Update configuration for deployment

healthsites · Sep 22, 2017 · cb5ab0c · cb5ab0c
1 parent 3504571
commit cb5ab0c
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 49 deletions.
diff --git a/django_project/Dockerfile b/django_project/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:2.7-alpine
+FROM python:2.7-slim
 
 ENV PYTHONUNBUFFERED 1
 
@@ -7,9 +7,11 @@ RUN mkdir /project
 WORKDIR /project
 ADD . /project
 
-RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories \
-    && apk --no-cache add gdal libpq postgresql-dev build-base python-dev geos musl-dev linux-headers git \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends libpq-dev build-essential gdal-bin netcat \
     && pip install --no-cache-dir -r /project/REQUIREMENTS-dev.txt \
-    && apk --no-cache del postgresql-dev build-base python-dev musl-dev linux-headers
+    && apt-get remove -y build-essential \
+    && apt-get autoremove -y \
+    && rm -rf /var/lib/apt/lists/*
 
 RUN mkdir -p /project/static && python manage.py collectstatic -c --noinput
diff --git a/django_project/core/settings/base.py b/django_project/core/settings/base.py
@@ -149,6 +149,4 @@
     }
 }
 
-GDAL_LIBRARY_PATH = '/usr/lib/libgdal.so.20'
-
 GEOS_LIBRARY_PATH = '/usr/lib/libgeos_c.so.1'
diff --git a/django_project/core/settings/utils.py b/django_project/core/settings/utils.py
@@ -26,12 +26,13 @@ def ensure_secret_key_file():
     If not, creates one with a random generated SECRET_KEY setting."""
 
     secret_path = ABS_PATH('core', 'settings', 'secret.py')
+    secret_file = os.environ.get('SECRET_FILE', 'secret.py')
 
-    if os.path.exists('/run/secrets/secret.py'):
+    if os.path.exists('/run/secrets/{}'.format(secret_file)):
         with open(secret_path, 'w') as f:
             py_script = [
                 'import imp\n',
-                'imp.load_source(\'tmp_secret\', \'/run/secrets/secret.py\')\n',
+                'imp.load_source(\'tmp_secret\', \'/run/secrets/{}\')\n'.format(secret_file),
                 'from tmp_secret import *\n'
             ]
             f.writelines(py_script)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -4,17 +4,16 @@ services:
   web:
     image: healthsites/web
     command: ./utils/wait-for.sh db:5432 -- uwsgi --http-socket :8000 --workers 1 --static-map /static=./static/ --offload-threads --master --module core.wsgi:application
-    ports:
-      - "8000"
     environment:
       - DJANGO_SETTINGS_MODULE=core.settings.prod
+      - SECRET_FILE=hs-secret.py
     secrets:
-      - secret.py
+      - hs-secret.py
     depends_on:
       - db
       - rabbitmq
     networks:
-      - core-infra
+      - hs-stag-infra
     volumes:
       - ./media:/data/media
       - ./cache:/data/cache
@@ -27,13 +26,14 @@ services:
     command: ./utils/wait-for.sh db:5432 -- celery worker -A localities -l info -c 1
     environment:
       - DJANGO_SETTINGS_MODULE=core.settings.prod
+      - SECRET_FILE=hs-secret.py
     secrets:
-      - secret.py
+      - hs-secret.py
     depends_on:
       - db
       - rabbitmq
     networks:
-      - core-infra
+      - hs-stag-infra
     volumes:
       - ./media:/data/media
       - ./cache:/data/cache
@@ -46,13 +46,14 @@ services:
     command: celery beat -A localities -l info
     environment:
       - DJANGO_SETTINGS_MODULE=core.settings.prod
+      - SECRET_FILE=hs-secret.py
     secrets:
-      - secret.py
+      - hs-secret.py
     depends_on:
       - db
       - rabbitmq
     networks:
-      - core-infra
+      - hs-stag-infra
     deploy:
       replicas: 1
 
@@ -63,7 +64,7 @@ services:
       - maildomain=healthsites.io
       - smtp_user=noreply:docker
     networks:
-      - core-infra
+      - hs-stag-infra
     deploy:
       replicas: 1
 
@@ -72,7 +73,7 @@ services:
     environment:
       - RABBITMQ_NODENAME=rabbitmq
     networks:
-      - core-infra
+      - hs-stag-infra
     deploy:
       replicas: 1
 
@@ -84,38 +85,30 @@ services:
       - POSTGERS_PASSWORD=docker
       - POSTGRES_DB=base_db
     networks:
-      - core-infra
+      - hs-stag-infra
     volumes:
       - ./pg_data:/var/lib/postgresql/data
     deploy:
       replicas: 1
 
 
   nginx:
-    image: healthsites/nginx
+    image: nginx:alpine
     deploy:
       replicas: 1
-    secrets:
-      - site.crt
-      - site.key
     ports:
-      - "80:80"
-      - "443:443"
+      - "80"
     networks:
-      - core-infra
+      - hs-stag-infra
     volumes:
       - ./media:/data/media
-
+      - ./hs-nginx:/etc/nginx/conf.d
 
 secrets:
-  site.crt:
-    external: true
-  site.key:
-    external: true
-  secret.py:
+  hs-secret.py:
     external: true
 
 
 networks:
-  core-infra:
+  hs-stag-infra:
     external: true
diff --git a/hs-nginx/Dockerfile b/hs-nginx/Dockerfile
diff --git a/hs-nginx/healthsites.conf b/hs-nginx/healthsites.conf
@@ -5,18 +5,11 @@ upstream healthsites {
 
 server {
 
-    listen 443 ssl;
-    server_name staging.healthsites.io 78.46.21.10;
+    listen 80;
+    server_name staging.healthsites.io;
 
     charset     utf-8;
 
-    ssl on;
-    ssl_certificate /run/secrets/site.crt;
-    ssl_certificate_key /run/secrets/site.key;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
     # OTF gzip compression
     gzip on;
     gzip_min_length 860;
@@ -56,7 +49,5 @@ server {
 }
 
 server {
-      listen 80;
-      server_name staging.healthsites.io;
       return 301 https://$host$request_uri;
 }