Skip to content

Commit

Permalink
superset in a working stage
Browse files Browse the repository at this point in the history
  • Loading branch information
@szachovy
szachovy committed Sep 29, 2024
1 parent 79c1a47 commit d151d6f
Show file tree
Hide file tree
Showing 8 changed files with 78 additions and 18 deletions.
14 changes: 13 additions & 1 deletion services/superset/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ RUN \
install \
--yes \
expect \
gosu \
nginx \
&& \
chmod \
Expand All @@ -24,6 +25,13 @@ RUN \
mysql_connect.py \
superset_config.py \
&& \
chown \
--recursive \
superset:superset \
/var/lib/nginx \
/var/log/nginx \
/app \
&& \
apt \
clean \
&& \
Expand All @@ -34,6 +42,8 @@ RUN \

USER superset

COPY --chown=superset "nginx.conf" "/etc/nginx/nginx.conf"

ENV SUPERSET_CONFIG_PATH="/app/superset_config.py"

RUN \
Expand All @@ -42,4 +52,6 @@ RUN \
redis \
mysql-connector-python

ENTRYPOINT [ "/app/entrypoint.sh" ]
USER root

ENTRYPOINT sh -c "chown --recursive superset:superset /etc/ssl/certs && gosu superset nginx & exec gosu superset /app/entrypoint.sh"
19 changes: 10 additions & 9 deletions services/superset/entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
#!/bin/bash


if superset test_db \
"mysql+mysqlconnector://superset:$(cat /run/secrets/mysql_superset_password)@${VIRTUAL_IP_ADDRESS}:6446/superset" \
--connect-args {}; then
Expand All @@ -16,12 +15,14 @@ if superset test_db \
superset init

/app/set-database-uri.exp
fi
/usr/bin/run-server.sh &

/usr/bin/run-server.sh &

celery \
--app superset.tasks.celery_app:app worker \
--pool prefork \
--concurrency 4 \
-O fair
celery \
--app superset.tasks.celery_app:app worker \
--pool prefork \
--concurrency 4 \
-O fair
else
echo "Could not connect to the MySQL database"
exit 1
fi
9 changes: 6 additions & 3 deletions services/superset/init.sh
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/bin/bash

# docker build --tag superset-cluster-service:latest .
# docker tag superset-cluster-service:latest ghcr.io/szachovy/superset-cluster-service:latest
# docker push ghcr.io/szachovy/superset-cluster-service:latest
docker build --tag superset-cluster-service:latest .
docker tag superset-cluster-service:latest ghcr.io/szachovy/superset-cluster-service:latest
docker push ghcr.io/szachovy/superset-cluster-service:latest

openssl \
genpkey \
Expand Down Expand Up @@ -40,6 +40,9 @@ docker service create \
--health-retries=10 \
--health-timeout=5s \
--env VIRTUAL_IP_ADDRESS="172.18.0.10" \
--mount type=bind,source=/opt/superset-cluster/superset/superset_cluster_certificate.pem,target=/etc/ssl/certs/superset_cluster_certificate.pem \
--mount type=bind,source=/opt/superset-cluster/superset/superset_cluster_key.pem,target=/etc/ssl/certs/superset_cluster_key.pem \
ghcr.io/szachovy/superset-cluster-service:latest


# --publish 8088:8088 \
19 changes: 18 additions & 1 deletion services/superset/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
worker_processes 1;
pid /app/nginx.pid;

events {
worker_connections 1024;
multi_accept on;
}

http {
Expand All @@ -15,8 +17,20 @@ http {
ssl_certificate /etc/ssl/certs/superset_cluster_certificate.pem;
ssl_certificate_key /etc/ssl/certs/superset_cluster_key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade";

server_tokens off;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 50M;

location / {
proxy_pass http://localhost:8088;
Expand All @@ -26,4 +40,7 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
}

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
13 changes: 9 additions & 4 deletions services/superset/tmp/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,18 @@ FROM apache/superset:4.0.2

USER root

COPY --chown=superset "." "/app/"

RUN apt-get update && \
apt-get install -y nginx && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

COPY nginx.conf /etc/nginx/nginx.conf
COPY superset_cluster_certificate.pem /etc/ssl/certs/superset_cluster_certificate.pem
COPY superset_cluster_key.pem /etc/ssl/certs/superset_cluster_key.pem
USER superset
ENV SUPERSET_CONFIG_PATH="/app/superset_config.py"
RUN chown --recursive superset:superset /var/lib/nginx /var/log/nginx /app
COPY --chown=superset nginx.conf /etc/nginx/nginx.conf
COPY --chown=superset superset_cluster_certificate.pem /etc/ssl/certs/superset_cluster_certificate.pem
COPY --chown=superset superset_cluster_key.pem /etc/ssl/certs/superset_cluster_key.pem

CMD service nginx start && /usr/bin/run-server.sh
CMD nginx & /usr/bin/run-server.sh
3 changes: 3 additions & 0 deletions services/superset/tmp/init.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,6 @@ openssl \
-out "superset_cluster_certificate.pem" \
-req \
-days 365

# docker build . -t superset-nginx
# docker run --name superset-nginx -p 443:443 superset-nginx
18 changes: 18 additions & 0 deletions services/superset/tmp/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
worker_processes 1;
pid /app/nginx.pid;

events {
worker_connections 1024;
multi_accept on;
}

http {
Expand All @@ -16,6 +18,19 @@ http {
ssl_certificate_key /etc/ssl/certs/superset_cluster_key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade";

server_tokens off;
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 50M;

location / {
proxy_pass http://localhost:8088;
Expand All @@ -25,4 +40,7 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
}

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
1 change: 1 addition & 0 deletions services/superset/tmp/superset_config.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
SECRET_KEY='123123wfvnwenv'

0 comments on commit d151d6f

Please sign in to comment.