services: add Recipes

docker-compose.yml

@@ -11,6 +11,9 @@ services:
       - ./letsencrypt/letsencrypt.env
     volumes:
       - ./letsencrypt:/config
+      # Recipe media should not be served by GUnicorn, don't want to setup Nginx
+      - ./recipes/mediafiles:/opt/recipes/media
+      - ./recipes/staticfiles:/opt/recipes/static
     ports:
       - 80:80
       - 443:443
@@ -338,3 +341,26 @@ services:
       - ./matrix:/data
     expose:
       - 8008
+
+  recipes:
+    image: vabene1111/recipes
+    restart: unless-stopped
+    container_name: recipes
+    env_file:
+      - ./recipes/recipes.env
+      - ./recipes/recipes.env.secret
+    volumes:
+      - ./recipes/staticfiles:/opt/recipes/staticfiles
+      - ./recipes/mediafiles:/opt/recipes/mediafiles
+    depends_on:
+      - recipes_db
+
+  recipes_db:
+    image: postgres:11-alpine
+    restart: unless-stopped
+    container_name: recipes_db
+    volumes:
+      - ./recipes/postgresql:/var/lib/postgresql/data
+    env_file:
+      - ./recipes/recipes.env
+      - ./recipes/recipes.env.secret

letsencrypt/nginx/proxy-confs/recipes.subdomain.conf

@@ -0,0 +1,53 @@
+# make sure that your dns has a cname set for adguard and that your adguard container is named adguard
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name recipes.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    # enable for Authelia
+    include /config/nginx/authelia-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        include /config/nginx/authelia-location.conf;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app recipes;
+        set $upstream_port 8080;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+
+    location /static/ {
+        alias /opt/recipes/static/;
+    }
+
+    location /media/ {
+        alias /opt/recipes/media/;
+    }
+
+    # Required to allow user to logout of authentication from within Recipes
+    # Ensure the <auth_endpoint> below is changed to actual the authentication url
+    location /accounts/logout/ {
+        return 301 https://auth.belanyi.fr/logout;
+    }
+}

recipes/recipes.env

@@ -0,0 +1,34 @@
+# only set this to true when testing/debugging
+# when unset: 1 (true) - dont unset this, just for development
+DEBUG=0
+
+# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
+ALLOWED_HOSTS=*
+
+# random secret key, use for example base64 /dev/urandom | head -c50 to generate one
+#SECRET_KEY=FIXME-CHANGE-THIS
+
+# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
+DB_ENGINE=django.db.backends.postgresql_psycopg2
+POSTGRES_HOST=recipes_db
+POSTGRES_PORT=5432
+POSTGRES_USER=djangodb
+#POSTGRES_PASSWORD=FIXME-CHANGE-THIS
+POSTGRES_DB=djangodb
+
+# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
+# provided that include an additional nxginx container to handle media file serving.
+# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
+# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
+GUNICORN_MEDIA=0
+
+
+# allow authentication via reverse proxy (e.g. authelia), leave of if you dont know what you are doing
+# docs: https://github.com/vabene1111/recipes/tree/develop/docs/docker/nginx-proxy%20with%20proxy%20authentication
+# when unset: 0 (false)
+REVERSE_PROXY_AUTH=1
+
+
+# the default value for the user preference 'comments' (enable/disable commenting system)
+# when unset: 1 (true)
+COMMENT_PREF_DEFAULT=1