.py` and go through the [Django Deployment Checklist](https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/). - -### Where Are My Files Stored? - -When using Docker, all processing results are stored in a docker volume and are not available on the host filesystem. If you want to store your files on the host filesystem instead of a docker volume, you need to change a line in `docker-compose.yml` as follows: - -From: -``` - volumes: - - appmedia:/webodm/app/media -``` - -To: -``` - volumes: - - /path/where/to/store/files:/webodm/app/media -``` - -Then restart WebODM. - -Note that existing task results will not be available after the change. Refer to the [Migrate Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) section of the Docker documentation for information on migrating existing task results. - ## API Docs See the [API documentation page](http://docs.webodm.org). @@ -300,6 +314,7 @@ Developer, I'm looking to build an app that will stay behind a firewall and just - [ ] iOS Mobile App - [ ] Processing Nodes Volunteer Network - [X] Unit Testing +- [X] SSL Support Don't see a feature that you want? [Help us make it happen](/CONTRIBUTING.md). @@ -320,3 +335,16 @@ We have several channels of communication for people to ask questions and to get We also have a [Gitter Chat](https://gitter.im/OpenDroneMap/web-development), but the preferred way to communicate is via the [OpenDroneMap Community Forum](http://community.opendronemap.org/c/webodm). +## Support the Project + +There are many ways to contribute back to the project: + + - Help us test new and existing features and report [bugs](https://www.github.com/OpenDroneMap/WebODM/issues) and [feedback](http://community.opendronemap.org/c/webodm). + - [Share](http://community.opendronemap.org/c/datasets) your aerial datasets. + - Help answer questions on the community [forum](http://community.opendronemap.org/c/webodm) and [chat](https://gitter.im/OpenDroneMap/web-development). + - While we don't accept donations, you can purchase an [installer](https://webodm.org/download#installer) or a [premium support package](https://webodm.org/services#premium-support). + - Become a contributor (see below). + +## Become a Contributor + +If you know Python, web technologies (JS, HTML, CSS, etc.) or both, it's easy to make a change to WebODM! Make a fork, clone the repository and run `./devenv.sh start`. That's it! See the [Development Quickstart](http://docs.webodm.org/#development-quickstart) and [Contributing](/CONTRIBUTING.md) documents for more information. All ideas are considered and people of all skill levels are welcome to contribute. \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 79a529a0..50cb3218 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,4 +27,5 @@ services: environment: - WO_PORT - WO_HOST + - WO_DEBUG restart: on-failure:10 \ No newline at end of file diff --git a/webodm.sh b/webodm.sh index 7af25fd6..1f2d137d 100755 --- a/webodm.sh +++ b/webodm.sh @@ -67,6 +67,10 @@ case $key in shift # past argument shift # past value ;; + --no-debug) + export WO_DEBUG=NO + shift # past argument + ;; *) # unknown option POSITIONAL+=("$1") # save it in an array for later shift # past argument @@ -98,6 +102,7 @@ usage(){ echo " --ssl-key Manually specify a path to the private key file (.pem) to use with nginx to enable SSL (default: None)" echo " --ssl-cert Manually specify a path to the certificate file (.pem) to use with nginx to enable SSL (default: None)" echo " --ssl-insecure-port-redirect Insecure port number to redirect from when SSL is enabled (default: $DEFAULT_SSL_INSECURE_PORT_REDIRECT)" + echo " --no-debug Disable debug for production environments (default: disabled)" exit } diff --git a/webodm/settings.py b/webodm/settings.py index 18b9207f..49e79d3c 100644 --- a/webodm/settings.py +++ b/webodm/settings.py @@ -45,9 +45,8 @@ except ImportError: TESTING = sys.argv[1:2] == ['test'] # SECURITY WARNING: don't run with debug turned on a public facing server! -# We are leaving DEBUG turned on for the sake of making error reporting easier -# since we haven't reached a stable release yet. -DEBUG = True #sys.argv[1:2] == ['runserver'] or TESTING +DEBUG = os.environ.get('WO_DEBUG', 'YES') == 'YES' or TESTING +SESSION_COOKIE_SECURE = CSRF_COOKIE_SECURE = os.environ.get('WO_SSL', 'NO') == 'YES' INTERNAL_IPS = ['127.0.0.1'] ALLOWED_HOSTS = ['*'] From 24b64b152307da96137c6cbb115541f0794fdeb6 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Sat, 18 Nov 2017 11:01:55 -0500 Subject: [PATCH 20/21] Reorganized README --- README.md | 149 +++++++++++++++++++++++++----------------------------- 1 file changed, 70 insertions(+), 79 deletions(-) diff --git a/README.md b/README.md index 50def6cb..88644f98 100644 --- a/README.md +++ b/README.md @@ -11,14 +11,13 @@ A free, user-friendly, extendable application and [API](http://docs.webodm.org) * [Where Are My Files Stored?](#where-are-my-files-stored) * [Common Troubleshooting](#common-troubleshooting) * [API Docs](#api-docs) - * [Run the docker version as a Linux Service](#run-the-docker-version-as-a-linux-service) - * [Run it natively](#run-it-natively) * [OpenDroneMap, node-OpenDroneMap, WebODM... what?](#opendronemap-node-opendronemap-webodm-what) * [Roadmap](#roadmap) - * [Terminology](#terminology) * [Getting Help](#getting-help) * [Support the Project](#support-the-project) * [Become a Contributor](#become-a-contributor) + * [Run the docker version as a Linux Service](#run-the-docker-version-as-a-linux-service) + * [Run it natively](#run-it-natively) ![Alt text](https://user-images.githubusercontent.com/1951843/28586405-af18e8cc-7141-11e7-9853-a7feca7c9c6b.gif) @@ -92,8 +91,8 @@ This will disable the `DEBUG` flag from `webodm/settings.py` within the docker c WebODM has the ability to automatically request and install a SSL certificate via [Let’s Encrypt](https://letsencrypt.org/), or you can manually specify your own key/certificate pair. - - Setup your server DNS so that it resolves to the IP of your machine (webodm.myorg.com --> ip of server) - - Make sure port 80 and 443 are open to the outside + - Setup your DNS record (webodm.myorg.com --> IP of server). + - Make sure port 80 and 443 are open. - Run the following: ```bash @@ -132,6 +131,71 @@ Have you had other issues? Please [report them](https://github.com/OpenDroneMap/ See the [API documentation page](http://docs.webodm.org). +## OpenDroneMap, node-OpenDroneMap, WebODM... what? + +The [OpenDroneMap project](https://github.com/OpenDroneMap/) is composed of several components. + +- [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap) is a command line toolkit that processes aerial images. Users comfortable with the command line are probably OK using this component alone. +- [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) is a lightweight interface and API (Application Program Interface) built directly on top of [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap). Users not comfortable with the command line can use this interface to process aerial images and developers can use the API to build applications. Features such as user authentication, map displays, etc. are not provided. +- [WebODM](https://github.com/OpenDroneMap/WebODM) adds more features such as user authentication, map displays, 3D displays, a higher level API and the ability to orchestrate multiple processing nodes (run jobs in parallel). Processing nodes are simply servers running [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap). + +![webodm](https://cloud.githubusercontent.com/assets/1951843/25567386/5aeec7aa-2dba-11e7-9169-aca97b70db79.png) + +In general, follow these guidelines to find out what you should use: + +I am a... | Best choice +--------- | ----------- +End user, I'm not really comfortable with the command line | [WebODM](https://github.com/OpenDroneMap/WebODM) +End user, I like shell commands, I need to process images for myself. I use other software to display processing results | [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap) +End user, I can work with the command line, but I'd rather not. I use other software to display processing results | [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) +End user, I need a drone mapping application for my organization that everyone can use. | [WebODM](https://github.com/OpenDroneMap/WebODM) +Developer, I'm looking to build an app that displays map results and takes care of things like permissions | [WebODM](https://github.com/OpenDroneMap/WebODM) +Developer, I'm looking to build an app that will stay behind a firewall and just needs raw results | [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) + +## Roadmap +- [X] User Registration / Authentication +- [X] UI mockup +- [X] Task Processing +- [X] 2D Map Display +- [X] 3D Model Display +- [ ] NDVI display +- [ ] Volumetric Measurements +- [X] Cluster management and setup. +- [ ] Mission Planner +- [ ] Plugins/Webhooks System +- [X] API +- [X] Documentation +- [ ] Android Mobile App +- [ ] iOS Mobile App +- [ ] Processing Nodes Volunteer Network +- [X] Unit Testing +- [X] SSL Support + +Don't see a feature that you want? [Help us make it happen](/CONTRIBUTING.md). + +## Getting Help + +We have several channels of communication for people to ask questions and to get involved with the community: + + - [OpenDroneMap Community Forum](http://community.opendronemap.org/c/webodm) + - [Report Issues](https://github.com/OpenDroneMap/WebODM/issues) + +We also have a [Gitter Chat](https://gitter.im/OpenDroneMap/web-development), but the preferred way to communicate is via the [OpenDroneMap Community Forum](http://community.opendronemap.org/c/webodm). + +## Support the Project + +There are many ways to contribute back to the project: + + - Help us test new and existing features and report [bugs](https://www.github.com/OpenDroneMap/WebODM/issues) and [feedback](http://community.opendronemap.org/c/webodm). + - [Share](http://community.opendronemap.org/c/datasets) your aerial datasets. + - Help answer questions on the community [forum](http://community.opendronemap.org/c/webodm) and [chat](https://gitter.im/OpenDroneMap/web-development). + - While we don't accept donations, you can purchase an [installer](https://webodm.org/download#installer) or a [premium support package](https://webodm.org/services#premium-support). + - Become a contributor (see below). + +## Become a Contributor + +If you know Python, web technologies (JS, HTML, CSS, etc.) or both, it's easy to make a change to WebODM! Make a fork, clone the repository and run `./devenv.sh start`. That's it! See the [Development Quickstart](http://docs.webodm.org/#development-quickstart) and [Contributing](/CONTRIBUTING.md) documents for more information. All ideas are considered and people of all skill levels are welcome to contribute. + ## Run the docker version as a Linux Service If you wish to run the docker version with auto start/monitoring/stop, etc, as a systemd style Linux Service, a systemd unit file is included in the service folder of the repo. @@ -274,77 +338,4 @@ pip --version npm --version gdalinfo --version ``` -Should all work without errors. - -## OpenDroneMap, node-OpenDroneMap, WebODM... what? - -The [OpenDroneMap project](https://github.com/OpenDroneMap/) is composed of several components. - -- [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap) is a command line toolkit that processes aerial images. Users comfortable with the command line are probably OK using this component alone. -- [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) is a lightweight interface and API (Application Program Interface) built directly on top of [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap). Users not comfortable with the command line can use this interface to process aerial images and developers can use the API to build applications. Features such as user authentication, map displays, etc. are not provided. -- [WebODM](https://github.com/OpenDroneMap/WebODM) adds more features such as user authentication, map displays, 3D displays, a higher level API and the ability to orchestrate multiple processing nodes (run jobs in parallel). Processing nodes are simply servers running [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap). - -![webodm](https://cloud.githubusercontent.com/assets/1951843/25567386/5aeec7aa-2dba-11e7-9169-aca97b70db79.png) - -In general, follow these guidelines to find out what you should use: - -I am a... | Best choice ---------- | ----------- -End user, I'm not really comfortable with the command line | [WebODM](https://github.com/OpenDroneMap/WebODM) -End user, I like shell commands, I need to process images for myself. I use other software to display processing results | [OpenDroneMap](https://github.com/OpenDroneMap/OpenDroneMap) -End user, I can work with the command line, but I'd rather not. I use other software to display processing results | [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) -End user, I need a drone mapping application for my organization that everyone can use. | [WebODM](https://github.com/OpenDroneMap/WebODM) -Developer, I'm looking to build an app that displays map results and takes care of things like permissions | [WebODM](https://github.com/OpenDroneMap/WebODM) -Developer, I'm looking to build an app that will stay behind a firewall and just needs raw results | [node-OpenDroneMap](https://github.com/OpenDroneMap/node-OpenDroneMap) - -## Roadmap -- [X] User Registration / Authentication -- [X] UI mockup -- [X] Task Processing -- [X] 2D Map Display -- [X] 3D Model Display -- [ ] NDVI display -- [ ] Volumetric Measurements -- [X] Cluster management and setup. -- [ ] Mission Planner -- [ ] Plugins/Webhooks System -- [X] API -- [X] Documentation -- [ ] Android Mobile App -- [ ] iOS Mobile App -- [ ] Processing Nodes Volunteer Network -- [X] Unit Testing -- [X] SSL Support - -Don't see a feature that you want? [Help us make it happen](/CONTRIBUTING.md). - -## Terminology - - - `Project`: A collection of tasks (successfully processed, failed, waiting to be executed, etc.) - - `Task`: A collection of input aerial images and an optional set of output results derived from the images, including an orthophoto, a georeferenced model and a textured model. A `Task`'s output is processed by OpenDroneMap. - - `ProcessingNode`: An instance usually running on a separate VM, or on a separate machine which accepts aerial images, runs OpenDroneMap and returns the processed results (orthophoto, georeferenced model, etc.). Each node communicates with WebODM via a lightweight API such as [node-OpenDroneMap](https://www.github.com/pierotofy/node-OpenDroneMap). WebODM manages the distribution of `Task` to different `ProcessingNode` instances. - - `ImageUpload`: aerial images. - - `Mission`: A flight path and other information (overlap %, angle, ...) associated with a particular `Task`. - -## Getting Help - -We have several channels of communication for people to ask questions and to get involved with the community: - - - [OpenDroneMap Community Forum](http://community.opendronemap.org/c/webodm) - - [Report Issues](https://github.com/OpenDroneMap/WebODM/issues) - -We also have a [Gitter Chat](https://gitter.im/OpenDroneMap/web-development), but the preferred way to communicate is via the [OpenDroneMap Community Forum](http://community.opendronemap.org/c/webodm). - -## Support the Project - -There are many ways to contribute back to the project: - - - Help us test new and existing features and report [bugs](https://www.github.com/OpenDroneMap/WebODM/issues) and [feedback](http://community.opendronemap.org/c/webodm). - - [Share](http://community.opendronemap.org/c/datasets) your aerial datasets. - - Help answer questions on the community [forum](http://community.opendronemap.org/c/webodm) and [chat](https://gitter.im/OpenDroneMap/web-development). - - While we don't accept donations, you can purchase an [installer](https://webodm.org/download#installer) or a [premium support package](https://webodm.org/services#premium-support). - - Become a contributor (see below). - -## Become a Contributor - -If you know Python, web technologies (JS, HTML, CSS, etc.) or both, it's easy to make a change to WebODM! Make a fork, clone the repository and run `./devenv.sh start`. That's it! See the [Development Quickstart](http://docs.webodm.org/#development-quickstart) and [Contributing](/CONTRIBUTING.md) documents for more information. All ideas are considered and people of all skill levels are welcome to contribute. \ No newline at end of file +Should all work without errors. \ No newline at end of file From b2739a278971e2b5e3ca31be1ba37c61c546eda3 Mon Sep 17 00:00:00 2001 From: Piero Toffanin Date: Sat, 18 Nov 2017 11:25:43 -0500 Subject: [PATCH 21/21] Updated readme, webodm.sh --- README.md | 2 +- webodm.sh | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 88644f98..1c2727f7 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ If you want to run WebODM in production, make sure to pass the `--no-debug` flag ./webodm.sh down && ./webodm.sh start --no-debug ``` -This will disable the `DEBUG` flag from `webodm/settings.py` within the docker container. +This will disable the `DEBUG` flag from `webodm/settings.py` within the docker container. This is [really important](https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-DEBUG). ### Enable SSL diff --git a/webodm.sh b/webodm.sh index 1f2d137d..b8456dbe 100755 --- a/webodm.sh +++ b/webodm.sh @@ -165,7 +165,7 @@ start(){ method="Manual" command+=" -f docker-compose.ssl-manual.yml" fi - + if [ "$method" = "Lets Encrypt" ]; then # Check port settings # as let's encrypt cannot communicate on ports @@ -175,12 +175,12 @@ start(){ echo "If you need to use a different port, you'll need to generate the SSL certificate files separately and use the --ssl-key and --ssl-certificate options." fi export WO_PORT=443 - - # Make sure we have a hostname - if [ "$WO_HOST" = "localhost" ]; then - echo -e "\033[91mSSL is enabled, but hostname cannot be set to $WO_HOST. Set the --hostname argument to the domain of your WebODM server (for example: www.mywebodm.org).\033[39m" - exit 1 - fi + fi + + # Make sure we have a hostname + if [ "$WO_HOST" = "localhost" ]; then + echo -e "\033[91mSSL is enabled, but hostname cannot be set to $WO_HOST. Set the --hostname argument to the domain of your WebODM server (for example: www.mywebodm.org).\033[39m" + exit 1 fi echo "Will enable SSL ($method)"