new images and other files

.gitignore

@@ -1,3 +1,6 @@
 __pycache__/
 .DS_Store
-**/.DS_Store
+**/.DS_Store
+artifact/
+workdir
+workdir/

certs/fullchain.pem

@@ -0,0 +1,58 @@
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgISA/0Y9eqyjc+dSQJD51AdjjTXMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MDUxNTI1NTRaFw0y
+MDA3MDQxNTI1NTRaMBgxFjAUBgNVBAMMDSouMWNmcmVzaC5kZXYwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjcvx0iv45e9qda8PZuXf5j7hg5OK9DFZd
+hU18hor1bGcBON7IXEI5OWrU6//AujpGFQlZxEeAkkQ6DdTzd/eAc5LQ6qGvmV2r
+b66O+Jp7twRfjf0kG66S/wDi1pXlFpKiqmBpEBlN+M4qXP6vLK6K6EaSPzfXnjvl
+/J7nuctJpfW8Zdc0HqVYE1vGFJP6Q0qZ2cxj3FYfoyFIHrzkEL8wdQwH7n0VeMbo
+iAMPwhD6fYYiKXPI16w8j+8ehWlm/oAnJ2q2DSlkrtU4H2/j37Ab60bbRadd+QPr
+sYtrTrWY3qLpMxt4Mph7n+xVY/n0eCZ8sZupBz3faHp+AbRUuk4JAgMBAAGjggJu
+MIICajAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCe7HK4P0XG8GTCRwc+/as6MDhC6
+MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMw
+YTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9y
+ZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
+Zy8wJQYDVR0RBB4wHIINKi4xY2ZyZXNoLmRldoILMWNmcmVzaC5kZXYwTAYDVR0g
+BEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0
+cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8A
+dgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAXFLKavlAAAEAwBH
+MEUCIEziiVxkpjVL6Ks0sfAUZcTroz4AQyYKth9ignRXH2RrAiEArXdHh/m6CN0Z
+ch4YDM5kspsV6mtk2o8XUgvvELX7RXIAdQAHt1wb5X1o//Gwxh0jFce65ld8V5S3
+au68YToaadOiHAAAAXFLKawQAAAEAwBGMEQCIFHHWrsk/3C+BYPz42304HIlisBc
+xxd5SeXrkmXFYJgUAiAhppE3MxPnqmLxF7H4zjfN2H/uPcXWmQ0PiOZx5SwKNzAN
+BgkqhkiG9w0BAQsFAAOCAQEAU6qqdqopw1fT/5WJ2Kx2AyBgzQyXSOHG64LsERQA
+ZZ/hxscqi4Tc3VahrxNSq/ZFQvaenDF9yWj6AYWsyKbZbd2Bz/r7v7Br9qyDs8W2
+ozOgpcwB96Ph5lnM9XrQGXE9Oq0bnRpGz7mu/g9RGZ4fMRGlsS00UriDB41x892L
+stW3OgHdWQIpCZkm4supUbGOrUF9fDHH5DsT1jiwG7pCPzQUJOujyzTmeC/OhfoH
+XgfsMyO9TjdxY/dWI9zEWiKMqxtk/M8e1FGNOz4rtW1yLlhSAeawR8bTC82PfgCc
+boIZ7tKxmTSbqZWGb2Fe9oD3AHqgKUNvVwlmgR802DFXhA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

certs/privkey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjcvx0iv45e9qd
+a8PZuXf5j7hg5OK9DFZdhU18hor1bGcBON7IXEI5OWrU6//AujpGFQlZxEeAkkQ6
+DdTzd/eAc5LQ6qGvmV2rb66O+Jp7twRfjf0kG66S/wDi1pXlFpKiqmBpEBlN+M4q
+XP6vLK6K6EaSPzfXnjvl/J7nuctJpfW8Zdc0HqVYE1vGFJP6Q0qZ2cxj3FYfoyFI
+HrzkEL8wdQwH7n0VeMboiAMPwhD6fYYiKXPI16w8j+8ehWlm/oAnJ2q2DSlkrtU4
+H2/j37Ab60bbRadd+QPrsYtrTrWY3qLpMxt4Mph7n+xVY/n0eCZ8sZupBz3faHp+
+AbRUuk4JAgMBAAECggEAWDuQUJFfn0RexTARb40RWOTekV+9jnQEg0OciqZOiSHV
+kPFUQjCbhyyZoQss6qsdHgvpGk48kwliTzx8Qln2f57kGGcwlQxjZlJJluBY9IPd
+ln+dsUpIOQ3zOoDANgSzb6Atn0mTf2XaVUASNBoYtt+giP4bdQf0KbjvRwQi20Qg
+klqugnLCKF3tnVhQnXgi/3spsdeLjku3tezGaPJD3/nTCkgiPrGme8xdwNu2Q3qB
+5/DqbcL+EM2qKV12CtcQaj3lKA92fB4+cp7mr9Axo1DFiJdqTn8gemYsx4rr/qW5
+no/Cx37Z5GG8GXb3L/+ZEX5sgrENj4UBjMfLBu2oAQKBgQDVU2LMVEiaZ1NLmxus
+ICqwWi1M6zoe+8uDedQc26eWmXUShKlQH2OaYVLBJgJ285vZGUJkGZUOIldOfmUH
+BGlzSKuRSFPOn4ViGHr1yQ7tFBIemyurRxmp+/QcOqey0TvmNBCieZzOZR9SGt5R
+dZ1Eu45H46bXQMcDRex/tcM2gQKBgQDEJV+3dmV8zNRWxNPXrGqKiNvi2FRuaSe8
+ILjX8PX3wjdd/jQjURXJqFfoRwaubJZLV/zTK9ASIMsm9tFxPvU9BfnzWUji+MPH
+JLKxmcnvVXXI0ylvQqQFvYCDE7XC7miv2qa5mqRs4KdbEBxTA+v+rTaeZXyIewoQ
+Q89kiI6jiQKBgQCLslh/oC4PVtyYJVHgzQvHgrYpqdzcz109kvlRkJJVr9aXsuJB
+gtyyC0urCp4QkYUcjUsJzCrtH5X25BR6nOwFP7CCqk+ffp1VWNykue6ZWExpWIon
+Vp86zrDUD6EkG5rTLIM8MtF544S4OrodtByyFvScpTrruRLaVN8D3t6ggQKBgQCa
+O70pGPsyiCnL1NezNotMRdOJa4vwidVJ0/0lJ/9xg5Ff4nyC7MaSHEKLjhYN36rK
+sfRG5KOnLYwxJlGIl/XktydVF/b9KplfpVax2nj0LiIA+TISn7c0IE/GQiBhmHBP
+H0KMnbH/PyO5slBjYqkWSIOzR6AF/aHrKjcRGWP36QKBgBwka1MwT1DMvXEKkqSP
+2qQFV2vIBZwwVX2yULo7UQu16vc6zdzNay/6rG9+JKGV+em5tXBjgy5ghkAIUXuk
+/f97ixeI1uqx3f2+sO9rE7xwZY1rlH4fhiqRQdAQdnIraWL4juetRtzUljmtFYEf
+AmVv7T300CBFZYLzSEBRu0Km
+-----END PRIVATE KEY-----

docker-compose.yml

@@ -3,24 +3,60 @@ version: '3.6'
 services:
 
   db:
-    image: registry.1c709.ru/docker/postgres-pro
-    hostname: db.ikoz.1c709.ru
-    container_name: db.ikoz.1c709.ru
+    image: fresh/db
+    hostname: db.HOSTNAMEREPLACE
+    container_name: db.HOSTNAMEREPLACE
     volumes:
       - ./artifact/db/data:/var/lib/1c/pgdata
+      - ./mnt:/mnt
+  
+  nginx:
+    image: fresh/nginx
+    hostname: nginx.HOSTNAMEREPLACE
+    container_name: nginx.HOSTNAMEREPLACE
+    networks: 
+      default:
+        aliases:
+          - HOSTNAMEREPLACE
+    environment:
+      - SITE_HOST=site.HOSTNAMEREPLACE
+      - BACKEND_HOST=web.HOSTNAMEREPLACE
+      - GATE_HOST=gate.HOSTNAMEREPLACE
+      - HOSTNAME=HOSTNAMEREPLACE
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./nginx_conf/1c_app.conf:/etc/nginx/1c_app.conf
+      - ./nginx_conf/1c_common.conf:/etc/nginx/1c_common.conf
+      - ./nginx_conf/1c_error.conf:/etc/nginx/1c_error.conf
+      - ./nginx_conf/1c_error_openid.conf:/etc/nginx/1c_error_openid.conf
+      - ./nginx_conf/1c_error_site.conf:/etc/nginx/1c_error_site.conf
+      - ./nginx_conf/1c_keepalive.conf:/etc/nginx/1c_keepalive.conf
+      - ./nginx_conf/1c_upstream.conf:/etc/nginx/1c_upstream.conf
+      - ./nginx_conf/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx_conf/conf.d/local-ssl.conf:/etc/nginx/conf.d/local-ssl.conf
+      - ./nginx_conf/conf.d/local.conf://etc/nginx/conf.d/local.conf
+      - ./mnt:/mnt
+      - ../certs/fullchain.pem:/etc/pki-custom/fullchain.crt
+      - ../certs/privkey.pem:/etc/pki-custom/privkey.key
+      - ../images/site/distr/site/media:/var/www/content/media/
+    depends_on:
+      - site
+      - forum
 
   srv:
-    image: registry.1c709.ru/docker/core:8.3.14.1993
-    hostname: srv.ikoz.1c709.ru
-    container_name: srv.ikoz.1c709.ru
+    image: fresh/core
+    hostname: srv.HOSTNAMEREPLACE
+    container_name: srv.HOSTNAMEREPLACE
     command: srv+cli
     volumes:
       - ./artifact/srv/data:/var/lib/1c/data
       - ./artifact/srv/log:/var/log/1c
-      - ./artifact/mnt:/mnt
-      #- ./conf/nethasp.ini:/opt/1C/v8.3/x86_64/conf/nethasp.ini
-      - ./conf/logcfg.xml:/opt/1C/v8.3/x86_64/conf/logcfg.xml
+      - ./mnt:/mnt
       - /tmp/.aksusb:/tmp/.aksusb
+      - ../images/core/conf/logcfg.xml:/opt/1C/v8.3/x86_64/conf/logcfg.xml
+      
     ports:
       - 1540-1541:1540-1541
       - 1538:1538
@@ -31,100 +67,61 @@ services:
       - db
 
   ras:
-    image: registry.1c709.ru/docker/core:8.3.14.1993
-    hostname: ras.ikoz.1c709.ru
-    container_name: ras.ikoz.1c709.ru
+    image: fresh/core
+    hostname: ras.HOSTNAMEREPLACE
+    container_name: ras.HOSTNAMEREPLACE
     command: /opt/1C/v8.3/x86_64/ras cluster --port=1545 srv:1540
     volumes:
       - ./artifact/ras/log:/var/log/1c
-      - ./conf/logcfg.xml:/opt/1C/v8.3/x86_64/conf/logcfg.xml
+      - ./mnt:/mnt
+      - ../images/core/conf/logcfg.xml:/opt/1C/v8.3/x86_64/conf/logcfg.xml
     ports:
       - 1545:1545
       
   web:
-    image: registry.1c709.ru/docker/core:8.3.14.1993
-    hostname: web.ikoz.1c709.ru
-    container_name: web.ikoz.1c709.ru
+    image: fresh/core
+    hostname: web.HOSTNAMEREPLACE
+    container_name: web.HOSTNAMEREPLACE
     command: web
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.web.entrypoints=web"
-      - "traefik.http.routers.web.rule=Host(`ikoz.1c709.ru`) && PathPrefix(`/a/adm`, `/a/openid`)"
-      #- "traefik.http.middlewares.web-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.routers.web.middlewares=https-redirect"
-      - "traefik.http.routers.web-secure.entrypoints=websecure"
-      - "traefik.http.routers.web-secure.rule=Host(`ikoz.1c709.ru`) && PathPrefix(`/a/adm`, `/a/openid`)"
-      - "traefik.http.routers.web-secure.tls=true"
-      - "traefik.http.routers.web-secure.tls.certresolver=myresolver"
-      - "traefik.http.routers.web-secure.service=web"
-      - "traefik.http.services.web.loadbalancer.server.port=80"
     volumes:
       - ./artifact/web/log:/var/log/1c
-      - ./artifact/mnt:/mnt
+      - ./mnt:/mnt
     depends_on:
       - srv
   
   site:
-    image: registry.1c709.ru/docker/site
-    hostname: site.ikoz.1c709.ru
-    container_name: site.ikoz.1c709.ru
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.site.entrypoints=web"
-      - "traefik.http.routers.site.rule=Host(`ikoz.1c709.ru`)"
-      #- "traefik.http.middlewares.site-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.routers.site.middlewares=https-redirect"
-      - "traefik.http.routers.site-secure.entrypoints=websecure"
-      - "traefik.http.routers.site-secure.rule=Host(`ikoz.1c709.ru`)"
-      - "traefik.http.routers.site-secure.tls=true"
-      - "traefik.http.routers.site-secure.tls.certresolver=myresolver"
-      - "traefik.http.routers.site-secure.service=site"
-      - "traefik.http.services.site.loadbalancer.server.port=8080"
+    image: fresh/site
+    hostname: site.HOSTNAMEREPLACE
+    container_name: site.HOSTNAMEREPLACE
     volumes:
       - ./artifact/site/searchIndex:/var/www/content/searchIndex
       - ./artifact/site/site_files:/var/www/content/site_files
-      - ./artifact/mnt/media:/var/www/content/media/
+      - ./mnt:/mnt
+      - ../distr/postgresql.jar:/usr/local/tomcat/lib/postgresql.jdbc4.jar
+      - ../images/site/conf/context.xml:/usr/local/tomcat/conf/context.xml
+      - ../images/site/conf/server.xml:/usr/local/tomcat/conf/server.xml
+      - ../images/site/distr/site/media:/var/www/content/media/
     depends_on:
       - db
 
   forum:
-    image: registry.1c709.ru/docker/forum
-    hostname: forum.ikoz.1c709.ru
-    container_name: forum.ikoz.1c709.ru
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.forum.entrypoints=web"
-      - "traefik.http.routers.forum.rule=Host(`ikoz.1c709.ru`) && PathPrefix(`/forum`)"
-      - "traefik.http.routers.forum.middlewares=https-redirect"
-      - "traefik.http.routers.forum-secure.entrypoints=websecure"
-      - "traefik.http.routers.forum-secure.rule=Host(`ikoz.1c709.ru`) && PathPrefix(`/forum`)"
-      - "traefik.http.routers.forum-secure.tls=true"
-      - "traefik.http.routers.forum-secure.tls.certresolver=myresolver"
-      - "traefik.http.routers.forum-secure.service=forum"
-      - "traefik.http.services.forum.loadbalancer.server.port=8080"
-      #- "traefik.http.middlewares.forum-replacepath.stripprefix.prefixes=/forum"
-      #- "traefik.http.middlewares.forum-replacepath.replacepath.path=/forum"
-      - "traefik.http.routers.forum-secure.middlewares=forum-replacepath"
+    image: fresh/forum
+    hostname: forum.HOSTNAMEREPLACE
+    container_name: forum.HOSTNAMEREPLACE
     volumes:
       - ./artifact/forum:/var/www/forum/mess_files
+      - ./mnt:/mnt
+      - ../distr/postgresql.jar:/usr/local/tomcat/lib/postgresql.jdbc4.jar
+      - ../images/forum/conf/context.xml:/usr/local/tomcat/conf/context.xml
+      - ../images/forum/conf/server.xml:/usr/local/tomcat/conf/server.xml
     depends_on:
       - db
 
   gate:
-    image: registry.1c709.ru/docker/gate
-    hostname: gate.ikoz.1c709.ru
-    container_name: gate.ikoz.1c709.ru
+    image: fresh/gate
+    hostname: gate.HOSTNAMEREPLACE
+    container_name: gate.HOSTNAMEREPLACE
+    volumes: 
+      - ./mnt:/mnt
     depends_on:
-      - srv
-
-  #agent:
-   #image: registry.1c709.ru/docker/core:8.3.14.1993
-   #hostname: agent.ikoz.1c709.ru
-   #container_name: agent.ikoz.1c709.ru
-   #command: agent
-   #volumes:
-    #- ./artifact/agent:/var/lib/1c/agent_data
-   #environment:
-    #- INFOBASECONNECTIONSTRING="Srvr=srv.ikoz.1c709.ru;Ref=sm"
-   #ports:
-    #  - 1543:1543
+      - srv

images/core/conf/logcfg.xml

@@ -1,9 +1,17 @@
 <config xmlns="http://v8.1c.ru/v8/tech-log">
-    <log location="/var/log/1c" history="1">
+    <dump location="/var/log/1c/dumps" create="1" type="3"/>
+    <log location="/var/log/1c/excp" history="1">
         <event>
             <eq property="name" value="EXCP"/>
         </event>
         <property name="all">
         </property>
     </log>
-</config>
+	<system level="Trace" class="OID2Log" />
+    <log location="/var/log/1c/openid" history="1">
+        <event>
+            <eq property="class" value="OID2Log" />
+        </event>
+        <property name="all" />
+    </log>
+</config>

images/core/entrypoint.sh

@@ -1,60 +1,60 @@
-#!/bin/bash
-
-set -e
-
-if [ "$1" = 'srv' ]
-then
-    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS}
-    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ragent -debug -http /d ${COREDATA}
-elif [ "$1" = 'srv+cli' ]
-then
-    ulimit -c unlimited
-    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS}
-    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ragent -debug -http /d ${COREDATA} &
-    status=$?
-    if [ $status -ne 0 ]; then
-        echo "Failed to start ragent: $status"
-        exit $status
-    fi
-    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
-    exec metacity --display=:99 &
-    exec /usr/bin/x11vnc &
-    status=$?
-    if [ $status -ne 0 ]; then
-        echo "Failed to start Xvfb: $status"
-        exit $status
-    fi
-    while sleep 60; do
-        ps aux | grep [r]agent
-        RAGENT_STATUS=$?
-        ps aux | grep [Xvfb]
-        XVFB_STATUS=$?
-        if [ $RAGENT_STATUS -ne 0 -o $XVFB_STATUS -ne 0 ]; then
-            echo "One of the processes has already exited."
-            exit 1
-        fi
-    done    
-elif [ "$1" = 'ras' ]
-then
-    chown -R usr1cv8:grp1cv8 ${CORELOGS}
-    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ras cluster
-elif [ "$1" = 'cli' ]
-then
-    chown -R usr1cv8:grp1cv8 ${CORELOGS}
-    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
-    exec metacity --display=:99 &
-    exec /usr/bin/x11vnc    
-elif [ "$1" = 'web' ]
-then
-    chown -R usr1cv8:grp1cv8 ${CORELOGS}
-    rm -rf /run/httpd/* /tmp/httpd*
-    unset HOME
-    exec httpd -DFOREGROUND
-elif [ "$1" = 'agent' ]
-then
-    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS} ${AGENTBASEDIR}
-    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
-    exec /opt/1C/v8.3/x86_64/1cv8 DESIGNER /AgentMode /IBConnectionString "${INFOBASECONNECTIONSTRING}" /AgentBaseDir "${AGENTBASEDIR}" /AgentSSHHostKey "/id_rsa.key" /Visible /AgentListenAddress 0.0.0.0
-fi
-
+#!/bin/bash
+
+set -e
+
+if [ "$1" = 'srv' ]
+then
+    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS}
+    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ragent -debug -http /d ${COREDATA}
+elif [ "$1" = 'srv+cli' ]
+then
+    ulimit -c unlimited
+    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS}
+    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ragent -debug -http /d ${COREDATA} &
+    status=$?
+    if [ $status -ne 0 ]; then
+        echo "Failed to start ragent: $status"
+        exit $status
+    fi
+    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
+    exec metacity --display=:99 &
+    exec /usr/bin/x11vnc &
+    status=$?
+    if [ $status -ne 0 ]; then
+        echo "Failed to start Xvfb: $status"
+        exit $status
+    fi
+    while sleep 60; do
+        ps aux | grep [r]agent
+        RAGENT_STATUS=$?
+        ps aux | grep [Xvfb]
+        XVFB_STATUS=$?
+        if [ $RAGENT_STATUS -ne 0 -o $XVFB_STATUS -ne 0 ]; then
+            echo "One of the processes has already exited."
+            exit 1
+        fi
+    done    
+elif [ "$1" = 'ras' ]
+then
+    chown -R usr1cv8:grp1cv8 ${CORELOGS}
+    exec gosu usr1cv8 /opt/1C/v8.3/x86_64/ras cluster
+elif [ "$1" = 'cli' ]
+then
+    chown -R usr1cv8:grp1cv8 ${CORELOGS}
+    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
+    exec metacity --display=:99 &
+    exec /usr/bin/x11vnc    
+elif [ "$1" = 'web' ]
+then
+    chown -R usr1cv8:grp1cv8 ${CORELOGS}
+    rm -rf /run/httpd/* /tmp/httpd*
+    unset HOME
+    exec httpd -DFOREGROUND
+elif [ "$1" = 'agent' ]
+then
+    chown -R usr1cv8:grp1cv8 ${COREDATA} ${CORELOGS} ${AGENTBASEDIR}
+    exec /usr/bin/Xvfb :99 -screen 0 1680x1050x24 -shmem &
+    exec /opt/1C/v8.3/x86_64/1cv8 DESIGNER /AgentMode /IBConnectionString "${INFOBASECONNECTIONSTRING}" /AgentBaseDir "${AGENTBASEDIR}" /AgentSSHHostKey "/id_rsa.key" /Visible /AgentListenAddress 0.0.0.0
+fi
+
 exec "$@"

images/db/entrypoint.sh

@@ -1,13 +1,13 @@
-#!/bin/bash
-
-set -e
-
-chown -R postgres:postgres "$PGDATA"
-
-if [ -z "$(ls -A "$PGDATA")" ]; then
-    gosu postgres ./initdb
-    echo "synchronous_commit = off" >> $PGDATA/postgresql.conf
-fi
-
-command=$@
+#!/bin/bash
+
+set -e
+
+chown -R postgres:postgres "$PGDATA"
+
+if [ -z "$(ls -A "$PGDATA")" ]; then
+    gosu postgres ./initdb
+    echo "synchronous_commit = off" >> $PGDATA/postgresql.conf
+fi
+
+command=$@
 exec gosu postgres $command

images/nginx/Dockerfile

@@ -0,0 +1,16 @@
+FROM nginx:stable-alpine
+
+ENV HOSTNAME host.1cfresh.dev
+
+ENV SITE_HOST host.1cfresh.dev
+ENV BACKEND_HOST host.1cfresh.dev
+ENV GATE_HOST host.1cfresh.dev
+
+ENV WORKER_PROCESSES 2
+
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 80 443
+
+ENTRYPOINT ["/bin/sh", "-c", "/entrypoint.sh"]

images/nginx/conf/1c_app.conf

@@ -0,0 +1,2 @@
+include          1c_common.conf;
+proxy_set_header X-Forwarded-Port 443;

images/nginx/conf/1c_common.conf

@@ -0,0 +1,7 @@
+proxy_connect_timeout 5s;
+proxy_read_timeout    75;
+proxy_next_upstream   error;
+proxy_set_header      Host              $host;
+proxy_set_header      X-Real-IP         $remote_addr;
+proxy_set_header      X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header      X-Forwarded-Proto https;

images/nginx/conf/1c_error.conf

@@ -0,0 +1,6 @@
+if ($http_user_agent = 1CV8C) {
+	set $mode txt;
+}
+
+error_page 407 410 411 413 414 415 416 500 501 502 503 504 505 /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode;
+error_page 420 =404                                                /availability?url=$upstream_http_x_destination_id$request_uri&mode=$mode&code=420;

images/nginx/conf/1c_error_openid.conf

@@ -0,0 +1,5 @@
+if ($http_user_agent = 1CV8C) {
+	set $mode txt;
+}
+
+error_page 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri&mode=$mode;

images/nginx/conf/1c_error_site.conf

@@ -0,0 +1,2 @@
+error_page 404 /availability?url=$scheme://$host$request_uri&code=404;
+error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505 /availability?url=$scheme://$host$request_uri;

images/nginx/conf/1c_keepalive.conf

@@ -0,0 +1,2 @@
+proxy_http_version 1.1;
+proxy_set_header Connection "";

images/nginx/conf/1c_upstream.conf

@@ -0,0 +1,15 @@
+upstream backend83 {
+	ip_hash;
+	keepalive 16;
+	server  webwebweb:80;
+}
+
+upstream gate {
+	ip_hash;
+	server  gategategate:8080;
+}
+
+
+upstream upstream_availability {
+	server  sitesitesite:8080;
+}

images/nginx/conf/conf.d/local-ssl.conf

@@ -0,0 +1,123 @@
+server {
+	listen      443;
+	server_name hosthosthost;
+
+	proxy_intercept_errors on;
+
+	ssl                       on;
+	ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers               RC4:HIGH:!aNULL:!MD5:!kEDH;
+	ssl_prefer_server_ciphers on;
+	ssl_certificate           /etc/pki-custom/fullchain.crt;
+	ssl_certificate_key       /etc/pki-custom/privkey.key;
+	ssl_session_cache         shared:SSL:10m;
+	ssl_session_timeout       10m;
+
+	location @start {
+		rewrite ^(/a/[a-zA-Z0-9_]+/([0-9]+/)?).*$ $1 last;
+	}
+
+	location /availability/ {
+		include               1c_common.conf;
+		recursive_error_pages on;
+		error_page            400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 500 501 502 503 504 505  /i/index.html;
+		proxy_pass            http://upstream_availability;
+	}
+
+	location /i {
+		alias /var/www/failover;
+	}
+
+
+	location ^~ /a/openid {
+		include    1c_common.conf;
+		include    1c_keepalive.conf;
+		include    1c_error_openid.conf;
+		proxy_pass http://backend83;
+	}
+
+	location ^~ /a/adm/e1cib/start {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		include    1c_keepalive.conf;
+		error_page 400 403 412 @start;
+		proxy_pass http://backend83;
+	}
+
+	location ^~ /a/adm {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		include    1c_keepalive.conf;
+		proxy_pass http://backend83;
+	}
+	
+	location ^~ /a/extreg {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		include    1c_keepalive.conf;
+		proxy_pass http://backend83;
+	}
+
+	location ^~ /a/wcib/hs {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		keepalive_timeout 0;
+		proxy_pass http://backend83;
+	}
+
+	location ^~ /a/httpextreg/hs {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		keepalive_timeout 0;
+		proxy_pass http://backend83;
+	}
+
+	location ^~ /a/wcibprivate/hs {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		keepalive_timeout 0;
+		proxy_pass http://backend83;
+	}
+
+	location ~* /a/\w+/\d+/e1cib/start {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		error_page 400 403 412 @start;
+		proxy_pass http://gate;
+	}
+
+	location ~* /a/\w+/\d+/\w+/e1cib/oid2rp {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		error_page 400 403 404 412 @start;
+		proxy_pass http://gate;
+	}
+
+	location ~* /a/\w+/\d+/ws {
+		include                1c_app.conf;
+		proxy_intercept_errors off;
+		proxy_pass             http://gate;
+	}
+
+	location ~* /a/\w+/\d+ {
+		include    1c_app.conf;
+		include    1c_error.conf;
+		proxy_pass http://gate;
+	}
+
+	location / {
+		include    1c_common.conf;
+		include    1c_keepalive.conf;
+		include    1c_error_site.conf;
+		proxy_pass http://sitesitesite:8080;
+	}
+
+	location /resources/images/content {
+		alias /var/www/content/media;
+	}
+
+	location /extreg {
+		alias /var/www/extreg;
+	}
+
+}

images/nginx/conf/conf.d/local.conf

@@ -0,0 +1,8 @@
+server {
+	listen      80;
+	server_name hosthosthost;
+
+	location / {
+		return 301 https://$server_name$request_uri;
+	}
+}

images/nginx/conf/nginx.conf

@@ -0,0 +1,41 @@
+user                 nginx;
+worker_processes     worker_processes_ENV;
+worker_rlimit_nofile 10240;
+error_log            /var/log/nginx/error.log warn;
+pid                  /var/run/nginx.pid;
+
+events {
+	worker_connections 1024;
+	use                epoll;
+}
+
+http {
+	include      /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	gzip          on;
+	sendfile      on;
+	tcp_nopush    on;
+	tcp_nodelay   on;
+	server_tokens off;
+
+	proxy_buffering          on;
+	proxy_buffer_size        32k;
+	proxy_buffers            20 512k;
+	proxy_connect_timeout    5;
+	proxy_max_temp_file_size 0;
+
+	keepalive_timeout             300 300;
+	server_names_hash_max_size    4096;
+	server_names_hash_bucket_size 128;
+	client_max_body_size          4096m;
+	client_body_buffer_size       256k;
+
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+	                '$status $body_bytes_sent ${request_time}ms "$http_referer" '
+	                '"$http_user_agent" "$http_x_forwarded_for" set_cookie: "$sent_http_set_cookie"';
+	access_log /var/log/nginx/access.log main;
+
+	include /etc/nginx/1c_upstream.conf;
+	include /etc/nginx/conf.d/*.conf;
+}

images/nginx/entrypoint.sh

@@ -0,0 +1,17 @@
+set -e
+
+sh -c "sed -i 's/hosthosthost/'"$HOSTNAME"'/' /etc/nginx/*.conf"
+sh -c "sed -i 's/hosthosthost/'"$HOSTNAME"'/' /etc/nginx/conf.d/*.conf"
+
+sh -c "sed -i 's/worker_processes_ENV/'"$WORKER_PROCESSES"'/' /etc/nginx/nginx.conf"
+
+sh -c "sed -i 's/sitesitesite/'"$SITE_HOST"'/' /etc/nginx/*.conf"
+sh -c "sed -i 's/sitesitesite/'"$SITE_HOST"'/' /etc/nginx/conf.d/*.conf"
+
+sh -c "sed -i 's/webwebweb/'"$BACKEND_HOST"'/' /etc/nginx/*.conf"
+
+sh -c "sed -i 's/gategategate/'"$GATE_HOST"'/' /etc/nginx/*.conf"
+
+exec sh -c "/usr/sbin/nginx -g 'daemon off;'"
+
+exec "$@"

install.py

@@ -1,6 +1,4 @@
 import subprocess
-import pathlib
-import os
 
 import modules.site as site
 import modules.centos as centos
@@ -8,18 +6,16 @@ import modules.db as db
 import modules.forum as forum
 import modules.core as core
 import modules.gate as gate
-
-sep = str(os.path.sep)
-this_path = str(pathlib.Path().absolute()) + sep
-distr_path = this_path + 'distr' + sep
+import modules.nginx as nginx
 
 images = []
-# images.append(centos.New())
-# images.append(db.New())
-# images.append(site.New())
-# images.append(forum.New())
-# images.append(core.New())
+images.append(centos.New())
+images.append(db.New())
+images.append(site.New())
+images.append(forum.New())
+images.append(core.New())
 images.append(gate.New())
+images.append(nginx.New())
 
 print('Building start')
 for image in images:

modules/forum.py

@@ -7,9 +7,9 @@ def add_forum_dir(command):
 def delete_forum_dir():
     command = helper.new_docker_command('images/forum/distr')
     command.append('alpine')
-    command.append('rm')
-    command.append('-rf')
-    command.append('/out_files/forum')
+    command.append('sh')
+    command.append('-c')
+    command.append('"rm -rf /out_files/forum"')
 
     return command
 

modules/nginx.py

@@ -0,0 +1,11 @@
+import modules.helper as helper
+
+class New():
+
+    name = ''
+    commands_before = []
+    commands_after = []
+
+    def __init__(self):
+        self.name = 'nginx'
+        self.commands_before = []

other_files/cfe/params.json

@@ -0,0 +1,37 @@
+{
+    "ИмяХоста": "HOSTNAMEREPLACE",
+    "ИнформационныеБазы": [
+        {
+            "Сервер": "web/int/sm",
+            "ИмяВКластере": "sm",
+            "КодКонфигурации": "sm",
+            "ТипКонфигурации": "Управляющая",
+            "Администратор": "Администратор",
+            "ПользовательУправления": "RemoteAccess"
+        },
+        {
+            "Сервер": "web/int/sa",
+            "ИмяВКластере": "sa",
+            "КодКонфигурации": "sa",
+            "ТипКонфигурации": "Сервисная",
+            "Администратор": "",
+            "ПользовательУправления": ""
+        },
+        {
+            "Сервер": "web/int/smtl",
+            "ИмяВКластере": "smtl",
+            "КодКонфигурации": "smtl",
+            "ТипКонфигурации": "Прикладная",
+            "Администратор": "Admin",
+            "ПользовательУправления": "RemoteAccess"
+        },
+        {
+            "Сервер": "web/int/smtl2",
+            "ИмяВКластере": "smtl2",
+            "КодКонфигурации": "smtl",
+            "ТипКонфигурации": "Прикладная",
+            "Администратор": "Admin",
+            "ПользовательУправления": "RemoteAccess"
+        }
+    ]
+}

other_files/psql-scripts/CreateDB_forum.psql

@@ -0,0 +1,4 @@
+CREATE DATABASE forum ENCODING='UTF8' LC_CTYPE='ru_RU.utf8';
+CREATE USER forum WITH PASSWORD '12345Qwerty';
+ALTER DATABASE forum OWNER TO forum;
+GRANT ALL PRIVILEGES ON DATABASE forum TO forum;

other_files/psql-scripts/CreateDB_site.psql

@@ -0,0 +1,4 @@
+CREATE DATABASE site ENCODING='UTF8' LC_CTYPE='ru_RU.utf8';
+CREATE USER site WITH PASSWORD '12345Qwerty';
+ALTER DATABASE site OWNER TO site;
+GRANT ALL PRIVILEGES ON DATABASE site TO site;

other_files/vrd/extreg.vrd

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<point xmlns="http://v8.1c.ru/8.2/virtual-resource-system"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                base=""
+                ib="" 
+                enable="false">
+        <httpServices publishByDefault="false">
+                <service name="ExternalRegistration" rootUrl="ExternalRegistration" enable="true"/>
+        </httpServices>
+</point>

other_files/vrd/openid.vrd

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<point xmlns="http://v8.1c.ru/8.2/virtual-resource-system"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                base=""
+                ib=""
+                enable="false">
+        <openid>
+                <provider>
+                        <returnto>.*</returnto>
+                </provider>
+        </openid>
+</point>

other_files/vrd/sessioncontrol.vrd

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<point xmlns="http://v8.1c.ru/8.2/virtual-resource-system"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                base=""
+                ib="" 
+                enable="false">
+        <ws pointEnableCommon="false">
+            <point name="SessionControl_1_0_1_1"
+				alias="SessionControl_1_0_1_1.1cws"
+				enable="true"/>
+        </ws>
+</point>

other_files/vrd/withzone.vrd

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<point xmlns="http://v8.1c.ru/8.2/virtual-resource-system"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                base=""
+                ib="">
+        <ws publishExtensionsByDefault="true"/>
+        <httpServices publishExtensionsByDefault="true"/>
+        <zones>
+                <zone specify="false" safe="true"/>
+                <zone specify="true" safe="true"/>
+        </zones>
+        <openid>
+                <rely url="https://HOSTNAMEREPLACE/a/openid/e1cib/oid2op" /> 
+        </openid>
+</point>

other_files/vrd/zoneless.vrd

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<point xmlns="http://v8.1c.ru/8.2/virtual-resource-system"
+                xmlns:xs="http://www.w3.org/2001/XMLSchema"
+                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                base=""
+                ib="">
+        <ws publishExtensionsByDefault="true"/>
+        <httpServices publishExtensionsByDefault="true"/>
+        <openid>
+                <rely url="https://HOSTNAMEREPLACE/a/openid/e1cib/oid2op" /> 
+        </openid>
+</point>

start.py

@@ -0,0 +1,62 @@
+import subprocess
+import os
+import modules.helper as helper
+
+host_name = 'test.1cfresh.dev'
+configurations = {}
+
+
+docker_run_str = 'docker run --rm -v ' + helper.this_path + ':/out_files alpine'
+docker_compose_str = 'docker-compose -f workdir/docker-compose.yml '
+
+work_dir = '/out_files/workdir/'
+work_dir_other = work_dir + 'mnt/other-files/'
+local_work_dir = helper.replace_sep(helper.this_path + '/workdir/')
+
+def call(command, remote=True, debug=True):
+    commands = []
+
+    if remote:
+        commands.append(docker_run_str)
+    commands.append(command)
+    if debug:
+        print(' '.join(commands))
+    subprocess.call(' '.join(commands), shell=True)
+
+def get_configurations_data():
+    # r=root, d=directories, files = files
+    for r, d, files in os.walk(helper.replace_sep(local_work_dir + '/mnt')):
+        for file in files:
+            conf_key = file.split('.')[0].split('_')[0]
+            configurations[conf_key] = '.'.join(file.split('.')[0].split('_')).replace(conf_key + '.', '')
+
+new_server = False
+
+new_server = os.path.isfile('workdir') != True
+
+# if new_server:
+    # call('mkdir ' + work_dir)
+    # call('mkdir ' + work_dir + 'mnt')
+    # call('sh -c "cp /out_files/distr/*.cf ' + work_dir + 'mnt/"')
+    # get_configurations_data()
+
+# renew docker-compose.yml
+call('cp /out_files/docker-compose.yml /out_files/workdir/docker-compose.yml')
+call('sh -c "sed -i \'s/HOSTNAMEREPLACE/' + host_name + '/\' ' + work_dir + '/*.yml"')
+call(docker_compose_str + 'down', False)
+
+# renew all nginx conf files
+call('rm -rf ' + work_dir + 'nginx_conf/')
+call('cp -r /out_files/images/nginx/conf/ ' + work_dir + 'nginx_conf/')
+
+# renew other-files
+call('rm -rf ' + work_dir_other)
+call('cp -r /out_files/other_files/ ' + work_dir_other)
+call('sh -c "sed -i \'s/HOSTNAMEREPLACE/' + host_name + '/\' ' + work_dir_other + 'vrd/*.vrd"')
+call('sh -c "sed -i \'s/HOSTNAMEREPLACE/' + host_name + '/\' ' + work_dir_other + 'cfe/params.json"')
+
+# start db srv ras web gate
+call(docker_compose_str + 'up -d db srv ras web gate', remote=False)
+
+
+