iterating on proxy + letsencrypt setup

This commit is contained in:
Christian Winther 2024-01-06 18:01:48 +00:00
parent 284bb26d92
commit 2e3c7e862c
6 changed files with 68 additions and 45 deletions

View file

@ -1,7 +1,4 @@
.dockerignore
.env
.git
.gitignore
docker-compose*.yml
/docker-compose/
/docker-compose-state/

View file

@ -34,7 +34,7 @@ DOCKER_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="0"
LETSENCRYPT_EMAIL="__CHANGE_ME__"
# Lets Encrypt staging/test servers for certificate requests
LETSENCRYPT_TEST="true"
LETSENCRYPT_TEST=
###############################################################
# Pixelfed application configuration
@ -147,7 +147,7 @@ APP_TIMEZONE="${TZ}"
# Defaults to "15000" (15MB).
#
# See: https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb
#MAX_PHOTO_SIZE="15000"
MAX_PHOTO_SIZE="15000"
# Update the max avatar size, in kB.
#
@ -182,7 +182,7 @@ APP_TIMEZONE="${TZ}"
# Defaults to "4".
#
# See: https://docs.pixelfed.org/technical-documentation/config/#max_album_length
#MAX_ALBUM_LENGTH="4"
MAX_ALBUM_LENGTH="4"
# Resize and optimize image uploads.
#
@ -912,9 +912,14 @@ POSTGRES_PASSWORD="${DB_PASSWORD}"
POSTGRES_DB="${DB_DATABASE}"
###############################################################
# Docker Specific configuration
# Lets Encrypt configuration
###############################################################
LETSENCRYPT_HOST="${APP_DOMAIN}"
###############################################################
# Docker Specific configuration
###############################################################
# Port that Redis will listen on *outside* the container (e.g. the host machine)
DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT}"
@ -933,4 +938,10 @@ DOCKER_WEB_HTTPS_PORT_EXTERNAL="444"
DOCKER_PROXY_PORT_EXTERNAL_HTTP="8080"
# Port that the web will listen on *outside* the container (e.g. the host machine) for HTTPS traffic
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443"
DOCKER_PROXY_PORT_EXTERNAL_HTTPS="444"
# Path to the Docker socket on the *host*
DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock"
# Prefix for container names (without any dash at the end)
DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}-"

27
.gitignore vendored
View file

@ -1,24 +1,21 @@
.bash_history
.bash_profile
.bashrc
.DS_Store
.env
.git-credentials
.gitconfig
/.composer/
/.idea
/.vagrant
/.vscode
/docker-compose-state/
/node_modules
/public/hot
/public/storage
/storage/*.key
/vendor
/.idea
/.vscode
/.vagrant
/docker-volumes
Homestead.json
Homestead.yaml
npm-debug.log
yarn-error.log
.env
.DS_Store
.bash_profile
.bash_history
.bashrc
.gitconfig
.git-credentials
/.composer/
/nginx.conf
/docker-compose/
!/contrib/docker-compose/.env

View file

@ -11,14 +11,14 @@ services:
# See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
proxy:
image: nginxproxy/nginx-proxy:1.4
container_name: "${APP_DOMAIN}-proxy"
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
#restart: unless-stopped
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro"
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
ports:
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80"
- "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443"
@ -28,33 +28,40 @@ services:
# See: https://github.com/nginx-proxy/acme-companion/tree/main/docs
proxy-acme:
image: nginxproxy/acme-companion
container_name: "${APP_DOMAIN}-proxy-acme"
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme"
#restart: unless-stopped
environment:
DEBUG: 0
DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}"
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
NGINX_PROXY_CONTAINER: "${APP_DOMAIN}-proxy"
NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy"
depends_on:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro"
- "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d"
- "${DOCKER_CONFIG_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d"
- "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs"
- "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html"
- "${DOCKER_DATA_ROOT}/proxy-acme:/etc/acme.sh"
web:
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
# build:
# target: apache-runtime
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web"
restart: unless-stopped
build:
target: apache-runtime
deploy:
mode: replicated
replicas: 1
volumes:
- "./.env:/var/www/.env"
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
- "${DOCKER_DATA_ROOT}/pixelfed/storage:/var/www/storage"
environment:
LETSENCRYPT_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
VIRTUAL_HOST: "${APP_DOMAIN},*.${APP_DOMAIN}"
LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}"
LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}"
LETSENCRYPT_TEST: "${LETSENCRYPT_TEST}"
VIRTUAL_HOST: "${APP_DOMAIN}"
VIRTUAL_PORT: "80"
labels:
com.github.nginx-proxy.nginx-proxy.keepalive: 30
@ -69,10 +76,14 @@ services:
worker:
image: "${DOCKER_IMAGE}:${DOCKER_TAG}"
# build:
# target: apache-runtime
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker"
command: gosu www-data php artisan horizon
restart: unless-stopped
deploy:
mode: replicated
replicas: 1
build:
target: apache-runtime
volumes:
- "./.env:/var/www/.env"
- "${DOCKER_DATA_ROOT}/pixelfed/cache:/var/www/bootstrap/cache"
@ -83,8 +94,11 @@ services:
db:
image: mariadb:11.2
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db"
command: --default-authentication-plugin=mysql_native_password
restart: unless-stopped
env_file:
- ".env"
volumes:
- "${DOCKER_DATA_ROOT}/db:/var/lib/mysql"
ports:
@ -92,7 +106,10 @@ services:
redis:
image: redis:7
container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis"
restart: unless-stopped
env_file:
- ".env"
volumes:
- "${DOCKER_CONFIG_ROOT}/redis:/etc/redis"
- "${DOCKER_DATA_ROOT}/redis:/data"

View file

@ -3,6 +3,7 @@ source /docker/helpers.sh
entrypoint-set-script-name "$0"
load-config-files
await-database-ready
only-once "storage:link" run-as-runtime-user php artisan storage:link

View file

@ -283,7 +283,7 @@ function is-directory-empty() {
# @exitcode 0 If $1 If the path exists *or* was created
# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created
function ensure-directory-exists() {
mkdir -pv "$@"
stream-prefix-command-output mkdir -pv "$@"
}
# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_ROOT prefix
@ -314,7 +314,7 @@ function only-once() {
return 1
fi
touch "${file}"
stream-prefix-command-output touch "${file}"
return 0
}
@ -334,7 +334,7 @@ function acquire-lock() {
staggered-sleep
done
touch "${file}"
stream-prefix-command-output touch "${file}"
log-info "🔐 Lock acquired [${file}]"
@ -349,7 +349,7 @@ function release-lock() {
log-info "🔓 Releasing lock [${file}]"
rm -f "${file}"
stream-prefix-command-output rm -fv "${file}"
}
# @description Helper function to append multiple actions onto
@ -410,7 +410,7 @@ function await-database-ready() {
;;
*)
log-error-and-exit "Unknown database type: [${DB_CONNECTION}]"
log-error-and-exit "Unknown database type: [${DB_CONNECTION:-}]"
;;
esac