From a3845f77121fc3f911197b8f61616734d7f80357 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 24 Jul 2020 15:34:09 +0200 Subject: [PATCH] services: add Recipes --- docker-compose.yml | 26 +++++++++ .../nginx/proxy-confs/recipes.subdomain.conf | 53 +++++++++++++++++++ recipes/recipes.env | 34 ++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 letsencrypt/nginx/proxy-confs/recipes.subdomain.conf create mode 100644 recipes/recipes.env diff --git a/docker-compose.yml b/docker-compose.yml index 43f3dd3..6186e73 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,9 @@ services: - ./letsencrypt/letsencrypt.env volumes: - ./letsencrypt:/config + # Recipe media should not be served by GUnicorn, don't want to setup Nginx + - ./recipes/mediafiles:/opt/recipes/media + - ./recipes/staticfiles:/opt/recipes/static ports: - 80:80 - 443:443 @@ -338,3 +341,26 @@ services: - ./matrix:/data expose: - 8008 + + recipes: + image: vabene1111/recipes + restart: unless-stopped + container_name: recipes + env_file: + - ./recipes/recipes.env + - ./recipes/recipes.env.secret + volumes: + - ./recipes/staticfiles:/opt/recipes/staticfiles + - ./recipes/mediafiles:/opt/recipes/mediafiles + depends_on: + - recipes_db + + recipes_db: + image: postgres:11-alpine + restart: unless-stopped + container_name: recipes_db + volumes: + - ./recipes/postgresql:/var/lib/postgresql/data + env_file: + - ./recipes/recipes.env + - ./recipes/recipes.env.secret diff --git a/letsencrypt/nginx/proxy-confs/recipes.subdomain.conf b/letsencrypt/nginx/proxy-confs/recipes.subdomain.conf new file mode 100644 index 0000000..5a6dc48 --- /dev/null +++ b/letsencrypt/nginx/proxy-confs/recipes.subdomain.conf @@ -0,0 +1,53 @@ +# make sure that your dns has a cname set for adguard and that your adguard container is named adguard + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name recipes.*; + + include /config/nginx/ssl.conf; + + client_max_body_size 0; + + # enable for ldap auth, fill in ldap details in ldap.conf + #include /config/nginx/ldap.conf; + + # enable for Authelia + include /config/nginx/authelia-server.conf; + + location / { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + include /config/nginx/authelia-location.conf; + + include /config/nginx/proxy.conf; + resolver 127.0.0.11 valid=30s; + set $upstream_app recipes; + set $upstream_port 8080; + set $upstream_proto http; + proxy_pass $upstream_proto://$upstream_app:$upstream_port; + + } + + location /static/ { + alias /opt/recipes/static/; + } + + location /media/ { + alias /opt/recipes/media/; + } + + # Required to allow user to logout of authentication from within Recipes + # Ensure the below is changed to actual the authentication url + location /accounts/logout/ { + return 301 https://auth.belanyi.fr/logout; + } +} diff --git a/recipes/recipes.env b/recipes/recipes.env new file mode 100644 index 0000000..f0cca7f --- /dev/null +++ b/recipes/recipes.env @@ -0,0 +1,34 @@ +# only set this to true when testing/debugging +# when unset: 1 (true) - dont unset this, just for development +DEBUG=0 + +# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,... +ALLOWED_HOSTS=* + +# random secret key, use for example base64 /dev/urandom | head -c50 to generate one +#SECRET_KEY=FIXME-CHANGE-THIS + +# add only a database password if you want to run with the default postgres, otherwise change settings accordingly +DB_ENGINE=django.db.backends.postgresql_psycopg2 +POSTGRES_HOST=recipes_db +POSTGRES_PORT=5432 +POSTGRES_USER=djangodb +#POSTGRES_PASSWORD=FIXME-CHANGE-THIS +POSTGRES_DB=djangodb + +# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples +# provided that include an additional nxginx container to handle media file serving. +# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method. +# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate +GUNICORN_MEDIA=0 + + +# allow authentication via reverse proxy (e.g. authelia), leave of if you dont know what you are doing +# docs: https://github.com/vabene1111/recipes/tree/develop/docs/docker/nginx-proxy%20with%20proxy%20authentication +# when unset: 0 (false) +REVERSE_PROXY_AUTH=1 + + +# the default value for the user preference 'comments' (enable/disable commenting system) +# when unset: 1 (true) +COMMENT_PREF_DEFAULT=1