mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-12-22 04:53:17 +00:00
iterating on proxy + letsencrypt setup
This commit is contained in:
parent
284bb26d92
commit
2e3c7e862c
6 changed files with 68 additions and 45 deletions
|
@ -1,7 +1,4 @@
|
|||
.dockerignore
|
||||
.env
|
||||
.git
|
||||
.gitignore
|
||||
docker-compose*.yml
|
||||
|
||||
/docker-compose/
|
||||
/docker-compose-state/
|
||||
|
|
21
.env.docker
21
.env.docker
|
@ -34,7 +34,7 @@ DOCKER_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="0"
|
|||
LETSENCRYPT_EMAIL="__CHANGE_ME__"
|
||||
|
||||
# Lets Encrypt staging/test servers for certificate requests
|
||||
LETSENCRYPT_TEST="true"
|
||||
LETSENCRYPT_TEST=
|
||||
|
||||
###############################################################
|
||||
# Pixelfed application configuration
|
||||
|
@ -147,7 +147,7 @@ APP_TIMEZONE="${TZ}"
|
|||
# Defaults to "15000" (15MB).
|
||||
#
|
||||
# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb
|
||||
#MAX_PHOTO_SIZE="15000"
|
||||
MAX_PHOTO_SIZE="15000"
|
||||
|
||||
# Update the max avatar size, in kB.
|
||||
#
|
||||
|
@ -182,7 +182,7 @@ APP_TIMEZONE="${TZ}"
|
|||
# Defaults to "4".
|
||||
#
|
||||
# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length
|
||||
#MAX_ALBUM_LENGTH="4"
|
||||
MAX_ALBUM_LENGTH="4"
|
||||
|
||||
# Resize and optimize image uploads.
|
||||
#
|
||||
|
@ -912,9 +912,14 @@ POSTGRES_PASSWORD="${DB_PASSWORD}"
|
|||
POSTGRES_DB="${DB_DATABASE}"
|
||||
|
||||
###############################################################
|
||||
# Docker Specific configuration
|
||||
# Lets Encrypt configuration
|
||||
###############################################################
|
||||
|
||||
LETSENCRYPT_HOST="${APP_DOMAIN}"
|
||||
|
||||
###############################################################
|
||||
# Docker Specific configuration
|
||||
###############################################################
|
||||
# Port that Redis will listen on *outside* the container (e.g. the host machine)
|
||||
DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
|
||||
|
||||
|
@ -933,4 +938,10 @@ DOCKER_WEB_HTTPS_PORT_EXTERNAL="444"
|
|||
DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
|
||||
|
||||
# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
|
||||
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
|
||||
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="444"
|
||||
|
||||
# Path to the Docker socket on the *host*
|
||||
DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
|
||||
|
||||
# Prefix for container names (without any dash at the end)
|
||||
DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}-"
|
||||
|
|
27
.gitignore
vendored
27
.gitignore
vendored
|
@ -1,24 +1,21 @@
|
|||
.bash_history
|
||||
.bash_profile
|
||||
.bashrc
|
||||
.DS_Store
|
||||
.env
|
||||
.git-credentials
|
||||
.gitconfig
|
||||
/.composer/
|
||||
/.idea
|
||||
/.vagrant
|
||||
/.vscode
|
||||
/docker-compose-state/
|
||||
/node_modules
|
||||
/public/hot
|
||||
/public/storage
|
||||
/storage/*.key
|
||||
/vendor
|
||||
/.idea
|
||||
/.vscode
|
||||
/.vagrant
|
||||
/docker-volumes
|
||||
Homestead.json
|
||||
Homestead.yaml
|
||||
npm-debug.log
|
||||
yarn-error.log
|
||||
.env
|
||||
.DS_Store
|
||||
.bash_profile
|
||||
.bash_history
|
||||
.bashrc
|
||||
.gitconfig
|
||||
.git-credentials
|
||||
/.composer/
|
||||
/nginx.conf
|
||||
/docker-compose/
|
||||
!/contrib/docker-compose/.env
|
||||
|
|
|
@ -11,14 +11,14 @@ services:
|
|||
# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
|
||||
proxy:
|
||||
image: nginxproxy/nginx-proxy:1.4
|
||||
container_name: "${APP_DOMAIN}-proxy"
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
|
||||
#restart: unless-stopped
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||
- "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||
ports:
|
||||
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
|
||||
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
|
||||
|
@ -28,33 +28,40 @@ services:
|
|||
# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
|
||||
proxy-acme:
|
||||
image: nginxproxy/acme-companion
|
||||
container_name: "${APP_DOMAIN}-proxy-acme"
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
|
||||
#restart: unless-stopped
|
||||
environment:
|
||||
DEBUG: 0
|
||||
DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
|
||||
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
|
||||
NGINX_PROXY_CONTAINER: "${APP_DOMAIN}-proxy"
|
||||
NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
|
||||
depends_on:
|
||||
- proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||
- "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||
- "${DOCKER_DATA_ROOT}/proxy-acme:/etc/acme.sh"
|
||||
|
||||
web:
|
||||
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
||||
# build:
|
||||
# target: apache-runtime
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web"
|
||||
restart: unless-stopped
|
||||
build:
|
||||
target: apache-runtime
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
volumes:
|
||||
- "./.env:/var/www/.env"
|
||||
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
||||
- "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
|
||||
environment:
|
||||
LETSENCRYPT_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
|
||||
VIRTUAL_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
|
||||
LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
|
||||
LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
|
||||
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
|
||||
VIRTUAL_HOST: "${APP_DOMAIN}"
|
||||
VIRTUAL_PORT: "80"
|
||||
labels:
|
||||
com.github.nginx-proxy.nginx-proxy.keepalive: 30
|
||||
|
@ -69,10 +76,14 @@ services:
|
|||
|
||||
worker:
|
||||
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
||||
# build:
|
||||
# target: apache-runtime
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker"
|
||||
command: gosu www-data php artisan horizon
|
||||
restart: unless-stopped
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
build:
|
||||
target: apache-runtime
|
||||
volumes:
|
||||
- "./.env:/var/www/.env"
|
||||
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
||||
|
@ -83,8 +94,11 @@ services:
|
|||
|
||||
db:
|
||||
image: mariadb:11.2
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db"
|
||||
command: --default-authentication-plugin=mysql_native_password
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- ".env"
|
||||
volumes:
|
||||
- "${DOCKER_DATA_ROOT}/db:/var/lib/mysql"
|
||||
ports:
|
||||
|
@ -92,7 +106,10 @@ services:
|
|||
|
||||
redis:
|
||||
image: redis:7
|
||||
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
|
||||
restart: unless-stopped
|
||||
env_file:
|
||||
- ".env"
|
||||
volumes:
|
||||
- "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
|
||||
- "${DOCKER_DATA_ROOT}/redis:/data"
|
||||
|
|
|
@ -3,6 +3,7 @@ source /docker/helpers.sh
|
|||
|
||||
entrypoint-set-script-name "$0"
|
||||
|
||||
load-config-files
|
||||
await-database-ready
|
||||
|
||||
only-once "storage:link" run-as-runtime-user php artisan storage:link
|
||||
|
|
|
@ -283,7 +283,7 @@ function is-directory-empty() {
|
|||
# @exitcode 0 If $1 If the path exists *or* was created
|
||||
# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created
|
||||
function ensure-directory-exists() {
|
||||
mkdir -pv "$@"
|
||||
stream-prefix-command-output mkdir -pv "$@"
|
||||
}
|
||||
|
||||
# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix
|
||||
|
@ -314,7 +314,7 @@ function only-once() {
|
|||
return 1
|
||||
fi
|
||||
|
||||
touch "${file}"
|
||||
stream-prefix-command-output touch "${file}"
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -334,7 +334,7 @@ function acquire-lock() {
|
|||
staggered-sleep
|
||||
done
|
||||
|
||||
touch "${file}"
|
||||
stream-prefix-command-output touch "${file}"
|
||||
|
||||
log-info "🔐 Lock acquired [${file}]"
|
||||
|
||||
|
@ -349,7 +349,7 @@ function release-lock() {
|
|||
|
||||
log-info "🔓 Releasing lock [${file}]"
|
||||
|
||||
rm -f "${file}"
|
||||
stream-prefix-command-output rm -fv "${file}"
|
||||
}
|
||||
|
||||
# @description Helper function to append multiple actions onto
|
||||
|
@ -410,7 +410,7 @@ function await-database-ready() {
|
|||
;;
|
||||
|
||||
*)
|
||||
log-error-and-exit "Unknown database type: [${DB_CONNECTION}]"
|
||||
log-error-and-exit "Unknown database type: [${DB_CONNECTION:-}]"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
Loading…
Reference in a new issue