Merge pull request #720 from bcj/bcj/reverse-proxy

Add instructions for handling port conflicts
This commit is contained in:
Mouse Reeve 2021-03-13 09:57:13 -08:00 committed by GitHub
commit 59cc5c112f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 115 additions and 8 deletions

View file

@ -23,9 +23,10 @@ POSTGRES_USER=fedireads
POSTGRES_DB=fedireads
POSTGRES_HOST=db
REDIS_PORT=6379
REDIS_PASSWORD=redispassword123
CELERY_BROKER=redis://:${REDIS_PASSWORD}@redis:6379/0
CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:6379/0
CELERY_BROKER=redis://:${REDIS_PASSWORD}@redis:${REDIS_PORT}/0
CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:${REDIS_PORT}/0
FLOWER_PORT=8888
FLOWER_USER=mouse

View file

@ -169,8 +169,11 @@ Instructions for running BookWyrm in production:
- Set a secure database password for postgres
- Update your nginx configuration in `nginx/default.conf`
- Replace `your-domain.com` with your domain name
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
- Run the application (this should also set up a Certbot ssl cert for your domain) with
`docker-compose up --build`, and make sure all the images build successfully
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
- When docker has built successfully, stop the process with `CTRL-C`
- Comment out the `command: certonly...` line in `docker-compose.yml`
- Run docker-compose in the background with: `docker-compose up -d`
@ -206,14 +209,94 @@ Whenever a user interacts with a book, they are interacting with a specific edit
### Backups
Bookwyrm's db service dumps a backup copy of its database to its `/backups` directory daily at midnight UTC.
BookWyrm's db service dumps a backup copy of its database to its `/backups` directory daily at midnight UTC.
Backups are named `backup__%Y-%m-%d.sql`.
The db service has an optional script for periodically pruning the backups directory so that all recent daily backups are kept, but for older backups, only weekly or monthly backups are kept.
To enable this script:
- Uncomment the final line in `postgres-docker/cronfile`
- rebuild your instance `docker-compose up --build`
- Uncomment the final line in `postgres-docker/cronfile`
- rebuild your instance `docker-compose up --build`
You can copy backups from the backups volume to your host machine with `docker cp`:
- Run `docker-compose ps` to confirm the db service's full name (it's probably `bookwyrm_db_1`.
- Run `docker cp <container_name>:/backups <host machine path>
- Run `docker-compose ps` to confirm the db service's full name (it's probably `bookwyrm_db_1`.
- Run `docker cp <container_name>:/backups <host machine path>`
### Port Conflicts
BookWyrm has multiple services that run on their default ports.
This means that, depending on what else you are running on your host machine, you may run into errors when building or running BookWyrm when attempts to bind to those ports fail.
If this occurs, you will need to change your configuration to run services on different ports.
This may require one or more changes the following files:
- `docker-compose.yml`
- `nginx/default.conf`
- `.env` (You create this file yourself during setup)
E.g., If you need Redis to run on a different port:
- In `docker-compose.yml`:
- In `services` -> `redis` -> `command`, add `--port YOUR_PORT` to the command
- In `services` -> `redis` -> `ports`, change `6379:6379` to your port
- In `.env`, update `REDIS_PORT`
If you are already running a web-server on your machine, you will need to set up a reverse-proxy.
#### Running BookWyrm Behind a Reverse-Proxy
If you are running another web-server on your machine, you should have it handle proxying web requests to BookWyrm.
The default BookWyrm configuration already has an nginx server that proxies requests to the django app that handles SSL and directly serves static files.
The static files are stored in a Docker volume that several BookWyrm services access, so it is not recommended to remove this server completely.
To run BookWyrm behind a reverse-proxy, make the following changes:
- In `nginx/default.conf`:
- Comment out the two default servers
- Uncomment the server labeled Reverse-Proxy server
- Replace `your-domain.com` with your domain name
- In `docker-compose.yml`:
- In `services` -> `nginx` -> `ports`, comment out the default ports and add `- 8001:8001`
- In `services` -> `nginx` -> `volumes`, comment out the two volumes that begin `./certbot/`
- In `services`, comment out the `certbot` service
At this point, you can follow, the [setup](#server-setup) instructions as listed.
Once docker is running, you can access your BookWyrm instance at `http://localhost:8001` (**NOTE:** your server is not accessible over `https`).
Steps for setting up a reverse-proxy are server dependent.
##### Nginx
Before you can set up nginx, you will need to locate your nginx configuration directory, which is dependent on your platform and how you installed nginx.
See [nginx's guide](http://nginx.org/en/docs/beginners_guide.html) for details.
To set up your server:
- In you `nginx.conf` file, ensure that `include servers/*;` isn't commented out.
- In your nginx `servers` directory, create a new file named after your domain containing the following information:
```nginx
server {
server_name your-domain.com www.your-domain.com;
location / {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location /images/ {
proxy_pass http://localhost:8001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location /static/ {
proxy_pass http://localhost:8001;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
listen [::]:80 ssl;
listen 80 ssl;
}
```
- run `sudo certbot run --nginx --email YOUR_EMAIL -d your-domain.com -d www.your-domain.com`
- restart nginx
If everything worked correctly, your BookWyrm instance should now be externally accessible.

View file

@ -47,3 +47,26 @@ server {
alias /app/static/;
}
}
# Reverse-Proxy server
# server {
# listen [::]:8001;
# listen 8001;
# server_name your-domain.com www.your-domain.com;
# location / {
# proxy_pass http://web;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
# }
# location /images/ {
# alias /app/images/;
# }
# location /static/ {
# alias /app/static/;
# }
# }