[extensions-web] docker: initial container configuration

From: Yuri Konotopov <ykonotopov src gnome org>
To: commits-list gnome org
Cc:
Subject: [extensions-web] docker: initial container configuration
Date: Sun, 2 Dec 2018 21:08:07 +0000 (UTC)
commit 662cfe91a4775ccc25df76b1ae84a83629a4a25e
Author: Yuri Konotopov <ykonotopov gnome org>
Date:   Mon Dec 3 00:54:07 2018 +0400

    docker: initial container configuration

 .dockerignore             | 39 +++++++++++++++++++++++++++
 docker/Dockerfile         | 68 +++++++++++++++++++++++++++++++++++++++++++++++
 docker/Dockerfile.nginx   |  5 ++++
 docker/docker-compose.yml | 51 +++++++++++++++++++++++++++++++++++
 docker/nginx.conf         | 61 ++++++++++++++++++++++++++++++++++++++++++
 docker/wsgi.ini           | 14 ++++++++++
 requirements.txt          |  1 +
 sweettooth/settings.py    | 22 +++++++--------
 8 files changed, 249 insertions(+), 12 deletions(-)
---
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..1b5f021
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,39 @@
+.*
+
+# Python
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+var
+sdist
+develop-eggs
+.installed.cfg
+
+# Data dumps
+*.sql
+*.tar.xz
+*.db
+
+# sweettooth-specific
+Demos
+uploaded-files
+xapian.db
+sweettooth.wsgi
+local_settings.py
+*.crt
+*.csr
+*.key
+
+contrib/
+docker/
+!docker/nginx.conf
+!docker/wsgi.ini
+static/
+uploaded-files/
+xapian*
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..d4c7e19
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,68 @@
+FROM python:2
+
+MAINTAINER Yuri Konotopov <ykonotopov gnome org>
+
+ENV PYTHONUNBUFFERED 1
+ENV XAPIAN_VERSION 1.4.9
+ENV GPG_KEY 08E2400FF7FE8FEDE3ACB52818147B073BAD2B07
+
+#      && apt-get update \
+#      && apt-get install -y --no-install-recommends libxapian-dev \
+#      && rm -r /var/lib/apt/lists/* \
+
+RUN set -ex \
+       && pip install Sphinx \
+       && wget -O xapian-core.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz"; \
+       && wget -O xapian-core.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-core-$XAPIAN_VERSION.tar.xz.asc"; \
+       && wget -O xapian-bindings.tar.xz 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz"; \
+       && wget -O xapian-bindings.tar.xz.asc 
"https://oligarchy.co.uk/xapian/$XAPIAN_VERSION/xapian-bindings-$XAPIAN_VERSION.tar.xz.asc"; \
+       && export GNUPGHOME="$(mktemp -d)" \
+       && \
+       found=''; \
+       for server in \
+               ha.pool.sks-keyservers.net \
+               hkp://keyserver.ubuntu.com:80 \
+               hkp://p80.pool.sks-keyservers.net:80 \
+               pgp.mit.edu \
+       ; do \
+               echo "Fetching GPG key $GPG_KEY from $server"; \
+               gpg --batch --keyserver $server --recv-keys "$GPG_KEY" && found=yes && break; \
+       done; \
+       test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEY" && exit 1; \
+       gpg --batch --verify xapian-core.tar.xz.asc xapian-core.tar.xz \
+       && gpg --batch --verify xapian-bindings.tar.xz.asc xapian-bindings.tar.xz \
+       && { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
+       && rm -r "$GNUPGHOME" xapian-core.tar.xz.asc xapian-bindings.tar.xz.asc \
+       && mkdir -p /usr/src/xapian-core \
+       && mkdir -p /usr/src/xapian-bindings \
+       && tar -xJC /usr/src/xapian-core --strip-components=1 -f xapian-core.tar.xz \
+       && rm xapian-core.tar.xz \
+       && tar -xJC /usr/src/xapian-bindings --strip-components=1 -f xapian-bindings.tar.xz \
+       && rm xapian-bindings.tar.xz \
+       && cd /usr/src/xapian-core \
+       && ./configure \
+       && make -j "$(nproc)" \
+       && make install \
+       && ldconfig \
+       && rm -r /usr/src/xapian-core \
+       && cd /usr/src/xapian-bindings \
+       && ./configure \
+               --with-python \
+       && make -j "$(nproc)" \
+       && make install \
+       && find /usr/local -depth \
+               \( \
+                       \( -type d -a \( -name test -o -name tests \) \) \
+                       -o \
+                       \( -type f -a \( -name '*.pyc' -o -name '*.pyo' \) \) \
+               \) -exec rm -r '{}' + \
+       && rm -r /usr/src/xapian-bindings
+
+RUN mkdir -p /extensions-web/app
+WORKDIR /extensions-web/app
+COPY --chown=www-data:www-data . /extensions-web/app
+COPY --chown=www-data:www-data docker/wsgi.ini /extensions-web
+RUN set -ex \
+       && pip install -r requirements.txt \
+       && pip install mysql-python \
+       && pip install uWSGI
diff --git a/docker/Dockerfile.nginx b/docker/Dockerfile.nginx
new file mode 100644
index 0000000..dde3d09
--- /dev/null
+++ b/docker/Dockerfile.nginx
@@ -0,0 +1,5 @@
+FROM nginx:stable
+
+MAINTAINER Yuri Konotopov <ykonotopov gnome org>
+
+COPY nginx.conf /etc/nginx
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000..112da72
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,51 @@
+version: '3'
+
+services:
+  db:
+    image: mariadb:10.3
+    restart: always
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: extensions-web
+      MYSQL_USER:
+      MYSQL_PASSWORD:
+    ports:
+      - "127.0.0.1:43306:3306"
+    volumes:
+      - "database:/var/lib/mysql"
+  extensions-web:
+    build:
+      context: ../
+      dockerfile: docker/Dockerfile
+    command: bash -c "python manage.py migrate && rm -r /extensions-web/www/static-files; python manage.py 
collectstatic --noinput && uwsgi --enable-threads --ini /extensions-web/wsgi.ini"
+    image: extensions-web
+    environment:
+      EGO_ADMINISTRATOR_NAME: Yuri Konotopov
+      EGO_ADMINISTRATOR_EMAIL: ykonotopov gnome org
+      EGO_ALLOWED_HOST:
+      EGO_DATABASE_URL:
+      EGO_SECRET_KEY:
+      EGO_XAPIAN_DB:
+      EGO_MEDIA_ROOT: /extensions-web/www/uploaded-files
+      EGO_STATIC_ROOT: /extensions-web/www/static-files
+    depends_on:
+      - db
+    links:
+      - db
+    volumes:
+      - "static:/extensions-web/www"
+  frontend:
+    build:
+      context: .
+      dockerfile: Dockerfile.nginx
+    restart: always
+    links:
+      - extensions-web
+    ports:
+      - "8080:80"
+    volumes:
+      - "static:/extensions-web/www"
+
+volumes:
+  database:
+  static:
diff --git a/docker/nginx.conf b/docker/nginx.conf
new file mode 100644
index 0000000..6de3126
--- /dev/null
+++ b/docker/nginx.conf
@@ -0,0 +1,61 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+    use epoll;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    keepalive_timeout  65;
+
+    sendfile                   on;
+    sendfile_max_chunk         128k;
+    tcp_nopush                 on;
+    tcp_nodelay                        on;
+    server_tokens              off;
+    client_max_body_size       8m;
+    server_names_hash_bucket_size      64;
+
+    server {
+        server_name  extensions.gnome.org;
+
+        charset utf-8;
+
+        root /usr/share/nginx/html;
+
+        listen  80 default_server;
+        listen  [::]:80 default_server;
+
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-UA-Compatible IE=Edge;
+
+        location /extension-data/ {
+            alias /extensions-web/www/uploaded-files/;
+        }
+
+        location /static/ {
+            alias /extensions-web/www/static-files/;
+        }
+
+        location / {
+            uwsgi_pass  extensions-web:8001;
+            include     uwsgi_params;
+        }
+    }
+}
diff --git a/docker/wsgi.ini b/docker/wsgi.ini
new file mode 100644
index 0000000..9778c0d
--- /dev/null
+++ b/docker/wsgi.ini
@@ -0,0 +1,14 @@
+[uwsgi]
+wsgi-file = /extensions-web/app/sweettooth/wsgi.py
+chdir = /extensions-web/app
+
+master = true
+processes = 5
+
+socket = :8001
+uid=www-data
+gid=www-data
+protocol = uwsgi
+vacuum = true
+
+die-on-term = true
diff --git a/requirements.txt b/requirements.txt
index 70da74f..7c12cdf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,3 +5,4 @@ django-registration == 2.1.2
 Pygments >= 1.4
 pillow >= 2.0.0
 chardet >= 2.2.1
+dj-database-url
diff --git a/sweettooth/settings.py b/sweettooth/settings.py
index 8d45833..9870908 100644
--- a/sweettooth/settings.py
+++ b/sweettooth/settings.py
@@ -11,26 +11,26 @@ https://docs.djangoproject.com/en/1.8/ref/settings/
 """
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+import dj_database_url
 import os
 
 SITE_ROOT = os.path.dirname(os.path.abspath(__file__))
 
 BASE_DIR = os.path.dirname(SITE_ROOT)
 
-XAPIAN_DB_PATH = os.path.join(BASE_DIR, 'xapian.db')
-
+XAPIAN_DB_PATH = os.getenv('EGO_XAPIAN_DB') or os.path.join(BASE_DIR, 'xapian.db')
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
 # Set this in local_settings.py to some random value
-SECRET_KEY = ''
+SECRET_KEY = os.getenv('EGO_SECRET_KEY') or ''
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 
-ALLOWED_HOSTS = ["extensions.gnome.org"]
+ALLOWED_HOSTS = [os.getenv('EGO_ALLOWED_HOST') or "extensions.gnome.org"]
 
 # Application definition
 
@@ -107,12 +107,8 @@ WSGI_APPLICATION = 'sweettooth.wsgi.application'
 
 # Database
 # https://docs.djangoproject.com/en/1.8/ref/settings/#databases
-
 DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': 'test.db',
-    }
+    'default': dj_database_url.config(env="EGO_DATABASE_URL", default="sqlite://test.db")
 }
 
 
@@ -130,7 +126,7 @@ USE_L10N = True
 USE_TZ = False
 
 ADMINS = (
-    ('Administrator', 'admin@localhost.local'),
+    (os.getenv('EGO_ADMINISTRATOR_NAME') or 'Administrator', os.getenv('EGO_ADMINISTRATOR_EMAIL') or 
'admin@localhost.local'),
 )
 
 MANAGERS = ADMINS
@@ -139,7 +135,7 @@ SITE_ID = 1
 
 # Absolute filesystem path to the directory that will hold user-uploaded files.
 # Example: "/home/media/media.lawrence.com/media/"
-MEDIA_ROOT = os.path.join(SITE_ROOT, '..', 'uploaded-files')
+MEDIA_ROOT = os.getenv('EGO_MEDIA_ROOT') or os.path.join(SITE_ROOT, '..', 'uploaded-files')
 
 # URL that handles the media served from MEDIA_ROOT. Make sure to use a
 # trailing slash.
@@ -212,8 +208,10 @@ if not DEBUG and not NO_SECURE_SETTINGS:
     SECURE_HSTS_SECONDS = 4 * 60 * 60
     SECURE_HSTS_INCLUDE_SUBDOMAINS = True
     SECURE_PROXY_SSL_HEADER = ('HTTPS', 'https')
-    SECURE_SSL_REDIRECT = True
+    SECURE_SSL_REDIRECT = False
 
 if DEBUG and not NO_STATICFILES_SETTINGS:
     STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage"
     STATIC_ROOT = None
+else:
+    STATIC_ROOT = os.getenv('EGO_STATIC_ROOT')
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]