Skip to content
Snippets Groups Projects
Commit 0e2b9f07 authored by Jacek Lebioda's avatar Jacek Lebioda
Browse files

feat: draft of dockerscripts

parent 3308a3df
No related branches found
No related tags found
1 merge request!261Python3 translation
env*
**/*.pyc
.vscode/*
Dockerfile
docker-compose.yml
**/__pycache__/*
smash/__pycache__/*
FROM python:3.6.9-buster
RUN mkdir /code
WORKDIR /code
RUN apt-get update && apt-get install -y --allow-unauthenticated libsasl2-dev libssl-dev locales locales-all
ADD requirements* /code/
RUN pip install -r requirements.txt --default-timeout=180 -i https://pypi.lcsb.uni.lu/simple/ && pip install -r requirements-dev.txt --default-timeout=180 -i https://pypi.lcsb.uni.lu/simple/ # --use-feature=2020-resolver
ADD . /code/
RUN cp local_settings_ci.py smash/smash/local_settings.py
WORKDIR /code/smash
ENTRYPOINT [ "/bin/sh" ]
CMD [ "manage.py runserver 0.0.0.0:8002" ]
EXPOSE 8002
version: '3'
services:
postgres:
image: postgres:13
restart: always
environment:
POSTGRES_DB: smash
POSTGRES_USER: runner
POSTGRES_PASSWORD: password
ports:
- "5432:5432"
web:
build: .
expose:
- '8002'
entrypoint: bash -c "sleep 5
&& python manage.py makemigrations web
&& python manage.py migrate
&& python manage.py migrate sessions
&& python manage.py collectstatic --noinput
&& python manage.py runserver 0.0.0.0:8002 --verbosity 3"
# && gunicorn -b 0.0.0.0:8002 smash.wsgi:application --access-logfile access.log --error-logfile error.log"
# && python manage.py runserver 0.0.0.0:8002 --verbosity 3
command: ""
ports:
- "8002:8002"
volumes:
- static_files:/static/
depends_on:
- postgres
nginx:
command:
- nginx-debug
- "-g"
- "daemon off;"
image: "nginx:alpine"
ports:
- "80:80"
- "443:443"
- "8080:8080"
expose:
- "80"
- "443"
- "8080"
depends_on:
- web
- postgres
volumes:
- "./docker/nginx/nginx.conf:/etc/nginx/nginx.conf"
- "./docker/nginx/nginx-selfsigned.crt:/etc/ssl/certs/nginx-selfsigned.crt"
- "./docker/nginx/nginx-selfsigned.key:/etc/ssl/private/nginx-selfsigned.key"
- "./docker/nginx/dhparam.pem:/etc/ssl/certs/dhparam.pem"
- "./docker/nginx/smasch.conf:/etc/nginx/conf.d/smasch.conf"
- static_files:/var/www/shared/static/
- nginx_logs:/log
volumes:
static_files:
nginx_logs:
-----BEGIN DH PARAMETERS-----
MIIEDQKCAgEAk54StojmfMVm4IbMreiHzR7v167BIQwwJXBU/V7OAMxlrRx/DraQ
JK7f1YSu3YOW44feFQAgKRO+D0+yJi4qGHN3y5mkiYWh3og+/owYsFP8hI7fKd8n
ZpscVZpn9G8cIsMvw8VBhw0+gNf+Vf6WAOjpHZCm6HXHxOBUQiOW6IXHMcG0/FGu
V3TZHV8xCM0gSbBSoWqv7to3dD6fGMM57NSXPg8NHAO1ijKkcOGx2LfYDEUEiK7S
maDST5VSGU+uc4LC/otZ6S6FcTNKse9+DUWTnHy0Ji2j6rqHnZFfmC2vlPQxPx0G
kAixDqqtYgI06u6u7WlgZm6ZiPEBosRyuFU6t3SWdLNZ9XJn4xNbZd4/SBXOOtfN
Q4kGcc0kGIvreZ9pOSwRl9GOK/oP3aqUB3Aj6h6va9vB9Gg2dvmfyuOCpCcfNE1M
00diRy2sb60ax6laL1ArY5/14t2m52vFbkmWSN9R8cjgZ24WLKdG8FWJzSG5i4UM
h/Spq15XzaAI/TU2c71wHa8PkD245z0hsOHW16m7zJ+QcMVeMc6mc47gwf1axsgh
fU0a2fVbJfiuha0Ck63ZPtSGTPuSD/vlp/ozlZAz/r2vhlW534kzMc0YV6HkIJgs
MMIXIdxKR6g06aPVyzt1bIY5lo5QLYFSksted/GF6ludn2XvjD8wERMCggIAJIs5
XN+sehp+lvQ3nrL/sdz/3P5WoSZ+8Gx5w84veF5JRLExxflpQM5qw+g0ouDb9Daq
Crt/oEDBIF3+EngZHJImHSRwdXARma5MVMFf+ty8Nq1Zur5e1/ll4HLrFlEkkgFB
t84x4iyypzoYqgj7Q51tkEd44AYhdCWal2UZJS+YPqcnAO2AiajOOS3kbS1F87h1
ABYJ67S7HBU8lLwdSDS77jJe4Qpmfjgg8SyTc7oDkqxh05l0ZG8swrylSjk40hqT
XEmQWeWwcd0QaxqhFoSKq8HdUohSN9kfgVGe+0WLY3+EKgQ2O2SD8/pWqmnn+yPv
Xd7QeqonQ7K/Kqj7LTRJvGpBK6xtdBqWOAxcgd9R3fsKnofNt7o70bS8Oe2zyHkc
1CA3qG27FIu/UeWwPlFlRlYMsnDJ8L7ZgnjD/yB0kBys25JGMY5OkyI10GItFdJV
duVWoUX7AWxDpr84eiYAePHWosw+k3Ke3TRA8VFy2Iq0jup9WuQFcOJoVKxsDZ8F
fSLR6mUP9HJeeLV4tmEuYHC8D1rsEHZThhgr0usUib15KcAI4tXVntPQtf6RiecP
jLcmzjLDBwJ5SjMkh9EGGk86Uin6sUe1fr4EEcnolEKgxEvPWp1zKFJXf9PQ+J+C
X4/zYUu53ymg5xi41BYwSqWsf+O54GOe4R3YchECAgEA
-----END DH PARAMETERS-----
# This will create diffie hellman group
openssl dhparam -dsaparam -out dhparam.pem 4096
# This will create the self-signed certificates
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt
-----BEGIN CERTIFICATE-----
MIIDnjCCAoYCCQCMhnBJPKSvjDANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
bHUxGTAXBgNVBAgMEEVzY2gtc3VyLUFsemV0dGUxDzANBgNVBAcMBkJlbHZhbDEP
MA0GA1UECgwGdW5pLmx1MQ0wCwYDVQQLDARMQ1NCMRAwDgYDVQQDDAdCaW9Db3Jl
MSMwIQYJKoZIhvcNAQkBFhRqYWNlay5sZWJpb2RhQHVuaS5sdTAeFw0yMDEwMDYx
MTE2MDlaFw0yMTEwMDYxMTE2MDlaMIGQMQswCQYDVQQGEwJsdTEZMBcGA1UECAwQ
RXNjaC1zdXItQWx6ZXR0ZTEPMA0GA1UEBwwGQmVsdmFsMQ8wDQYDVQQKDAZ1bmku
bHUxDTALBgNVBAsMBExDU0IxEDAOBgNVBAMMB0Jpb0NvcmUxIzAhBgkqhkiG9w0B
CQEWFGphY2VrLmxlYmlvZGFAdW5pLmx1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA2EmC0FnGf6dXw1sLUCksS86dWDSBgLi1aBQzYYNC2MztJmhMe+mO
oP34eKbbId4bVWiOp3XDrSdWf10q/viwOk8ApdNsZ1WbaKG5rLl5QwXQ/RAoEYAb
pws67FGw1zZynoYt/RwEgwme38d6TuiBhD5V8OF1Ri6dXC5hC0YoQ3lf4fqj+X9u
RnsbWUP5Q+EOi9tcZ98PRvBL2wcQajl56AUCNP30d7fuyZPjRc0cx60w4veWASzz
A2G4BFPYQww7VWbsWtts+1SXzgue+6yyCtD0R5iE4nlTWT9N5SwpBj2YURFKC5PM
P+zyLrER8KeA9XC1nG+7obFRRtYnJVswYwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQAfUOMPaaf1Yzk/IYiuGw7VO7roNO8vaePnAP0UmxaHgbZrKnwj0y+GOxnco7D1
Ty94MiyoCfS4BhdLoIwON+BTW7UgJMyMi7fJ6/+UbcWr2Rq6iAzB0lyU+rmreBGm
FU4hdvqSRsiLtVuHbpURZNQeJoZ5VKYv8NqOJ7cYYtlJORCzIfTqVhoLoTalbn+n
NsRLdHY2Edue50ilwt1IBToeRkn+fw9wNJSrxZoEHRVHL5UFwIqacr1i9eDR41N9
PSnEei4y2uT4csfGqoRTmo++P3tzwOuGLpcmB0OD55/G6J3p2ZCVT7CT3b6ln1FJ
urcT2wFIC9ay116JEB8J+3PB
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDYSYLQWcZ/p1fD
WwtQKSxLzp1YNIGAuLVoFDNhg0LYzO0maEx76Y6g/fh4ptsh3htVaI6ndcOtJ1Z/
XSr++LA6TwCl02xnVZtoobmsuXlDBdD9ECgRgBunCzrsUbDXNnKehi39HASDCZ7f
x3pO6IGEPlXw4XVGLp1cLmELRihDeV/h+qP5f25GextZQ/lD4Q6L21xn3w9G8Evb
BxBqOXnoBQI0/fR3t+7Jk+NFzRzHrTDi95YBLPMDYbgEU9hDDDtVZuxa22z7VJfO
C577rLIK0PRHmITieVNZP03lLCkGPZhREUoLk8w/7PIusRHwp4D1cLWcb7uhsVFG
1iclWzBjAgMBAAECggEAMbwFpp9eM7BpT/S5jz9Ifk4OhF/ef5j5resnPX8Pegb1
aWWGYN/9+issXaIQtaL7KhKW6w77Ze+rxjHIV0UcUOwlu/v363MV/2Ng7MThi3Xk
7qwuaofI1AqTDBBk17gfdzBnltJAf1lQ/ShDia2RSrWC0ZcmfnLtoGrRyePiElGE
bYqOgJE46A38abau+uz2gW3lJ6LtbbCjlLbUqSEZ+9fqSj65z3XtlcKRVLdyQIby
xntH8dCTd64dULqe3oJH2M0mpv5QIbOdvmr1u+VqMJ0L8rud9D8K541pFlHPxMqz
vVs7q+mRGUQKsbBsFp3MQmsgANw9uv0Yb8dpwskz0QKBgQDvGIh8ZYlBLpwGI468
5b0OFEoNESQjmRXUGP7n8d4dY18IxKiOkJ9e7AFpue/6Y+7kZdm9IsjV5aku5GN7
9YHOrnMoEfyPwDkJ8DWk4i3UYD5BbLRYcD2C9+rEGYJd8Zg+fSwpebzXbcV1S82z
jKQiHfMjK9vRYs300vugcAHwxQKBgQDnlCgfcFxY5iaxmdAhzlw9YI9UV05ryZwR
ie64uk5UhJ23WumG9P7+w7b6qaWAS99m7kkfsAGzcz4S2B4HjPO9fmdBnXxAEDOm
1mIngmPjcQhgtS/KMYdatyUqowOfAU5mf9Mry77ij/O2AKGQNstu38pzJjPtHNTU
ZxTnF2rfBwKBgA5A9SoNV5BmOfD3v7OtMocbWIrM4c2pe66oStIDDk3MNcctCitt
ncKn6TGnXxIbUQuWstNetoBh76MXBINIUJPEvKK/58GeIQhhpKEOxtKpZiy6UUoQ
bupW400LhEUbeQsIpVBXrJVfOu1SNpIkqUhLZspK/BDQhhy5UzzuUH9NAoGAdi0h
HIoWVjd8330CvX21jIzOF9hF6LOFtV2SOSq59l+GrJ70NS6pQhFWOyx/jK0rYDeR
kV4cQBs7PhqTmH7Rk44B23Ymhfq+oREeHdNobhSslc1gieokjKKRkOSHYIkmHSB1
/w+GZc/YKrS/vfx4bChAA+sm7IWeBpZkEFne69kCgYAn6DVkQe3FoUuike01elND
3cO85M38bCUgr6o1ZqMF5Jfe1lwciucS2T1NnH93W5/NC6bOvr51n89+C7DITx6U
UQCrW7ZUUslWvSrbrPiV2ZqSBAba878zFiJD8fFW3TOjqJB7Zep7R3MBCg/Q960o
3VF4xf+hLPWLr9A+ZgFaMQ==
-----END PRIVATE KEY-----
worker_processes auto;
error_log /log/nginx_error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /log/nginx_access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://web:8002;
}
}
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name 127.0.0.1 localhost;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 120m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
root /var/www/shared;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
location /static/ {
include /etc/nginx/mime.types;
root /var/www/shared/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://web:8002;
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment