ryan-blunden/commands.sh

## commands.sh
# Execute settings to insert lang server settings
docker container exec sourcegraph /bin/bash -c 'cat /var/opt/sourcegraph/settings_init.sql | psql -U postgres sourcegraph'

# Execute psql commands
docker container exec sourcegraph /bin/bash -c 'echo "SELECT * FROM settings;" | psql -U postgres sourcegraph'

## docker-compose.yml
version: '2.4'
services:
  sourcegraph:
    container_name: sourcegraph
    image: sourcegraph/server:insiders
    environment:
      - SRC_LOG_LEVEL=dbug
    ports:
      - 443:7080
      - 2633:2633
    ulimits:
      nofile:
        soft: 262144
        hard: 262144
    volumes:
      - ~/.sourcegraph/config:/etc/sourcegraph
      - ~/.sourcegraph/data:/var/opt/sourcegraph
    networks:
      - sourcegraph
    depends_on:
      - lang-go
      - lang-typescript
      - lang-python
    restart: unless-stopped
    cpus: 2
    mem_limit: 2g


  lang-go:
    container_name: lang-go
    image: sourcegraph/lang-go:latest
    ports:
      - '4389'
      - '6060'
    command: ['go-langserver', '-mode=websocket', '-addr=:4389', '-usebuildserver', '-usebinarypkgcache=false']
    networks:
      - sourcegraph
    restart: unless-stopped
    cpus: 2
    mem_limit: 2g

  lang-typescript:
    container_name: lang-typescript
    image: sourcegraph/lang-typescript:latest
    ports:
      - '8080'
      - '6060'
    networks:
      - sourcegraph
    restart: unless-stopped
    cpus: 2
    mem_limit: 2g

  lang-python:
    container_name: lang-python
    image: sourcegraph/lang-python:latest
    ports:
     - '4288'
    networks:
      - sourcegraph
    restart: unless-stopped
    cpus: 2
    mem_limit: 2g

networks:
  sourcegraph:

## nginx.conf
# This config was generated by Sourcegraph.
# You can adjust the configuration to add additional TLS or HTTP features.
# Read more at https://docs.sourcegraph.com/admin/nginx

error_log stderr;
pid /var/run/nginx.pid;

# Do not remove. The contents of sourcegraph_main.conf can change between
# versions and may include improvements to the configuration.
include nginx/sourcegraph_main.conf;

events {
}

http {
    server_tokens off;

    # Do not remove. The contents of sourcegraph_http.conf can change between
    # versions and may include improvements to the configuration.
    include nginx/sourcegraph_http.conf;

    access_log off;
    upstream backend {
        # Do not remove. The contents of sourcegraph_backend.conf can change
        # between versions and may include improvements to the configuration.
        include nginx/sourcegraph_backend.conf;
    }

    server {
        # Do not remove. The contents of sourcegraph_server.conf can change
        # between versions and may include improvements to the configuration.
        include nginx/sourcegraph_server.conf;

        listen 7080 ssl;
        ssl_certificate         sourcegraph.crt;
        ssl_certificate_key     sourcegraph.key;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /lang-go {
            proxy_pass http://lang-go:4389;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            auth_basic "Basic authentication required to access language server";
            auth_basic_user_file /etc/sourcegraph/.lang_sever_htpasswd;
        }

        location /lang-typescript {
            proxy_pass http://lang-typescript:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }

        location /lang-python {
            proxy_pass http://lang-python:4288;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
    }
}

## settings.sh
cat > ~/.sourcegraph/data/settings_init.sql <<EOL
INSERT INTO settings (contents)
VALUES('{
  "go.serverUrl": "${LANG_SERVER_HOST}/lang-go",
  "go.sourcegraphUrl": "http://sourcegraph:8080",
  "typescript.serverUrl": "${LANG_SERVER_HOST}/lang-typescript",
  "typescript.sourcegraphUrl": "http://sourcegraph:8080",
  "python.serverUrl": "${LANG_SERVER_HOST}/lang-python",
  "python.sourcegraphUrl": "http://sourcegraph:8080"
}');
EOL

## user-data.sh
#!/usr/bin/env bash

export SOURCEGRAPH_VERSION=3.2.0
export USER_HOME=/home/ec2-user
export SOURCEGRAPH_CONFIG=/etc/sourcegraph
export SOURCEGRAPH_DATA=/var/opt/sourcegraph
export LANG_SERVER_USER=sourcegraph
export LANG_SERVER_PASS=$(date +%s | sha256sum | base64 | head -c 32 ; echo)
export PUBLIC_HOSTNAME=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
export LANG_SERVER_HOST=wss://${LANG_SERVER_USER}:${LANG_SERVER_PASS}@${PUBLIC_HOSTNAME}
export LANG_SERVER_AUTH_MESSAGE="Basic authentication required to access language server";

# Update system
yum clean all
yum update -y
yum upgrade -y

# Add docker to packages list
amazon-linux-extras install docker

yum install -y \
    docker \
    git \
    telnet \
    httpd-tools \
    nano \
    python3

# Start docker service now and on boot
systemctl enable --now --no-block docker

# Create the required Sourcegraph directories
mkdir -p ${SOURCEGRAPH_CONFIG}/management
mkdir -p ${SOURCEGRAPH_DATA}
mkdir -p ${USER_HOME}/bin

# Install Docker Compose
wget "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose
chmod a+x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/sbin/docker-compose

# Install mkcert and generate root CA, certificate and key
wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-amd64 -O /usr/local/bin/mkcert
chmod a+x /usr/local/bin/mkcert
ln -s /usr/local/bin/mkcert /usr/sbin/mkcert

# Generate self-signed certificate and key
mkcert -install
mkcert -cert-file ${SOURCEGRAPH_CONFIG}/sourcegraph.crt -key-file ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${PUBLIC_HOSTNAME}

# Generate basic auth credentials to protect lang servers
htpasswd -b -c ${SOURCEGRAPH_CONFIG}/.lang_sever_htpasswd ${LANG_SERVER_USER} ${LANG_SERVER_PASS}

# Configure the nginx.conf file for SSL and lang servers
#
# Download the nginx.conf for this version of Sourcegraph so we're starting with the same contents of the nginx.conf file
# embedded with this version of Sourcegraph.
#
wget https://raw.githubusercontent.com/sourcegraph/sourcegraph/v${SOURCEGRAPH_VERSION}/cmd/server/shared/assets/nginx.conf -O ${SOURCEGRAPH_CONFIG}/nginx.conf
cp ${NGINX_FILE_PATH} ${NGINX_FILE_PATH}.bak
python -u -c "import os; print(open(os.environ['NGINX_FILE_PATH'] + '.bak').read().replace('listen 7080;', '''listen 7080 ssl;

        ssl_certificate         sourcegraph.crt;
        ssl_certificate_key     sourcegraph.key;

        location / {
            proxy_pass http://backend;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /lang-go {
            proxy_pass http://lang-go:4389;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            auth_basic "${LANG_SERVER_AUTH_MESSAGE}"
            auth_basic_user_file /etc/sourcegraph/.htpasswd;
        }

        location /lang-typescript {
            proxy_pass http://lang-typescript:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }

        location /lang-python {
            proxy_pass http://lang-python:4288;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
    }

'''
))" > ${NGINX_FILE_PATH}

# Use the same certificate for the management console
cp ${SOURCEGRAPH_CONFIG}/sourcegraph.crt ${SOURCEGRAPH_CONFIG}/management/cert.pem
cp ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${SOURCEGRAPH_CONFIG}/management/key.pem

# Zip the CA Root key and certificate for easy downloading
sudo zip -j ${USER_HOME}/sourcegraph-root-ca.zip ${SOURCEGRAPH_CONFIG}/root*
sudo chown ec2-user ${USER_HOME}/sourcegraph-root-ca.zip

cat > ${USER_HOME}/docker-compose.yml <<EOL
${file("resources/docker-compose.yml")}
EOL

# Start Sourcegraph script
cat > ${USER_HOME}/sourcegraph-start <<EOL
#!/usr/bin/env bash

# To upgrade Sourcegraph, change the version below,
# run `./sourcegraph-stop`, then run `./sourcegraph-start`.
SOURCEGRAPH_VERSION=${SOURCEGRAPH_VERSION}

echo "[info]:  Running Sourcegraph ${SOURCEGRAPH_VERSION}"
docker-compose up --quiet-pull

EOL

# Stop Sourcegraph script
cat > ${USER_HOME}/bin/sourcegraph-stop <<EOL
#!/usr/bin/env bash

echo "[info]:  Stopping Sourcegraph"
docker-compose down

EOL

chmod +x ${USER_HOME}/sourcegraph-st*
${USER_HOME}/sourcegraph-start
	# Execute settings to insert lang server settings
	docker container exec sourcegraph /bin/bash -c 'cat /var/opt/sourcegraph/settings_init.sql \| psql -U postgres sourcegraph'

	# Execute psql commands
	docker container exec sourcegraph /bin/bash -c 'echo "SELECT * FROM settings;" \| psql -U postgres sourcegraph'
	version: '2.4'
	services:
	sourcegraph:
	container_name: sourcegraph
	image: sourcegraph/server:insiders
	environment:
	- SRC_LOG_LEVEL=dbug
	ports:
	- 443:7080
	- 2633:2633
	ulimits:
	nofile:
	soft: 262144
	hard: 262144
	volumes:
	- ~/.sourcegraph/config:/etc/sourcegraph
	- ~/.sourcegraph/data:/var/opt/sourcegraph
	networks:
	- sourcegraph
	depends_on:
	- lang-go
	- lang-typescript
	- lang-python
	restart: unless-stopped
	cpus: 2
	mem_limit: 2g


	lang-go:
	container_name: lang-go
	image: sourcegraph/lang-go:latest
	ports:
	- '4389'
	- '6060'
	command: ['go-langserver', '-mode=websocket', '-addr=:4389', '-usebuildserver', '-usebinarypkgcache=false']
	networks:
	- sourcegraph
	restart: unless-stopped
	cpus: 2
	mem_limit: 2g

	lang-typescript:
	container_name: lang-typescript
	image: sourcegraph/lang-typescript:latest
	ports:
	- '8080'
	- '6060'
	networks:
	- sourcegraph
	restart: unless-stopped
	cpus: 2
	mem_limit: 2g

	lang-python:
	container_name: lang-python
	image: sourcegraph/lang-python:latest
	ports:
	- '4288'
	networks:
	- sourcegraph
	restart: unless-stopped
	cpus: 2
	mem_limit: 2g

	networks:
	sourcegraph:
	# This config was generated by Sourcegraph.
	# You can adjust the configuration to add additional TLS or HTTP features.
	# Read more at https://docs.sourcegraph.com/admin/nginx

	error_log stderr;
	pid /var/run/nginx.pid;

	# Do not remove. The contents of sourcegraph_main.conf can change between
	# versions and may include improvements to the configuration.
	include nginx/sourcegraph_main.conf;

	events {
	}

	http {
	server_tokens off;

	# Do not remove. The contents of sourcegraph_http.conf can change between
	# versions and may include improvements to the configuration.
	include nginx/sourcegraph_http.conf;

	access_log off;
	upstream backend {
	# Do not remove. The contents of sourcegraph_backend.conf can change
	# between versions and may include improvements to the configuration.
	include nginx/sourcegraph_backend.conf;
	}

	server {
	# Do not remove. The contents of sourcegraph_server.conf can change
	# between versions and may include improvements to the configuration.
	include nginx/sourcegraph_server.conf;

	listen 7080 ssl;
	ssl_certificate sourcegraph.crt;
	ssl_certificate_key sourcegraph.key;

	location / {
	proxy_pass http://backend;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /lang-go {
	proxy_pass http://lang-go:4389;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";

	auth_basic "Basic authentication required to access language server";
	auth_basic_user_file /etc/sourcegraph/.lang_sever_htpasswd;
	}

	location /lang-typescript {
	proxy_pass http://lang-typescript:8080;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	}

	location /lang-python {
	proxy_pass http://lang-python:4288;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	}
	}
	}
	cat > ~/.sourcegraph/data/settings_init.sql <<EOL
	INSERT INTO settings (contents)
	VALUES('{
	"go.serverUrl": "${LANG_SERVER_HOST}/lang-go",
	"go.sourcegraphUrl": "http://sourcegraph:8080",
	"typescript.serverUrl": "${LANG_SERVER_HOST}/lang-typescript",
	"typescript.sourcegraphUrl": "http://sourcegraph:8080",
	"python.serverUrl": "${LANG_SERVER_HOST}/lang-python",
	"python.sourcegraphUrl": "http://sourcegraph:8080"
	}');
	EOL
	#!/usr/bin/env bash

	export SOURCEGRAPH_VERSION=3.2.0
	export USER_HOME=/home/ec2-user
	export SOURCEGRAPH_CONFIG=/etc/sourcegraph
	export SOURCEGRAPH_DATA=/var/opt/sourcegraph
	export LANG_SERVER_USER=sourcegraph
	export LANG_SERVER_PASS=$(date +%s \| sha256sum \| base64 \| head -c 32 ; echo)
	export PUBLIC_HOSTNAME=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
	export LANG_SERVER_HOST=wss://${LANG_SERVER_USER}:${LANG_SERVER_PASS}@${PUBLIC_HOSTNAME}
	export LANG_SERVER_AUTH_MESSAGE="Basic authentication required to access language server";

	# Update system
	yum clean all
	yum update -y
	yum upgrade -y

	# Add docker to packages list
	amazon-linux-extras install docker

	yum install -y \
	docker \
	git \
	telnet \
	httpd-tools \
	nano \
	python3

	# Start docker service now and on boot
	systemctl enable --now --no-block docker

	# Create the required Sourcegraph directories
	mkdir -p ${SOURCEGRAPH_CONFIG}/management
	mkdir -p ${SOURCEGRAPH_DATA}
	mkdir -p ${USER_HOME}/bin

	# Install Docker Compose
	wget "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose
	chmod a+x /usr/local/bin/docker-compose
	ln -s /usr/local/bin/docker-compose /usr/sbin/docker-compose

	# Install mkcert and generate root CA, certificate and key
	wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-amd64 -O /usr/local/bin/mkcert
	chmod a+x /usr/local/bin/mkcert
	ln -s /usr/local/bin/mkcert /usr/sbin/mkcert

	# Generate self-signed certificate and key
	mkcert -install
	mkcert -cert-file ${SOURCEGRAPH_CONFIG}/sourcegraph.crt -key-file ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${PUBLIC_HOSTNAME}

	# Generate basic auth credentials to protect lang servers
	htpasswd -b -c ${SOURCEGRAPH_CONFIG}/.lang_sever_htpasswd ${LANG_SERVER_USER} ${LANG_SERVER_PASS}

	# Configure the nginx.conf file for SSL and lang servers
	#
	# Download the nginx.conf for this version of Sourcegraph so we're starting with the same contents of the nginx.conf file
	# embedded with this version of Sourcegraph.
	#
	wget https://raw.githubusercontent.com/sourcegraph/sourcegraph/v${SOURCEGRAPH_VERSION}/cmd/server/shared/assets/nginx.conf -O ${SOURCEGRAPH_CONFIG}/nginx.conf
	cp ${NGINX_FILE_PATH} ${NGINX_FILE_PATH}.bak
	python -u -c "import os; print(open(os.environ['NGINX_FILE_PATH'] + '.bak').read().replace('listen 7080;', '''listen 7080 ssl;

	ssl_certificate sourcegraph.crt;
	ssl_certificate_key sourcegraph.key;

	location / {
	proxy_pass http://backend;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /lang-go {
	proxy_pass http://lang-go:4389;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";

	auth_basic "${LANG_SERVER_AUTH_MESSAGE}"
	auth_basic_user_file /etc/sourcegraph/.htpasswd;
	}

	location /lang-typescript {
	proxy_pass http://lang-typescript:8080;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	}

	location /lang-python {
	proxy_pass http://lang-python:4288;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	}
	}

	'''
	))" > ${NGINX_FILE_PATH}

	# Use the same certificate for the management console
	cp ${SOURCEGRAPH_CONFIG}/sourcegraph.crt ${SOURCEGRAPH_CONFIG}/management/cert.pem
	cp ${SOURCEGRAPH_CONFIG}/sourcegraph.key ${SOURCEGRAPH_CONFIG}/management/key.pem

	# Zip the CA Root key and certificate for easy downloading
	sudo zip -j ${USER_HOME}/sourcegraph-root-ca.zip ${SOURCEGRAPH_CONFIG}/root*
	sudo chown ec2-user ${USER_HOME}/sourcegraph-root-ca.zip

	cat > ${USER_HOME}/docker-compose.yml <<EOL
	${file("resources/docker-compose.yml")}
	EOL

	# Start Sourcegraph script
	cat > ${USER_HOME}/sourcegraph-start <<EOL
	#!/usr/bin/env bash

	# To upgrade Sourcegraph, change the version below,
	# run `./sourcegraph-stop`, then run `./sourcegraph-start`.
	SOURCEGRAPH_VERSION=${SOURCEGRAPH_VERSION}

	echo "[info]: Running Sourcegraph ${SOURCEGRAPH_VERSION}"
	docker-compose up --quiet-pull

	EOL

	# Stop Sourcegraph script
	cat > ${USER_HOME}/bin/sourcegraph-stop <<EOL
	#!/usr/bin/env bash

	echo "[info]: Stopping Sourcegraph"
	docker-compose down

	EOL

	chmod +x ${USER_HOME}/sourcegraph-st*
	${USER_HOME}/sourcegraph-start