SCV-404 Adding devcontainer development environment for the web compo…

…nent

api/Properties/launchSettings.json

@@ -26,7 +26,7 @@
         "CORS_DOMAIN": "http://localhost:8080",
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:5001;http://localhost:5000"
+      "applicationUrl": "http://localhost:5000"
     },
     "IIS Express (launchBrowser = false)": {
       "commandName": "IISExpress",

docker/manage

@@ -3,7 +3,7 @@ export MSYS_NO_PATHCONV=1
 set -e
 
 S2I_EXE=s2i
-if [ -z $(type -P "$S2I_EXE") ]; then
+if [ -z "$(type -P "$S2I_EXE")" ]; then
   echo -e "The ${S2I_EXE} executable is needed and not on your path."
   echo -e "It can be downloaded from here: https://github.com/openshift/source-to-image"
   echo -e "Make sure you place it in a directory on your path."

web/.devcontainer/Dockerfile

@@ -0,0 +1,58 @@
+# Use the offical nginx (based on debian)
+FROM nginx:stable
+
+ENV STI_SCRIPTS_PATH=/usr/libexec/s2i
+ENV USE_SELF_SIGNED_SSL='usss'
+ENV WEB_BASE_HREF='/scjscv/'
+ENV API_URL='http://host.docker.internal:5000/api/'
+ENV RealIpFrom='172.17.0.1'
+ENV NODE_ENV='development'
+ENV SHELL /bin/bash
+
+# Required for HTTP Basic feature
+RUN apt-get update -y && \
+    apt-get install -y openssl ca-certificates procps gpgconf net-tools && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /var/www && mkdir /var/www/.vscode-server && mkdir /var/www/.gnupg && mkdir /var/www/.devcontainer && mkdir /workspaces
+
+# Copy our OpenShift s2i scripts over to default location
+COPY ./fix-base-url /usr/libexec/s2i/
+COPY ./run /usr/libexec/s2i/
+
+# Expose this variable to OpenShift
+LABEL io.openshift.s2i.scripts-url=image:///usr/libexec/s2i
+
+# Copy config from source to container
+COPY nginx.conf.template /tmp/
+
+# =================================================================================
+# Fix up permissions
+# ref: https://torstenwalter.de/openshift/nginx/2017/08/04/nginx-on-openshift.html
+# - S2I scripts must be executable
+# - Make sure nginx can read and write it's working directories.
+# - The container dynamically configures nginx on startup
+# - The application artifacts live in /tmp
+# ---------------------------------------------------------------------------------
+RUN chmod -R g+rwx $STI_SCRIPTS_PATH
+RUN chmod og+rw /var/cache/nginx \ 
+    /var/run \
+    /etc/nginx/nginx.conf \
+    /tmp
+RUN chmod og+rw /var/www/.vscode-server \
+    /var/www \
+    /var/www/.gnupg \
+    /var/cache/nginx \
+    /var/www/.devcontainer \
+    /workspaces
+
+# =================================================================================
+
+# Work-around for issues with S2I builds on Windows
+WORKDIR /tmp
+
+# Nginx runs on port 8080 by default
+EXPOSE 8080
+
+# Switch to usermode
+USER www-data

web/.devcontainer/devcontainer.json

@@ -0,0 +1,58 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.224.2/containers/dotnet
+{
+	"name": "SCV Web",
+	"build": {
+		"dockerfile": "Dockerfile",
+		"args": {
+			// Update 'VARIANT' to pick a .NET Core version: 3.1, 5.0, 6.0, 7.0
+			// Append -bullseye or -focal to pin to an OS version.
+			// "VARIANT": "7.0",
+			// Options
+			// "NODE_VERSION": "lts/*"
+		}
+	},
+	// Set *default* container specific settings.json values on container create.
+	//"settings": {},
+	// Add the IDs of extensions you want installed when the container is created.
+	// "extensions": [
+	// 	"eamodio.gitlens",
+	// 	"adrianwilczynski.add-reference",
+	// 	"editorconfig.editorconfig",
+	// 	"pflannery.vscode-versionlens"
+	// ],
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": [
+		8080
+	],
+	// [Optional] To reuse of your local HTTPS dev cert:
+	//
+	// 1. Export it locally using this command:
+	//    * Windows PowerShell:
+	//        dotnet dev-certs https --trust; dotnet dev-certs https -ep "$env:USERPROFILE/.aspnet/https/aspnetapp.pfx" -p "SecurePwdGoesHere"
+	//    * macOS/Linux terminal:
+	//        dotnet dev-certs https --trust; dotnet dev-certs https -ep "${HOME}/.aspnet/https/aspnetapp.pfx" -p "SecurePwdGoesHere"
+	//
+	// 2. Uncomment these 'remoteEnv' lines:
+	//    "remoteEnv": {
+	// 	      "ASPNETCORE_Kestrel__Certificates__Default__Password": "SecurePwdGoesHere",
+	//        "ASPNETCORE_Kestrel__Certificates__Default__Path": "/home/vscode/.aspnet/https/aspnetapp.pfx",
+	//    },
+	//
+	// 3. Do one of the following depending on your scenario:
+	//    * When using GitHub Codespaces and/or Remote - Containers:
+	//      1. Start the container
+	//      2. Drag ~/.aspnet/https/aspnetapp.pfx into the root of the file explorer
+	//      3. Open a terminal in VS Code and run "mkdir -p /home/vscode/.aspnet/https && mv aspnetapp.pfx /home/vscode/.aspnet/https"
+	//
+	//    * If only using Remote - Containers with a local container, uncomment this line instead:
+	//      "mounts": [ "source=${env:HOME}${env:USERPROFILE}/.aspnet/https,target=/home/vscode/.aspnet/https,type=bind" ],
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "dotnet restore",
+	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "www-data",
+	"features": {
+		"git": "latest"
+	},
+	"postStartCommand": "/usr/libexec/s2i/fix-base-url"
+}

web/.devcontainer/fix-base-url

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Work around for Vue having a lack of a configurable publicPath that isn't relative (relative breaks history routing).
+# Unfortunately there doesn't seem to be an easier way of doing this without rebuilding.
+# Since we have a single web image, doesn't make sense to build the web-artifacts twice. 
+# Perhaps webpack 5 will have some sort of fix for this. 
+echo "---> Replacing public path /S2I_INJECT_PUBLIC_PATH/ -> $WEB_BASE_HREF in Vue artifacts..."
+FILES="/workspaces/supreme-court-viewer/web/dist/index.html
+/workspaces/supreme-court-viewer/web/dist/js/*.*"
+for f in $FILES
+do
+	tmp=$(sed "s|/S2I_INJECT_PUBLIC_PATH/|$WEB_BASE_HREF|g" "$f"); 
+	printf "%s" "$tmp" > "$f";
+done
+
+/usr/libexec/s2i/run

web/.devcontainer/nginx.conf.template

@@ -0,0 +1,144 @@
+worker_processes 1;
+
+error_log  /var/log/nginx/error.log;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  4096;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_tokens off;
+
+    # ip filtering
+    %IpFilterRules%
+
+    # logging rules
+    geo $loggable {
+        default 1;
+        %RealIpFrom% 0;
+    }
+
+    # Use a w3c standard log format
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      'rt=$request_time urt=$upstream_response_time $pipe';
+
+    access_log  /var/log/nginx/access.log  main if=$loggable;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    #real_ip module
+    set_real_ip_from %RealIpFrom%;
+    %AdditionalRealIpFromRules%
+    real_ip_recursive on;
+    real_ip_header    X-Forwarded-For;
+
+    #throttle zones
+    limit_req_zone $binary_remote_addr zone=bra1:10m rate=2r/s;
+    limit_req_zone $binary_remote_addr zone=bra3:10m rate=6r/s;
+    limit_req_zone $binary_remote_addr zone=bra5:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=bra25:10m rate=50r/s;
+    limit_req_zone $binary_remote_addr zone=bra100:10m rate=200r/s;
+
+    #default throttle; not inherited if set in nested level
+    limit_req zone=bra5 burst=100;
+
+    # HTTP Basic rules
+    auth_basic_user_file /tmp/.htpasswd;
+
+    # Allows headers with underscores to be passed through. EX. SMGOV_USERGUID 
+    %IgnoreInvalidHeaders%
+
+    # ======================================================
+    # Set variables for API proxy
+    # ------------------------------------------------------
+    # Ensure the original scheme is forwarded correctly
+    map $http_x_forwarded_proto $proxy_scheme {
+        default $scheme;
+        https "https";
+    }
+    # Ensure the original port is forwarded correctly
+    map $http_x_forwarded_port $proxy_port {
+        default $http_x_forwarded_port;
+        '' $server_port;
+    }
+    # Ensure the original host is forwarded correctly:
+    # - When the application is hosted on OpenShift and sitting behind 
+    #   a second proxy layer such as a jag of justice proxy
+    #   X-Forwarded-Host gets overwritten with the Hostname defined by the route 
+    #   at the OpenShift layer.  X-Forwarded-Server contains the original Hostname
+    #   that needs to be passed along to the various application components.
+    map $http_x_forwarded_server $proxy_host {
+        default $http_x_forwarded_server;
+        '' $host;
+    }
+    # ======================================================
+
+    server {
+        %LISTEN_CONFIG_SECTION%
+
+        # Allow large headers.
+        large_client_header_buffers 4 32k;
+        # add in most common security headers
+        add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
+        add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection 1;
+        add_header X-Frame-Options DENY;
+
+        %REMOVE_BASE_HREF%
+
+        %API_CONFIG_SECTION%
+
+        # serve our app here
+        location / {
+            root   /workspaces/supreme-court-viewer/web/dist;
+            index  index.html index.htm;
+            try_files $uri $uri/ /index.html =404;
+            gzip            on;
+            gzip_min_length 1000;
+            gzip_types      *;
+
+            # Deploy-time configurable
+            %HTTP_BASIC%
+        }
+
+        # redirect server error pages to the static page /50x.html
+        error_page   500 502 503 504  /50x.html;
+        location = 50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # For status of ngnix service, OpenShift is configured to call this
+        location /nginx_status {
+            # Enable Nginx stats
+            stub_status on;
+
+            # Only allow access from localhost
+            allow all;
+
+            # Other request should be denied
+            # deny all;
+
+            # No need to log this request, its just noise
+            access_log off;
+        }
+
+        # serve the fathom analytics tracking code, if available
+        location =/fathom.js {
+            root /tmp;
+            gzip            on;
+            gzip_min_length 1000;
+            gzip_types      *;
+        }
+    }
+}