update deployment configuration and infrastructure (#236)

WHOIGit · Sep 30, 2024 · 85215b7 · 85215b7
1 parent 0c677db
commit 85215b7
Show file tree

Hide file tree

Showing 11 changed files with 529 additions and 96,625 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,11 @@
 FROM python:3.8
 
-ARG HTTP_PROXY
-ARG HTTPS_PROXY
-
 ENV PYTHONUNBUFFERED 1
-ENV HTTP_PROXY=${HTTP_PROXY}
-ENV HTTPS_PROXY=${HTTPS_PROXY}
 
-RUN mkdir /code
-WORKDIR /code
-COPY requirements.txt /code/
+RUN mkdir /app
+WORKDIR /app
+COPY requirements.txt /app/
 
-RUN if [ -n "$HTTPS_PROXY" ] ; then pip install -r requirements.txt --proxy ${HTTPS_PROXY}; else pip install -r requirements.txt ; fi 
+RUN pip install -r requirements.txt
 
-COPY . /code/
+COPY . /app/
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -0,0 +1,52 @@
+version: '3.9'
+
+services:
+  web:
+    image: harbor-registry.whoi.edu/photic/photic_web:1.0
+    command: python manage.py runserver 0.0.0.0:8000
+    volumes:
+      - ${ROI_PATH}:/rois
+      - static-files:/app/static
+      - ./local_settings.py:/app/photic/local_settings.py:ro
+    networks:
+      - photic
+    restart: unless-stopped
+    depends_on:
+      - db
+
+  db:
+    image: postgres:${POSTGRES_TAG:-12-alpine}
+    env_file:
+      - .env
+    volumes:
+      - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
+    networks:
+      - photic
+    restart: unless-stopped
+
+  nginx:
+    image: nginx:alpine
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+      - ${SSL_CERT}:/ssl/ssl.cer:ro
+      - ${SSL_KEY}:/ssl/ssl.key:ro
+      - static-files:/app/static:ro
+      - ${ROI_PATH}:/rois
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - web
+    networks:
+      - photic
+    restart: unless-stopped
+
+volumes:
+  static-files:
+  nginx-config:
+
+
+networks:
+  photic:
+    name: photic
+    driver: bridge
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,11 +2,9 @@ version: '3'
 
 services:
   db:
-    image: postgres:${POSTGRES_TAG:-12-alpine}
-    environment:
-      - POSTGRES_DB=photic
-      - POSTGRES_USER=photic
-      - POSTGRES_PASSWORD=photic
+    image: postgres:12-alpine
+    env_file:
+      - .env
     volumes:
       - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
     networks:
@@ -16,13 +14,10 @@ services:
   web:
     build:
       context: .
-      args:
-        HTTP_PROXY: '${HTTP_PROXY}'
-        HTTPS_PROXY: '${HTTPS_PROXY}'
 
     command: python manage.py runserver 0.0.0.0:8000
     volumes:
-      - .:/code
+      - .:/app
       - ${ROI_PATH}:/rois
     depends_on:
       - db
@@ -32,19 +27,17 @@ services:
 
   nginx:
     image: nginx:alpine
-    environment:
-      - NGINX_HOST=${HOST}
-      - NGINX_HTTP_PORT=${HTTP_PORT}
-      - NGINX_HTTPS_PORT=${HTTPS_PORT}
+    env_file:
+      - .env
     volumes:
-      - ./nginx/templates:/etc/nginx/templates
-      - ./static:/code/static
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./static:/app/static
       - ${ROI_PATH}:/rois
       - ${SSL_KEY}:/ssl/ssl.key:ro
       - ${SSL_CERT}:/ssl/ssl.cer:ro
     ports:
-      - ${HTTP_PORT}:${HTTP_PORT}
-      - ${HTTPS_PORT}:${HTTPS_PORT}
+      - "80:80"
+      - "443:443"
     depends_on:
       - web
     networks:
@@ -55,6 +48,6 @@ volumes:
   postgres_data:
 
 networks:
-    photic:
-      name: ${DOCKER_NETWORK}
-      driver: bridge
+  photic:
+    name: photic
+    driver: bridge
diff --git a/env.example b/env.example
@@ -2,27 +2,20 @@
 # The domain the application will listen on
 HOST=www.example.com
 
-# Ports that will be exposed externally from the docker containers
-HTTP_PORT=80
-HTTPS_PORT=443
-
-# Proxy support if the server the application is being hosted on requires it. These can be left blank
-HTTP_PROXY="http://proxy.example.com:1234"
-HTTPS_PROXY="http://proxy.example.com:1234"
-
 # Path to image files
 ROI_PATH=/mnt/data_files
 
 # Version tag for PostgreSQL image
 POSTGRES_TAG=14-alpine
 
+# PostgreSQL database credentials
+POSTGRES_DB=
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+
 # Location to store PostgreSQL database files
 POSTGRES_DATA_PATH=/srv/postgresql/data
 
-# Internal network name to use for all docker containers. Useful if there will be more than one copy
-#   of the application on a single server
-DOCKER_NETWORK=photic
-
 # Location of SSL certificate files
 SSL_CERT=/etc/ssl/example.crt
 SSL_KEY=/etc/ssl/example.key
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,29 @@
+upstream photic_server {
+	server web:8000;
+}
+
+server {
+	listen 80;
+	server_name localhost;
+
+	location /static/ {
+		root /app;
+	}
+
+    location /rois/ {
+        root /;
+    }
+
+	location / {
+		proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
+		proxy_set_header Host $http_host;
+		proxy_redirect off;
+		proxy_http_version 1.1;
+		proxy_set_header Connection "";
+
+		if (!-f $request_filename) {
+			proxy_pass http://photic_server;
+			break;
+		}
+	}
+}
diff --git a/nginx.prod.conf b/nginx.prod.conf
@@ -0,0 +1,39 @@
+upstream photic_server {
+	server web:8000;
+}
+
+server {
+	listen 80;
+	server_name elvira.whoi.edu;
+
+	return 301 https://$host$request_uri;
+}
+
+server {
+	listen 443 default_server ssl;
+	server_name elvira.whoi.edu;
+
+	ssl_certificate /ssl/ssl.cer;
+	ssl_certificate_key /ssl/ssl.key;
+
+	location /static/ {
+		root /app;
+	}
+
+    location /rois/ {
+        root /;
+    }
+
+	location / {
+		proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
+		proxy_set_header Host $http_host;
+		proxy_redirect off;
+		proxy_http_version 1.1;
+		proxy_set_header Connection "";
+
+		if (!-f $request_filename) {
+			proxy_pass http://photic_server;
+			break;
+		}
+	}
+}
diff --git a/nginx/templates/http.conf.template b/nginx/templates/http.conf.template