-
Install Docker recent version
-
Build images
Build is done by the script:
./docker_build.sh
If you want to specify CVE-Search host at build time, run as follows:
./docker_build.sh --cvesearch-host <HOST_URL>
The
<HOST_URL>
above should behttp://<YOUR_SERVER_HOST>:<PORT>
style, or it can be https://cvepremium.circl.lu for testing purposes only.The script will build multiple intermediary images. Subsequent builds will only build the differences
To configure couchdb, create a file containing the necessary credentials.
A template of this file can be found in:
scripts/docker_config/default_secrets
Example:
COUCHDB_URL=http://couchdb:5984 COUCHDB_USER=admin COUCHDB_PASSWORD=password
To pass your file during build export a variable called SECRETS pointing to your file
-
Proxy during build stage
Docker will detect if you configured proxy environment variables.
It's suggested though to configure docker system wide ( require super user privileges )
-
systemd based If you are using a regular systemd based docker:
- Create the following file http_proxy.conf on the directory
/etc/systemd/system/docker.service.d/
[Service] Environment="HTTP_PROXY=<your_proxy>" Environment="HTTPS_PROXY=<your_proxy>" Environment="NO_PROXY=<your_proxy>"
- Do a regular systemctl daemon-reload and systemctl restart docker
- Create the following file http_proxy.conf on the directory
-
-
Volumes
By default couchdb, postgres and sw360 have their own storage volumes:
Postgres
- postgres:/var/lib/postgresql/data/
CouchDB
- couchdb:/opt/couchdb/data
sw360
- etc:/etc/sw360 - webapps:/app/sw360/tomcat/webapps - document_library:/app/sw360/data/document_library
There is a local mounted as binded dir volume to add customizations
- ./config:/app/sw360/config
If you want to override all configs, create a docker env file and alter for your needs.
Then just rebuild the project with -env env_file option
This composed image runs under a single default network, called sw360net
So any external docker image can connect to internal couchdb or postgresql through this network
-
Run the resulting image:
docker-compose up
-
With custom env file
docker-compose --env-file <envfile> up
You can add -d parameter at end of line to start in daemon mode and see the logs with the following command:
docker logs -f sw360
- Please read this page after you have initial screen: SW360 Initial Setup Configuration
For docker based approach, is recommended use official Fossology docker image
This is the steps to quick perform this:
# Create Fossology database on internal postgres
docker exec -it sw360_postgresdb_1 createdb -U liferay -W fossology
# Start Fossology container connected to sw360 env
docker run \
--network sw360net \
-p 8081:80 \
--name fossology \
-e FOSSOLOGY_DB_HOST=postgresdb \
-e FOSSOLOGY_DB_USER=liferay \
-e FOSSOLOGY_DB_PASSWORD=liferay \
-d fossology/fossology
This will pull/start the fossology container and made it available on the host machine at port 8081
- On Fossology
- Login on Fossology
- Create an API token for the user intended to be used
- On sw360
- Go to fossology admin config
- Add the host, will be something like:
http(s)://<hostname>:8081/repo/api/v1/
- Add the id of folder. The default id is 1 (Software Repository). You can get the ID of the folder you want from the folder URL in Fossology
- Add your obtained Token from Fossology
By default, docker image of sw360 runs without internal web server and is assigned to be on port 8080. This is configured on portal-ext.properties
Here's some extra configurations that can be useful to fix some details.
The config file portal-ext.properties overrides a second file that can be created to add a custom configuration with all data related to your necessities.
This file is called portal-sw360.properties
To add your custom configs, create this file under config dir on project root like this ( or with your favorite editor):
cd <sw360_source>
mkdir config
cat "company.default.name=MYCOMPANY" > config/sw360-portal-ext.properties
Docker compose will treat config as a bind volume dir and will expose to application.
Modify the following line on your custom portal-sw360.properties to https:
web.server.protocol=https
If you do not use an external web server with redirection ( see below ), you may find the main CSS theme scrambled ( not properly loaded ) or you are using a different port
This happens because current Liferay used version try to access the theme using only canonical hostname, without the port assigned, so leading to an invalid CSS url.
To fix, you will need to change portal-sw360.properties ( as described above ) with the following extra values:
# For different hostname redirection
web.server.host=<your ip/host of docker>
# For HTTP non standard 80 port
web.server.http.port=<your_http_port>
# For HTTPS non standard 443 port
web.server.https.port=<your_https_port>
This will tell liferay where is your real host instead of trying to guess the wrong host.
For nginx, assuming you are using default config for your sw360, this is a simple configuration for root web server under Ubuntu.
location / {
resolver 127.0.0.11 valid=30s;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_read_timeout 3600s;
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "ALLOWALL";
}
WARNING - X-frame is enabled wide open for development purposes. If you intend to use the above config in production, remember to properly secure the web server.
Liferay by default for security reasons do not allow redirect for unknown ips/domains, so is necessary to add your domain or ip to the redirect allowed lists in the Liferay Control Panel
As admin, go to Control Panel -> Instance Settings -> Content Data -> Pages
Decide to use:
IP based - List of ips you want to allow tro redirect
Domain based - List of domains you want to allow redirect