From 71b5385f3fff7f071ae134d185aed280e7ddbf28 Mon Sep 17 00:00:00 2001 From: Anselm Binninger Date: Sat, 16 Jan 2021 13:35:59 +0100 Subject: [PATCH 1/2] Add docker configuration Run: - docker-compose build - docker-compose up (localhost:80) --- .dockerignore | 3 ++ docker-compose.yml | 41 +++++++++++++++ packaging/cypetulip/.env.cypetulip.prod | 13 +++++ packaging/cypetulip/Dockerfile | 68 +++++++++++++++++++++++++ packaging/cypetulip/entrypoint.sh | 7 +++ packaging/cypetulip/local_settings.py | 30 +++++++++++ packaging/nginx/.env.nginx.prod | 2 + packaging/nginx/Dockerfile | 3 ++ packaging/nginx/cypetulip.conf | 58 +++++++++++++++++++++ requirements.txt | 4 +- 10 files changed, 228 insertions(+), 1 deletion(-) create mode 100644 .dockerignore create mode 100644 docker-compose.yml create mode 100644 packaging/cypetulip/.env.cypetulip.prod create mode 100644 packaging/cypetulip/Dockerfile create mode 100644 packaging/cypetulip/entrypoint.sh create mode 100644 packaging/cypetulip/local_settings.py create mode 100644 packaging/nginx/.env.nginx.prod create mode 100644 packaging/nginx/Dockerfile create mode 100644 packaging/nginx/cypetulip.conf diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..f5ee16a5 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +venv/ +.idea/ +.github/ \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..9b52b74d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,41 @@ + +version: '3.7' + +services: + web: + build: + context: . + dockerfile: ./packaging/cypetulip/Dockerfile + working_dir: /opt/cypetulip + command: daphne -b 0.0.0.0 -p 8000 home.asgi:application + volumes: + - .:/opt/cypetulip + - static_volume:/var/cypetulip/static + - media_volume:/var/cypetulip/media + expose: + - 8000 + env_file: + - ./packaging/cypetulip/.env.cypetulip.prod + depends_on: + - redis + links: + - redis + nginx: + build: + context: ./packaging/nginx + dockerfile: Dockerfile + env_file: + - ./packaging/nginx/.env.nginx.prod + volumes: + - static_volume:/var/cypetulip/static + ports: + - 80:80 + depends_on: + - web + redis: + image: redis + ports: + - "6379:6379" +volumes: + static_volume: + media_volume: \ No newline at end of file diff --git a/packaging/cypetulip/.env.cypetulip.prod b/packaging/cypetulip/.env.cypetulip.prod new file mode 100644 index 00000000..56cafec7 --- /dev/null +++ b/packaging/cypetulip/.env.cypetulip.prod @@ -0,0 +1,13 @@ +REDIS_HOST=redis +DEBUG=1 +SECRET_KEY=foo +DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1] +CACHE_MIDDLEWARE_SECONDS = 600 +SESSION_COOKIE_AGE = 604800 + +#SQL_ENGINE=django.db.backends.postgresql +#SQL_DATABASE=hello_django_dev +#SQL_USER=hello_django +#SQL_PASSWORD=hello_django +#SQL_HOST=db +#SQL_PORT=5432 \ No newline at end of file diff --git a/packaging/cypetulip/Dockerfile b/packaging/cypetulip/Dockerfile new file mode 100644 index 00000000..c4792428 --- /dev/null +++ b/packaging/cypetulip/Dockerfile @@ -0,0 +1,68 @@ +FROM python:3.8.3 + + +ENV HOME=/opt/cypetulip/ + +RUN adduser app && adduser app app +# Install packages needed to run your application (not build deps): +# mime-support -- for mime types when serving static files +# postgresql-client -- for running database commands +# We need to recreate the /usr/share/man/man{1..8} directories first because +# they were clobbered by a parent image. +RUN set -ex \ + && RUN_DEPS=" \ + libpcre3 \ + mime-support \ + postgresql-client \ + gettext \ + " \ + && seq 1 8 | xargs -I{} mkdir -p /usr/share/man/man{} \ + && apt-get update && apt-get install -y --no-install-recommends $RUN_DEPS \ + && rm -rf /var/lib/apt/lists/* + +# Copy in your requirements file +COPY requirements.txt requirements.txt + +# OR, if you're using a directory for your requirements, copy everything (comment out the above and uncomment this if so): +# ADD requirements /requirements + +# Install build deps, then run `pip install`, then remove unneeded build deps all in a single step. +# Correct the path to your production requirements file, if needed. +RUN set -ex \ + && BUILD_DEPS=" \ + build-essential \ + libpcre3-dev \ + libpq-dev \ + " \ + && apt-get update && apt-get install -y --no-install-recommends $BUILD_DEPS \ + && pip install --no-cache-dir -r /requirements.txt \ + \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS \ + && rm -rf /var/lib/apt/lists/* + + +COPY ./packaging/cypetulip/local_settings.py /etc/cypetulip/ + +# todo cron.d +# todo fix permissions on shared volumes so it can be run as app:app +# test deploy + +# Copy your application code to the container (make sure you create a .dockerignore file if any large files or directories should be excluded) + +WORKDIR /opt/cypetulip/ +COPY . /opt/cypetulip/ + +ADD https://github.com/sass/dart-sass/releases/download/1.32.2/dart-sass-1.32.2-linux-x64.tar.gz /tmp/dart-sass/ +RUN tar -xf /tmp/dart-sass/dart-sass-1.32.2-linux-x64.tar.gz -C /opt/ +#RUN wget https://github.com/sass/dart-sass/releases/download/1.32.2/dart-sass-1.32.2-linux-x64.tar.gz && tar -xf dart-sass-1.32.2-linux-x64.tar.gz + + +COPY ./packaging/cypetulip/entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/entrypoint.sh + +RUN pip install -r /opt/cypetulip/requirements.txt +RUN mkdir /var/cypetulip +RUN chown -R app:app /opt/cypetulip +RUN chown -R app:app /var/cypetulip +USER app +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/packaging/cypetulip/entrypoint.sh b/packaging/cypetulip/entrypoint.sh new file mode 100644 index 00000000..f0be7465 --- /dev/null +++ b/packaging/cypetulip/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +python manage.py migrate +python manage.py createcachetable +python manage.py compilemessages --ignore=venv/* +python manage.py collectstatic --noinput +daphne -b 0.0.0.0 -p 8000 home.asgi:application \ No newline at end of file diff --git a/packaging/cypetulip/local_settings.py b/packaging/cypetulip/local_settings.py new file mode 100644 index 00000000..4e0a6703 --- /dev/null +++ b/packaging/cypetulip/local_settings.py @@ -0,0 +1,30 @@ +import os + +from home.settings import BASE_DIR + +COMPRESS_PRECOMPILERS = ( + ('text/x-scss', '/opt/dart-sass/sass {infile} {outfile}'), +) +COMPRESS_CACHE_BACKEND = "default" +COMPRESS_CACHEABLE_PRECOMPILERS = ['text/x-scss'] +SESSION_COOKIE_AGE= int(os.environ.get("SESSION_COOKIE_AGE", default=604800)) +CACHE_MIDDLEWARE_SECONDS = int(os.environ.get("CACHE_MIDDLEWARE_SECONDS", default=600)) # number of seconds to cache a page for (TTL) + +DATABASES = { + 'default': { + "ENGINE": os.environ.get("SQL_ENGINE", "django.db.backends.sqlite3"), + "NAME": os.environ.get("SQL_DATABASE", os.path.join(BASE_DIR, "db.sqlite3")), + "USER": os.environ.get("SQL_USER", "user"), + "PASSWORD": os.environ.get("SQL_PASSWORD", "password"), + "HOST": os.environ.get("SQL_HOST", "localhost"), + "PORT": os.environ.get("SQL_PORT", "5432"), + } +} + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = os.environ.get("SECRET_KEY") + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = int(os.environ.get("DEBUG", default=0)) + +ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS").split(" ") diff --git a/packaging/nginx/.env.nginx.prod b/packaging/nginx/.env.nginx.prod new file mode 100644 index 00000000..8093d6b9 --- /dev/null +++ b/packaging/nginx/.env.nginx.prod @@ -0,0 +1,2 @@ +NGINX_HOST=localhost +NGINX_PORT=80 \ No newline at end of file diff --git a/packaging/nginx/Dockerfile b/packaging/nginx/Dockerfile new file mode 100644 index 00000000..faa8b0a7 --- /dev/null +++ b/packaging/nginx/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx +RUN rm /etc/nginx/conf.d/default.conf +COPY cypetulip.conf /etc/nginx/conf.d \ No newline at end of file diff --git a/packaging/nginx/cypetulip.conf b/packaging/nginx/cypetulip.conf new file mode 100644 index 00000000..bd5695e9 --- /dev/null +++ b/packaging/nginx/cypetulip.conf @@ -0,0 +1,58 @@ +map $sent_http_content_type $expires { + default off; +# text/html 24h; + text/css 365d; + application/javascript 365d; + ~image/ 365d; + application/octet-stream 365d; +} + +upstream cypetulip { + server web:8000; +} + +server { + listen 80; + + client_max_body_size 100M; + + expires $expires; + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/json + application/xml + application/rss+xml + image/svg+xml + application/octet-stream; + + location / { + proxy_pass http://cypetulip; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection “upgrade”; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + + location /static { + autoindex on; + alias /var/cypetulip/static; + } + +} diff --git a/requirements.txt b/requirements.txt index 91604281..f74aa13b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -66,4 +66,6 @@ paypalhttp==1.0.0 paypal-checkout-serversdk==1.0.1 django-cookiebanner==0.2.2 csscompressor==0.9.5 -django-compressor==2.4 \ No newline at end of file +django-compressor==2.4 +django-recaptcha==2.0.6 +daphne==3.0.1 \ No newline at end of file From b9a156e6e8a2b8689aa7b1db5bf8c4f16f2e99a4 Mon Sep 17 00:00:00 2001 From: Anselm Binninger Date: Sat, 16 Jan 2021 19:09:54 +0100 Subject: [PATCH 2/2] Run cypetulip as app user --- docker-compose.yml | 6 +++--- management/apps.py | 3 ++- packaging/cypetulip/Dockerfile | 9 +++++++-- packaging/cypetulip/entrypoint.sh | 2 ++ packaging/cypetulip/local_settings.py | 2 +- packaging/nginx/Dockerfile | 1 + 6 files changed, 16 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9b52b74d..64db817a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,8 +10,8 @@ services: command: daphne -b 0.0.0.0 -p 8000 home.asgi:application volumes: - .:/opt/cypetulip - - static_volume:/var/cypetulip/static - - media_volume:/var/cypetulip/media + - static_volume:/var/cypetulip/static:rw + - media_volume:/var/cypetulip/media:rw expose: - 8000 env_file: @@ -27,7 +27,7 @@ services: env_file: - ./packaging/nginx/.env.nginx.prod volumes: - - static_volume:/var/cypetulip/static + - static_volume:/var/cypetulip/static:ro ports: - 80:80 depends_on: diff --git a/management/apps.py b/management/apps.py index 5ec4430f..d7499bd3 100644 --- a/management/apps.py +++ b/management/apps.py @@ -9,7 +9,8 @@ class ManagementConfig(AppConfig): def ready(self): try: - from management.models import CacheSetting + from management.models import CacheSetting, LegalSetting cache_settings,_ = CacheSetting.objects.get_or_create() + legal_settings,_ = LegalSetting.objects.get_or_create() except : pass \ No newline at end of file diff --git a/packaging/cypetulip/Dockerfile b/packaging/cypetulip/Dockerfile index c4792428..9d2d7000 100644 --- a/packaging/cypetulip/Dockerfile +++ b/packaging/cypetulip/Dockerfile @@ -61,8 +61,13 @@ COPY ./packaging/cypetulip/entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/entrypoint.sh RUN pip install -r /opt/cypetulip/requirements.txt -RUN mkdir /var/cypetulip -RUN chown -R app:app /opt/cypetulip + + +RUN mkdir /var/cypetulip/ +RUN mkdir /var/cypetulip/static +RUN mkdir /var/cypetulip/media RUN chown -R app:app /var/cypetulip +RUN chown -R app:app /opt/cypetulip + USER app ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] \ No newline at end of file diff --git a/packaging/cypetulip/entrypoint.sh b/packaging/cypetulip/entrypoint.sh index f0be7465..d36f45fa 100644 --- a/packaging/cypetulip/entrypoint.sh +++ b/packaging/cypetulip/entrypoint.sh @@ -1,5 +1,7 @@ #!/bin/bash +#chown -R app:app /opt/cypetulip +#chown -R app:app /var/cypetulip python manage.py migrate python manage.py createcachetable python manage.py compilemessages --ignore=venv/* diff --git a/packaging/cypetulip/local_settings.py b/packaging/cypetulip/local_settings.py index 4e0a6703..72c79f9c 100644 --- a/packaging/cypetulip/local_settings.py +++ b/packaging/cypetulip/local_settings.py @@ -13,7 +13,7 @@ DATABASES = { 'default': { "ENGINE": os.environ.get("SQL_ENGINE", "django.db.backends.sqlite3"), - "NAME": os.environ.get("SQL_DATABASE", os.path.join(BASE_DIR, "db.sqlite3")), + "NAME": os.environ.get("SQL_DATABASE", os.path.join(BASE_DIR, "db2.sqlite3")), "USER": os.environ.get("SQL_USER", "user"), "PASSWORD": os.environ.get("SQL_PASSWORD", "password"), "HOST": os.environ.get("SQL_HOST", "localhost"), diff --git a/packaging/nginx/Dockerfile b/packaging/nginx/Dockerfile index faa8b0a7..7734587d 100644 --- a/packaging/nginx/Dockerfile +++ b/packaging/nginx/Dockerfile @@ -1,3 +1,4 @@ FROM nginx RUN rm /etc/nginx/conf.d/default.conf + COPY cypetulip.conf /etc/nginx/conf.d \ No newline at end of file