Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1eqFjB-0001YR-K5 for pgadmin-hackers@arkaria.postgresql.org; Mon, 26 Feb 2018 10:09:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1eqFj9-0005yV-KZ for pgadmin-hackers@arkaria.postgresql.org; Mon, 26 Feb 2018 10:09:47 +0000 Received: from makus.postgresql.org ([2001:4800:1501:1::229]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1eqFj9-0005yM-9T for pgadmin-hackers@lists.postgresql.org; Mon, 26 Feb 2018 10:09:47 +0000 Received: from mail-wm0-x243.google.com ([2a00:1450:400c:c09::243]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1eqFj4-0002Mv-Vc for pgadmin-hackers@lists.postgresql.org; Mon, 26 Feb 2018 10:09:45 +0000 Received: by mail-wm0-x243.google.com with SMTP id x7so13726779wmc.0 for ; Mon, 26 Feb 2018 02:09:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Q2vN+mWh+NYFuSGInCZr8Iwbs5DFfZ+Z7oxNUxvC9aw=; b=FJnGiAC8TiGt27LyyW2Es9hI39g3xpKBThTS0P4BY+WWizmFGnmedvlg7Xs1ipO1uJ 5r+zoPCapKj67FLpdnWdyZYghHWniMBEThmCYmoiG0b385RZIORJ6I+Z9JF8czzunAoJ X+zf2JtxDDhpotyrW7HLJ/5vGDTp43+pWc5o4v/zj7hDojSzUNZd6QyXHSzukvprjDMX F8hnSKjhSo+jpGOF1AL3i3+x3FlceVjPiKKj0nDtxF7yzNl8OuUMMNq+EeUe21ZB4jao BpuD7tKvKP8UlPc8ds9y63awn717cNO6E+OyuebGTAWTY7etreHFPNMWQf7c5WjeI2PS QxRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Q2vN+mWh+NYFuSGInCZr8Iwbs5DFfZ+Z7oxNUxvC9aw=; b=WGHG+ygyGOkeF6bTJxhehbXTBGsx6s2+kV/qmLH6pQq5rncL+kHYU0+LB0n70k6y4Z BXr7hOvBdqDMBOacKwVm+2P/chwXKJSuW6uaCD/wApjAStIOn2dIMxU+CgTCZW9jIIHQ Dj850ZdNdFR9WeKHikcSvQvKYh7/KJZdR+bG/0Wa4THeTCmbMPqW9JWlaURxZvnGFAeo mWeTc7l+GZ6FNXDRSFRl3Kklq/KJ/J7Go7NTejgDiPLiXYtE4Cdb2+wClxXsVaG8VUI0 ydxt6kHxUvxTwC3cvJR0B9Wl15AOE0XoPeFhDxnd79Qcji+X7yrhnHrOfgr5sYtljOGp SkrQ== X-Gm-Message-State: APf1xPACZgFrCSoWISo59DTSdXL8DUiXmtpBTocPqvVBohVqUClsYf8m BEZ4YQqYl1XVK0duj2XWnwCtjt3QAVAW8jdWs8mIpw== X-Google-Smtp-Source: AG47ELsvAcRP0i06hRHlzxYZqjE6eJCfhtEPPcgdA7ulNFSfEMkPZi+chqiMzwW3xZ3q8Wg5v9+plhUHKQKrLPsJ8WQ= X-Received: by 10.28.1.208 with SMTP id 199mr7853655wmb.26.1519639780636; Mon, 26 Feb 2018 02:09:40 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.69.139 with HTTP; Mon, 26 Feb 2018 02:09:40 -0800 (PST) In-Reply-To: References: From: =?UTF-8?B?0JzQsNC60YHQuNC8INCa0L7Qu9GM0YbQvtCy?= Date: Mon, 26 Feb 2018 13:09:40 +0300 Message-ID: Subject: Re: Proposal for changes in official Docker image To: Dave Page Cc: pgadmin-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk 2018-02-25 20:59 GMT+03:00 Dave Page : > Hi > > On Sat, Feb 24, 2018 at 9:04 PM, =D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC =D0= =9A=D0=BE=D0=BB=D1=8C=D1=86=D0=BE=D0=B2 wrote: >> >> Hi >> >> 2018-02-19 12:13 GMT+03:00 Dave Page : >> > Hi >> > >> > On Sun, Feb 18, 2018 at 5:41 PM, =D0=9C=D0=B0=D0=BA=D1=81=D0=B8=D0=BC = =D0=9A=D0=BE=D0=BB=D1=8C=D1=86=D0=BE=D0=B2 >> > wrote: >> >> >> >> Hi! >> >> >> >> I accidentially sent this email to pgsql-hackers yesterday, sorry! >> >> >> >> First of all, thanks for the great app :) >> >> >> >> I started using PgAdmin with docker image (dpage/pgadmin4) a few week= s >> >> ago, however I thought that it had some issues, so I decided to make >> >> my own image. Some of the advantages: >> >> >> >> - Use alpine linux instead of centos to greatly reduce image size >> >> (170MB vs 560MB) >> >> - Use lightweight pure-python HTTP server waitress instead of heavy >> >> apache/mod_wsgi >> >> - Use python 3.6 >> >> >> >> You can test the image at https://hub.docker.com/r/maksbotan/pgadmin4= / >> >> Readme contains more detailed explanation and usage instructions. >> >> >> >> The Dockerfile is hosted at github: >> >> https://github.com/maksbotan/pgadmin4_docker >> >> >> >> If you find my work useful, I'd love to make a contribution with thes= e >> >> scripts, after some discussion with pgadmin developers and further >> >> improvements. >> > >> > >> > Please feel free to submit patches to the existing code. I have no >> > objection >> > to the any of the alternate design decisions you've made (in principal= ), >> > except for the intentional lack of SSL support. >> > >> > Thanks, Dave. >> >> I updated my image to simplify installing of Python packages. I >> decided I do not need a separate build step after all. >> Can you point me at documentation on submitting patches to pgadmin? > > > There are some docs on the git repo and mailing list at > https://www.pgadmin.org/development/resources/. To submit a patch, send a= n > email to the hackers list describing the patch and attaching the "git dif= f" > formatted patch file. > >> >> >> What are your points in including SSL support into container? This can >> be done by using, for example, gunicorn instead of waitress, >> but I believe that this should be handled by reverse-proxy, like >> nginx, in production environment. In non-production environment, i.e. >> on developer's localhost, you do not need SSL at all. >> >> By the way, in my opinion, on production there is one more task to be >> handled by reverse-proxy - static files. By that I mean that all >> static, not-changing files accessible at '/static/' URL should be >> extracted from the container and served by nginx from a local folder. >> This does not mean we shouldn't keep them in the image -- it's very >> convenient for localhost usage. I haven't found a way to extract >> all Flask's static files yet. > > > Well that additional complexity is a very good reason why using two > containers for this is overkill. Having two containers to run pgAdmin mak= es > things unnecessarily complex in my opinion, especially given that it can > (and is in the current container) achieved with the simple addition of a > config snippet for Apache and mod_ssl. The current trend for micro servic= es > can easily be taken too far - we should keep the KISS principle in mind. I did not mean to run two containers. I mean that pgadmin image, as I picture it, may serve two purposes: - localhost deployment on developer's machine to ease interaction with postgres DB, local or remote. In this mode container serves it's own static files and is accessible via plain HTTP - Deployment in enterprise production environment, for many users, possibly accessible from the Internet. In this mode container should only serve the API, possibly running in several replicas. static files and SSL termination should be done by _existing_ nginx or something else present in that organisation. For that I'd wish to have a way to extract static files from the container for deployment, but not changing anything in the image. > Another reason for including SSL support, is that users have asked for it= . In my humble opinion, if users want SSL support in application container, they are doing something wrong and are asking for troubles. But I respect this choice and I'm ready to allow for it. I'll integrate gunicorn server in the image, which supports SSL. > Regards, Dave. > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company