Skip to content

Commit

Permalink
reorganize docker compose for multiple Dockerfile files
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeromecc
jeromecc committed Aug 16, 2019
1 parent ab2519a commit 95b79d9
Show file tree
Hide file tree
Showing 7 changed files with 185 additions and 42 deletions.
4 changes: 4 additions & 0 deletions config/production/nginx/default.conf
View file
Expand Up @@ -22,6 +22,10 @@ server {
autoindex on;
alias /var/opt/doctocnet/media/;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt;
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
Expand Down
12 changes: 8 additions & 4 deletions docker-compose.override.yml
View file
Expand Up @@ -5,17 +5,21 @@ services:
restart: always
env_file:
- .env
image: doctocnet_docker_img
build: .
build:
context: .
dockerfile: ./docker/django/Dockerfile
image: django:doctocnet
command: bash -c "python manage.py makemigrations --noinput && python manage.py migrate --noinput && python manage.py collectstatic --noinput && python manage.py runserver 0.0.0.0:8000"
volumes:
- ./src:/code/src
- ${STATIC_ROOT}:${STATIC_ROOT}
- ${MEDIA_ROOT}:${MEDIA_ROOT}
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- ${GNUPGHOME}:${GNUPGHOME}
links:
- redis:redis
depends_on:
- redis
- database
- celery_celery_worker
ports:
- "8007:8000"
working_dir: /code/src
35 changes: 26 additions & 9 deletions docker-compose.prod.yml
View file
Expand Up @@ -5,8 +5,7 @@ services:
restart: always
env_file:
- .env
image: doctocnet_docker_img
build: .
image: django:doctocnet
command: bash -c "python manage.py migrate --noinput && python manage.py collectstatic --noinput && gunicorn doctocnet.wsgi:application --workers=${GUNICORN_WORKERS} --log-file=${GUNICORN_LOG_FILE} --log-level=${GUNICORN_LOG_LEVEL} --bind 0.0.0.0:80"
volumes:
- ./src:/code/src
Expand All @@ -15,8 +14,9 @@ services:
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- ${GUNICORN_LOG_FILE}:${GUNICORN_LOG_FILE}
- ${GNUPGHOME}:${GNUPGHOME}
links:
- redis:redis
depends_on:
- database
- redis
working_dir: /code/src
nginx:
restart: always
Expand All @@ -29,12 +29,29 @@ services:
- ${STATIC_ROOT}:${STATIC_ROOT}
- ${MEDIA_ROOT}:${MEDIA_ROOT}
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- /var/log/nginx:/var/log/nginx
- /etc/letsencrypt:/etc/letsencrypt
- ${NGINX_LOG_DIR}:/var/log/nginx
- ${LETSENCRYPT_CONF}:/etc/letsencrypt
- ${LETSENCRYPT_WWW}:/tmp/letsencrypt
depends_on:
- django
links:
- django
ports:
- "80:80"
- "443:443"
- "443:443"
letsencrypt:
restart: always
build: ./docker/letsencrypt
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- ${LETSENCRYPT_CONF}:/etc/letsencrypt
- ${LETSENCRYPT_WWW}:/tmp/letsencrypt
depends_on:
- nginx
environment:
- DOMAINS=${DOMAINS}
- EMAIL=${EMAIL}
- WEBROOT_PATH=/tmp/letsencrypt
- EXP_LIMIT=30
- CHECK_FREQ=${CHECK_FREQ}
- CHICKENEGG=${CHICKENEGG}
- STAGING=${STAGING}
44 changes: 15 additions & 29 deletions docker-compose.yml
View file
@@ -1,25 +1,12 @@
version: '3'

services:
django:
restart: always
env_file:
- .env
image: doctocnet_docker_img
build: .
command: bash -c "python manage.py migrate --noinput && python manage.py collectstatic --noinput && python manage.py runserver 0.0.0.0:8000"
volumes:
- ./src:/code/src
- ${STATIC_ROOT}:${STATIC_ROOT}
- ${MEDIA_ROOT}:${MEDIA_ROOT}
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- ${GNUPGHOME}:${GNUPGHOME}
links:
- redis:redis
depends_on:
- redis
- celery_celery_worker
working_dir: /code/src

database:
restart: always
image: postgres:10.5
volumes:
- "${DATABASE_DATA_DIR}:/var/lib/postgresql/data"
redis:
restart: always
image: redis:latest
Expand All @@ -31,7 +18,7 @@ services:
restart: always
env_file:
- .env
image: doctocnet_docker_img
image: django:doctocnet
command: bash -c "celery --app=${CELERY_APP} worker -Q retweet --concurrency=2 -n retweet_worker@%n --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE}"
volumes:
- ./src:/code/src
Expand All @@ -41,14 +28,12 @@ services:
- ${celery_base_dir}:${celery_base_dir}
depends_on:
- redis
links:
- redis
working_dir: /code/src
celery_tree_worker:
restart: always
env_file:
- .env
image: doctocnet_docker_img
image: django:doctocnet
command: bash -c "celery --app=${CELERY_APP} worker -Q tree --concurrency=2 -n tree_worker@%n --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE}"
volumes:
- ./src:/code/src
Expand All @@ -65,7 +50,7 @@ services:
restart: always
env_file:
- .env
image: doctocnet_docker_img
image: django:doctocnet
command: bash -c "celery --app=${CELERY_APP} worker -Q celery --concurrency=2 -n celery_worker@%n --loglevel=${CELERYD_LOG_LEVEL} --logfile=${CELERYD_LOG_FILE}"
volumes:
- ./src:/code/src
Expand All @@ -82,7 +67,7 @@ services:
restart: always
env_file:
- .env
image: doctocnet_docker_img
image: django:doctocnet
command: celery -A ${PROJECT} beat -l debug --scheduler django_celery_beat.schedulers:DatabaseScheduler --pidfile=
volumes:
- ./src:/code/src
Expand All @@ -91,25 +76,26 @@ services:
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- ${celery_base_dir}:${celery_base_dir}
depends_on:
- database
- redis
- celery_retweet_worker
- celery_tree_worker
- celery_celery_worker
links:
- redis
working_dir: /code/src
stream:
restart: always
env_file:
- .env
image: doctocnet_docker_img
image: django:doctocnet
command: bash -c "python manage.py run_bot_stream --settings=settings"
volumes:
- ./src:/code/src
- ${STATIC_ROOT}:${STATIC_ROOT}
- ${MEDIA_ROOT}:${MEDIA_ROOT}
- ${BOT_IMAGES_PATH}:${BOT_IMAGES_PATH}
- ${celery_base_dir}:${celery_base_dir}
links:
depends_on:
- redis
- database
- celery_retweet_worker
working_dir: /code/src
0 Dockerfile → docker/django/Dockerfile
View file
File renamed without changes.
8 changes: 8 additions & 0 deletions docker/letsencrypt/Dockerfile
View file
@@ -0,0 +1,8 @@
FROM certbot/certbot
MAINTAINER jerome <jerome4@jerome.cc>

RUN apk add docker

ADD start.sh /bin/start.sh

ENTRYPOINT [ "/bin/start.sh" ]
124 changes: 124 additions & 0 deletions docker/letsencrypt/start.sh
View file
@@ -0,0 +1,124 @@
#!/bin/bash

if [ -z "$DOMAINS" ] ; then
echo "No domains set, please fill -e 'DOMAINS=example.com www.example.com'"
exit 1
fi

if [ -z "$EMAIL" ] ; then
echo "No email set, please fill -e 'EMAIL=your@email.tld'"
exit 1
fi

if [ -z "$WEBROOT_PATH" ] ; then
echo "No webroot path set, please fill -e 'WEBROOT_PATH=/tmp/letsencrypt'"
exit 1
fi

if [[ -z $STAGING ]]; then
echo "Using the staging environment"
ADDITIONAL="--staging"
fi

DARRAYS=(${DOMAINS})
EMAIL_ADDRESS=${EMAIL}
LE_DOMAINS=("${DARRAYS[*]/#/-d }")

exp_limit="${EXP_LIMIT:-30}"
check_freq="${CHECK_FREQ:-30}"

le_hook() {
all_links=($(env | grep -oP '^[0-9A-Z_-]+(?=_ENV_LE_RENEW_HOOK)'))
compose_links=($(env | grep -oP '^[0-9A-Z]+_[a-zA-Z0-9_.-]+_[0-9]+(?=_ENV_LE_RENEW_HOOK)'))

except_links=($(
for link in ${compose_links[@]}; do
compose_project=$(echo $link | cut -f1 -d"_")
compose_name=$(echo $link | cut -f2- -d"_" | sed 's/_[^_]*$//g')
compose_instance=$(echo $link | grep -o '[^_]*$')
echo ${compose_name}_${compose_instance}
echo ${compose_name}
done
))

containers=($(
for link in ${all_links[@]}; do
[[ " ${except_links[@]} " =~ " ${link} " ]] || echo $link
done
))

for container in ${containers[@]}; do
command=$(eval echo \$${container}_ENV_LE_RENEW_HOOK)
command=$(echo $command | sed "s/@CONTAINER_NAME@/${container,,}/g")
echo "[INFO] Run: $command"
eval $command
done
}

le_fixpermissions() {
echo "[INFO] Fixing permissions"
chown -R ${CHOWN:-root:root} /etc/letsencrypt
find /etc/letsencrypt -type d -exec chmod 755 {} \;
find /etc/letsencrypt -type f -exec chmod ${CHMOD:-644} {} \;
}

le_renew() {
certbot certonly --webroot --agree-tos --renew-by-default --text ${ADDITIONAL} --email ${EMAIL_ADDRESS} -w ${WEBROOT_PATH} ${LE_DOMAINS}
le_fixpermissions
le_hook
}

le_check() {
cert_file="/etc/letsencrypt/live/$DARRAYS/fullchain.pem"

if [ -f $cert_file ]; then

exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$[ ( $exp - $datenow ) / 86400 ]

echo "Checking expiration date for $DARRAYS..."

if [ "$days_exp" -gt "$exp_limit" ] ; then
echo "The certificate is up to date, no need for renewal ($days_exp days left)."
else
echo "The certificate for $DARRAYS is about to expire soon. Starting webroot renewal script..."
le_renew
echo "Renewal process finished for domain $DARRAYS"
fi

echo "Checking domains for $DARRAYS..."

domains=($(openssl x509 -in $cert_file -text -noout | grep -oP '(?<=DNS:)[^,]*'))
new_domains=($(
for domain in ${DARRAYS[@]}; do
[[ " ${domains[@]} " =~ " ${domain} " ]] || echo $domain
done
))

if [ -z "$new_domains" ] ; then
echo "The certificate have no changes, no need for renewal"
else
echo "The list of domains for $DARRAYS certificate has been changed. Starting webroot renewal script..."
le_renew
echo "Renewal process finished for domain $DARRAYS"
fi


else
echo "[INFO] certificate file not found for domain $DARRAYS. Starting webroot initial certificate request script..."
if [[ -z $CHICKENEGG ]]; then
echo "Making a temporary self signed certificate to prevent chicken and egg problems"
openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout "/etc/letsencrypt/live/$DARRAYS/privkey.pem" -out "${cert_file}" -subj "/CN=example.com" -days 1
fi
le_renew
echo "Certificate request process finished for domain $DARRAYS"
fi

if [ "$1" != "once" ]; then
sleep ${check_freq}d
le_check
fi
}

le_check $1

0 comments on commit 95b79d9

Please sign in to comment.