updated examples

.env.template

@@ -7,14 +7,15 @@ ALLOWED_HOSTS=*
 # random secret key, use for example base64 /dev/urandom | head -c50 to generate one
 SECRET_KEY=
 
-# serve mediafiles directly using gunicorn, technically not a "best practice" but for the expected small deployments
-# of this application absolutely sufficient. If 0 (False) some kind of webserver (for example nginx) is needed to server mediafiles
-GUNICORN_MEDIA=1
-
 # add only a database password if you want to run with the default postgres, otherwise change settings accordingly
 DB_ENGINE=django.db.backends.postgresql_psycopg2
 POSTGRES_HOST=db_recipes
 POSTGRES_PORT=5432
 POSTGRES_USER=djangodb
 POSTGRES_PASSWORD=
-POSTGRES_DB=djangodb
+POSTGRES_DB=djangodb
+
+# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
+# provided that include an additional nxginx container to handle media file serving.
+# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
+GUNICORN_MEDIA=0

.idea/dictionaries/vabene1111_PC.xml

@@ -2,6 +2,7 @@
   <dictionary name="vabene1111-PC">
     <words>
       <w>gunicorn</w>
+      <w>traefik</w>
     </words>
   </dictionary>
 </component>

docs/docker/nginx-proxy/nginx/conf.d/Recipes.conf

@@ -4,10 +4,6 @@ server {
 
   client_max_body_size 16M;
 
-  # serve static files
-  location /static/ {
-    alias /static/;
-  }
   # serve media files
   location /media/ {
     alias /media/;

docs/docker/traefik-nginx/README.md

@@ -0,0 +1,64 @@
+This is the recommended setup to run django recipes with traefik.
+
+----
+
+Please refer to the traefik documentation on how to setup a docker service in traefik. Since treafik can be a little
+confusing at times, the following are examples of my traefik configuration.
+
+
+You need to create a network called `traefik` using `docker network create traefik`.
+## docker-compose.yml
+
+```
+version: "3.3"
+
+services:
+
+  traefik:
+    image: "traefik:v2.1"
+    container_name: "traefik"
+    ports:
+      - "443:443"
+      - "80:80"
+      - "8080:8080"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./config:/etc/traefik/"
+
+
+networks:
+    default:
+       external:
+         name: traefik
+```
+
+## traefik.toml
+Place this in a directory called `config` as this is mounted into the traefik container (see docer compose).
+**Change the email address accordingly**.
+```
+[api]
+  insecure=true
+
+[providers.docker]
+  endpoint = "unix:///var/run/docker.sock"
+  exposedByDefault = false
+  network = "traefik"
+
+#[log]
+#  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+
+  [entryPoints.web_secure]
+    address = ":443"
+
+[certificatesResolvers.le_resolver.acme]
+
+  email = "you_email@mail.com"
+  storage = "/letsencrypt/acme.json"
+
+  tlsChallenge=true
+```

docs/docker/traefik-nginx/docker-compose.yml

@@ -0,0 +1,46 @@
+version: "3"
+services:
+  db_recipes:
+    restart: always
+    image: postgres:11-alpine
+    volumes:
+      - ./postgresql:/var/lib/postgresql/data
+    env_file:
+      - ./.env
+    networks:
+      - default
+
+  web_recipes:
+    image: vabene1111/recipes
+    restart: always
+    env_file:
+      - ./.env
+    volumes:
+      - ./staticfiles:/opt/recipes/staticfiles
+      - ./mediafiles:/opt/recipes/mediafiles
+    depends_on:
+      - db_recipes
+    networks:
+      - default
+
+  nginx_recipes:
+    image: nginx:mainline-alpine
+    restart: always
+    env_file:
+      - ./.env
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./mediafiles:/media
+    labels: # traefik example labels
+      - "traefik.enable=true"
+      - "traefik.http.routers.recipes.rule=Host(`recipes.mydomain.com`, `recipes.myotherdomain.com`)"
+      - "traefik.http.routers.recipes.entrypoints=web_secure"
+      - "traefik.http.routers.recipes.tls.certresolver=le_resolver"
+    networks:
+      - default
+      - traefik
+
+networks:
+  default:
+  traefik: # This is you external traefik network
+    external: true

docs/docker/traefik-nginx/nginx/conf.d/Recipes.conf

@@ -0,0 +1,16 @@
+server {
+  listen 80;
+  server_name localhost;
+
+  client_max_body_size 16M;
+
+  # serve media files
+  location /media/ {
+    alias /media/;
+  }
+  # pass requests for dynamic content to gunicorn
+  location / {
+    proxy_set_header Host $host;
+    proxy_pass http://web_recipes:8080;
+  }
+}

docs/docker/traefik/README.md

@@ -1,3 +1,12 @@
+# Important Information
+Although this application allows running without any webserver in front of gunicorn it is heavily recommended by almost 
+everyone **not** to do this. It is hard to find exact explanations and appears not to be a security but only
+a performance risk but that is just my personal interpretation.
+
+**If you dont know what you are doing please choose the traefik-nginx config**
+
+----
+
 Please refer to the traefik documentation on how to setup a docker service in traefik. Since treafik can be a little
 confusing at times, the following are examples of my traefik configuration.