mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-22 01:21:07 +00:00
Easier to deploy by avoiding merge conflicts in production
This commit is contained in:
parent
32e2bea52c
commit
d38efa9a9d
9 changed files with 186 additions and 14 deletions
|
@ -5,6 +5,7 @@ SECRET_KEY="7(2w1sedok=aznpq)ta1mc4i%4h=xx@hxwx*o57ctsuml0x%fr"
|
|||
DEBUG=true
|
||||
|
||||
DOMAIN=your.domain.here
|
||||
#EMAIL=your@email.here
|
||||
|
||||
## Leave unset to allow all hosts
|
||||
# ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
|
||||
|
@ -26,14 +27,24 @@ POSTGRES_HOST=db
|
|||
MAX_STREAM_LENGTH=200
|
||||
REDIS_ACTIVITY_HOST=redis_activity
|
||||
REDIS_ACTIVITY_PORT=6379
|
||||
#REDIS_ACTIVITY_PASSWORD=redispassword345
|
||||
|
||||
# Celery config with redis broker
|
||||
# Redis as celery broker
|
||||
#REDIS_BROKER_PORT=6379
|
||||
#REDIS_BROKER_PASSWORD=redispassword123
|
||||
CELERY_BROKER=redis://redis_broker:6379/0
|
||||
CELERY_RESULT_BACKEND=redis://redis_broker:6379/0
|
||||
|
||||
FLOWER_PORT=8888
|
||||
#FLOWER_USER=mouse
|
||||
#FLOWER_PASSWORD=changeme
|
||||
|
||||
EMAIL_HOST="smtp.mailgun.org"
|
||||
EMAIL_PORT=587
|
||||
EMAIL_HOST_USER=mail@your.domain.here
|
||||
EMAIL_HOST_PASSWORD=emailpassword123
|
||||
EMAIL_USE_TLS=true
|
||||
EMAIL_USE_SSL=false
|
||||
|
||||
# Set this to true when initializing certbot for domain, false when not
|
||||
CERTBOT_INIT=false
|
50
.env.prod.example
Normal file
50
.env.prod.example
Normal file
|
@ -0,0 +1,50 @@
|
|||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY="7(2w1sedok=aznpq)ta1mc4i%4h=xx@hxwx*o57ctsuml0x%fr"
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG=false
|
||||
|
||||
DOMAIN=your.domain.here
|
||||
EMAIL=your@email.here
|
||||
|
||||
## Leave unset to allow all hosts
|
||||
# ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
|
||||
|
||||
OL_URL=https://openlibrary.org
|
||||
|
||||
## Database backend to use.
|
||||
## Default is postgres, sqlite is for dev quickstart only (NOT production!!!)
|
||||
BOOKWYRM_DATABASE_BACKEND=postgres
|
||||
|
||||
MEDIA_ROOT=images/
|
||||
|
||||
POSTGRES_PASSWORD=securedbpassword123
|
||||
POSTGRES_USER=fedireads
|
||||
POSTGRES_DB=fedireads
|
||||
POSTGRES_HOST=db
|
||||
|
||||
# Redis activity stream manager
|
||||
MAX_STREAM_LENGTH=200
|
||||
REDIS_ACTIVITY_HOST=redis_activity
|
||||
REDIS_ACTIVITY_PORT=6379
|
||||
REDIS_ACTIVITY_PASSWORD=redispassword345
|
||||
|
||||
# Redis as celery broker
|
||||
REDIS_BROKER_PORT=6379
|
||||
REDIS_BROKER_PASSWORD=redispassword123
|
||||
CELERY_BROKER=redis://:${REDIS_BROKER_PASSWORD}@redis_broker:${REDIS_BROKER_PORT}/0
|
||||
CELERY_RESULT_BACKEND=redis://:${REDIS_BROKER_PASSWORD}@redis_broker:${REDIS_BROKER_PORT}/0
|
||||
|
||||
FLOWER_PORT=8888
|
||||
FLOWER_USER=mouse
|
||||
FLOWER_PASSWORD=changeme
|
||||
|
||||
EMAIL_HOST="smtp.mailgun.org"
|
||||
EMAIL_PORT=587
|
||||
EMAIL_HOST_USER=mail@your.domain.here
|
||||
EMAIL_HOST_PASSWORD=emailpassword123
|
||||
EMAIL_USE_TLS=true
|
||||
EMAIL_USE_SSL=false
|
||||
|
||||
# Set this to true when initializing certbot for domain, false when not
|
||||
CERTBOT_INIT=false
|
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -24,3 +24,6 @@
|
|||
|
||||
#Node tools
|
||||
/node_modules/
|
||||
|
||||
#nginx
|
||||
nginx/default.conf
|
||||
|
|
40
README.md
40
README.md
|
@ -91,10 +91,15 @@ Deployment
|
|||
|
||||
## Setting up the developer environment
|
||||
|
||||
Set up the environment file:
|
||||
Set up the development environment file:
|
||||
|
||||
``` bash
|
||||
cp .env.example .env
|
||||
cp .env.dev.example .env
|
||||
```
|
||||
|
||||
Set up nginx for development `nginx/default.conf`:
|
||||
``` bash
|
||||
cp nginx/development nginx/default.conf
|
||||
```
|
||||
|
||||
For most testing, you'll want to use ngrok. Remember to set the DOMAIN in `.env` to your ngrok domain.
|
||||
|
@ -108,7 +113,7 @@ docker-compose run --rm web python manage.py initdb
|
|||
docker-compose up
|
||||
```
|
||||
|
||||
Once the build is complete, you can access the instance at `localhost:1333`
|
||||
Once the build is complete, you can access the instance at `http://localhost:1333`
|
||||
|
||||
### Editing static files
|
||||
If you edit the CSS or JavaScript, you will need to run Django's `collectstatic` command in order for your changes to have effect. You can do this by running:
|
||||
|
@ -160,26 +165,35 @@ Instructions for running BookWyrm in production:
|
|||
|
||||
- Get the application code:
|
||||
`git clone git@github.com:mouse-reeve/bookwyrm.git`
|
||||
- Switch to the `production` branch
|
||||
- Switch to the `production` branch:
|
||||
`git checkout production`
|
||||
- Create your environment variables file
|
||||
`cp .env.example .env`
|
||||
- Add your domain, email address, SMTP credentials
|
||||
- Set a secure redis password and secret key
|
||||
- Set a secure database password for postgres
|
||||
- Create your environment variables file, `cp .env.prod.example .env`, and update the following:
|
||||
- `SECRET_KEY` | A difficult to guess, secret string of characers
|
||||
- `DOMAIN` | Your web domain
|
||||
- `EMAIL` | Email address to be used for certbot domain verification
|
||||
- `POSTGRES_PASSWORD` | Set a secure password for the database
|
||||
- `REDIS_ACTIVITY_PASSWORD` | Set a secure password for Redis Activity subsystem
|
||||
- `REDIS_BROKER_PASSWORD` | Set a secure password for Redis queue broker subsystem
|
||||
- `FLOWER_USER` | Your own username for accessing Flower queue monitor
|
||||
- `FLOWER_PASSWORD` | Your own secure password for accessing Flower queue monitor
|
||||
- Update your nginx configuration in `nginx/default.conf`
|
||||
- Replace `your-domain.com` with your domain name
|
||||
- If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
|
||||
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
||||
- Configure nginx
|
||||
- Make a copy of the production template config and set it for use in nginx `cp nginx/production nginx/default.conf`
|
||||
- Update `nginx/default.conf`:
|
||||
- Replace `your-domain.com` with your domain name
|
||||
- If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
|
||||
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
||||
- If you need to initialize your certbot for your domain, set `CERTBOT_INIT=true` in your `.env` file
|
||||
- Run the application (this should also set up a Certbot ssl cert for your domain) with
|
||||
`docker-compose up --build`, and make sure all the images build successfully
|
||||
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
|
||||
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
|
||||
- When docker has built successfully, stop the process with `CTRL-C`
|
||||
- Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
|
||||
- Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
|
||||
- If you set `CERTBOT_INIT=true` earlier, set it now as `CERTBOT_INIT=false` so that certbot runs in renew mode
|
||||
- Run docker-compose in the background with: `docker-compose up -d`
|
||||
- Initialize the database with: `./bw-dev initdb`
|
||||
- Set up schedule backups with cron that runs that `docker-compose exec db pg_dump -U <databasename>` and saves the backup to a safe location
|
||||
|
||||
Congrats! You did it, go to your domain and enjoy the fruits of your labors.
|
||||
|
||||
|
|
|
@ -98,6 +98,7 @@ WSGI_APPLICATION = "bookwyrm.wsgi.application"
|
|||
# redis/activity streams settings
|
||||
REDIS_ACTIVITY_HOST = env("REDIS_ACTIVITY_HOST", "localhost")
|
||||
REDIS_ACTIVITY_PORT = env("REDIS_ACTIVITY_PORT", 6379)
|
||||
REDIS_ACTIVITY_PASSWORD = env("REDIS_ACTIVITY_PASSWORD", None)
|
||||
|
||||
MAX_STREAM_LENGTH = int(env("MAX_STREAM_LENGTH", 200))
|
||||
STREAMS = ["home", "local", "federated"]
|
||||
|
|
19
certbot.sh
Normal file
19
certbot.sh
Normal file
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/env bash
|
||||
source .env;
|
||||
|
||||
if [ "$CERTBOT_INIT" = "true" ]
|
||||
then
|
||||
certonly \
|
||||
--webroot \
|
||||
--webroot-path=/var/www/certbot \
|
||||
--email ${EMAIL} \
|
||||
--agree-tos \
|
||||
--no-eff-email \
|
||||
-d ${DOMAIN} \
|
||||
-d www.${DOMAIN}
|
||||
else
|
||||
renew \
|
||||
--webroot \
|
||||
--webroot-path \
|
||||
/var/www/certbot
|
||||
fi
|
|
@ -20,6 +20,8 @@ services:
|
|||
- pgdata:/var/lib/postgresql/data
|
||||
networks:
|
||||
- main
|
||||
ports:
|
||||
- 5432:5432
|
||||
web:
|
||||
build: .
|
||||
env_file: .env
|
||||
|
|
72
nginx/production
Normal file
72
nginx/production
Normal file
|
@ -0,0 +1,72 @@
|
|||
upstream web {
|
||||
server web:8000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
|
||||
server_name your-domain.com www.your-domain.com;
|
||||
|
||||
location ~ /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
# # redirect http to https
|
||||
# return 301 https://your-domain.com$request_uri;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen [::]:443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
#
|
||||
# server_name your-domain.com;
|
||||
#
|
||||
# # SSL code
|
||||
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
||||
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
||||
#
|
||||
# location ~ /.well-known/acme-challenge {
|
||||
# allow all;
|
||||
# root /var/www/certbot;
|
||||
# }
|
||||
#
|
||||
# location / {
|
||||
# proxy_pass http://web;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_redirect off;
|
||||
# }
|
||||
#
|
||||
# location /images/ {
|
||||
# alias /app/images/;
|
||||
# }
|
||||
#
|
||||
# location /static/ {
|
||||
# alias /app/static/;
|
||||
# }
|
||||
}
|
||||
|
||||
# Reverse-Proxy server
|
||||
# server {
|
||||
# listen [::]:8001;
|
||||
# listen 8001;
|
||||
|
||||
# server_name your-domain.com www.your-domain.com;
|
||||
|
||||
# location / {
|
||||
# proxy_pass http://web;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_redirect off;
|
||||
# }
|
||||
|
||||
# location /images/ {
|
||||
# alias /app/images/;
|
||||
# }
|
||||
|
||||
# location /static/ {
|
||||
# alias /app/static/;
|
||||
# }
|
||||
# }
|
Loading…
Reference in a new issue