Merge pull request #355 from matematikk-mooc/stage

Stage

.docker/.env.template

@@ -0,0 +1,74 @@
+APP_DEBUG=true
+APP_NAME="Kompetanseportalen"
+APP_ENV=local
+APP_KEY=base64:JmITZQDcpHRGtFPvvfcoa4JLt1wFfHSdz88vEG41RmQ=
+ENABLED_SSL=false
+
+DEBUGBAR_ENABLED=true
+LOG_CHANNEL=stack
+LOG_LEVEL=debug
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+BUGSNAG_API_KEY=
+STATISTICS_API_URL="https://statistics-api-staging.azurewebsites.net/api"
+
+##############################################################
+# Database
+##############################################################
+
+DB_CONNECTION=mysql
+DB_SSL=false
+DB_HOST=kpas_db
+DB_PORT=3306
+DB_DATABASE=db_kpas
+DB_USERNAME=usr_app_kpas
+DB_PASSWORD=Password@123
+
+##############################################################
+# Mail
+##############################################################
+
+MAIL_DRIVER=smtp
+MAIL_HOST=
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+[email protected]
+MAIL_FROM_NAME="${APP_NAME}"
+
+##############################################################
+# Canvas LMS
+##############################################################
+
+CANVAS_DEBUG=true
+CANVAS_ACCOUNT_ID="1"
+CANVAS_DOMAIN=https://bibsys.test.instructure.com/api/v1
+
+CANVAS_COUNTY_GROUP_CATEGORY_NAME=Fylke
+CANVAS_COMMUNITY_GROUP_CATEGORY_NAME=Kommune
+CANVAS_SCHOOL_GROUP_CATEGORY_NAME=Skole
+CANVAS_SCHOOL_LEADER_COUNTY_GROUP_CATEGORY_NAME=Fylkesledere
+CANVAS_SCHOOL_LEADER_COMMUNITY_GROUP_CATEGORY_NAME=Kommuneledere
+CANVAS_PRINCIPAL_ROLE_TYPE=Skoleleder
+CANVAS_STUDENT_ROLE_TYPE=StudentEnrollment
+VITE_CANVAS_PRINCIPAL_ROLE_TYPE="${CANVAS_PRINCIPAL_ROLE_TYPE}"
+VITE_CANVAS_STUDENT_ROLE_TYPE="${CANVAS_STUDENT_ROLE_TYPE}"
+
+##############################################################
+# Dataporten
+##############################################################
+
+DATAPORTEN_API_URL="https://api.dataporten.no"
+DATAPORTEN_AUTH_API_URL="https://auth.dataporten.no"
+DATAPORTEN_GROUPS_API_URL="https://groups-api.dataporten.no"
+DATAPORTEN_DEBUG=true
+DATAPORTEN_CLIENT_ID=
+DATAPORTEN_SECRET=
+DATAPORTEN_REDIRECT_URI=
+DATAPORTEN_GATEKEEPER_PASSWORD=

.docker/Dockerfile

@@ -0,0 +1,61 @@
+FROM php:8.3-fpm
+
+RUN apt-get update && apt-get install -y \
+    jq \
+    nano \
+    curl \
+    nginx \
+    supervisor \
+    zip \
+    unzip \
+    vim-common \
+    libpng-dev \
+    libonig-dev \
+    libxml2-dev \
+    libzip-dev \
+    zlib1g-dev \
+    openssl \
+    openssh-client \
+    libssl-dev \
+    ca-certificates && \
+    update-ca-certificates && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+RUN docker-php-ext-install gd \
+    && docker-php-ext-install mysqli \
+    && docker-php-ext-install pdo \
+    && docker-php-ext-install pdo_mysql \
+    && docker-php-ext-install zip \
+    && docker-php-ext-install mbstring \
+    && docker-php-ext-install exif \
+    && docker-php-ext-install pcntl \
+    && docker-php-ext-install bcmath \
+    && docker-php-ext-install opcache
+
+##############################################################
+# Tools
+##############################################################
+
+# 1. Install NVM
+ENV NVM_DIR=/usr/local/nvm
+RUN mkdir -p $NVM_DIR \
+    && export NVM_DIR=$NVM_DIR \
+    && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
+
+# 2. Install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+# 3. Install gomplate
+RUN curl -L https://github.com/hairyhenderson/gomplate/releases/download/v3.11.3/gomplate_linux-amd64-slim -o /usr/local/bin/gomplate && \
+    chmod +x /usr/local/bin/gomplate
+
+##############################################################
+# Startup
+##############################################################
+
+WORKDIR /var/www/html
+USER root
+ENV NVM_DIR=/usr/local/nvm
+
+EXPOSE 8080
+ENTRYPOINT ["/var/www/html/.docker/startup.sh"]

.docker/fpm-pool.conf

@@ -0,0 +1,56 @@
+[global]
+; Log to stderr
+error_log = /dev/stderr
+
+[www]
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = 127.0.0.1:9000
+
+; Enable status page
+pm.status_path = /fpm-status
+
+; Ondemand process manager
+pm = ondemand
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 100
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 1000
+
+; Make sure the FPM workers can reach the environment variables for configuration
+clear_env = no
+
+; Catch output from PHP
+catch_workers_output = yes
+
+; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message
+decorate_workers_output = no
+
+; Enable ping page to use in healthcheck
+ping.path = /fpm-ping

.docker/lti_templates/role_group.tpl

@@ -0,0 +1,75 @@
+{
+    "title": "kpas-local-{{ getenv "CANVAS_ACCESS_KEY_NAME" }}-001",
+    "description": "kpas-local-{{ getenv "CANVAS_ACCESS_KEY_NAME" }}-001",
+    "target_link_uri": "{{ getenv "APP_URL" }}/launch?config_directory=configs",
+    "oidc_initiation_url": "{{ getenv "APP_URL" }}/lti3?config_directory=configs",
+    "extensions": [
+        {
+            "platform": "canvas.instructure.com",
+            "privacy_level": "public",
+            "settings": {
+                "platform": "canvas.instructure.com",
+                "placements": [
+                    {
+                        "placement": "course_navigation",
+                        "message_type": "LtiResourceLinkRequest",
+                        "icon_url": "https://icons.iconarchive.com/icons/papirus-team/papirus-places/64/folder-blue-linux-icon.png",
+                        "target_link_uri": "{{ getenv "APP_URL" }}/launch?config_directory=configs",
+                        "text": "kpas-local-{{ getenv "CANVAS_ACCESS_KEY_NAME" }}-001",
+                        "selection_width": 800,
+                        "selection_height": 800
+                    },
+                    {
+                        "placement": "editor_button",
+                        "message_type": "LtiDeepLinkingRequest",
+                        "icon_url": "https://icons.iconarchive.com/icons/papirus-team/papirus-places/64/folder-blue-linux-icon.png",
+                        "target_link_uri": "{{ getenv "APP_URL" }}/launch?config_directory=configs",
+                        "text": "kpas-local-{{ getenv "CANVAS_ACCESS_KEY_NAME" }}-001",
+                        "selection_height": 800,
+                        "selection_width": 800
+                    }
+                ]
+            }
+        }
+    ],
+    "custom_fields": {
+        "FACULTY_OPTION_1": "Matematikk 1-7",
+        "FACULTY_OPTION_2": "Matematikk 8-10",
+        "FACULTY_OPTION_3": "Matematikk vgs",
+        "FACULTY_OPTION_4": "Kunst og håndverk 1-7",
+        "FACULTY_OPTION_5": "Kunst og håndverk 8-10",
+        "FACULTY_OPTION_6": "Kunst og håndverk vgs",
+        "FACULTY_OPTION_7": "Naturfag 1-7",
+        "FACULTY_OPTION_8": "Naturfag 8-10",
+        "custom_canvas_roles": "$Canvas.membership.roles",
+        "county_category_name": "Fylke",
+        "school_category_name": "Skole",
+        "custom_canvas_user_id": "$Canvas.user.id",
+        "community_category_name": "Kommune",
+        "custom_canvas_course_id": "$Canvas.course.id",
+        "custom_canvas_account_id": "$Canvas.account.id",
+        "custom_canvas_course_name": "$Canvas.course.name",
+        "county_faculty_category_name": "Faggruppe kommune",
+        "community_faculty_category_name": "Faggruppe fylke",
+        "county_principals_category_name": "Leder/eier (fylke)",
+        "custom_canvas_user_display_name": "$Person.name.display",
+        "community_principals_category_name": "Leder/eier (kommune)"
+    },
+    "public_jwk": {{ getenv "PUBLIC_JWK_JSON" }},
+    "scopes": [
+        "https://purl.imsglobal.org/spec/lti-ags/scope/lineitem",
+        "https://purl.imsglobal.org/spec/lti-ags/scope/lineitem.readonly",
+        "https://purl.imsglobal.org/spec/lti-ags/scope/result.readonly",
+        "https://purl.imsglobal.org/spec/lti-ags/scope/score",
+        "https://purl.imsglobal.org/spec/lti-nrps/scope/contextmembership.readonly",
+        "https://canvas.instructure.com/lti/public_jwk/scope/update",
+        "https://canvas.instructure.com/lti/account_lookup/scope/show",
+        "https://canvas.instructure.com/lti/data_services/scope/create",
+        "https://canvas.instructure.com/lti/data_services/scope/show",
+        "https://canvas.instructure.com/lti/data_services/scope/update",
+        "https://canvas.instructure.com/lti/data_services/scope/destroy",
+        "https://canvas.instructure.com/lti/data_services/scope/list",
+        "https://canvas.instructure.com/lti/data_services/scope/list_event_types",
+        "https://canvas.instructure.com/lti/feature_flags/scope/show"
+    ]
+}

.docker/nginx.conf

@@ -0,0 +1,87 @@
+worker_processes auto;
+error_log stderr warn;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+
+    # Define custom log format to include reponse times
+    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for" '
+                          '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    access_log /dev/stdout main_timed;
+    error_log /dev/stderr notice;
+
+    keepalive_timeout 65;
+
+    # Write temporary files to /tmp so they can be created as a non-privileged user
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path /tmp/proxy_temp_path;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+server {
+    listen 8080;
+    listen [::]:8080;
+    server_name localhost;
+    root /var/www/html/public;
+
+    add_header Content-Security-Policy "frame-ancestors 'self' https://*.instructure.com";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ ^/docs(/.*)$ {
+        root /var/www/html/public/docs;
+        try_files $1 /index.html =404;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+        proxy_read_timeout 3600;
+        fastcgi_read_timeout 240;
+        fastcgi_index index.php;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}
+
+    # Hardening
+    proxy_hide_header X-Powered-By;
+    fastcgi_hide_header X-Powered-By;
+    server_tokens off;
+
+    gzip on;
+    gzip_proxied any;
+    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
+    gzip_vary on;
+    gzip_disable "msie6";
+
+    # Include other server configs
+    include /etc/nginx/conf.d/*.conf;
+}

.docker/php.ini

@@ -0,0 +1,10 @@
+allow_url_fopen=On
+memory_limit=-1
+display_errors=Off
+display_startup_errors=Off
+error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT
+html_errors=On
+log_errors=On
+expose_php=Off
+[Date]
+date.timezone="UTC"