ambroisie/shipyard
ambroisie
/
shipyard
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

services: add Recipes

This commit is contained in:
Bruno BELANYI 2020-07-24 15:34:09 +02:00
parent ebf024a141
commit a3845f7712
3 changed files with 113 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
docker-compose.yml
View File

@ -11,6 +11,9 @@ services:
- ./letsencrypt/letsencrypt.env
volumes:
- ./letsencrypt:/config
# Recipe media should not be served by GUnicorn, don't want to setup Nginx
- ./recipes/mediafiles:/opt/recipes/media
- ./recipes/staticfiles:/opt/recipes/static
ports:
- 80:80
- 443:443
@ -338,3 +341,26 @@ services:
- ./matrix:/data
expose:
- 8008
recipes:
image: vabene1111/recipes
restart: unless-stopped
container_name: recipes
env_file:
- ./recipes/recipes.env
- ./recipes/recipes.env.secret
volumes:
- ./recipes/staticfiles:/opt/recipes/staticfiles
- ./recipes/mediafiles:/opt/recipes/mediafiles
depends_on:
- recipes_db
recipes_db:
image: postgres:11-alpine
restart: unless-stopped
container_name: recipes_db
volumes:
- ./recipes/postgresql:/var/lib/postgresql/data
env_file:
- ./recipes/recipes.env
- ./recipes/recipes.env.secret

53
letsencrypt/nginx/proxy-confs/recipes.subdomain.conf Normal file
View File

@ -0,0 +1,53 @@
# make sure that your dns has a cname set for adguard and that your adguard container is named adguard
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name recipes.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# enable for ldap auth, fill in ldap details in ldap.conf
#include /config/nginx/ldap.conf;
# enable for Authelia
include /config/nginx/authelia-server.conf;
location / {
# enable the next two lines for http auth
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/.htpasswd;
# enable the next two lines for ldap auth
#auth_request /auth;
#error_page 401 =200 /ldaplogin;
# enable for Authelia
include /config/nginx/authelia-location.conf;
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_app recipes;
set $upstream_port 8080;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
}
location /static/ {
alias /opt/recipes/static/;
}
location /media/ {
alias /opt/recipes/media/;
}
# Required to allow user to logout of authentication from within Recipes
# Ensure the <auth_endpoint> below is changed to actual the authentication url
location /accounts/logout/ {
return 301 https://auth.belanyi.fr/logout;
}
}

34
recipes/recipes.env Normal file
View File

@ -0,0 +1,34 @@
# only set this to true when testing/debugging
# when unset: 1 (true) - dont unset this, just for development
DEBUG=0
# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
ALLOWED_HOSTS=*
# random secret key, use for example base64 /dev/urandom | head -c50 to generate one
#SECRET_KEY=FIXME-CHANGE-THIS
# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
DB_ENGINE=django.db.backends.postgresql_psycopg2
POSTGRES_HOST=recipes_db
POSTGRES_PORT=5432
POSTGRES_USER=djangodb
#POSTGRES_PASSWORD=FIXME-CHANGE-THIS
POSTGRES_DB=djangodb
# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
# provided that include an additional nxginx container to handle media file serving.
# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
GUNICORN_MEDIA=0
# allow authentication via reverse proxy (e.g. authelia), leave of if you dont know what you are doing
# docs: https://github.com/vabene1111/recipes/tree/develop/docs/docker/nginx-proxy%20with%20proxy%20authentication
# when unset: 0 (false)
REVERSE_PROXY_AUTH=1
# the default value for the user preference 'comments' (enable/disable commenting system)
# when unset: 1 (true)
COMMENT_PREF_DEFAULT=1