- Production level security.
- Audit by a Persona familiar dev.
- Don't spawn examples.
Before you start, you'll need:
docker
- Some time. :)
- (Optional) A
config
folder for with a configuration file. (See below) - (Optional) An ENV file. (See below)
You can pass the container any option you'd normally pass to npm
, like start
, install
, test
, etc.
First, MySQL (make sure to change the password):
MYSQL_PASSWORD=foo
DB_NAME=persona-db
docker run --name $DB_NAME -e MYSQL_ROOT_PASSWORD=$MYSQL_PASSWORD -d mysql
docker run -it \
--link $DB_NAME:mysql \
--rm --volume=$(pwd):/docker_host \
mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD" < /docker_host/sql_startup_file'
Then, Persona (not all ports required):
docker run --publish=10000:10000 \
--publish=10001:10001 \
--publish=10002:10002 \
--publish=10003:10003 \
--publish=10004:10004 \
--publish=10005:10005 \
--publish=10006:10006 \
--publish=10007:10007 \
--publish=10010:10010 \
--publish=10011:10011 \
--name=persona \
--hostname=persona.localhost \
--env-file=$(pwd)/envfile \
--link=$DB_NAME:database \
--volume=$(pwd)/config:/home/persona/config \
hoverbear/persona start
# TODO
# TODO
docker run --rm=true \
# ... Other opts.
-ti
--entrypoint="/bin/bash" \
hoverbear/persona -l
Your sql_startup_file
should contain something like:
CREATE USER 'browserid'@'%' IDENTIFIED BY 'browserid';
GRANT ALL ON *.* TO 'browserid'@'%';
FLUSH PRIVILEGES;
You should actually specify a domain instead of '%'
Create a file containing any environment settings you might want.
Find documentation on settings: here
Example envfile:
CONFIG_FILES=/home/persona/config/config.json
HOST=0.0.0.0
IP_ADDRESS=0.0.0.0
MYSQL_USER=browserid
MYSQL_PASSWORD=browserid
DATABASE_NAME=browserid
- Make a folder (Example:
$PERSISTENT_DIR/config/
) and mount it as a volume on/home/persona/config
. - Set an ENV variable (either via
-e
or in yourenvfile
) ofCONFIG_FILES
Example configuration:
{
"database": {
"driver": "mysql",
"host": "database"
}
}
Using a RHEL derivative? Getting EACCES
errors?
chcon -Rt svirt_sandbox_file_t $(pwd)