Awesome
A SWISH (SWI-Prolog for SHaring) docker
This repository provides a Docker image for SWISH based on the official SWI-Prolog docker image.
Building the image
The image is built by running
make image
Running the image
The image may be used in many configurations, both controlled by docker
options and options to the entry point. As basic operation typically
already requires publishing ports and setting up a volume for the data,
we added a bash script swish.sh
that automates the common scenarios by
providing docker run
options from defaults and provided options. When
called with -n
, as in ./swish.sh -n option ...
, it merery prints the
docker command it will execute. The following options are processed:
--port=N
<br> Modify the-p
option to-p N:3050
. Default is 3050.--data=dir
<br> Mount the given directory as data. Default is the working directory.--with-R[=from]
<br> Add--volumes-from from
where from defaults torserve
to connect to an R docker image-n
<br> Just print the docker command that will be executed.-d
<br> Detach from the terminal-it
<br> Pass on (interactive)
All remaining options are passed to the entry point of the image.
Data
The docker image maintains its data (user programs and configuration) on
the volume /data
. This may be mapped to a host directory using the
docker -v
options (see also the --data=dir
option of swish.sh
).
Within the data directory, SWISH manages the following items:
-
config-enabled is a directory where the configuration is stored. If it doesn't exist it is created and filled with a default configuration that depends on the provided options. The directory and its files have the same owner and group as the root of the managed volume.
-
data is the directory where all dynamic user data is maintained. If the directory exists, the SWISH server is started with the user and group of the directory. If it doesn't exist the directory is created as owned by
daemon.daemon
and the server is started with these credentials. -
https If the
--https
option is passed, it creates or reuses this directory and the filesserver.crt
andserver.key
. The created certificate is self-signed. -
passwd If authenticated mode is enabled, this file maintains the users and password hashes.
Network access
The container creates a server at port 3050
. By default this is an
HTTP server. If run <docker options> swish --https
is used, an HTTPS
server is started.
The entry point
The entry point of the containser is /entry.sh
, a shell script that
initialises the data volume if needed and starts the server. It accepts
the following options:
-
--bash
<br> Instead of starting the server, start a bash shell. Terminate after bash completes. -
--help
<br> Emit short help.
Configuration
The SWISH configuration is controlled by files in the config-enabled
directory. Several commands may be used to control the configuration.
These are executed as below:
docker run -it swish option ...
Multiple configuration options may be passed to update multiple facets
of the configuration. Normally the image stops after updating the
configuration. If --run
is added the entry point starts the server
after updating the configuration.
The options provided are:
-
--list-config
<br> List installed and available configuration items. If an item is installed, indicate whether it is modified. -
--auth=type
<br> Change the configured authentication scheme. This is one of-
always
<br> Run in fully authenticated mode, forcing the user to login and allowing to execute arbitrary commands. When executed for the first time, docker must be run interactively (run -it
) to create the first user. Additional users are created usingdocker run -it swish --add-user
. -
social
<br> Use social login. By default enables optional http login, login using google and stackoverflow. Both need to be further configured by editingconfig-enabled/auth_google.pl
andconfig-enabled/auth_stackoverflow.pl
-
anon
(or anonymous) <br> This is the initial default, providing fully anonymous login, executing only sandboxed Prolog queries.
-
-
--add-config file ...
<br> Add one or more configuration files by copying them from the available configuration directory. -
--add-user
<br> Add a new user to the HTTP authentication. Prompts for user name, email, group (unused, useusers
) and password. -
--https
<br> Create an HTTPS server. This uses the certificate from thehttps
directory (see above). If no certificate exists, a self-signed certificate is created. The details may be refined using--CN=host
,--O=organization
and--C=country