iterating on proxy + letsencrypt setup

This commit is contained in:
Christian Winther 2024-01-06 18:01:48 +00:00
parent 284bb26d92
commit 2e3c7e862c
6 changed files with 68 additions and 45 deletions

View file

@ -1,7 +1,4 @@
.dockerignore
.env .env
.git .git
.gitignore .gitignore
docker-compose*.yml /docker-compose-state/
/docker-compose/

View file

@ -34,7 +34,7 @@ DOCKER_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="0"
LETSENCRYPT_EMAIL="__CHANGE_ME__" LETSENCRYPT_EMAIL="__CHANGE_ME__"
# Lets Encrypt staging/test servers for certificate requests # Lets Encrypt staging/test servers for certificate requests
LETSENCRYPT_TEST="true" LETSENCRYPT_TEST=
############################################################### ###############################################################
# Pixelfed application configuration # Pixelfed application configuration
@ -147,7 +147,7 @@ APP_TIMEZONE="${TZ}"
# Defaults to "15000" (15MB). # Defaults to "15000" (15MB).
# #
# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb # See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb
#MAX_PHOTO_SIZE="15000" MAX_PHOTO_SIZE="15000"
# Update the max avatar size, in kB. # Update the max avatar size, in kB.
# #
@ -182,7 +182,7 @@ APP_TIMEZONE="${TZ}"
# Defaults to "4". # Defaults to "4".
# #
# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length # See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length
#MAX_ALBUM_LENGTH="4" MAX_ALBUM_LENGTH="4"
# Resize and optimize image uploads. # Resize and optimize image uploads.
# #
@ -912,9 +912,14 @@ POSTGRES_PASSWORD="${DB_PASSWORD}"
POSTGRES_DB="${DB_DATABASE}" POSTGRES_DB="${DB_DATABASE}"
############################################################### ###############################################################
# Docker Specific configuration # Lets Encrypt configuration
############################################################### ###############################################################
LETSENCRYPT_HOST="${APP_DOMAIN}"
###############################################################
# Docker Specific configuration
###############################################################
# Port that Redis will listen on *outside* the container (e.g. the host machine) # Port that Redis will listen on *outside* the container (e.g. the host machine)
DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}" DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
@ -933,4 +938,10 @@ DOCKER_WEB_HTTPS_PORT_EXTERNAL="444"
DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080" DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic # Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443" DOCKER_PROXY_PORT_EXTERNAL_HTTPS="444"
# Path to the Docker socket on the *host*
DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
# Prefix for container names (without any dash at the end)
DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}-"

27
.gitignore vendored
View file

@ -1,24 +1,21 @@
.bash_history
.bash_profile
.bashrc
.DS_Store
.env
.git-credentials
.gitconfig
/.composer/
/.idea
/.vagrant
/.vscode
/docker-compose-state/
/node_modules /node_modules
/public/hot /public/hot
/public/storage /public/storage
/storage/*.key /storage/*.key
/vendor /vendor
/.idea
/.vscode
/.vagrant
/docker-volumes
Homestead.json Homestead.json
Homestead.yaml Homestead.yaml
npm-debug.log npm-debug.log
yarn-error.log yarn-error.log
.env
.DS_Store
.bash_profile
.bash_history
.bashrc
.gitconfig
.git-credentials
/.composer/
/nginx.conf
/docker-compose/
!/contrib/docker-compose/.env

View file

@ -11,14 +11,14 @@ services:
# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs # See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
proxy: proxy:
image: nginxproxy/nginx-proxy:1.4 image: nginxproxy/nginx-proxy:1.4
container_name: "${APP_DOMAIN}-proxy" container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
#restart: unless-stopped #restart: unless-stopped
volumes: volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro" - "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d" - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d" - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
ports: ports:
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80" - "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443" - "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
@ -28,33 +28,40 @@ services:
# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs # See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
proxy-acme: proxy-acme:
image: nginxproxy/acme-companion image: nginxproxy/acme-companion
container_name: "${APP_DOMAIN}-proxy-acme" container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
#restart: unless-stopped #restart: unless-stopped
environment: environment:
DEBUG: 0
DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}" DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}" NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
NGINX_PROXY_CONTAINER: "${APP_DOMAIN}-proxy"
depends_on: depends_on:
- proxy - proxy
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d" - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d" - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_DATA_ROOT}/proxy-acme:/etc/acme.sh"
web: web:
image: "${DOCKER_IMAGE}:${DOCKER_TAG}" image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
# build: container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web"
# target: apache-runtime
restart: unless-stopped restart: unless-stopped
build:
target: apache-runtime
deploy:
mode: replicated
replicas: 1
volumes: volumes:
- "./.env:/var/www/.env" - "./.env:/var/www/.env"
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache" - "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
- "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage" - "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
environment: environment:
LETSENCRYPT_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}" LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
VIRTUAL_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}" LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
VIRTUAL_HOST: "${APP_DOMAIN}"
VIRTUAL_PORT: "80" VIRTUAL_PORT: "80"
labels: labels:
com.github.nginx-proxy.nginx-proxy.keepalive: 30 com.github.nginx-proxy.nginx-proxy.keepalive: 30
@ -69,10 +76,14 @@ services:
worker: worker:
image: "${DOCKER_IMAGE}:${DOCKER_TAG}" image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
# build: container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker"
# target: apache-runtime
command: gosu www-data php artisan horizon command: gosu www-data php artisan horizon
restart: unless-stopped restart: unless-stopped
deploy:
mode: replicated
replicas: 1
build:
target: apache-runtime
volumes: volumes:
- "./.env:/var/www/.env" - "./.env:/var/www/.env"
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache" - "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
@ -83,8 +94,11 @@ services:
db: db:
image: mariadb:11.2 image: mariadb:11.2
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db"
command: --default-authentication-plugin=mysql_native_password command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped restart: unless-stopped
env_file:
- ".env"
volumes: volumes:
- "${DOCKER_DATA_ROOT}/db:/var/lib/mysql" - "${DOCKER_DATA_ROOT}/db:/var/lib/mysql"
ports: ports:
@ -92,7 +106,10 @@ services:
redis: redis:
image: redis:7 image: redis:7
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
restart: unless-stopped restart: unless-stopped
env_file:
- ".env"
volumes: volumes:
- "${DOCKER_CONFIG_ROOT}/redis:/etc/redis" - "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
- "${DOCKER_DATA_ROOT}/redis:/data" - "${DOCKER_DATA_ROOT}/redis:/data"

View file

@ -3,6 +3,7 @@ source /docker/helpers.sh
entrypoint-set-script-name "$0" entrypoint-set-script-name "$0"
load-config-files
await-database-ready await-database-ready
only-once "storage:link" run-as-runtime-user php artisan storage:link only-once "storage:link" run-as-runtime-user php artisan storage:link

View file

@ -283,7 +283,7 @@ function is-directory-empty() {
# @exitcode 0 If $1 If the path exists *or* was created # @exitcode 0 If $1 If the path exists *or* was created
# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created # @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created
function ensure-directory-exists() { function ensure-directory-exists() {
mkdir -pv "$@" stream-prefix-command-output mkdir -pv "$@"
} }
# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix # @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix
@ -314,7 +314,7 @@ function only-once() {
return 1 return 1
fi fi
touch "${file}" stream-prefix-command-output touch "${file}"
return 0 return 0
} }
@ -334,7 +334,7 @@ function acquire-lock() {
staggered-sleep staggered-sleep
done done
touch "${file}" stream-prefix-command-output touch "${file}"
log-info "🔐 Lock acquired [${file}]" log-info "🔐 Lock acquired [${file}]"
@ -349,7 +349,7 @@ function release-lock() {
log-info "🔓 Releasing lock [${file}]" log-info "🔓 Releasing lock [${file}]"
rm -f "${file}" stream-prefix-command-output rm -fv "${file}"
} }
# @description Helper function to append multiple actions onto # @description Helper function to append multiple actions onto
@ -410,7 +410,7 @@ function await-database-ready() {
;; ;;
*) *)
log-error-and-exit "Unknown database type: [${DB_CONNECTION}]" log-error-and-exit "Unknown database type: [${DB_CONNECTION:-}]"
;; ;;
esac esac