forked from mirrors/bookwyrm
Easier to deploy by avoiding merge conflicts in production
This commit is contained in:
parent
32e2bea52c
commit
d38efa9a9d
9 changed files with 186 additions and 14 deletions
|
@ -5,6 +5,7 @@ SECRET_KEY="7(2w1sedok=aznpq)ta1mc4i%4h=xx@hxwx*o57ctsuml0x%fr"
|
||||||
DEBUG=true
|
DEBUG=true
|
||||||
|
|
||||||
DOMAIN=your.domain.here
|
DOMAIN=your.domain.here
|
||||||
|
#EMAIL=your@email.here
|
||||||
|
|
||||||
## Leave unset to allow all hosts
|
## Leave unset to allow all hosts
|
||||||
# ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
|
# ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
|
||||||
|
@ -26,14 +27,24 @@ POSTGRES_HOST=db
|
||||||
MAX_STREAM_LENGTH=200
|
MAX_STREAM_LENGTH=200
|
||||||
REDIS_ACTIVITY_HOST=redis_activity
|
REDIS_ACTIVITY_HOST=redis_activity
|
||||||
REDIS_ACTIVITY_PORT=6379
|
REDIS_ACTIVITY_PORT=6379
|
||||||
|
#REDIS_ACTIVITY_PASSWORD=redispassword345
|
||||||
|
|
||||||
# Celery config with redis broker
|
# Redis as celery broker
|
||||||
|
#REDIS_BROKER_PORT=6379
|
||||||
|
#REDIS_BROKER_PASSWORD=redispassword123
|
||||||
CELERY_BROKER=redis://redis_broker:6379/0
|
CELERY_BROKER=redis://redis_broker:6379/0
|
||||||
CELERY_RESULT_BACKEND=redis://redis_broker:6379/0
|
CELERY_RESULT_BACKEND=redis://redis_broker:6379/0
|
||||||
|
|
||||||
|
FLOWER_PORT=8888
|
||||||
|
#FLOWER_USER=mouse
|
||||||
|
#FLOWER_PASSWORD=changeme
|
||||||
|
|
||||||
EMAIL_HOST="smtp.mailgun.org"
|
EMAIL_HOST="smtp.mailgun.org"
|
||||||
EMAIL_PORT=587
|
EMAIL_PORT=587
|
||||||
EMAIL_HOST_USER=mail@your.domain.here
|
EMAIL_HOST_USER=mail@your.domain.here
|
||||||
EMAIL_HOST_PASSWORD=emailpassword123
|
EMAIL_HOST_PASSWORD=emailpassword123
|
||||||
EMAIL_USE_TLS=true
|
EMAIL_USE_TLS=true
|
||||||
EMAIL_USE_SSL=false
|
EMAIL_USE_SSL=false
|
||||||
|
|
||||||
|
# Set this to true when initializing certbot for domain, false when not
|
||||||
|
CERTBOT_INIT=false
|
50
.env.prod.example
Normal file
50
.env.prod.example
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
# SECURITY WARNING: keep the secret key used in production secret!
|
||||||
|
SECRET_KEY="7(2w1sedok=aznpq)ta1mc4i%4h=xx@hxwx*o57ctsuml0x%fr"
|
||||||
|
|
||||||
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
|
DEBUG=false
|
||||||
|
|
||||||
|
DOMAIN=your.domain.here
|
||||||
|
EMAIL=your@email.here
|
||||||
|
|
||||||
|
## Leave unset to allow all hosts
|
||||||
|
# ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
|
||||||
|
|
||||||
|
OL_URL=https://openlibrary.org
|
||||||
|
|
||||||
|
## Database backend to use.
|
||||||
|
## Default is postgres, sqlite is for dev quickstart only (NOT production!!!)
|
||||||
|
BOOKWYRM_DATABASE_BACKEND=postgres
|
||||||
|
|
||||||
|
MEDIA_ROOT=images/
|
||||||
|
|
||||||
|
POSTGRES_PASSWORD=securedbpassword123
|
||||||
|
POSTGRES_USER=fedireads
|
||||||
|
POSTGRES_DB=fedireads
|
||||||
|
POSTGRES_HOST=db
|
||||||
|
|
||||||
|
# Redis activity stream manager
|
||||||
|
MAX_STREAM_LENGTH=200
|
||||||
|
REDIS_ACTIVITY_HOST=redis_activity
|
||||||
|
REDIS_ACTIVITY_PORT=6379
|
||||||
|
REDIS_ACTIVITY_PASSWORD=redispassword345
|
||||||
|
|
||||||
|
# Redis as celery broker
|
||||||
|
REDIS_BROKER_PORT=6379
|
||||||
|
REDIS_BROKER_PASSWORD=redispassword123
|
||||||
|
CELERY_BROKER=redis://:${REDIS_BROKER_PASSWORD}@redis_broker:${REDIS_BROKER_PORT}/0
|
||||||
|
CELERY_RESULT_BACKEND=redis://:${REDIS_BROKER_PASSWORD}@redis_broker:${REDIS_BROKER_PORT}/0
|
||||||
|
|
||||||
|
FLOWER_PORT=8888
|
||||||
|
FLOWER_USER=mouse
|
||||||
|
FLOWER_PASSWORD=changeme
|
||||||
|
|
||||||
|
EMAIL_HOST="smtp.mailgun.org"
|
||||||
|
EMAIL_PORT=587
|
||||||
|
EMAIL_HOST_USER=mail@your.domain.here
|
||||||
|
EMAIL_HOST_PASSWORD=emailpassword123
|
||||||
|
EMAIL_USE_TLS=true
|
||||||
|
EMAIL_USE_SSL=false
|
||||||
|
|
||||||
|
# Set this to true when initializing certbot for domain, false when not
|
||||||
|
CERTBOT_INIT=false
|
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -24,3 +24,6 @@
|
||||||
|
|
||||||
#Node tools
|
#Node tools
|
||||||
/node_modules/
|
/node_modules/
|
||||||
|
|
||||||
|
#nginx
|
||||||
|
nginx/default.conf
|
||||||
|
|
40
README.md
40
README.md
|
@ -91,10 +91,15 @@ Deployment
|
||||||
|
|
||||||
## Setting up the developer environment
|
## Setting up the developer environment
|
||||||
|
|
||||||
Set up the environment file:
|
Set up the development environment file:
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
cp .env.example .env
|
cp .env.dev.example .env
|
||||||
|
```
|
||||||
|
|
||||||
|
Set up nginx for development `nginx/default.conf`:
|
||||||
|
``` bash
|
||||||
|
cp nginx/development nginx/default.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
For most testing, you'll want to use ngrok. Remember to set the DOMAIN in `.env` to your ngrok domain.
|
For most testing, you'll want to use ngrok. Remember to set the DOMAIN in `.env` to your ngrok domain.
|
||||||
|
@ -108,7 +113,7 @@ docker-compose run --rm web python manage.py initdb
|
||||||
docker-compose up
|
docker-compose up
|
||||||
```
|
```
|
||||||
|
|
||||||
Once the build is complete, you can access the instance at `localhost:1333`
|
Once the build is complete, you can access the instance at `http://localhost:1333`
|
||||||
|
|
||||||
### Editing static files
|
### Editing static files
|
||||||
If you edit the CSS or JavaScript, you will need to run Django's `collectstatic` command in order for your changes to have effect. You can do this by running:
|
If you edit the CSS or JavaScript, you will need to run Django's `collectstatic` command in order for your changes to have effect. You can do this by running:
|
||||||
|
@ -160,26 +165,35 @@ Instructions for running BookWyrm in production:
|
||||||
|
|
||||||
- Get the application code:
|
- Get the application code:
|
||||||
`git clone git@github.com:mouse-reeve/bookwyrm.git`
|
`git clone git@github.com:mouse-reeve/bookwyrm.git`
|
||||||
- Switch to the `production` branch
|
- Switch to the `production` branch:
|
||||||
`git checkout production`
|
`git checkout production`
|
||||||
- Create your environment variables file
|
- Create your environment variables file, `cp .env.prod.example .env`, and update the following:
|
||||||
`cp .env.example .env`
|
- `SECRET_KEY` | A difficult to guess, secret string of characers
|
||||||
- Add your domain, email address, SMTP credentials
|
- `DOMAIN` | Your web domain
|
||||||
- Set a secure redis password and secret key
|
- `EMAIL` | Email address to be used for certbot domain verification
|
||||||
- Set a secure database password for postgres
|
- `POSTGRES_PASSWORD` | Set a secure password for the database
|
||||||
|
- `REDIS_ACTIVITY_PASSWORD` | Set a secure password for Redis Activity subsystem
|
||||||
|
- `REDIS_BROKER_PASSWORD` | Set a secure password for Redis queue broker subsystem
|
||||||
|
- `FLOWER_USER` | Your own username for accessing Flower queue monitor
|
||||||
|
- `FLOWER_PASSWORD` | Your own secure password for accessing Flower queue monitor
|
||||||
- Update your nginx configuration in `nginx/default.conf`
|
- Update your nginx configuration in `nginx/default.conf`
|
||||||
- Replace `your-domain.com` with your domain name
|
- Replace `your-domain.com` with your domain name
|
||||||
- If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
|
- Configure nginx
|
||||||
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
- Make a copy of the production template config and set it for use in nginx `cp nginx/production nginx/default.conf`
|
||||||
|
- Update `nginx/default.conf`:
|
||||||
|
- Replace `your-domain.com` with your domain name
|
||||||
|
- If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
|
||||||
|
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
||||||
|
- If you need to initialize your certbot for your domain, set `CERTBOT_INIT=true` in your `.env` file
|
||||||
- Run the application (this should also set up a Certbot ssl cert for your domain) with
|
- Run the application (this should also set up a Certbot ssl cert for your domain) with
|
||||||
`docker-compose up --build`, and make sure all the images build successfully
|
`docker-compose up --build`, and make sure all the images build successfully
|
||||||
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
|
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
|
||||||
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
|
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
|
||||||
- When docker has built successfully, stop the process with `CTRL-C`
|
- When docker has built successfully, stop the process with `CTRL-C`
|
||||||
- Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
|
- If you set `CERTBOT_INIT=true` earlier, set it now as `CERTBOT_INIT=false` so that certbot runs in renew mode
|
||||||
- Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
|
|
||||||
- Run docker-compose in the background with: `docker-compose up -d`
|
- Run docker-compose in the background with: `docker-compose up -d`
|
||||||
- Initialize the database with: `./bw-dev initdb`
|
- Initialize the database with: `./bw-dev initdb`
|
||||||
|
- Set up schedule backups with cron that runs that `docker-compose exec db pg_dump -U <databasename>` and saves the backup to a safe location
|
||||||
|
|
||||||
Congrats! You did it, go to your domain and enjoy the fruits of your labors.
|
Congrats! You did it, go to your domain and enjoy the fruits of your labors.
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,7 @@ WSGI_APPLICATION = "bookwyrm.wsgi.application"
|
||||||
# redis/activity streams settings
|
# redis/activity streams settings
|
||||||
REDIS_ACTIVITY_HOST = env("REDIS_ACTIVITY_HOST", "localhost")
|
REDIS_ACTIVITY_HOST = env("REDIS_ACTIVITY_HOST", "localhost")
|
||||||
REDIS_ACTIVITY_PORT = env("REDIS_ACTIVITY_PORT", 6379)
|
REDIS_ACTIVITY_PORT = env("REDIS_ACTIVITY_PORT", 6379)
|
||||||
|
REDIS_ACTIVITY_PASSWORD = env("REDIS_ACTIVITY_PASSWORD", None)
|
||||||
|
|
||||||
MAX_STREAM_LENGTH = int(env("MAX_STREAM_LENGTH", 200))
|
MAX_STREAM_LENGTH = int(env("MAX_STREAM_LENGTH", 200))
|
||||||
STREAMS = ["home", "local", "federated"]
|
STREAMS = ["home", "local", "federated"]
|
||||||
|
|
19
certbot.sh
Normal file
19
certbot.sh
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
source .env;
|
||||||
|
|
||||||
|
if [ "$CERTBOT_INIT" = "true" ]
|
||||||
|
then
|
||||||
|
certonly \
|
||||||
|
--webroot \
|
||||||
|
--webroot-path=/var/www/certbot \
|
||||||
|
--email ${EMAIL} \
|
||||||
|
--agree-tos \
|
||||||
|
--no-eff-email \
|
||||||
|
-d ${DOMAIN} \
|
||||||
|
-d www.${DOMAIN}
|
||||||
|
else
|
||||||
|
renew \
|
||||||
|
--webroot \
|
||||||
|
--webroot-path \
|
||||||
|
/var/www/certbot
|
||||||
|
fi
|
|
@ -20,6 +20,8 @@ services:
|
||||||
- pgdata:/var/lib/postgresql/data
|
- pgdata:/var/lib/postgresql/data
|
||||||
networks:
|
networks:
|
||||||
- main
|
- main
|
||||||
|
ports:
|
||||||
|
- 5432:5432
|
||||||
web:
|
web:
|
||||||
build: .
|
build: .
|
||||||
env_file: .env
|
env_file: .env
|
||||||
|
|
72
nginx/production
Normal file
72
nginx/production
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
upstream web {
|
||||||
|
server web:8000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
server_name your-domain.com www.your-domain.com;
|
||||||
|
|
||||||
|
location ~ /.well-known/acme-challenge {
|
||||||
|
allow all;
|
||||||
|
root /var/www/certbot;
|
||||||
|
}
|
||||||
|
|
||||||
|
# # redirect http to https
|
||||||
|
# return 301 https://your-domain.com$request_uri;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen [::]:443 ssl http2;
|
||||||
|
# listen 443 ssl http2;
|
||||||
|
#
|
||||||
|
# server_name your-domain.com;
|
||||||
|
#
|
||||||
|
# # SSL code
|
||||||
|
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
||||||
|
#
|
||||||
|
# location ~ /.well-known/acme-challenge {
|
||||||
|
# allow all;
|
||||||
|
# root /var/www/certbot;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# location / {
|
||||||
|
# proxy_pass http://web;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_redirect off;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# location /images/ {
|
||||||
|
# alias /app/images/;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# location /static/ {
|
||||||
|
# alias /app/static/;
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
|
||||||
|
# Reverse-Proxy server
|
||||||
|
# server {
|
||||||
|
# listen [::]:8001;
|
||||||
|
# listen 8001;
|
||||||
|
|
||||||
|
# server_name your-domain.com www.your-domain.com;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# proxy_pass http://web;
|
||||||
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_redirect off;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# location /images/ {
|
||||||
|
# alias /app/images/;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# location /static/ {
|
||||||
|
# alias /app/static/;
|
||||||
|
# }
|
||||||
|
# }
|
Loading…
Reference in a new issue