migrate to caddy server

README.md

@@ -18,6 +18,7 @@ The map of the fediverse that you always wanted.
 - `docker-compose build`
 - `docker-compose up -d django`
   - if you don't specify `django`, it'll also start `gephi` which should only be run as a regular one-off job
+  - to run in production, run `caddy` rather than `django`
 ### Frontend
 - `cd frontend && yarn install`
 - `yarn start`

backend/backend/settings/production.py

@@ -2,7 +2,7 @@ from .base import *
 
 DEBUG = False
 
-ALLOWED_HOSTS = ['api.fediverse.space']
+ALLOWED_HOSTS = ['backend.fediverse.space']
 
 CORS_ORIGIN_WHITELIST = [
     'fediverse.space',

backend/scripts/docker-entrypoint.sh

@@ -13,9 +13,9 @@ do
 done
 >&2 echo "Postgres is up"
 
+python manage.py collectstatic --noinput
 python manage.py migrate --noinput
 
-
 if [[ $ENVIRONMENT == "development" ]]
 then
   >&2 echo "Running Django server on port 8000 for development"

config/Caddyfile

@@ -0,0 +1,11 @@
+backend.fediverse.space {
+  tls tao@btao.org
+  gzip
+
+  root /srv
+  proxy / django:8000 {
+    transparent
+    except /static
+  }
+}
+

config/gunicorn.conf.py

@@ -16,7 +16,7 @@
 #       range.
 #
 
-bind = ['unix:/var/gunicorn/.sock', ':8000']
+bind = [':8000']
 
 #
 # Worker processes

docker-compose.production.yml

@@ -1,68 +1,49 @@
 version: '3'
 services:
-  nginx:
-    image: jwilder/nginx-proxy:alpine
-    restart: always
-    ports:
-      - "80:80"
-      - "443:443"
-    labels:
-      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
-    volumes:
-      - gunicorn-socket:/var/gunicorn  # to talk to Django
-      - /var/run/docker.sock:/tmp/docker.sock:ro # for nginx-proxy
-      - conf:/etc/nginx/conf.d
-      - vhost:/etc/nginx/vhost.d
-      - html:/usr/share/nginx/html
-      - certs:/etc/nginx/certs:ro
-    networks:
-      - nginx_network
-  letsencrypt:
-    image: jrcs/letsencrypt-nginx-proxy-companion
-    restart: always
-    volumes:
-      - gunicorn-socket:/var/gunicorn
-      - conf:/etc/nginx/conf.d
-      - vhost:/etc/nginx/vhost.d
-      - html:/usr/share/nginx/html
-      - certs:/etc/nginx/certs:rw
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    networks:
-      - nginx_network
-    depends_on:
-      - nginx
   db:
     restart: always
     networks:
       - database_network
-    depends_on:
-      - letsencrypt
   django:
     restart: always
     volumes:
-      - gunicorn-socket:/var/gunicorn
       - ./config/gunicorn.conf.py:/config/gunicorn.conf.py
+      - gunicorn-socket:/var/gunicorn
+      - staticfiles:/code/backend/static
     networks:
       - database_network
-      - nginx_network
+      - server_network
     environment:
       - ENVIRONMENT=production
       - DJANGO_SETTINGS_MODULE=backend.settings.production
-      - VIRTUAL_HOST
-      - LETSENCRYPT_HOST
-      - LETSENCRYPT_EMAIL
+  caddy:
+    restart: always
+    image: abiosoft/caddy:0.11.4-no-stats
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./config/Caddyfile:/etc/Caddyfile
+      - staticfiles:/srv/static
+      - caddycerts:/etc/caddycerts
+    networks:
+      - server_network
+    depends_on:
+      - django
+    environment:
+      - ACME_AGREE
+      - CADDYPATH=/etc/caddycerts
   gephi:
     networks:
       - database_network
+    depends_on:
+      - db
 networks:
   database_network:
     driver: bridge
-  nginx_network:
+  server_network:
     driver: bridge
 volumes:
     gunicorn-socket:
-    conf:
-    vhost:
-    html:
-    certs:
-
+    caddycerts:
+    staticfiles:

docker-compose.yml

@@ -3,7 +3,6 @@ services:
   db:
     image: postgres
     environment:
-      # Set these in .env
       - POSTGRES_USER
       - POSTGRES_PASSWORD
       - POSTGRES_DB
@@ -13,7 +12,6 @@ services:
       - pgdata:/var/lib/postgresql/data
   django:
     environment:
-      # Set these in .env
       - SECRET_KEY
       - POSTGRES_USER
       - POSTGRES_PASSWORD

example.env

@@ -3,6 +3,4 @@ POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
 POSTGRES_DB=fediverse
 DJANGO_SETTINGS_MODULE=backend.settings.development
-VIRTUAL_HOST=api.fediverse.space
-LETSENCRYPT_HOST=api.fediverse.space
-LETSENCRYPT_EMAIL=my@email.com
+ACME_AGREE=true

frontend/src/util.ts

@@ -1,7 +1,7 @@
 import fetch from "cross-fetch";
 
 const API_ROOT =
-  process.env.NODE_ENV === "development" ? "http://localhost:8000/api/v1/" : "https://api.fediverse.space/api/v1/";
+  process.env.NODE_ENV === "development" ? "http://localhost:8000/api/v1/" : "https://backend.fediverse.space/api/v1/";
 
 export const getFromApi = (path: string): Promise<any> => {
   const domain = API_ROOT.endsWith("/") ? API_ROOT : API_ROOT + "/";