Merge branch 'production' into certbot-install

2021-03-13 11:02:27 -08:00 · 2021-03-13 11:02:27 -08:00 · 36088554e8
parent 28160137d0 59cc5c112f
commit 36088554e8
3 changed files with 115 additions and 8 deletions
--- a/.env.example
+++ b/.env.example
@ -23,9 +23,10 @@ POSTGRES_USER=fedireads
 POSTGRES_DB=fedireads
 POSTGRES_HOST=db

+REDIS_PORT=6379
 REDIS_PASSWORD=redispassword123
-CELERY_BROKER=redis://:${REDIS_PASSWORD}@redis:6379/0
-CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:6379/0
+CELERY_BROKER=redis://:${REDIS_PASSWORD}@redis:${REDIS_PORT}/0
+CELERY_RESULT_BACKEND=redis://:${REDIS_PASSWORD}@redis:${REDIS_PORT}/0

 FLOWER_PORT=8888
 FLOWER_USER=mouse
--- a/README.md
+++ b/README.md
@ -170,8 +170,11 @@ Instructions for running BookWyrm in production:
 - Update your nginx configuration in `nginx/default.conf`
   - Replace `your-domain.com` with your domain name
   - If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
+   - If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
 - Run the application (this should also set up a Certbot ssl cert for your domain) with
  `docker-compose up --build`, and make sure all the images build successfully
+    - If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
+    See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
 - When docker has built successfully, stop the process with `CTRL-C`
 - Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
 - Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
@ -203,19 +206,99 @@ There are three concepts in the book data model:
 - `Book`, an abstract, high-level concept that could mean either a `Work` or an `Edition`. No data is saved as a `Book`, it serves as shared model for `Work` and `Edition`
 - `Work`, the theoretical umbrella concept of a book that encompasses every edition of the book, and
 - `Edition`, a concrete, actually published version of a book
- 
+
 Whenever a user interacts with a book, they are interacting with a specific edition. Every work has a default edition, but the user can select other editions. Reviews aggregated for all editions of a work when you view an edition's page.

 ### Backups

-Bookwyrm's db service dumps a backup copy of its database to its `/backups` directory daily at midnight UTC.
+BookWyrm's db service dumps a backup copy of its database to its `/backups` directory daily at midnight UTC.
 Backups are named `backup__%Y-%m-%d.sql`.

 The db service has an optional script for periodically pruning the backups directory so that all recent daily backups are kept, but for older backups, only weekly or monthly backups are kept.
 To enable this script:
- Uncomment the final line in `postgres-docker/cronfile`
- rebuild your instance `docker-compose up --build`
+ - Uncomment the final line in `postgres-docker/cronfile`
+ - rebuild your instance `docker-compose up --build`

 You can copy backups from the backups volume to your host machine with `docker cp`:
- Run `docker-compose ps` to confirm the db service's full name (it's probably `bookwyrm_db_1`.
- Run `docker cp <container_name>:/backups <host machine path>
+ - Run `docker-compose ps` to confirm the db service's full name (it's probably `bookwyrm_db_1`.
+ - Run `docker cp <container_name>:/backups <host machine path>`
+
+### Port Conflicts
+
+BookWyrm has multiple services that run on their default ports.
+This means that, depending on what else you are running on your host machine, you may run into errors when building or running BookWyrm when attempts to bind to those ports fail.
+
+If this occurs, you will need to change your configuration to run services on different ports.
+This may require one or more changes the following files:
+ - `docker-compose.yml`
+ - `nginx/default.conf`
+ - `.env` (You create this file yourself during setup)
+
+E.g., If you need Redis to run on a different port:
+ - In `docker-compose.yml`:
+    - In `services` -> `redis` -> `command`, add `--port YOUR_PORT` to the command
+    - In `services` -> `redis` -> `ports`, change `6379:6379` to your port
+ - In `.env`, update `REDIS_PORT`
+
+If you are already running a web-server on your machine, you will need to set up a reverse-proxy.
+
+#### Running BookWyrm Behind a Reverse-Proxy
+
+If you are running another web-server on your machine, you should have it handle proxying web requests to BookWyrm.
+
+The default BookWyrm configuration already has an nginx server that proxies requests to the django app that handles SSL and directly serves static files.
+The static files are stored in a Docker volume that several BookWyrm services access, so it is not recommended to remove this server completely.
+
+To run BookWyrm behind a reverse-proxy, make the following changes:
+ - In `nginx/default.conf`:
+    - Comment out the two default servers
+    - Uncomment the server labeled Reverse-Proxy server
+    - Replace `your-domain.com` with your domain name
+ - In `docker-compose.yml`:
+    - In `services` -> `nginx` -> `ports`, comment out the default ports and add `- 8001:8001`
+    - In `services` -> `nginx` -> `volumes`, comment out the two volumes that begin `./certbot/`
+    - In `services`, comment out the `certbot` service
+
+At this point, you can follow, the [setup](#server-setup) instructions as listed.
+Once docker is running, you can access your BookWyrm instance at `http://localhost:8001` (**NOTE:** your server is not accessible over `https`).
+
+Steps for setting up a reverse-proxy are server dependent.
+
+##### Nginx
+
+Before you can set up nginx, you will need to locate your nginx configuration directory, which is dependent on your platform and how you installed nginx.
+See [nginx's guide](http://nginx.org/en/docs/beginners_guide.html) for details.
+
+To set up your server:
+ - In you `nginx.conf` file, ensure that `include servers/*;` isn't commented out.
+ - In your nginx `servers` directory, create a new file named after your domain containing the following information:
+   ```nginx
+   server {
+      server_name your-domain.com www.your-domain.com;
+
+      location / {
+          proxy_pass http://localhost:8000;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header Host $host;
+      }
+
+      location /images/ {
+          proxy_pass http://localhost:8001;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header Host $host;
+      }
+
+      location /static/ {
+          proxy_pass http://localhost:8001;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header Host $host;
+      }
+
+      listen [::]:80 ssl;
+      listen 80 ssl;
+   }
+   ```
+ - run `sudo certbot run --nginx --email YOUR_EMAIL -d your-domain.com -d www.your-domain.com`
+ - restart nginx
+
+If everything worked correctly, your BookWyrm instance should now be externally accessible.
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -47,3 +47,26 @@ server {
 #         alias /app/static/;
 #     }
 }
+
+# Reverse-Proxy server
+# server {
+#     listen [::]:8001;
+#     listen 8001;
+
+#     server_name your-domain.com www.your-domain.com;
+
+#     location / {
+#         proxy_pass http://web;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header Host $host;
+#         proxy_redirect off;
+#     }
+
+#     location /images/ {
+#         alias /app/images/;
+#     }
+
+#     location /static/ {
+#         alias /app/static/;
+#     }
+# }