mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-09 16:24:51 +00:00
iterating on proxy + letsencrypt setup
This commit is contained in:
parent
284bb26d92
commit
2e3c7e862c
6 changed files with 68 additions and 45 deletions
|
@ -1,7 +1,4 @@
|
||||||
.dockerignore
|
|
||||||
.env
|
.env
|
||||||
.git
|
.git
|
||||||
.gitignore
|
.gitignore
|
||||||
docker-compose*.yml
|
/docker-compose-state/
|
||||||
|
|
||||||
/docker-compose/
|
|
||||||
|
|
21
.env.docker
21
.env.docker
|
@ -34,7 +34,7 @@ DOCKER_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="0"
|
||||||
LETSENCRYPT_EMAIL="__CHANGE_ME__"
|
LETSENCRYPT_EMAIL="__CHANGE_ME__"
|
||||||
|
|
||||||
# Lets Encrypt staging/test servers for certificate requests
|
# Lets Encrypt staging/test servers for certificate requests
|
||||||
LETSENCRYPT_TEST="true"
|
LETSENCRYPT_TEST=
|
||||||
|
|
||||||
###############################################################
|
###############################################################
|
||||||
# Pixelfed application configuration
|
# Pixelfed application configuration
|
||||||
|
@ -147,7 +147,7 @@ APP_TIMEZONE="${TZ}"
|
||||||
# Defaults to "15000" (15MB).
|
# Defaults to "15000" (15MB).
|
||||||
#
|
#
|
||||||
# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb
|
# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb
|
||||||
#MAX_PHOTO_SIZE="15000"
|
MAX_PHOTO_SIZE="15000"
|
||||||
|
|
||||||
# Update the max avatar size, in kB.
|
# Update the max avatar size, in kB.
|
||||||
#
|
#
|
||||||
|
@ -182,7 +182,7 @@ APP_TIMEZONE="${TZ}"
|
||||||
# Defaults to "4".
|
# Defaults to "4".
|
||||||
#
|
#
|
||||||
# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length
|
# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length
|
||||||
#MAX_ALBUM_LENGTH="4"
|
MAX_ALBUM_LENGTH="4"
|
||||||
|
|
||||||
# Resize and optimize image uploads.
|
# Resize and optimize image uploads.
|
||||||
#
|
#
|
||||||
|
@ -912,9 +912,14 @@ POSTGRES_PASSWORD="${DB_PASSWORD}"
|
||||||
POSTGRES_DB="${DB_DATABASE}"
|
POSTGRES_DB="${DB_DATABASE}"
|
||||||
|
|
||||||
###############################################################
|
###############################################################
|
||||||
# Docker Specific configuration
|
# Lets Encrypt configuration
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
LETSENCRYPT_HOST="${APP_DOMAIN}"
|
||||||
|
|
||||||
|
###############################################################
|
||||||
|
# Docker Specific configuration
|
||||||
|
###############################################################
|
||||||
# Port that Redis will listen on *outside* the container (e.g. the host machine)
|
# Port that Redis will listen on *outside* the container (e.g. the host machine)
|
||||||
DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
|
DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
|
||||||
|
|
||||||
|
@ -933,4 +938,10 @@ DOCKER_WEB_HTTPS_PORT_EXTERNAL="444"
|
||||||
DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
|
DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
|
||||||
|
|
||||||
# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
|
# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
|
||||||
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
|
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="444"
|
||||||
|
|
||||||
|
# Path to the Docker socket on the *host*
|
||||||
|
DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
|
||||||
|
|
||||||
|
# Prefix for container names (without any dash at the end)
|
||||||
|
DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}-"
|
||||||
|
|
27
.gitignore
vendored
27
.gitignore
vendored
|
@ -1,24 +1,21 @@
|
||||||
|
.bash_history
|
||||||
|
.bash_profile
|
||||||
|
.bashrc
|
||||||
|
.DS_Store
|
||||||
|
.env
|
||||||
|
.git-credentials
|
||||||
|
.gitconfig
|
||||||
|
/.composer/
|
||||||
|
/.idea
|
||||||
|
/.vagrant
|
||||||
|
/.vscode
|
||||||
|
/docker-compose-state/
|
||||||
/node_modules
|
/node_modules
|
||||||
/public/hot
|
/public/hot
|
||||||
/public/storage
|
/public/storage
|
||||||
/storage/*.key
|
/storage/*.key
|
||||||
/vendor
|
/vendor
|
||||||
/.idea
|
|
||||||
/.vscode
|
|
||||||
/.vagrant
|
|
||||||
/docker-volumes
|
|
||||||
Homestead.json
|
Homestead.json
|
||||||
Homestead.yaml
|
Homestead.yaml
|
||||||
npm-debug.log
|
npm-debug.log
|
||||||
yarn-error.log
|
yarn-error.log
|
||||||
.env
|
|
||||||
.DS_Store
|
|
||||||
.bash_profile
|
|
||||||
.bash_history
|
|
||||||
.bashrc
|
|
||||||
.gitconfig
|
|
||||||
.git-credentials
|
|
||||||
/.composer/
|
|
||||||
/nginx.conf
|
|
||||||
/docker-compose/
|
|
||||||
!/contrib/docker-compose/.env
|
|
||||||
|
|
|
@ -11,14 +11,14 @@ services:
|
||||||
# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
|
# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
|
||||||
proxy:
|
proxy:
|
||||||
image: nginxproxy/nginx-proxy:1.4
|
image: nginxproxy/nginx-proxy:1.4
|
||||||
container_name: "${APP_DOMAIN}-proxy"
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
|
||||||
#restart: unless-stopped
|
#restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/tmp/docker.sock:ro"
|
- "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
|
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
||||||
|
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||||
|
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||||
ports:
|
ports:
|
||||||
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
|
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
|
||||||
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
|
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
|
||||||
|
@ -28,33 +28,40 @@ services:
|
||||||
# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
|
# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
|
||||||
proxy-acme:
|
proxy-acme:
|
||||||
image: nginxproxy/acme-companion
|
image: nginxproxy/acme-companion
|
||||||
container_name: "${APP_DOMAIN}-proxy-acme"
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
|
||||||
#restart: unless-stopped
|
#restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
|
DEBUG: 0
|
||||||
DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
|
DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
|
||||||
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
|
NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
|
||||||
NGINX_PROXY_CONTAINER: "${APP_DOMAIN}-proxy"
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- proxy
|
- proxy
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
|
|
||||||
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
|
||||||
|
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
|
||||||
|
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
|
||||||
|
- "${DOCKER_DATA_ROOT}/proxy-acme:/etc/acme.sh"
|
||||||
|
|
||||||
web:
|
web:
|
||||||
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
||||||
# build:
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web"
|
||||||
# target: apache-runtime
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
build:
|
||||||
|
target: apache-runtime
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
volumes:
|
volumes:
|
||||||
- "./.env:/var/www/.env"
|
- "./.env:/var/www/.env"
|
||||||
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
||||||
- "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
|
- "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
|
||||||
environment:
|
environment:
|
||||||
LETSENCRYPT_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
|
LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
|
||||||
VIRTUAL_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
|
LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
|
||||||
|
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
|
||||||
|
VIRTUAL_HOST: "${APP_DOMAIN}"
|
||||||
VIRTUAL_PORT: "80"
|
VIRTUAL_PORT: "80"
|
||||||
labels:
|
labels:
|
||||||
com.github.nginx-proxy.nginx-proxy.keepalive: 30
|
com.github.nginx-proxy.nginx-proxy.keepalive: 30
|
||||||
|
@ -69,10 +76,14 @@ services:
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
|
||||||
# build:
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker"
|
||||||
# target: apache-runtime
|
|
||||||
command: gosu www-data php artisan horizon
|
command: gosu www-data php artisan horizon
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
deploy:
|
||||||
|
mode: replicated
|
||||||
|
replicas: 1
|
||||||
|
build:
|
||||||
|
target: apache-runtime
|
||||||
volumes:
|
volumes:
|
||||||
- "./.env:/var/www/.env"
|
- "./.env:/var/www/.env"
|
||||||
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
|
||||||
|
@ -83,8 +94,11 @@ services:
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: mariadb:11.2
|
image: mariadb:11.2
|
||||||
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db"
|
||||||
command: --default-authentication-plugin=mysql_native_password
|
command: --default-authentication-plugin=mysql_native_password
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
env_file:
|
||||||
|
- ".env"
|
||||||
volumes:
|
volumes:
|
||||||
- "${DOCKER_DATA_ROOT}/db:/var/lib/mysql"
|
- "${DOCKER_DATA_ROOT}/db:/var/lib/mysql"
|
||||||
ports:
|
ports:
|
||||||
|
@ -92,7 +106,10 @@ services:
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
image: redis:7
|
image: redis:7
|
||||||
|
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
env_file:
|
||||||
|
- ".env"
|
||||||
volumes:
|
volumes:
|
||||||
- "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
|
- "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
|
||||||
- "${DOCKER_DATA_ROOT}/redis:/data"
|
- "${DOCKER_DATA_ROOT}/redis:/data"
|
||||||
|
|
|
@ -3,6 +3,7 @@ source /docker/helpers.sh
|
||||||
|
|
||||||
entrypoint-set-script-name "$0"
|
entrypoint-set-script-name "$0"
|
||||||
|
|
||||||
|
load-config-files
|
||||||
await-database-ready
|
await-database-ready
|
||||||
|
|
||||||
only-once "storage:link" run-as-runtime-user php artisan storage:link
|
only-once "storage:link" run-as-runtime-user php artisan storage:link
|
||||||
|
|
|
@ -283,7 +283,7 @@ function is-directory-empty() {
|
||||||
# @exitcode 0 If $1 If the path exists *or* was created
|
# @exitcode 0 If $1 If the path exists *or* was created
|
||||||
# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created
|
# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created
|
||||||
function ensure-directory-exists() {
|
function ensure-directory-exists() {
|
||||||
mkdir -pv "$@"
|
stream-prefix-command-output mkdir -pv "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix
|
# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix
|
||||||
|
@ -314,7 +314,7 @@ function only-once() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
touch "${file}"
|
stream-prefix-command-output touch "${file}"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -334,7 +334,7 @@ function acquire-lock() {
|
||||||
staggered-sleep
|
staggered-sleep
|
||||||
done
|
done
|
||||||
|
|
||||||
touch "${file}"
|
stream-prefix-command-output touch "${file}"
|
||||||
|
|
||||||
log-info "🔐 Lock acquired [${file}]"
|
log-info "🔐 Lock acquired [${file}]"
|
||||||
|
|
||||||
|
@ -349,7 +349,7 @@ function release-lock() {
|
||||||
|
|
||||||
log-info "🔓 Releasing lock [${file}]"
|
log-info "🔓 Releasing lock [${file}]"
|
||||||
|
|
||||||
rm -f "${file}"
|
stream-prefix-command-output rm -fv "${file}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# @description Helper function to append multiple actions onto
|
# @description Helper function to append multiple actions onto
|
||||||
|
@ -410,7 +410,7 @@ function await-database-ready() {
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
log-error-and-exit "Unknown database type: [${DB_CONNECTION}]"
|
log-error-and-exit "Unknown database type: [${DB_CONNECTION:-}]"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue