From 54b5c9ef2a473638e75d644ff5453baa5f290a2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tao=20Bojl=C3=A9n?= Date: Fri, 22 Feb 2019 15:37:10 +0000 Subject: [PATCH] migrate to caddy server --- README.md | 1 + backend/backend/settings/production.py | 2 +- backend/scripts/docker-entrypoint.sh | 2 +- config/Caddyfile | 11 ++++ config/gunicorn.conf.py | 2 +- docker-compose.production.yml | 69 ++++++++++---------------- docker-compose.yml | 2 - example.env | 4 +- frontend/src/util.ts | 2 +- 9 files changed, 42 insertions(+), 53 deletions(-) create mode 100644 config/Caddyfile diff --git a/README.md b/README.md index da74ba6..d2d0fa2 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ The map of the fediverse that you always wanted. - `docker-compose build` - `docker-compose up -d django` - if you don't specify `django`, it'll also start `gephi` which should only be run as a regular one-off job + - to run in production, run `caddy` rather than `django` ### Frontend - `cd frontend && yarn install` - `yarn start` diff --git a/backend/backend/settings/production.py b/backend/backend/settings/production.py index 23d6976..928cc7b 100644 --- a/backend/backend/settings/production.py +++ b/backend/backend/settings/production.py @@ -2,7 +2,7 @@ from .base import * DEBUG = False -ALLOWED_HOSTS = ['api.fediverse.space'] +ALLOWED_HOSTS = ['backend.fediverse.space'] CORS_ORIGIN_WHITELIST = [ 'fediverse.space', diff --git a/backend/scripts/docker-entrypoint.sh b/backend/scripts/docker-entrypoint.sh index b437be6..5232253 100644 --- a/backend/scripts/docker-entrypoint.sh +++ b/backend/scripts/docker-entrypoint.sh @@ -13,9 +13,9 @@ do done >&2 echo "Postgres is up" +python manage.py collectstatic --noinput python manage.py migrate --noinput - if [[ $ENVIRONMENT == "development" ]] then >&2 echo "Running Django server on port 8000 for development" diff --git a/config/Caddyfile b/config/Caddyfile new file mode 100644 index 0000000..25a8db5 --- /dev/null +++ b/config/Caddyfile @@ -0,0 +1,11 @@ +backend.fediverse.space { + tls tao@btao.org + gzip + + root /srv + proxy / django:8000 { + transparent + except /static + } +} + diff --git a/config/gunicorn.conf.py b/config/gunicorn.conf.py index d752da6..dfe5cb5 100644 --- a/config/gunicorn.conf.py +++ b/config/gunicorn.conf.py @@ -16,7 +16,7 @@ # range. # -bind = ['unix:/var/gunicorn/.sock', ':8000'] +bind = [':8000'] # # Worker processes diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 860a8e3..6701f37 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -1,68 +1,49 @@ version: '3' services: - nginx: - image: jwilder/nginx-proxy:alpine - restart: always - ports: - - "80:80" - - "443:443" - labels: - - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy - volumes: - - gunicorn-socket:/var/gunicorn # to talk to Django - - /var/run/docker.sock:/tmp/docker.sock:ro # for nginx-proxy - - conf:/etc/nginx/conf.d - - vhost:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:ro - networks: - - nginx_network - letsencrypt: - image: jrcs/letsencrypt-nginx-proxy-companion - restart: always - volumes: - - gunicorn-socket:/var/gunicorn - - conf:/etc/nginx/conf.d - - vhost:/etc/nginx/vhost.d - - html:/usr/share/nginx/html - - certs:/etc/nginx/certs:rw - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - nginx_network - depends_on: - - nginx db: restart: always networks: - database_network - depends_on: - - letsencrypt django: restart: always volumes: - - gunicorn-socket:/var/gunicorn - ./config/gunicorn.conf.py:/config/gunicorn.conf.py + - gunicorn-socket:/var/gunicorn + - staticfiles:/code/backend/static networks: - database_network - - nginx_network + - server_network environment: - ENVIRONMENT=production - DJANGO_SETTINGS_MODULE=backend.settings.production - - VIRTUAL_HOST - - LETSENCRYPT_HOST - - LETSENCRYPT_EMAIL + caddy: + restart: always + image: abiosoft/caddy:0.11.4-no-stats + ports: + - "80:80" + - "443:443" + volumes: + - ./config/Caddyfile:/etc/Caddyfile + - staticfiles:/srv/static + - caddycerts:/etc/caddycerts + networks: + - server_network + depends_on: + - django + environment: + - ACME_AGREE + - CADDYPATH=/etc/caddycerts gephi: networks: - database_network + depends_on: + - db networks: database_network: driver: bridge - nginx_network: + server_network: driver: bridge volumes: gunicorn-socket: - conf: - vhost: - html: - certs: - + caddycerts: + staticfiles: diff --git a/docker-compose.yml b/docker-compose.yml index a1ebb7e..fad3ce4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,6 @@ services: db: image: postgres environment: - # Set these in .env - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB @@ -13,7 +12,6 @@ services: - pgdata:/var/lib/postgresql/data django: environment: - # Set these in .env - SECRET_KEY - POSTGRES_USER - POSTGRES_PASSWORD diff --git a/example.env b/example.env index f6ee70c..6b74cf4 100644 --- a/example.env +++ b/example.env @@ -3,6 +3,4 @@ POSTGRES_USER=postgres POSTGRES_PASSWORD=postgres POSTGRES_DB=fediverse DJANGO_SETTINGS_MODULE=backend.settings.development -VIRTUAL_HOST=api.fediverse.space -LETSENCRYPT_HOST=api.fediverse.space -LETSENCRYPT_EMAIL=my@email.com +ACME_AGREE=true diff --git a/frontend/src/util.ts b/frontend/src/util.ts index 8f6ded7..57c2ef0 100644 --- a/frontend/src/util.ts +++ b/frontend/src/util.ts @@ -1,7 +1,7 @@ import fetch from "cross-fetch"; const API_ROOT = - process.env.NODE_ENV === "development" ? "http://localhost:8000/api/v1/" : "https://api.fediverse.space/api/v1/"; + process.env.NODE_ENV === "development" ? "http://localhost:8000/api/v1/" : "https://backend.fediverse.space/api/v1/"; export const getFromApi = (path: string): Promise => { const domain = API_ROOT.endsWith("/") ? API_ROOT : API_ROOT + "/";