From b913f82fed7abd1366cad6f155e7fbf2dcd34055 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Tue, 21 May 2024 13:51:43 -0300 Subject: [PATCH 1/8] updated layout of docker installion pages --- .../{ => docker}/docker-introduction.md | 2 +- .../{ => docker}/docker-prereq.md | 11 +------ .../isle-dc}/docker-available-commands.md | 0 .../docker-available-configuration.md | 0 .../isle-dc}/docker-basic-usage.md | 0 .../{ => docker/isle-dc}/docker-custom.md | 0 .../{ => docker/isle-dc}/docker-local.md | 8 +++++ .../isle-dc}/docker-maintain-drupal.md | 0 .../isle-dc}/docker-maintain-isle.md | 0 .../isle-dc}/docker-troubleshooting.md | 0 .../site-template}/site-template.md | 0 mkdocs.yml | 30 ++++++++++--------- 12 files changed, 26 insertions(+), 25 deletions(-) rename docs/installation/{ => docker}/docker-introduction.md (94%) rename docs/installation/{ => docker}/docker-prereq.md (94%) rename docs/installation/{ => docker/isle-dc}/docker-available-commands.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-available-configuration.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-basic-usage.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-custom.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-local.md (89%) rename docs/installation/{ => docker/isle-dc}/docker-maintain-drupal.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-maintain-isle.md (100%) rename docs/installation/{ => docker/isle-dc}/docker-troubleshooting.md (100%) rename docs/installation/{ => docker/site-template}/site-template.md (100%) diff --git a/docs/installation/docker-introduction.md b/docs/installation/docker/docker-introduction.md similarity index 94% rename from docs/installation/docker-introduction.md rename to docs/installation/docker/docker-introduction.md index 3724cef0b..7105948c8 100644 --- a/docs/installation/docker-introduction.md +++ b/docs/installation/docker/docker-introduction.md @@ -12,4 +12,4 @@ ISLE's architecture using [Docker](https://www.docker.com/) separates out the "s ISLE is a suite of Docker containers that run the various components of Islandora: drupal, fedora, solr, alpaca, crayfish, matomo, etc. The individual containers are created (and automatically pushed to [Docker Hub](https://hub.docker.com/u/islandora)) by [ISLE BuildKit](https://github.com/Islandora-Devops/isle-buildkit). -In order to deploy the containers, however, you need to use a container orchestration tool. The ISLE project provides tools for running and maintaining the containers using docker-compose with [ISLE Docker Compose](https://github.com/Islandora-Devops/isle-dc). +In order to deploy the containers, however, you need to use a container orchestration tool. The ISLE project provides tools for running and maintaining the containers using docker-compose with [ISLE Docker Compose](https://github.com/Islandora-Devops/isle-dc) or [ISLE Site Template](https://github.com/Islandora-Devops/isle-site-template). \ No newline at end of file diff --git a/docs/installation/docker-prereq.md b/docs/installation/docker/docker-prereq.md similarity index 94% rename from docs/installation/docker-prereq.md rename to docs/installation/docker/docker-prereq.md index 252a969ec..6e3f6d3aa 100644 --- a/docs/installation/docker-prereq.md +++ b/docs/installation/docker/docker-prereq.md @@ -38,7 +38,7 @@ Docker Compose is a tool to simplify the process of running multiple Docker cont ### GNU Make -Make allows us to define commands that simplify installing and maintaining our Islandora site. For a complete list of available commands see the Makefile included with ISLE. +Make allows us to define commands that simplify installing and maintaining our Islandora site. For a complete list of available commands see the Makefile included with ISLE-DC. ### Composer @@ -58,7 +58,6 @@ Drush is a command line tool for managing your Drupal site. It comes installed i - Docker Compose version 2.x+ - GNU Make 4.0+ - Git 2.0+ -- [ISLE Docker Compose](https://github.com/islandora-devops/isle-dc) - At least 8GB of RAM (ideally 16GB) - An administrator account your machine (a.k.a. the host machine) - (Mac OS) Apple Developer Tools @@ -89,11 +88,3 @@ If you need to install Docker, we recommend using the application [Docker Deskto - Production or production-like development: 16GB **Swap**: Swap space is space borrowed from your hard disk drive to serve as makeshift RAM as needed. If you cannot provide as much RAM as you would like, increase this as is reasonable given your free disk space. - -## Installing ISLE Docker Compose - -Use Git to install the ISLE Docker Compose tool: - -`git clone https://github.com/islandora-devops/isle-dc` - -Tagged versions are available [here](https://github.com/Islandora-Devops/isle-dc/tags). diff --git a/docs/installation/docker-available-commands.md b/docs/installation/docker/isle-dc/docker-available-commands.md similarity index 100% rename from docs/installation/docker-available-commands.md rename to docs/installation/docker/isle-dc/docker-available-commands.md diff --git a/docs/installation/docker-available-configuration.md b/docs/installation/docker/isle-dc/docker-available-configuration.md similarity index 100% rename from docs/installation/docker-available-configuration.md rename to docs/installation/docker/isle-dc/docker-available-configuration.md diff --git a/docs/installation/docker-basic-usage.md b/docs/installation/docker/isle-dc/docker-basic-usage.md similarity index 100% rename from docs/installation/docker-basic-usage.md rename to docs/installation/docker/isle-dc/docker-basic-usage.md diff --git a/docs/installation/docker-custom.md b/docs/installation/docker/isle-dc/docker-custom.md similarity index 100% rename from docs/installation/docker-custom.md rename to docs/installation/docker/isle-dc/docker-custom.md diff --git a/docs/installation/docker-local.md b/docs/installation/docker/isle-dc/docker-local.md similarity index 89% rename from docs/installation/docker-local.md rename to docs/installation/docker/isle-dc/docker-local.md index 746270c57..2e94e59e3 100644 --- a/docs/installation/docker-local.md +++ b/docs/installation/docker/isle-dc/docker-local.md @@ -4,6 +4,14 @@ When developing locally, your Drupal site resides in your `isle-dc/codebase` fol Drupal container. This lets you update code using the IDE of your choice on your host machine, and the changes are automatically reflected on the Drupal container. +## Installing ISLE Docker Compose + +Use Git to install the ISLE Docker Compose tool: + +`git clone https://github.com/islandora-devops/isle-dc` + +Tagged versions are available [here](https://github.com/Islandora-Devops/isle-dc/tags). + ## Getting Started If you don't already have a Drupal site, you'll be given a basic setup using Drupal 9 and the diff --git a/docs/installation/docker-maintain-drupal.md b/docs/installation/docker/isle-dc/docker-maintain-drupal.md similarity index 100% rename from docs/installation/docker-maintain-drupal.md rename to docs/installation/docker/isle-dc/docker-maintain-drupal.md diff --git a/docs/installation/docker-maintain-isle.md b/docs/installation/docker/isle-dc/docker-maintain-isle.md similarity index 100% rename from docs/installation/docker-maintain-isle.md rename to docs/installation/docker/isle-dc/docker-maintain-isle.md diff --git a/docs/installation/docker-troubleshooting.md b/docs/installation/docker/isle-dc/docker-troubleshooting.md similarity index 100% rename from docs/installation/docker-troubleshooting.md rename to docs/installation/docker/isle-dc/docker-troubleshooting.md diff --git a/docs/installation/site-template.md b/docs/installation/docker/site-template/site-template.md similarity index 100% rename from docs/installation/site-template.md rename to docs/installation/docker/site-template/site-template.md diff --git a/mkdocs.yml b/mkdocs.yml index 3d0badc5a..1e5b06535 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -111,20 +111,22 @@ nav: - '8.x-2.0 Release Notes': 'release-notes/8.x-2.0.md' - 'Older Release Notes': 'https://github.com/Islandora/documentation/tree/main/docs/release_notes' - 'Install a Demo': 'installation/install-a-demo.md' - - 'ISLE-DC': - - 'Introduction to ISLE': 'installation/docker-introduction.md' - - 'Prerequisites': 'installation/docker-prereq.md' - - Install Islandora: - - 'Installing a Development Server': 'installation/docker-local.md' - - 'Installing a Staging/Production Server': 'installation/docker-custom.md' - - Maintaining Islandora: - - 'Basic Usage': 'installation/docker-basic-usage.md' - - 'Maintaining Drupal': 'installation/docker-maintain-drupal.md' - - 'Maintaining ISLE': 'installation/docker-maintain-isle.md' - - 'Available Commands': 'installation/docker-available-commands.md' - - 'Available Configuration': 'installation/docker-available-configuration.md' - - 'Troubleshooting' : 'installation/docker-troubleshooting.md' - - 'ISLE Site Template': 'installation/site-template.md' + - 'Docker': + - 'Introduction to ISLE': 'installation/docker/docker-introduction.md' + - 'Prerequisites': 'installation/docker/docker-prereq.md' + - 'ISLE-DC': + - Installing: + - 'Installing a Development Server': 'installation/docker/isle-dc/docker-local.md' + - 'Installing a Staging/Production Server': 'installation/docker/isle-dc/docker-custom.md' + - Maintaining: + - 'Basic Usage': 'installation/docker/isle-dc/docker-basic-usage.md' + - 'Maintaining Drupal': 'installation/docker/isle-dc/docker-maintain-drupal.md' + - 'Maintaining ISLE': 'installation/docker/isle-dc/docker-maintain-isle.md' + - 'Available Commands': 'installation/docker/isle-dc/docker-available-commands.md' + - 'Available Configuration': 'installation/docker/isle-dc/docker-available-configuration.md' + - 'Troubleshooting' : 'installation/docker/isle-dc/docker-troubleshooting.md' + - 'ISLE Site Template': + - 'Introduction to Site Template': 'installation/docker/site-template/site-template.md' - 'Ansible Playbook': 'installation/playbook.md' - Manual Installation: - 'Introduction': 'installation/manual/introduction.md' From c04a8b7dea951d8375773d3131d73b650c857dfb Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Mon, 27 May 2024 15:08:20 -0300 Subject: [PATCH 2/8] added customization page with placeholders for topics --- .../docker/site-template/customizations.md | 31 +++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 32 insertions(+) create mode 100644 docs/installation/docker/site-template/customizations.md diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md new file mode 100644 index 000000000..74295cf99 --- /dev/null +++ b/docs/installation/docker/site-template/customizations.md @@ -0,0 +1,31 @@ +# Customizations + +The following sections describe optional customizations you can make to further modify your Islandora site. + +## Modifying settings.php + +TODO + +## Modifying robots.txt + +TODO + +## Nginx customizations + +### Blocking IP Addresses + +TODO + +### Blocking by User Agent + +TODO + +## Traefik customizations + +### Using Your Certs Instead of LetsEncrypt + +TODO + +### TLS Settings + +TODO - https://doc.traefik.io/traefik/https/tls/#tls-options \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 1e5b06535..10b57d58a 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -127,6 +127,7 @@ nav: - 'Troubleshooting' : 'installation/docker/isle-dc/docker-troubleshooting.md' - 'ISLE Site Template': - 'Introduction to Site Template': 'installation/docker/site-template/site-template.md' + - 'Customizations' : 'installation/docker/site-template/customizations.md' - 'Ansible Playbook': 'installation/playbook.md' - Manual Installation: - 'Introduction': 'installation/manual/introduction.md' From 74be2ec048633a67e854db74075f8dba582ed9e8 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Fri, 31 May 2024 14:49:42 -0300 Subject: [PATCH 3/8] added info on TLS customization --- docs/installation/docker/site-template/customizations.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index 74295cf99..508f3bae1 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -28,4 +28,8 @@ TODO ### TLS Settings -TODO - https://doc.traefik.io/traefik/https/tls/#tls-options \ No newline at end of file +Traefik allows you to modify security settings by doing things like setting a minimum TLS version or specifying cipher suites. Isle Site Template ships with two versions of the TLS settings file, one [for development](https://github.com/Islandora-Devops/isle-site-template/blob/main/dev-tls.yml), and one [for production](https://github.com/Islandora-Devops/isle-site-template/blob/main/prod-tls.yml). + +These files are mounted as volumes in the Traefik containers, so you can modify them as desired. + +More information is available in the [Traefik documentation](https://doc.traefik.io/traefik/https/tls/#tls-options) \ No newline at end of file From 0466b5705d3210b01c9aac0d74a144d9de1367c4 Mon Sep 17 00:00:00 2001 From: Josh d'Entremont Date: Wed, 4 Sep 2024 13:38:52 -0300 Subject: [PATCH 4/8] added instructions for hiding fedora or exposing activemq, blazegraph, and solr --- .../docker/site-template/customizations.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index 508f3bae1..404fe25f9 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -32,4 +32,21 @@ Traefik allows you to modify security settings by doing things like setting a mi These files are mounted as volumes in the Traefik containers, so you can modify them as desired. -More information is available in the [Traefik documentation](https://doc.traefik.io/traefik/https/tls/#tls-options) \ No newline at end of file +More information is available in the [Traefik documentation](https://doc.traefik.io/traefik/https/tls/#tls-options) + +### Hiding Fedora from the public + +By default, your Fedora repository will be exposed to the public at fcrepo.${DOMAIN}. If you don't want the public to be able to access your repository you can add the `traefik-disable` label to the fcrepo-prod service in your docker-compose.yml. + +``` + labels: + <<: [*traefik-disable, *fcrepo-labels] +``` + +If you do this, you can remove the fcrepo URL from your DNS records. + +### Exposing ActiveMQ, Blazegraph, and Solr + +By default, these services are hidden by Traefik. If you want to allow access to them, you need to remove the `traefik-disable` label from your docker-compose.yml. + +You will also need to add their URL to your DNS record. The URLs are defined in the docker-compose.yml, and by default will be activemq.{DOMAIN}, blazegraph.{DOMAIN}, and solr.{DOMAIN} From d647bc56aef630f691dd2d70849e5a449817c8d7 Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Fri, 31 Jan 2025 13:38:18 -0400 Subject: [PATCH 5/8] added instructions for blocking bots --- .../docker/site-template/customizations.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index 404fe25f9..925a37b13 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -10,15 +10,24 @@ TODO TODO -## Nginx customizations +## Blocking Connections ### Blocking IP Addresses -TODO +#### iptables + +If your server uses iptables, you can block a range of IP addresses using the following command + +`iptables -I DOCKER-USER -s XXX.XXX.XXX.0/24 -j DROP` ### Blocking by User Agent -TODO +You can modify how nginx handles certain user agents by modifying `/etc/nginx/shared/drupal.defaults.conf` inside your Drupal container. For example, by adding: +``` +if ($http_user_agent ~ (Bytespider|ClaudeBot|Sogou|SemrushBot|AcademicBotRTU|PetalBot|GPTBot|DataForSeoBot|test-bot) ) { + return 403; +} +``` ## Traefik customizations From 735b02996d5e1effd12ffc7eb0e30613280313fb Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Thu, 24 Jul 2025 09:09:48 -0300 Subject: [PATCH 6/8] Update customizations.md --- .../docker/site-template/customizations.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index 925a37b13..cffc3388b 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -2,14 +2,6 @@ The following sections describe optional customizations you can make to further modify your Islandora site. -## Modifying settings.php - -TODO - -## Modifying robots.txt - -TODO - ## Blocking Connections ### Blocking IP Addresses @@ -31,10 +23,6 @@ if ($http_user_agent ~ (Bytespider|ClaudeBot|Sogou|SemrushBot|AcademicBotRTU|Pet ## Traefik customizations -### Using Your Certs Instead of LetsEncrypt - -TODO - ### TLS Settings Traefik allows you to modify security settings by doing things like setting a minimum TLS version or specifying cipher suites. Isle Site Template ships with two versions of the TLS settings file, one [for development](https://github.com/Islandora-Devops/isle-site-template/blob/main/dev-tls.yml), and one [for production](https://github.com/Islandora-Devops/isle-site-template/blob/main/prod-tls.yml). From db5f7376205f801b7ddbd72bf3825a6db05284bb Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Thu, 24 Jul 2025 09:30:13 -0300 Subject: [PATCH 7/8] Update docs/installation/docker/site-template/customizations.md Co-authored-by: Joe Corall --- docs/installation/docker/site-template/customizations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index cffc3388b..f49a2208e 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -40,7 +40,7 @@ By default, your Fedora repository will be exposed to the public at fcrepo.${DOM <<: [*traefik-disable, *fcrepo-labels] ``` -If you do this, you can remove the fcrepo URL from your DNS records. +If you do this, you can remove the fcrepo domain from your DNS records. ### Exposing ActiveMQ, Blazegraph, and Solr From e388a429eff2f134939fd1c28954311c542f3b7b Mon Sep 17 00:00:00 2001 From: joshdentremont Date: Thu, 24 Jul 2025 09:30:22 -0300 Subject: [PATCH 8/8] Update docs/installation/docker/site-template/customizations.md Co-authored-by: Joe Corall --- docs/installation/docker/site-template/customizations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/docker/site-template/customizations.md b/docs/installation/docker/site-template/customizations.md index f49a2208e..afb45835d 100644 --- a/docs/installation/docker/site-template/customizations.md +++ b/docs/installation/docker/site-template/customizations.md @@ -16,7 +16,7 @@ If your server uses iptables, you can block a range of IP addresses using the fo You can modify how nginx handles certain user agents by modifying `/etc/nginx/shared/drupal.defaults.conf` inside your Drupal container. For example, by adding: ``` -if ($http_user_agent ~ (Bytespider|ClaudeBot|Sogou|SemrushBot|AcademicBotRTU|PetalBot|GPTBot|DataForSeoBot|test-bot) ) { +if ($http_user_agent ~ (OAI-SearchBot|ChatGPT|Scrapy|ImagesiftBot|YandexBot|Bytespider|ClaudeBot|Sogou|SemrushBot|AcademicBotRTU|PetalBot|GPTBot|DataForSeoBot|test-bot) ) { return 403; } ```