From c362a228a534a825e5719faf1cecf1efd8fcf50c Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Thu, 25 Apr 2024 16:48:55 +0200 Subject: [PATCH 1/8] caddy image + Caddyfile updates --- Caddyfile | 33 +++++++++---------- docker-compose.yml | 79 +++++++++++++++++++++++----------------------- 2 files changed, 55 insertions(+), 57 deletions(-) diff --git a/Caddyfile b/Caddyfile index 49d03f690..d9b1b2f5f 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,29 +1,26 @@ {$DOMAIN_NAME} { - # HTTPS options: + tls {$TLS_EMAIL} - - # Test HTTPS setup - # tls {$TLS_EMAIL} { - # ca https://acme-staging-v02.api.letsencrypt.org/directory - # } - # Removing some headers for improved security: - header / -Server + header -Server # Serves static files, should be the same as `STATIC_ROOT` setting: - root /var/www/django - - # Serving dynamic requests: - proxy / django:8000 { - except /static /media - transparent - websocket + root * /var/www/django + file_server + + @noStatic { + not path /static/* + not path /media/* } + + # Serving dynamic requests: + reverse_proxy @noStatic django:8000 # Allows to use `.gz` files when available: - gzip + encode gzip # Logs: - log stdout - errors stdout + log { + output stdout + } } diff --git a/docker-compose.yml b/docker-compose.yml index 0b5c2c6ee..b35d8b0eb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,14 +4,15 @@ services: # Web Services #----------------------------------------------- caddy: - image: abiosoft/caddy:1.0.3 + image: caddy:latest env_file: .env environment: - ACME_AGREE=true volumes: - - ./Caddyfile:/etc/Caddyfile + - ./Caddyfile:/etc/caddy/Caddyfile - ./src/staticfiles:/var/www/django/static - - ./certs/caddy:/etc/caddycerts + - ./data:/data + - ./caddy_config:/config restart: unless-stopped ports: - 80:80 @@ -37,7 +38,7 @@ services: depends_on: - db - rabbit - - minio + # - minio stdin_open: true tty: true logging: @@ -50,42 +51,42 @@ services: # Minio local storage helper #----------------------------------------------- minio: - image: minio/minio:RELEASE.2020-10-03T02-19-42Z - command: server /export - volumes: - - ./var/minio:/export - restart: unless-stopped - ports: - - $MINIO_PORT:9000 - env_file: .env - healthcheck: - test: ["CMD", "nc", "-z", "minio", "9000"] - interval: 5s - retries: 5 + image: minio/minio:RELEASE.2020-10-03T02-19-42Z + command: server /export + volumes: + - ./var/minio:/export + restart: unless-stopped + ports: + - $MINIO_PORT:9000 + env_file: .env + healthcheck: + test: ["CMD", "nc", "-z", "minio", "9000"] + interval: 5s + retries: 5 createbuckets: - image: minio/mc - depends_on: - minio: - condition: service_healthy - env_file: .env - # volumes: - # This volume is shared with `minio`, so `z` to share it - # - ./var/minio:/export - entrypoint: > - /bin/sh -c " - set -x; - if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then - until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do - echo '...waiting...' && sleep 5; - done; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; - /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; - else - echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; - fi; - exit 0; - " + image: minio/mc + depends_on: + minio: + condition: service_healthy + env_file: .env + # volumes: + # This volume is shared with `minio`, so `z` to share it + # - ./var/minio:/export + entrypoint: > + /bin/sh -c " + set -x; + if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then + until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do + echo '...waiting...' && sleep 5; + done; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; + /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; + else + echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; + fi; + exit 0; + " #----------------------------------------------- # Local development helper, rebuilds RiotJS/Stylus on change From a0367c82358a6f296296d60e7fea638c4f73d69f Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Fri, 26 Apr 2024 10:56:03 +0200 Subject: [PATCH 2/8] Changed caddy image tag to 2.7.6 instead of latest (latest as of 26 avr 2024) --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index b35d8b0eb..dc8487ae7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: # Web Services #----------------------------------------------- caddy: - image: caddy:latest + image: caddy:2.7.6 env_file: .env environment: - ACME_AGREE=true From 38865ebab8a1608fe05b5cfa4c6dc1ae93ebf87a Mon Sep 17 00:00:00 2001 From: ObadaS Date: Fri, 26 Apr 2024 14:28:52 +0200 Subject: [PATCH 3/8] Removed unnecessary comment --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index dc8487ae7..07b0ff9be 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,7 +38,7 @@ services: depends_on: - db - rabbit - # - minio + - minio stdin_open: true tty: true logging: From 6bf6582b35ca9db9053f95ae693b418b33ce26df Mon Sep 17 00:00:00 2001 From: ObadaS Date: Fri, 26 Apr 2024 14:50:13 +0200 Subject: [PATCH 4/8] Changed caddy data folder to more relevent name + removed unecessary spaces hopefully --- docker-compose.yml | 72 +++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 07b0ff9be..bb01e3761 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,7 @@ services: volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ./src/staticfiles:/var/www/django/static - - ./data:/data + - ./caddy_data:/data - ./caddy_config:/config restart: unless-stopped ports: @@ -51,42 +51,42 @@ services: # Minio local storage helper #----------------------------------------------- minio: - image: minio/minio:RELEASE.2020-10-03T02-19-42Z - command: server /export - volumes: - - ./var/minio:/export - restart: unless-stopped - ports: - - $MINIO_PORT:9000 - env_file: .env - healthcheck: - test: ["CMD", "nc", "-z", "minio", "9000"] - interval: 5s - retries: 5 + image: minio/minio:RELEASE.2020-10-03T02-19-42Z + command: server /export + volumes: + - ./var/minio:/export + restart: unless-stopped + ports: + - $MINIO_PORT:9000 + env_file: .env + healthcheck: + test: ["CMD", "nc", "-z", "minio", "9000"] + interval: 5s + retries: 5 createbuckets: - image: minio/mc - depends_on: - minio: - condition: service_healthy - env_file: .env - # volumes: - # This volume is shared with `minio`, so `z` to share it - # - ./var/minio:/export - entrypoint: > - /bin/sh -c " - set -x; - if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then - until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do - echo '...waiting...' && sleep 5; - done; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; - /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; - else - echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; - fi; - exit 0; - " + image: minio/mc + depends_on: + minio: + condition: service_healthy + env_file: .env + # volumes: + # This volume is shared with `minio`, so `z` to share it + # - ./var/minio:/export + entrypoint: > + /bin/sh -c " + set -x; + if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then + until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do + echo '...waiting...' && sleep 5; + done; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; + /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; + else + echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; + fi; + exit 0; + " #----------------------------------------------- # Local development helper, rebuilds RiotJS/Stylus on change From e192d7c84e91e26aad56c2ef52caf953912e4093 Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Thu, 25 Apr 2024 16:48:55 +0200 Subject: [PATCH 5/8] caddy image + Caddyfile updates --- Caddyfile | 33 +++++++++---------- docker-compose.yml | 79 +++++++++++++++++++++++----------------------- 2 files changed, 55 insertions(+), 57 deletions(-) diff --git a/Caddyfile b/Caddyfile index 49d03f690..d9b1b2f5f 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,29 +1,26 @@ {$DOMAIN_NAME} { - # HTTPS options: + tls {$TLS_EMAIL} - - # Test HTTPS setup - # tls {$TLS_EMAIL} { - # ca https://acme-staging-v02.api.letsencrypt.org/directory - # } - # Removing some headers for improved security: - header / -Server + header -Server # Serves static files, should be the same as `STATIC_ROOT` setting: - root /var/www/django - - # Serving dynamic requests: - proxy / django:8000 { - except /static /media - transparent - websocket + root * /var/www/django + file_server + + @noStatic { + not path /static/* + not path /media/* } + + # Serving dynamic requests: + reverse_proxy @noStatic django:8000 # Allows to use `.gz` files when available: - gzip + encode gzip # Logs: - log stdout - errors stdout + log { + output stdout + } } diff --git a/docker-compose.yml b/docker-compose.yml index 08e7a5c84..7f8d88a3c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,14 +4,15 @@ services: # Web Services #----------------------------------------------- caddy: - image: abiosoft/caddy:1.0.3 + image: caddy:latest env_file: .env environment: - ACME_AGREE=true volumes: - - ./Caddyfile:/etc/Caddyfile + - ./Caddyfile:/etc/caddy/Caddyfile - ./src/staticfiles:/var/www/django/static - - ./certs/caddy:/etc/caddycerts + - ./data:/data + - ./caddy_config:/config restart: unless-stopped ports: - 80:80 @@ -37,7 +38,7 @@ services: depends_on: - db - rabbit - - minio + # - minio stdin_open: true tty: true logging: @@ -50,42 +51,42 @@ services: # Minio local storage helper #----------------------------------------------- minio: - image: minio/minio:RELEASE.2020-10-03T02-19-42Z - command: server /export - volumes: - - ./var/minio:/export - restart: unless-stopped - ports: - - $MINIO_PORT:9000 - env_file: .env - healthcheck: - test: ["CMD", "nc", "-z", "minio", "9000"] - interval: 5s - retries: 5 + image: minio/minio:RELEASE.2020-10-03T02-19-42Z + command: server /export + volumes: + - ./var/minio:/export + restart: unless-stopped + ports: + - $MINIO_PORT:9000 + env_file: .env + healthcheck: + test: ["CMD", "nc", "-z", "minio", "9000"] + interval: 5s + retries: 5 createbuckets: - image: minio/mc - depends_on: - minio: - condition: service_healthy - env_file: .env - # volumes: - # This volume is shared with `minio`, so `z` to share it - # - ./var/minio:/export - entrypoint: > - /bin/sh -c " - set -x; - if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then - until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do - echo '...waiting...' && sleep 5; - done; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; - /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; - else - echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; - fi; - exit 0; - " + image: minio/mc + depends_on: + minio: + condition: service_healthy + env_file: .env + # volumes: + # This volume is shared with `minio`, so `z` to share it + # - ./var/minio:/export + entrypoint: > + /bin/sh -c " + set -x; + if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then + until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do + echo '...waiting...' && sleep 5; + done; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; + /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; + else + echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; + fi; + exit 0; + " #----------------------------------------------- # Local development helper, rebuilds RiotJS/Stylus on change From 7c6fe2ee2a3ce669396ffc53721fce7aee11052a Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Mon, 29 Apr 2024 15:00:11 +0200 Subject: [PATCH 6/8] Better caddy console format + re-removed unecessary spaces in docker-compose.yml --- Caddyfile | 11 ++++++- docker-compose.yml | 74 +++++++++++++++++++++++----------------------- 2 files changed, 47 insertions(+), 38 deletions(-) diff --git a/Caddyfile b/Caddyfile index d9b1b2f5f..8b31649fb 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,6 +1,14 @@ {$DOMAIN_NAME} { - + # HTTPS Options tls {$TLS_EMAIL} + + + # Test HTTPS setup + # tls {$TLS_EMAIL} { + # ca https://acme-staging-v02.api.letsencrypt.org/directory + # } + + # Removing some headers for improved security: header -Server @@ -22,5 +30,6 @@ # Logs: log { output stdout + format console } } diff --git a/docker-compose.yml b/docker-compose.yml index d664acf7b..c984f964a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: environment: - ACME_AGREE=true volumes: - - ./Caddyfile:/etc/caddy/Caddyfile + - ./Caddyfile:/etc/caddy/Caddyfile - ./src/staticfiles:/var/www/django/static - ./caddy_data:/data - ./caddy_config:/config @@ -38,7 +38,7 @@ services: depends_on: - db - rabbit - # - minio + - minio stdin_open: true tty: true logging: @@ -51,42 +51,42 @@ services: # Minio local storage helper #----------------------------------------------- minio: - image: minio/minio:RELEASE.2020-10-03T02-19-42Z - command: server /export - volumes: - - ./var/minio:/export - restart: unless-stopped - ports: - - $MINIO_PORT:9000 - env_file: .env - healthcheck: - test: ["CMD", "nc", "-z", "minio", "9000"] - interval: 5s - retries: 5 + image: minio/minio:RELEASE.2020-10-03T02-19-42Z + command: server /export + volumes: + - ./var/minio:/export + restart: unless-stopped + ports: + - $MINIO_PORT:9000 + env_file: .env + healthcheck: + test: ["CMD", "nc", "-z", "minio", "9000"] + interval: 5s + retries: 5 createbuckets: - image: minio/mc - depends_on: - minio: - condition: service_healthy - env_file: .env - # volumes: - # This volume is shared with `minio`, so `z` to share it - # - ./var/minio:/export - entrypoint: > - /bin/sh -c " - set -x; - if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then - until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do - echo '...waiting...' && sleep 5; - done; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; - /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; - /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; - else - echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; - fi; - exit 0; - " + image: minio/mc + depends_on: + minio: + condition: service_healthy + env_file: .env + # volumes: + # This volume is shared with `minio`, so `z` to share it + # - ./var/minio:/export + entrypoint: > + /bin/sh -c " + set -x; + if [ -n \"$MINIO_ACCESS_KEY\" ] && [ -n \"$MINIO_SECRET_KEY\" ] && [ -n \"$MINIO_PORT\" ]; then + until /usr/bin/mc config host add minio_docker http://minio:$MINIO_PORT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && break; do + echo '...waiting...' && sleep 5; + done; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_BUCKET_NAME already exists.'; + /usr/bin/mc mb minio_docker/$AWS_STORAGE_PRIVATE_BUCKET_NAME || echo 'Bucket $AWS_STORAGE_PRIVATE_BUCKET_NAME already exists.'; + /usr/bin/mc anonymous set download minio_docker/$AWS_STORAGE_BUCKET_NAME; + else + echo 'MINIO_ACCESS_KEY, MINIO_SECRET_KEY, or MINIO_PORT are not defined. Skipping buckets creation.'; + fi; + exit 0; + " #----------------------------------------------- # Local development helper, rebuilds RiotJS/Stylus on change From be85072e60b87199b5bbdb19dbbe7edb2602df42 Mon Sep 17 00:00:00 2001 From: Obada Haddad Date: Mon, 27 May 2024 09:23:04 +0200 Subject: [PATCH 7/8] Commented the tls directive --- Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Caddyfile b/Caddyfile index 8b31649fb..76463d738 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,6 +1,6 @@ {$DOMAIN_NAME} { # HTTPS Options - tls {$TLS_EMAIL} + #tls {$TLS_EMAIL} # Test HTTPS setup From 52c96e65e2d0c1f2b3905c0dc3763583b5d8c20f Mon Sep 17 00:00:00 2001 From: didayolo Date: Tue, 28 May 2024 14:22:56 +0200 Subject: [PATCH 8/8] Uncomment TLS_EMAIL so it is more robust --- .env_sample | 2 +- Caddyfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.env_sample b/.env_sample index 26c9337bd..b3f62d157 100644 --- a/.env_sample +++ b/.env_sample @@ -16,8 +16,8 @@ MAX_EXECUTION_TIME_LIMIT=600 # time limit for the default queue (in seconds) DOMAIN_NAME=localhost:80 # SSL style domain definition +TLS_EMAIL=your@email.com # DOMAIN_NAME=example.com:443 -# TLS_EMAIL=your@email.com RABBITMQ_HOST=rabbit RABBITMQ_DEFAULT_USER=rabbit-username diff --git a/Caddyfile b/Caddyfile index 76463d738..8b31649fb 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,6 +1,6 @@ {$DOMAIN_NAME} { # HTTPS Options - #tls {$TLS_EMAIL} + tls {$TLS_EMAIL} # Test HTTPS setup