provide deployment with containers

Author: nikolasibalic

.gitignore

@@ -13,4 +13,6 @@ dist
 /testdir2
 /testdir*
 /caroline/temp
-/test_new_dev
+/test_new_dev
+*.tar
+my_deploy.sh

Dockerfile_proxy

@@ -0,0 +1,4 @@
+FROM nginx
+COPY caroline/html_dist /usr/share/nginx/html/caroline/
+COPY caroline/html_dist/index.html /usr/share/nginx/html/.
+COPY roundtable.conf /etc/nginx/conf.d/default.conf

build_containers.sh

@@ -0,0 +1,7 @@
+#! /bin/bash
+
+echo "Build proxy image"
+podman build -f Dockerfile_proxy -t roundtable_proxy
+
+echo "Build application server"
+podman build -f caroline/server/Dockerfile -t roundtable_application

caroline/server/.python-version

@@ -0,0 +1 @@
+3.11

caroline/server/Dockerfile

@@ -0,0 +1,18 @@
+FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim AS build-env
+
+ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy
+WORKDIR /app
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --frozen --no-install-project --no-dev
+# ADD caroline_relay_server.py /app
+# ENV PATH="/app/.venv/bin:$PATH"
+# CMD ["gunicorn", "-k", "gevent", "-w", "1", "caroline_relay_server:app", "--bind", "0.0.0.0:8000"]
+
+FROM python:3.11-slim-bookworm
+COPY --from=build-env /app /app
+ENV PATH="/app/.venv/bin:$PATH"
+WORKDIR /app
+ADD caroline_relay_server.py /app
+CMD ["gunicorn", "-k", "gevent", "-w", "1", "caroline_relay_server:app", "--bind", "0.0.0.0:8000"]

caroline/server/caroline_relay_server.py

@@ -10,20 +10,20 @@
 )
 import requests
 import jwt
-import json
 import qrcode
 import io
-from PIL import Image
 import datetime
 import time
+import os
 
 app = Flask(__name__)
 CORS(app)
-app.config["SECRET_KEY"] = "ADD_YOUR_OWN_SECRET_KEY"
+app.config["SECRET_KEY"] = os.environ.get('SECRET_KEY')
 socketio = SocketIO(app, cors_allowed_origins="*")
 apiPrefix = "/api"
-subscriberKey = "ADD_YOUR_OWN_SUBSCRIBER_KEY_FOR_AUTHENTICATION"
-
+app.config["SUBSCRIBER_KEY"] = os.environ.get('SUBSCRIBER_KEY')
+app.config["GOOGLE_RECAPTCHA_SECRET"] = os.environ.get('GOOGLE_RECAPTCHA_SECRET')
+app.config["SERVER_DOMAIN_NAME"] = os.environ.get('SERVER_DOMAIN_NAME')
 
 @app.route(apiPrefix + "/")
 def hello():
@@ -33,7 +33,7 @@ def hello():
 @app.route(apiPrefix + "/qrcode/<path>", methods=["GET"])
 def returnQRcode(path):
     qr = qrcode.QRCode()
-    qr.add_data("https://roundtable.researchx3d.com/#" + path)
+    qr.add_data(f"{app.config['SERVER_DOMAIN_NAME'] }/#" + path)
 
     qr.make(fit=True)
     img = qr.make_image()
@@ -71,12 +71,12 @@ def presentationQRcode():
 def test_connection():
     # Uncomment next two lines to allow everyone to connect
     # That is useful for local development purposes
-    # print("ok")
-    # return
+    #print("ok")
+    #return
 
     # WAY FOR PRESENTER TO GENERATE TEMPORARY KEY
     if "pkey" in request.args and "site" in request.args:
-        if request.args.get("pkey") == subscriberKey:
+        if request.args.get("pkey") == app.config["SUBSCRIBER_KEY"]:
             payload = {
                 "exp": datetime.datetime.utcnow()
                 + datetime.timedelta(days=0, seconds=2 * 60 * 60),
@@ -97,17 +97,20 @@ def test_connection():
             raise ConnectionRefusedError("Invalid token")
 
     if "auth" in request.args:
+        # HACK until we debug this
+        return
         r = requests.post(
             "https://www.google.com/recaptcha/api/siteverify",
             data={
-                "secret": "ADD_YOUR_OWN_GOOGLE_RECAPTCHA_SECRET",
+                "secret": app.config["GOOGLE_RECAPTCHA_SECRET"],
                 "response": request.args.get("auth"),
             },
         )
-
+        
         if not r.json()["success"]:
             disconnect()
             raise ConnectionRefusedError("Recaptcha expired")
+        
 
     elif "auth2" in request.args:
         try:
@@ -141,6 +144,7 @@ def test_connection():
             ),
         },
     )
+    return
 
 
 @socketio.on("disconnect")

caroline/server/pyproject.toml

@@ -0,0 +1,17 @@
+[project]
+name = "server"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.11"
+dependencies = [
+    "flask-cors>=5.0.0",
+    "flask>=3.1.0",
+    "flask-socketio>=5.5.0",
+    "pillow>=11.0.0",
+    "pyjwt>=2.10.1",
+    "requests>=2.32.3",
+    "qrcode[pil]>=8.0",
+    "gunicorn>=23.0.0",
+    "gevent>=24.11.1",
+]

caroline/server/uv.lock

@@ -0,0 +1,16 @@
+#! /bin/bash
+
+echo "Create pod roundtable"
+podman pod create -p 127.0.0.1:8001:80 --replace roundtable
+
+podman run -d --pod roundtable --replace --memory=2GB --cpus=2 \
+    --name roundtable_proxy_instance1 \
+    localhost/roundtable_proxy:latest
+
+podman run -d --pod roundtable --replace --memory=2GB --cpus=2 \
+    --name roundtable_application_instance1 \
+    -e SECRET_KEY="YOUR_RANDOM_STIRNG*" \
+    -e SUBSCRIBER_KEY="YOUR_SUBSCRIBER_TOKEN_RANDOM_STRING" \
+    -e GOOGLE_RECAPTCHA_SECRET="FORM_GOOGLE" \
+    -e SERVER_DOMAIN_NAME="DOMAIN_NAME" \
+    localhost/roundtable_application:latest

deploy.sh

@@ -0,0 +1,44 @@
+server {
+  listen       80;
+  listen  [::]:80;
+
+  server_name _;
+
+  root         /usr/share/nginx/html;
+
+  include /etc/nginx/default.d/*.conf;
+  
+  gzip on;
+  gzip_vary on;
+  gzip_min_length 10240;
+  gzip_types text/css text/javascript application/x-javascript;
+
+
+  location / {
+    index index.html;
+    gzip on;
+    gzip_types application/json;
+    gzip_static on;
+
+  }
+
+  location /socket.io {
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade"; 
+        proxy_pass http://127.0.0.1:8000/socket.io;
+  }
+
+  location /api {
+    gzip on;
+    gzip_types application/json;
+    gzip_static on;
+
+        proxy_http_version 1.1;
+        proxy_buffering off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade"; 
+        proxy_pass http://127.0.0.1:8000;
+    }
+}