init commit

Author: jessecooper

Diff for: .gitignore

@@ -0,0 +1,4 @@
+*.swp
+*.pyc
+*.pyo
+*.pem

Diff for: README.md

@@ -0,0 +1,18 @@
+# Docker Compose Dev Services
+## Services
+
+* gogs - git
+* jenkins - ci/cd
+* docker registry
+https://docs.docker.com/registry/deploying/
+* pypiservice - pypi
+https://pypi.org/project/pypiserver/
+
+## TODO
+
+* nginx - create reverse proxy
+* jenkins - ssl configuration (might just reverse proxy)
+* docker registry - ssl configuration (might just reverse proxy)
+* docker registry - htpasswd.txt auth
+* pypiservice - htpasswd.txt auth
+* pypiservice - nginx reverse proxy 

Diff for: docker-compose.yml

@@ -0,0 +1,82 @@
+version: "3.5"
+services:
+  nginx:
+    image: codeholics/nginx:latest
+    build: ./nginx/
+    ports:
+      - "5150:5150"
+      - "5151:5151"
+      - "3000:3000"
+      - "8675:8675"
+    depends_on:
+      - gogs
+      - pypi
+      - registry
+      - jenkins
+    networks:
+      - front-tier
+    volumes:
+      - "nginx:/etc/nginx"
+      - "certs:/certs"
+  gogs:
+    image: gogs/gogs
+    ports:
+      - "10022:22"
+    volumes:
+      - "gogs:/data"
+    depends_on:
+      - "postgresdb"
+    external_links:
+      - "postgresdb:postgresdb"
+    networks:
+      - front-tier
+      - back-tier
+  postgresdb:
+    image: postgres 
+    volumes:
+      - "postgres:/var/lib/postgresql/data" 
+    environment:
+      - POSTGRES_USER=gogs
+      - POSTGRES_PASSWORD=gogs 
+    networks:
+      - back-tier
+  pypi:
+    image: codeholics/pypiservice:latest
+    build: ./pypi/
+    networks:
+      - front-tier
+    volumes:
+      - "pypi:/packages"
+  jenkins:
+    image: codeholics/jenkins:python
+    build: ./jenkins/
+    volumes:
+      - jenkins:/var/jenkins_home
+    networks:
+      front-tier:
+        aliases:
+          - jenkins
+  registry:
+    image: registry:2
+    volumes:
+      - registry:/var/lib/registry
+    networks:
+      - front-tier
+networks:
+  front-tier:
+    driver: overlay
+    driver_opts:
+        encrypted: "true"
+  back-tier:
+    driver: overlay
+    driver_opts:
+        encrypted: "true"
+volumes:
+    postgres:
+    gogs:
+    pypi:
+    registry:
+    docker:
+    jenkins:
+    nginx:
+    certs:

Diff for: jenkins/Dockerfile

@@ -0,0 +1,10 @@
+FROM jenkins/jenkins:lts-alpine
+USER root
+RUN apk update \
+ && apk upgrade \
+ && apk add \
+     make gcc python3 python3-dev musl-dev \
+     openssl-dev libzip readline \ 
+ && pip3 install --upgrade pip tox pytest flake8 pylint
+
+USER jenkins

Diff for: nginx/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx:alpine
+RUN apk update && \
+  apk upgrade && apk add openssl apache2-utils
+COPY ./conf.d/default.conf /etc/nginx/conf.d/default.conf
+COPY ./certs/* /certs/
+RUN htpasswd -b -c /etc/nginx/htpasswd root test123

Diff for: nginx/conf.d/default.conf

@@ -0,0 +1,74 @@
+server {
+    listen       5151 ssl;
+    server_name  jenkins;
+
+    location / {
+      proxy_pass http://jenkins:8080/;
+    }
+    ssl_certificate     /certs/cert.pem;
+    ssl_certificate_key /certs/key.pem;
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+}
+
+server {
+    listen       8675 ssl;
+    server_name  pypi;
+    client_max_body_size 10M;
+    auth_basic "PYPI Server";
+    auth_basic_user_file /etc/nginx/htpasswd;
+
+    location / {
+        proxy_set_header  Host $host:$server_port;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+        proxy_set_header  X-Real-IP $remote_addr;
+    	proxy_pass http://pypi:8675/;
+    }
+    ssl_certificate     /certs/cert.pem;
+    ssl_certificate_key /certs/key.pem;
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+}
+
+server {
+    listen       3000 ssl;
+    server_name  gogs;
+
+    location / {
+      proxy_pass http://gogs:3000/;
+    }
+    ssl_certificate     /certs/cert.pem;
+    ssl_certificate_key /certs/key.pem;
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+}
+
+server {
+    listen       5150 ssl;
+    server_name  registry;
+    client_max_body_size 1024M;
+
+    location / {
+      proxy_pass http://registry:5000/;
+    }
+    ssl_certificate     /certs/cert.pem;
+    ssl_certificate_key /certs/key.pem;
+    ssl_protocols       TLSv1.2;
+    ssl_ciphers         'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+}

Diff for: pypi/Dockerfile

@@ -0,0 +1,10 @@
+FROM python:alpine
+ARG WORKERS
+ENV WORKERS 2
+ARG PORT
+ENV PORT 8675
+
+RUN apk update && apk upgrade &&\
+  pip install gunicorn pypiserver &&\
+  mkdir /packages
+CMD /usr/local/bin/gunicorn --access-logfile "-" --workers $WORKERS --bind 0.0.0.0:$PORT 'pypiserver:app(root="/packages", authenticated=None)'