diff --git a/.env.template b/.env.template index bb16b3f9..60cdf334 100644 --- a/.env.template +++ b/.env.template @@ -7,14 +7,15 @@ ALLOWED_HOSTS=* # random secret key, use for example base64 /dev/urandom | head -c50 to generate one SECRET_KEY= -# serve mediafiles directly using gunicorn, technically not a "best practice" but for the expected small deployments -# of this application absolutely sufficient. If 0 (False) some kind of webserver (for example nginx) is needed to server mediafiles -GUNICORN_MEDIA=1 - # add only a database password if you want to run with the default postgres, otherwise change settings accordingly DB_ENGINE=django.db.backends.postgresql_psycopg2 POSTGRES_HOST=db_recipes POSTGRES_PORT=5432 POSTGRES_USER=djangodb POSTGRES_PASSWORD= -POSTGRES_DB=djangodb \ No newline at end of file +POSTGRES_DB=djangodb + +# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples +# provided that include an additional nxginx container to handle media file serving. +# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method. +GUNICORN_MEDIA=0 diff --git a/.idea/dictionaries/vabene1111_PC.xml b/.idea/dictionaries/vabene1111_PC.xml index 653189d8..204332bb 100644 --- a/.idea/dictionaries/vabene1111_PC.xml +++ b/.idea/dictionaries/vabene1111_PC.xml @@ -2,6 +2,7 @@ gunicorn + traefik \ No newline at end of file diff --git a/docs/docker/nginx-proxy/nginx/conf.d/Recipes.conf b/docs/docker/nginx-proxy/nginx/conf.d/Recipes.conf index e44ed162..dd021636 100644 --- a/docs/docker/nginx-proxy/nginx/conf.d/Recipes.conf +++ b/docs/docker/nginx-proxy/nginx/conf.d/Recipes.conf @@ -4,10 +4,6 @@ server { client_max_body_size 16M; - # serve static files - location /static/ { - alias /static/; - } # serve media files location /media/ { alias /media/; diff --git a/docs/docker/traefik-nginx/README.md b/docs/docker/traefik-nginx/README.md new file mode 100644 index 00000000..46d67b71 --- /dev/null +++ b/docs/docker/traefik-nginx/README.md @@ -0,0 +1,64 @@ +This is the recommended setup to run django recipes with traefik. + +---- + +Please refer to the traefik documentation on how to setup a docker service in traefik. Since treafik can be a little +confusing at times, the following are examples of my traefik configuration. + + +You need to create a network called `traefik` using `docker network create traefik`. +## docker-compose.yml + +``` +version: "3.3" + +services: + + traefik: + image: "traefik:v2.1" + container_name: "traefik" + ports: + - "443:443" + - "80:80" + - "8080:8080" + volumes: + - "./letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "./config:/etc/traefik/" + + +networks: + default: + external: + name: traefik +``` + +## traefik.toml +Place this in a directory called `config` as this is mounted into the traefik container (see docer compose). +**Change the email address accordingly**. +``` +[api] + insecure=true + +[providers.docker] + endpoint = "unix:///var/run/docker.sock" + exposedByDefault = false + network = "traefik" + +#[log] +# level = "DEBUG" + +[entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web_secure] + address = ":443" + +[certificatesResolvers.le_resolver.acme] + + email = "you_email@mail.com" + storage = "/letsencrypt/acme.json" + + tlsChallenge=true +``` \ No newline at end of file diff --git a/docs/docker/traefik-nginx/docker-compose.yml b/docs/docker/traefik-nginx/docker-compose.yml new file mode 100644 index 00000000..0cdf14c2 --- /dev/null +++ b/docs/docker/traefik-nginx/docker-compose.yml @@ -0,0 +1,46 @@ +version: "3" +services: + db_recipes: + restart: always + image: postgres:11-alpine + volumes: + - ./postgresql:/var/lib/postgresql/data + env_file: + - ./.env + networks: + - default + + web_recipes: + image: vabene1111/recipes + restart: always + env_file: + - ./.env + volumes: + - ./staticfiles:/opt/recipes/staticfiles + - ./mediafiles:/opt/recipes/mediafiles + depends_on: + - db_recipes + networks: + - default + + nginx_recipes: + image: nginx:mainline-alpine + restart: always + env_file: + - ./.env + volumes: + - ./nginx/conf.d:/etc/nginx/conf.d + - ./mediafiles:/media + labels: # traefik example labels + - "traefik.enable=true" + - "traefik.http.routers.recipes.rule=Host(`recipes.mydomain.com`, `recipes.myotherdomain.com`)" + - "traefik.http.routers.recipes.entrypoints=web_secure" + - "traefik.http.routers.recipes.tls.certresolver=le_resolver" + networks: + - default + - traefik + +networks: + default: + traefik: # This is you external traefik network + external: true \ No newline at end of file diff --git a/docs/docker/traefik-nginx/nginx/conf.d/Recipes.conf b/docs/docker/traefik-nginx/nginx/conf.d/Recipes.conf new file mode 100644 index 00000000..dd021636 --- /dev/null +++ b/docs/docker/traefik-nginx/nginx/conf.d/Recipes.conf @@ -0,0 +1,16 @@ +server { + listen 80; + server_name localhost; + + client_max_body_size 16M; + + # serve media files + location /media/ { + alias /media/; + } + # pass requests for dynamic content to gunicorn + location / { + proxy_set_header Host $host; + proxy_pass http://web_recipes:8080; + } +} \ No newline at end of file diff --git a/docs/docker/traefik/README.md b/docs/docker/traefik/README.md index 7ebb14e3..627418b8 100644 --- a/docs/docker/traefik/README.md +++ b/docs/docker/traefik/README.md @@ -1,3 +1,12 @@ +# Important Information +Although this application allows running without any webserver in front of gunicorn it is heavily recommended by almost +everyone **not** to do this. It is hard to find exact explanations and appears not to be a security but only +a performance risk but that is just my personal interpretation. + +**If you dont know what you are doing please choose the traefik-nginx config** + +---- + Please refer to the traefik documentation on how to setup a docker service in traefik. Since treafik can be a little confusing at times, the following are examples of my traefik configuration.