islandora/base

Sponsored OSS

By islandora

Updated 1 day ago

Base image for all Islandora images.

Image
Content Management System
Databases & Storage
Web Servers
2

10K+

Base

Base Docker image from which almost all others are derived. It is not meant to be run on its own.

Built from Islandora-DevOps/isle-buildkit base

It's based off off Alpine Linux, and includes s6 overlay and confd.

Dependencies

Requires alpine version is set in docker-bake.hcl.

Settings

Confd Settings

The following environment variables cannot be provided by confd as they drive it's configuration, they must be set on each container as environment variables.

Environment VariableDefaultDescription
CONFD_BACKENDenvThe backend to use for confd only env, and etcd are supported at the moment
CONFD_ENABLE_SERVICEfalseIf true confd will run continuously rather than just on startup.
CONFD_LOG_LEVELerrorThe log level to use when executing confd
CONFD_POLLING_INTERVAL30Time in seconds between runs of confd when enabled as a service
ETCD_CONNECTION_TIMEOUT0Timeout to wait for a connection to etcd
ETCD_HOSTetcdThe host where etcd, can be found
ETCD_PORT2379The port where etcd can be accessed

Users do not require etcd to run the containers, environment variables can be used instead for simplicity.

Certificate Settings

If using development certificates for local development, they can be made available within the containers using the following environment variables.

Environment VariableDefaultDescription
CERT_PUBLIC_KEYPrimarily used for development. If provided the certificate will be registered inside of the container such that curl, etc accepts the certificate as valid.
CERT_AUTHORITYPrimarily used for development. If provided the authority is registered with the java, so that requests originating from Java accept the public certificate.

For example if generating certificates locally with mkcert for local development, and using islandora.dev as the primary domain.

N.B islandora.dev just redirects back to 127.0.0.1.

mkcert -install
mkcert \
  -cert-file cert.pem \
  -key-file privkey.pem \
  "*.islandora.dev" \
  "islandora.dev" \
  "localhost" \
  "127.0.0.1" \
  "::1"

This will generate cert.pem which can be use as CERT_PUBLIC_KEY and rootCA.pem can be used for CERT_AUTHORITY. rootCA.pem can be found at the path printed by using the command mkcert -CAROOT.

Now requests originating within the container will accept the development certificate as genuine.

N.B. This is not required for production sites or certificates that are publically available.

JWT Settings

Many services that connect to Drupal / Fedora authenticate via JWT. Please see the Islandora documentation for JWT Authentication, and the Syn project for more details. The base image includes these environment variables to reduce duplication.

Environment VariableDefaultDescription
JWT_ADMIN_TOKENislandoraUsed for bearer authentication (Only use with HTTPS or over private networks)
JWT_PRIVATE_KEY@see base/rootfs/etc/defaults/JWT_PRIVATE_KEYPrivate key for JWT authentication, RSA PEM Format is expected (should only be used in the Drupal container)
JWT_PUBLIC_KEY@see base/rootfs/etc/defaults/JWT_PUBLIC_KEYPublic key for JWT authentication

To generate a private public / private key pair use the following.

ssh-keygen -q -t rsa -m pem -f /tmp/JWT -N ""

This produces two files /tmp/JWT and /tmp/JWT.pub. Which can be used for JWT_PRIVATE_KEY and JWT_PUBLIC_KEY respectively. The format is RSA PEM, without a password. Do not share these files keep their contents hidden.

The public/private key pair and Syn configuration are placed in /opt/keys and are only readable by the jwt group, if your service needs to read these files add jwt as a secondary group to your service user.

Database Settings

Many services can work with multiple backends, to this end the DB_DRIVER setting is used to determine which of the backend specific environment variables to use. For example if DB_DRIVER is equal to mysql then the DB_MYSQL_HOST and DB_MYSQL_PORT variables will be used when connecting to the backend.

Environment VariableDefaultDescription
DB_DRIVERmysqlThe database driver to use by default, only mysql and postgresql are supported at this time
DB_HOSTThe database host to use. The default value is derived from DB_DRIVER if not specified
DB_MYSQL_HOSTmariadbThe default database host if DB_DRIVER is mysql
DB_MYSQL_PORT3306The default database port if DB_DRIVER is mysql
DB_NAMEdefaultThe name of the default database if no other is specified
DB_PASSWORDpasswordThe password of the user used by the service (e.g. Drupal) to connect to the database
DB_PORTThe database port to use. The default value is derived from DB_DRIVER if not specified
DB_POSTGRESQL_HOSTpostgresqlThe default database host if DB_DRIVER is postgresql
DB_POSTGRESQL_PORT5432The default database port if DB_DRIVER is postgresql
DB_ROOT_PASSWORDpasswordThe root user password
DB_ROOT_USERrootThe root user, which is used only on startup to create database / user in the chosen backend
DB_USERdefaultThe user used by the service (e.g. Drupal) to connect to the database

N.B. For all of the settings above, images that descend from this image can apply a prefix to every setting. So for example DB_NAME would become FCREPO_DB_NAME. This is to allow for different settings on a per-service basis when sharing the same confd backend.

Development Settings

When doing development with the containers it is sometimes useful to remap the uid of users in the container to match that of the host user to prevent permission denied errors when bind mounting files.

Environment VariableDefaultDescription
DEVELOPMENT_ENVIRONMENTfalseSet to true if using the containers for development, runs start up scripts to remap uid of users inside of the container etc.
UIDThe uid of the host user

Docker Pull Command

docker pull islandora/base