From ac3ce569a88bc7810a845f74b18ad9bc8e669a0f Mon Sep 17 00:00:00 2001 From: Swift Ugandan Date: Mon, 25 Jan 2021 12:36:16 +0000 Subject: [PATCH] mount src folder, fix permissions, store db and media on host directories --- .gitignore | 10 +++++- Dockerfile | 12 +++---- cms/local_settings.py | 32 +++++++++++++++++++ deploy/docker/entrypoint.sh | 30 +++++++++++++++++ deploy/docker/prestart.sh | 3 -- .../docker/reverse_proxy/certs/localhost.crt | 17 ++++++++++ .../docker/reverse_proxy/certs/localhost.key | 27 ++++++++++++++++ .../reverse_proxy/certs/mediacms.io.crt | 17 ---------- .../reverse_proxy/certs/mediacms.io.key | 27 ---------------- deploy/docker/start.sh | 0 docker-compose-http-proxy.yaml | 14 +++----- docker-compose-https-proxy.yaml | 16 ++++------ docker-compose-named-volumes.yaml | 16 +++++----- docker-compose.yaml | 14 +++----- docs/Docker_deployment.md | 10 +++--- files/context_processors.py | 2 +- 16 files changed, 150 insertions(+), 97 deletions(-) create mode 100755 cms/local_settings.py create mode 100755 deploy/docker/entrypoint.sh mode change 100644 => 100755 deploy/docker/prestart.sh create mode 100644 deploy/docker/reverse_proxy/certs/localhost.crt create mode 100644 deploy/docker/reverse_proxy/certs/localhost.key delete mode 100644 deploy/docker/reverse_proxy/certs/mediacms.io.crt delete mode 100644 deploy/docker/reverse_proxy/certs/mediacms.io.key mode change 100644 => 100755 deploy/docker/start.sh diff --git a/.gitignore b/.gitignore index 96a9096..8785993 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,11 @@ media_files/encoded/ media_files/original/ -postgres_data/ \ No newline at end of file +postgres_data/ +celerybeat-schedule +logs/ +pids/ +static/admin/ +static/ckeditor/ +static/debug_toolbar/ +static/mptt/ +static/rest_framework/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 4fea25c..2f4b4c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,12 +21,11 @@ RUN wget -q http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-632.x86_64-u unzip -j Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/mp4hls -d Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/ && \ rm Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip -RUN chown -R www-data. /home/mediacms.io/ && chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh - ############ RUNTIME IMAGE ############ FROM python:3.8-slim-buster as runtime-image ENV PYTHONUNBUFFERED=1 +ENV PYTHONDONTWRITEBYTECODE=1 ENV ADMIN_USER='admin' ENV ADMIN_PASSWORD='mediacms' ENV ADMIN_EMAIL='admin@localhost' @@ -54,13 +53,12 @@ RUN apt-get update -y && apt-get -y upgrade && apt-get install --no-install-reco apt-get purge --auto-remove && \ apt-get clean -# forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && \ - ln -sf /dev/stdout /var/log/nginx/mediacms.io.access.log && ln -sf /dev/stderr /var/log/nginx/mediacms.io.error.log - WORKDIR /home/mediacms.io/mediacms EXPOSE 9000 80 +RUN chmod +x ./deploy/docker/entrypoint.sh + +ENTRYPOINT ["./deploy/docker/entrypoint.sh"] + CMD ["./deploy/docker/start.sh"] - \ No newline at end of file diff --git a/cms/local_settings.py b/cms/local_settings.py new file mode 100755 index 0000000..11567db --- /dev/null +++ b/cms/local_settings.py @@ -0,0 +1,32 @@ +FRONTEND_HOST = 'http://localhost' +PORTAL_NAME = 'MediaCMS' +SECRET_KEY = 'ma!s3^b-cw!f#7s6s0m3*jx77a@riw(7701**(r=ww%w!2+yk2' +POSTGRES_HOST = 'db' +REDIS_LOCATION = "redis://redis:6379/1" + +DATABASES = { + "default": { + "ENGINE": "django.db.backends.postgresql", + "NAME": "mediacms", + "HOST": POSTGRES_HOST, + "PORT": "5432", + "USER": "mediacms", + "PASSWORD": "mediacms", + } +} + +CACHES = { + "default": { + "BACKEND": "django_redis.cache.RedisCache", + "LOCATION": REDIS_LOCATION, + "OPTIONS": { + "CLIENT_CLASS": "django_redis.client.DefaultClient", + }, + } +} + +# CELERY STUFF +BROKER_URL = REDIS_LOCATION +CELERY_RESULT_BACKEND = BROKER_URL + +DEBUG = False \ No newline at end of file diff --git a/deploy/docker/entrypoint.sh b/deploy/docker/entrypoint.sh new file mode 100755 index 0000000..dda8a3e --- /dev/null +++ b/deploy/docker/entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/bash +set -e + +# forward request and error logs to docker log collector +ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && \ +ln -sf /dev/stdout /var/log/nginx/mediacms.io.access.log && ln -sf /dev/stderr /var/log/nginx/mediacms.io.error.log +cp /home/mediacms.io/mediacms/deploy/docker/local_settings.py /home/mediacms.io/mediacms/cms/local_settings.py + +mkdir -p /home/mediacms.io/mediacms/{logs,pids} +touch /home/mediacms.io/mediacms/logs/debug.log + +chown -R www-data. /home/mediacms.io/ + +TARGET_GID=$(stat -c "%g" /home/mediacms.io/mediacms/) + +EXISTS=$(cat /etc/group | grep $TARGET_GID | wc -l) + +# Create new group using target GID and add www-data user +if [ $EXISTS == "0" ]; then + groupadd -g $TARGET_GID tempgroup + usermod -a -G tempgroup www-data +else + # GID exists, find group name and add + GROUP=$(getent group $TARGET_GID | cut -d: -f1) + usermod -a -G $GROUP www-data +fi + +chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh + +exec "$@" \ No newline at end of file diff --git a/deploy/docker/prestart.sh b/deploy/docker/prestart.sh old mode 100644 new mode 100755 index 7336d37..f40b71a --- a/deploy/docker/prestart.sh +++ b/deploy/docker/prestart.sh @@ -1,7 +1,4 @@ #!/bin/bash -mkdir -p /home/mediacms.io/mediacms/logs -touch /home/mediacms.io/mediacms/logs/debug.log -chown www-data. -R /home/mediacms.io/mediacms/logs RANDOM_ADMIN_PASS=`python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))"` ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS} diff --git a/deploy/docker/reverse_proxy/certs/localhost.crt b/deploy/docker/reverse_proxy/certs/localhost.crt new file mode 100644 index 0000000..cb6b0a7 --- /dev/null +++ b/deploy/docker/reverse_proxy/certs/localhost.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwzCCAaugAwIBAgIJAOyvdwguJQd+MA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV +BAMTCWxvY2FsaG9zdDAeFw0yMTAxMjQxMjUwMzFaFw0zMTAxMjIxMjUwMzFaMBQx +EjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAONswEwBzkgoO+lkewiKUnwvYqC54qleCUg9hidqjoyzd5XWKh1mIF7aaSCG +rJGSxCce8CbqAqGkpvsgXzwwbY72l7FwmAXFHO5ObQfpmFhjt2fsKRM9MTCo/UyU +liuhgP+Q+BNzUontTUC40NVHs8R7IHG4z8unB7qB/7zGK2tfilLB8JDqPTkc22vN +C4P1YxiGyY5bm37wQrroC9zPJ8bqanrF9Y90QJHubibnPWqnZvK2HkDWjp5LYkn8 +IuzBycs1cLd8eMjU9aT72kweykvnGDDc3YbXFzT2zBTGSFEBROsVdPrNF9PaeE3j +pu4UZ8Ge3Fp3VYd+04DnWtbQq0MCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxo +b3N0MA0GCSqGSIb3DQEBBQUAA4IBAQAdm2aGn4evosbdWgBHgzr6oYWBIiPpf1SA +GXizuf5OaMActFP0rZ0mogndLH5d51J2qqSfOtaWSA5qwlPvDSTn1nvJeHoVLfZf +kQHaB7/DaOPGsZCQBELPhYHwl7+Ej3HYE+siiaRfjC2NVgf8P/pAsTlKbe2e+34l +GwWSFol24w5xAmUezCF41JiZbqHoZhSh7s/PuJnK2RvhpjkrIot8GvxnbvOcKDIv +JzEKo3qPq8pc5RBkpP7Kp2+EgAYn1xAn0CekxZracW/MY+tg2mCeFucZW2V1iwVs +LpAw6GJnjYz5mbrQskPbrJ9t78JGUKQ0kL/VUTfryUHMHYCiJlvd +-----END CERTIFICATE----- diff --git a/deploy/docker/reverse_proxy/certs/localhost.key b/deploy/docker/reverse_proxy/certs/localhost.key new file mode 100644 index 0000000..c074d0e --- /dev/null +++ b/deploy/docker/reverse_proxy/certs/localhost.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA42zATAHOSCg76WR7CIpSfC9ioLniqV4JSD2GJ2qOjLN3ldYq +HWYgXtppIIaskZLEJx7wJuoCoaSm+yBfPDBtjvaXsXCYBcUc7k5tB+mYWGO3Z+wp +Ez0xMKj9TJSWK6GA/5D4E3NSie1NQLjQ1UezxHsgcbjPy6cHuoH/vMYra1+KUsHw +kOo9ORzba80Lg/VjGIbJjlubfvBCuugL3M8nxupqesX1j3RAke5uJuc9aqdm8rYe +QNaOnktiSfwi7MHJyzVwt3x4yNT1pPvaTB7KS+cYMNzdhtcXNPbMFMZIUQFE6xV0 ++s0X09p4TeOm7hRnwZ7cWndVh37TgOda1tCrQwIDAQABAoIBAQCmKKyOW7tlCNBN +AzbI1JbTWKOMnoM2DxhlCV5cqgOgVPcIKEL428bGxniMZRjr+vkJRBddtxdZFj1R +uSMbjJ5fF1dZMtQ/UvaCPhZ283p1CdXUPbz863ZnAPCf5Oea1RK0piw5ucYSM6h/ +owgg65Qx92uK6uYW+uAwqg440+ihNvnaZoVTx5CjZbL9KISkrlNJnuYiB5vzOD0i +UVklO5Qz8VCuOcOVGZCA2SxHm4HAbg/aiQnpaUa9de4TsZ4ygF66pZh77T0wNOos +sS1riKtHQpX+osJyoTI/rIKFAhycsZ+AA7Qpu6GW4xQlNS6K8vRiIbktwkC+IT0O +RSn8Dg7BAoGBAPe5R8SpgXx9jKdA1eFa/Vjx5bmB96r2MviIOIWF8rs2K33xe+rj +v+BZ2ZjdpVjcm2nRMf9r/eDq2ScNFWmKoZsUmdyT84Qq9yLcTSUdno+zCy+L0LNH +DqJq5jIxJaV7amHeR/w10BVuiDmzhSsTmhfnXTUGRO/h2PjRyC3yEYdxAoGBAOsF +2+gTsdOGlq6AVzW5MLZkreq8WCU2wWpZRiCPh6HJa8htuynYxO5AWUiNUbYKddj2 +0za9DFiXgH+Oo8wrkTYLEdN0T5/o+ScL5t3VG3m9R6pnuudLC2vmGQP0hNuZUpnF +7FzdJ85h6taR2bM1zFzOfl81K0BhTHGxTU2r70vzAoGAVXuLJ3LyqtnMKn72DzDN +0d6PTkdqBoW0qwyerHy/eRjFQ02MXE7BDJMUwmphv1tJCefVX/WNAwsnahFavTPI +dnJSccpgMtB8vXvV5yPkbmPzTTHrD6JKi4Nl8hYBjqwa1rDUmFSdfHfK7FZlcqrt +9qexAzYpnbmKnLoPYMNyhxECgYEAm5OCUeuPoL2MS7GLiXWwyFx3QFczZlcLzBGS +uYUpvLBwF/qDlhz3p9uS/tMFzyK3hktF4Ate+9o2ZroOtd31PzgusbJh7zIylGVt +i1VB3eGtaiFGeUuVIPTthE++Dvw80KxTXdnMOvNYmHduDBLF2H2c6/tvSSvfhbdf +u9XgD38CgYAiLcVySxMKNpsXatuC31wjT+rnaH22SD/7pXe2q6MRW/s+bGOspu0v +NeJSLoM98v8F99q0W0lgqesYJVI20Frru0DfXIp60ryaDolzve3Iwk8SOJUlcnUG +cCtmPUkjyr18QAlrcCB4PozJGjpPWyabaY8gGwo8wAEpJWHrIJlHew== +-----END RSA PRIVATE KEY----- diff --git a/deploy/docker/reverse_proxy/certs/mediacms.io.crt b/deploy/docker/reverse_proxy/certs/mediacms.io.crt deleted file mode 100644 index 767e5e6..0000000 --- a/deploy/docker/reverse_proxy/certs/mediacms.io.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICyTCCAbGgAwIBAgIJAPHG6VrZeH1/MA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV -BAMTC21lZGlhY21zLmlvMB4XDTIxMDExNjE1NDUzNVoXDTMxMDExNDE1NDUzNVow -FjEUMBIGA1UEAxMLbWVkaWFjbXMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC+xxnUwjoIZq8sTw2DYGgIYxQ5lJ8Uvt+z+K/PQpT5nFqd1jURF8Zd -a92TlJjM5aSKosavuPHbFNkA7rSnLvP+I+8qsNPoinEUlE12Spg4E7dQkOkvTGty -/amFq69o9vm46GpvwImTZ5AQkzejk0ARUuFSdq9ev4aA44IBYiV4c2jRqnP7LY4j -+SA/rt+9bNUTwQ6QWEHDTHmKePr91UTZBcDw/oaoaJwWFXuEVC7VjtDN09ZNjkdg -pI6PvQZVw2IlBHS4S+ol+G2k2ckSCLgOj+dZrndr8OGrlAb8wgsInLK54nHm6VRe -G883CJd/VlOQAulE26ZkzIdAIjJCwb+DAgMBAAGjGjAYMBYGA1UdEQQPMA2CC21l -ZGlhY21zLmlvMA0GCSqGSIb3DQEBBQUAA4IBAQBwxkTE5GBuFjcFsBzMqhePgC7W -INzoTmyMLJrNClFLkUKkDrwNmShLNhZUbMHeDD1W40aKYJCV44QhT04fK18HU/DW -RkprlJDI8WUnuY97zN6Ms9z/GwYDGNXGLh8I/SEMhfJ8cIQuofhvuyi/E4AdWRva -Hw1RSC8RikTZQ5Y84oJ44RfHNfK7xkaeurcm/Tn4Vxx4RgXA2MMoFA7XbT08vhKw -iiQ9u4QL1GP3Nm8cTDDA9OChhLl56k24MD3WJM2HFTFlE5S4hFRkEqzy4pI/BTU4 -S4fkXK88xDtB/kHlHgRQiNH+6ik8ZXXP1F56+vDLuR28nK3hRTpQwaRQ7dzC ------END CERTIFICATE----- diff --git a/deploy/docker/reverse_proxy/certs/mediacms.io.key b/deploy/docker/reverse_proxy/certs/mediacms.io.key deleted file mode 100644 index 1073f05..0000000 --- a/deploy/docker/reverse_proxy/certs/mediacms.io.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvscZ1MI6CGavLE8Ng2BoCGMUOZSfFL7fs/ivz0KU+ZxandY1 -ERfGXWvdk5SYzOWkiqLGr7jx2xTZAO60py7z/iPvKrDT6IpxFJRNdkqYOBO3UJDp -L0xrcv2phauvaPb5uOhqb8CJk2eQEJM3o5NAEVLhUnavXr+GgOOCAWIleHNo0apz -+y2OI/kgP67fvWzVE8EOkFhBw0x5inj6/dVE2QXA8P6GqGicFhV7hFQu1Y7QzdPW -TY5HYKSOj70GVcNiJQR0uEvqJfhtpNnJEgi4Do/nWa53a/Dhq5QG/MILCJyyueJx -5ulUXhvPNwiXf1ZTkALpRNumZMyHQCIyQsG/gwIDAQABAoIBAQCMauVTWOX3+wRi -G4l5skLAMZTYUNDKJzdmMtvMNFiMZI258Mk8XIBvkI4VKuFQppH2TJrrCbhSJUUX -z5p+FywVWYOWq3I9jXBv0jw1ne/uDmz1ysMnQhswFw5oSZahLm9drwtwV4mrSiWa -XZEtP5t/ZL5dwOeRWGz6fvnYZNHpldkyZDO8+ywB55P+XDfGyxUppMOWdbNV9wGo -Fg6ypUFWFEUD8Ou8xd5FT5QqrQ5ruZJDKcYhPTuK0/dRsMgAxB+Bhf8XH3ynUZp2 -+qMXcKyIQumq9r+/ulE/Yhnbh/E4hYBbThhnmPejNeSvWb7niYfL/fsPI8FLmtmi -z+Ab5IABAoGBAPb4rUP3rVDatzsf2jJSUXcMn9gAdf3ajbw+Z2CCf4j1wj1BTIM5 -5YmABJMS7D97H+a6Vn+SZd426UJYMlKPDnVOTXvvlzhP/TmiSFa8FW8Rjho9Rcnc -LDwnO48q0AJg3HslrjEUaDuWaNHJkqB5tGqzKgZCZxrqoNRYgufPwH+DAoGBAMXA -hr4KxwlcXYIwbM+Uj8eHnESwPWk2+cRwpv62u4ezctZrBCHgAHKvznG7VUeniQfj -P2MaGFz6Pvzw3cFRLKRVqJom5iXO6+H0EucusdqJY4xdWZt02ZweoJXZi9tiDGmG -fPOp3vUax4uGUS4LeSo+ZhPNfbfy9c8ZGQ7Z9cABAoGAA0oyvKoK8/3F3RLCjFMO -ZMCVTIJNEBGeO7i1FdMHMeLcMIazJzhZN2iuJutknD/en+sxhceEdd5TYx/bo7/m -GGfvnkwFvqlKHT9tKUKeInmgY/cW++Zj7HU1VOXkGXQC290Xoe28qbaKNOkze9HD -NnymfajayMABXnLDY6Uf0lMCgYBgVLIOn4dnuvPeOKK42ADWTOxF1aiEuYAgPlRL -Hk7qAvN9GfKQYeM1+whRBNW9KxKoof290/dsS4clhlwwEM/zWbrhJPPWFR95GYGf -1nJTJ7wzo0HEZb6fu5e0h54Gh5POT/JMbEKtGZd9Ezg2euZSOsVU/jQwyI0PjoVT -Y7/AAQKBgHEWxqZwJ3BE9gXRRGhKiPLNG9+OzwjrMiinN4s9Hol0STB1AqryswpU -9QL7Mb8SdxCDY2CseQRwT2VFiP10ElCuzZJ6Yk2cxzmrxAAhRWGHSIuNlnXTA6LR -AhIMLFLz+7KqBx8VHybkhZNCR1nPR9MicS9MpSEYTuRAnV2B1cuU ------END RSA PRIVATE KEY----- diff --git a/deploy/docker/start.sh b/deploy/docker/start.sh old mode 100644 new mode 100755 diff --git a/docker-compose-http-proxy.yaml b/docker-compose-http-proxy.yaml index 61ebd0e..7db3f1f 100644 --- a/docker-compose-http-proxy.yaml +++ b/docker-compose-http-proxy.yaml @@ -11,7 +11,7 @@ services: migrations: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -31,9 +31,7 @@ services: deploy: replicas: 1 volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_SHORT: 'no' @@ -45,7 +43,7 @@ services: celery_beat: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -59,9 +57,7 @@ services: deploy: replicas: 1 volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -72,7 +68,7 @@ services: db: image: postgres volumes: - - ./postgres_data/:/var/lib/postgresql/data/ + - ../postgres_data/:/var/lib/postgresql/data/ restart: always environment: POSTGRES_USER: mediacms diff --git a/docker-compose-https-proxy.yaml b/docker-compose-https-proxy.yaml index d80e553..76f84d0 100644 --- a/docker-compose-https-proxy.yaml +++ b/docker-compose-https-proxy.yaml @@ -8,12 +8,12 @@ services: - "443:443" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - - ./deploy/docker/reverse_proxy/certs:/etc/nginx/certs + - ./deploy/docker/reverse_proxy/certs/:/etc/nginx/certs/ - ./deploy/docker/reverse_proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro migrations: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -33,9 +33,7 @@ services: deploy: replicas: 1 volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_SHORT: 'no' @@ -47,7 +45,7 @@ services: celery_beat: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -61,9 +59,7 @@ services: deploy: replicas: 2 volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -74,7 +70,7 @@ services: db: image: postgres volumes: - - ./postgres_data/:/var/lib/postgresql/data/ + - ../postgres_data/:/var/lib/postgresql/data/ restart: always environment: POSTGRES_USER: mediacms diff --git a/docker-compose-named-volumes.yaml b/docker-compose-named-volumes.yaml index af116c2..fc22cd0 100644 --- a/docker-compose-named-volumes.yaml +++ b/docker-compose-named-volumes.yaml @@ -4,7 +4,7 @@ services: migrations: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -28,7 +28,7 @@ services: volumes: - media_store:/home/mediacms.io/mediacms/media_files/ - static_store:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py environment: ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_SHORT: 'no' @@ -39,7 +39,7 @@ services: celery_beat: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -51,11 +51,11 @@ services: celery_worker: image: mediacms:latest deploy: - replicas: 2 + replicas: 1 volumes: - media_store:/home/mediacms.io/mediacms/media_files/ - static_store:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -73,9 +73,9 @@ services: POSTGRES_PASSWORD: mediacms POSTGRES_DB: mediacms healthcheck: - test: ["CMD-SHELL", "pg_isready -U $mediacms"] - interval: 10s - timeout: 5s + test: ["CMD-SHELL", "pg_isready -U mediacms"] + interval: 30s + timeout: 10s retries: 5 redis: image: "redis:alpine" diff --git a/docker-compose.yaml b/docker-compose.yaml index 68e9cd5..a5d853d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -4,7 +4,7 @@ services: migrations: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -26,9 +26,7 @@ services: ports: - "80:80" volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_SHORT: 'no' @@ -39,7 +37,7 @@ services: celery_beat: image: mediacms:latest volumes: - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -53,9 +51,7 @@ services: deploy: replicas: 1 volumes: - - ./media_files/:/home/mediacms.io/mediacms/media_files/ - - ./static/:/home/mediacms.io/mediacms/static/ - - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py + - ./:/home/mediacms.io/mediacms/ environment: ENABLE_UWSGI: 'no' ENABLE_NGINX: 'no' @@ -66,7 +62,7 @@ services: db: image: postgres volumes: - - ./postgres_data:/var/lib/postgresql/data/ + - ../postgres_data:/var/lib/postgresql/data/ restart: always environment: POSTGRES_USER: mediacms diff --git a/docs/Docker_deployment.md b/docs/Docker_deployment.md index f8db7ea..551043f 100644 --- a/docs/Docker_deployment.md +++ b/docs/Docker_deployment.md @@ -9,9 +9,9 @@ The mediacms image is built to use supervisord as the main process, which manage * ENABLE_CELERY_LONG * ENABLE_MIGRATIONS -By default, all these services are enabled, but in order to create a scaleable deployment, some of them are disabled. +By default, all these services are enabled, but in order to create a scaleable deployment, some of them can be disabled, splitting the service up into smaller services. -Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings can also be overridden by updating the `deploy/docker/local_settings.py` file. +Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings, eg. `FRONTEND_HOST` can also be overridden by updating the `deploy/docker/local_settings.py` file. See example deployments in the sections below. These example deployments have been tested on `docker-compose version 1.27.4` running on `Docker version 19.03.13` @@ -23,15 +23,15 @@ The main container runs migrations, mediacms_web, celery_beat, celery_workers (c ## Advanced Deployment, accessed as http://localhost:8000 -Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST. +Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST. ## Advanced Deployment, with reverse proxy, accessed as http://mediacms.io Here we can use `jwilder/nginx-proxy` to reverse proxy to 1 or more instances of mediacms_web supported by other services as mentioned in the previous deployment. The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://mediacms.io, nginx-proxy has port 80 exposed. Clients can access the service on http://mediacms.io (Assuming DNS or the hosts file is setup correctly to point to the IP of the nginx-proxy instance). This is similar to [this deployment](../docker-compose-http-proxy.yaml). -## Advanced Deployment, with reverse proxy, accessed as https://mediacms.io +## Advanced Deployment, with reverse proxy, accessed as https://localhost -The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml). +The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy or [LetsEncrypt Example](https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/) ). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml). ## A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes) diff --git a/files/context_processors.py b/files/context_processors.py index ef550f1..d11aa1d 100644 --- a/files/context_processors.py +++ b/files/context_processors.py @@ -5,7 +5,7 @@ from .methods import is_mediacms_editor, is_mediacms_manager def stuff(request): """Pass settings to the frontend""" ret = {} - if request.is_secure() and settings.LOCAL_INSTALL: + if request.is_secure(): # in case session is https, pass this setting so # that the frontend uses https too ret["FRONTEND_HOST"] = settings.SSL_FRONTEND_HOST