From 923bdfb1a19e996e4d03f4be3e5b115d1ade137b Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 16:07:05 -0600 Subject: [PATCH 1/9] Moves allowed hosts out of prod and into dev --- src/ango/settings/dev.py | 3 +++ src/ango/settings/prod.py | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ango/settings/dev.py b/src/ango/settings/dev.py index 011815f..9cae410 100644 --- a/src/ango/settings/dev.py +++ b/src/ango/settings/dev.py @@ -2,6 +2,9 @@ SECRET_KEY = 'ojk@86z9*$zyuhge#3)p*%$q0psoo2lq*tv9jw90#1eezcl^y2' +# Must mention ALLOWED_HOSTS in production! +ALLOWED_HOSTS = ['*'] + DEBUG = True MIDDLEWARE.remove('django.middleware.csrf.CsrfViewMiddleware') diff --git a/src/ango/settings/prod.py b/src/ango/settings/prod.py index 5e22015..83cfa1b 100644 --- a/src/ango/settings/prod.py +++ b/src/ango/settings/prod.py @@ -15,9 +15,6 @@ DEBUG = False TEMPLATE_DEBUG = False -# Must mention ALLOWED_HOSTS in production! -ALLOWED_HOSTS = ['*'] - DATABASES = { # Raises ImproperlyConfigured exception if DATABASE_URL not in # os.environ From 6d861863fae1d09eedb4ad1cbd02fc4384f8b48e Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 17:08:46 -0600 Subject: [PATCH 2/9] Adds dockerignore and updates gitignore --- .dockerignore | 194 ++++++++++++++++++++++++++++++++++++++++++++++++++ .gitignore | 52 +++++++++++++- 2 files changed, 245 insertions(+), 1 deletion(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..248c622 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,194 @@ +# Handle here so .docker doesn't pick these files up for a build . + +# Docs +/LICENSE +/README.md +# Heroku +/Procfile +/runtime.txt +# Deployment, CI +/circle.yml +/Dockerfile +# Ignores' +/.gitignore +/.dockerignore +# Dev +*/db.sqlite3 + + + + +# Created by .ignore support plugin (hsz.mobi) +### Python template +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# IPython Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# dotenv +.env + +# virtualenv +venv/ +ENV/ + +# Spyder project settings +.spyderproject + +# Rope project settings +.ropeproject +### OSX template +*.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk +### VirtualEnv template +# Virtualenv +# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/ +[Bb]in +[Ii]nclude +[Ll]ib +[Ll]ib64 +[Ll]ocal +[Ss]cripts +pyvenv.cfg +.venv +pip-selfcheck.json +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff: +.idea/workspace.xml +.idea/tasks.xml +.idea/dictionaries +.idea/vcs.xml +.idea/jsLibraryMappings.xml + +# Sensitive or high-churn files: +.idea/dataSources.ids +.idea/dataSources.xml +.idea/dataSources.local.xml +.idea/sqlDataSources.xml +.idea/dynamic.xml +.idea/uiDesigner.xml + +# Gradle: +.idea/gradle.xml +.idea/libraries + +# Mongo Explorer plugin: +.idea/mongoSettings.xml + +## File-based project format: +*.iws + +## Plugin-specific files: + +# IntelliJ +/out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8046ca9..9a2036a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,9 @@ + +*/db.sqlite3 + + + +### START PRE GENERATED IGNORE TEMPLATE # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] @@ -88,4 +94,48 @@ ENV/ # Rope project settings .ropeproject /db.sqlite3 -/src/db.sqlite3 +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff: +.idea/workspace.xml +.idea/tasks.xml +.idea/dictionaries +.idea/vcs.xml +.idea/jsLibraryMappings.xml + +# Sensitive or high-churn files: +.idea/dataSources.ids +.idea/dataSources.xml +.idea/dataSources.local.xml +.idea/sqlDataSources.xml +.idea/dynamic.xml +.idea/uiDesigner.xml + +# Gradle: +.idea/gradle.xml +.idea/libraries + +# Mongo Explorer plugin: +.idea/mongoSettings.xml + +## File-based project format: +*.iws + +## Plugin-specific files: + +# IntelliJ +/out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties From 975a7d14a5bf53bbb72553a61a685631f1e4bee7 Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 17:09:27 -0600 Subject: [PATCH 3/9] Adds dockerfile --- Dockerfile | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d862e19 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,32 @@ +FROM python:3.6-alpine + +ENV INSTALL_PATH=/ango/ + +RUN mkdir $INSTALL_PATH + +WORKDIR $INSTALL_PATH + +COPY ./deps/ $INSTALL_PATH/deps/ + +RUN apk add --no-cache --virtual .build-deps \ + build-base postgresql-dev libffi-dev \ + && pip3 install -r $INSTALL_PATH/deps/prod.txt \ + && find /usr/local \ + \( -type d -a -name test -o -name tests \) \ + -o \( -type f -a -name '*.pyc' -o -name '*.pyo' \) \ + -exec rm -rf '{}' + \ + && runDeps="$( \ + scanelf --needed --nobanner --recursive /usr/local \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --virtual .rundeps $runDeps \ + && apk del .build-deps + +COPY ./src $INSTALL_PATH + +EXPOSE 8000 + +ENTRYPOINT ["/usr/local/bin/python3", "-u", "./manage.py"] \ No newline at end of file From 0e1987accccdb2dac7468741a6f21195d0e5dfdc Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 18:43:28 -0600 Subject: [PATCH 4/9] Updates prod settings to listen for allowed hosts environment variable --- src/ango/settings/prod.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ango/settings/prod.py b/src/ango/settings/prod.py index 83cfa1b..ab84484 100644 --- a/src/ango/settings/prod.py +++ b/src/ango/settings/prod.py @@ -12,6 +12,8 @@ SECRET_KEY = env('SECRET_KEY') +ALLOWED_HOSTS = env('ALLOWED_HOSTS') + DEBUG = False TEMPLATE_DEBUG = False From c12cbc3b6c87d6473f8c53db61192541e25e31ca Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 18:43:51 -0600 Subject: [PATCH 5/9] Adds docker-compose file --- docker-compose.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..cf11a1b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +version: '2' +services: + nginx-proxy: + image: jwilder/nginx-proxy + container_name: nginx-proxy + ports: + - "80:80" + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + + postgres: + image: kiasaki/alpine-postgres:9.5 + container_name: postgres + environment: + - POSTGRES_USER=admin + - POSTGRES_PASSWORD=randomTestPassword + + ango: + build: . + container_name: ango + command: "runserver 0.0.0.0:8000" + image: ncrmro/ango + environment: + - VIRTUAL_HOST=192.168.99.100 + - VIRTUAL_PORT=8000 + - DJANGO_SETTINGS_MODULE=ango.settings.prod + - SECRET_KEY='000000000000000' + - DATABASE_URL=postgres://admin:randomTestPassword@postgres:5432/admin + - ALLOWED_HOSTS=['*'] + depends_on: + - postgres \ No newline at end of file From 7affce90d03ab09ab83675cf6eb93ccbc7de8caa Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 18:49:04 -0600 Subject: [PATCH 6/9] Adds simple docker compose commands --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 934148d..002e7dd 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,19 @@ pip3 install -r ./deps/dev.txt ## Prod + +### Docker + +#### Docker Compose +``` +docker-compose build +docker-compose up +docker-compose run ango migrate +docker-compose run ango createsuperuser + +``` + +### Heroku A fresh dyno will need the following ran `heroku run --app APP bash` `python manage.py migrate` From f88bb9b2967406b3920e5d2b25a95c5ce1851bb3 Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 20:24:09 -0600 Subject: [PATCH 7/9] Updates docker to correctly use waitress --- Dockerfile | 2 +- README.md | 4 ++-- docker-compose.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index d862e19..d8f957e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,4 +29,4 @@ COPY ./src $INSTALL_PATH EXPOSE 8000 -ENTRYPOINT ["/usr/local/bin/python3", "-u", "./manage.py"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/python3", "-u"] \ No newline at end of file diff --git a/README.md b/README.md index 002e7dd..5ddf35f 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,8 @@ pip3 install -r ./deps/dev.txt ``` docker-compose build docker-compose up -docker-compose run ango migrate -docker-compose run ango createsuperuser +docker-compose run ango manage.py migrate +docker-compose run ango manage.py createsuperuser ``` diff --git a/docker-compose.yml b/docker-compose.yml index cf11a1b..e7040db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,10 +18,10 @@ services: ango: build: . container_name: ango - command: "runserver 0.0.0.0:8000" + command: "/usr/local/bin/waitress-serve --host=0.0.0.0 --port=8000 ango.wsgi:application" image: ncrmro/ango environment: - - VIRTUAL_HOST=192.168.99.100 + - VIRTUAL_HOST=192.168.99.101 - VIRTUAL_PORT=8000 - DJANGO_SETTINGS_MODULE=ango.settings.prod - SECRET_KEY='000000000000000' From dd53be81c1ce0125fc01e64a1831448f6bb77686 Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 22:21:34 -0600 Subject: [PATCH 8/9] Adds support for staticfiles --- .dockerignore | 3 ++- .gitignore | 1 + Dockerfile | 13 ++++++++++++- deps/nginx/default_location | 5 +++++ docker-compose.yml | 5 +++++ 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 deps/nginx/default_location diff --git a/.dockerignore b/.dockerignore index 248c622..a4881ba 100644 --- a/.dockerignore +++ b/.dockerignore @@ -191,4 +191,5 @@ atlassian-ide-plugin.xml com_crashlytics_export_strings.xml crashlytics.properties crashlytics-build.properties -fabric.properties \ No newline at end of file +fabric.properties +/src/staticfiles/ diff --git a/.gitignore b/.gitignore index 9a2036a..cfb55ce 100644 --- a/.gitignore +++ b/.gitignore @@ -139,3 +139,4 @@ com_crashlytics_export_strings.xml crashlytics.properties crashlytics-build.properties fabric.properties +/src/staticfiles/ diff --git a/Dockerfile b/Dockerfile index d8f957e..d9b59db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,10 @@ FROM python:3.6-alpine -ENV INSTALL_PATH=/ango/ +ENV INSTALL_PATH=/ango/ \ + DJANGO_SETTINGS_MODULE=ango.settings.prod \ + SECRET_KEY=000000000000000 \ + DATABASE_URL=postgres://admin:randomTestPassword@postgres:5432/admin \ + ALLOWED_HOSTS=['*'] RUN mkdir $INSTALL_PATH @@ -27,6 +31,13 @@ RUN apk add --no-cache --virtual .build-deps \ COPY ./src $INSTALL_PATH +COPY ./deps/nginx/ /etc/nginx/vhost.d/ + + +RUN python3 manage.py collectstatic --no-input + +VOLUME ["/ango/staticfiles", "/etc/nginx/vhost.d"] + EXPOSE 8000 ENTRYPOINT ["/usr/local/bin/python3", "-u"] \ No newline at end of file diff --git a/deps/nginx/default_location b/deps/nginx/default_location new file mode 100644 index 0000000..96702fe --- /dev/null +++ b/deps/nginx/default_location @@ -0,0 +1,5 @@ +location /static { + access_log off; + log_not_found off; + alias /ango/staticfiles; +} \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index e7040db..b180561 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,8 @@ services: - "80:80" volumes: - /var/run/docker.sock:/tmp/docker.sock:ro + volumes_from: + - ango:ro postgres: image: kiasaki/alpine-postgres:9.5 @@ -20,6 +22,9 @@ services: container_name: ango command: "/usr/local/bin/waitress-serve --host=0.0.0.0 --port=8000 ango.wsgi:application" image: ncrmro/ango + volumes: + - /ango/staticfiles + - ./deps/nginx:/etc/nginx/vhost.d:ro environment: - VIRTUAL_HOST=192.168.99.101 - VIRTUAL_PORT=8000 From 4ed583d1498955ec5234204596ae6f74a84ce1bc Mon Sep 17 00:00:00 2001 From: Nicholas Romero Date: Wed, 21 Dec 2016 22:28:55 -0600 Subject: [PATCH 9/9] Updates docs --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ddf35f..c2053f0 100644 --- a/README.md +++ b/README.md @@ -8,10 +8,12 @@ https://github.com/ncrmro/reango * Relay Support * User Registration/Sign up using JWT +* Heroku or Docker Deployment +* Docker Deployment has nginx staticfile proxy, letsencrypt csupport commming soon. ## Quick start: -source ~/.virtualenvs/bin/activate +source ~/.virtualenvs/ango/bin/activate pip3 install -r ./deps/dev.txt @@ -19,6 +21,16 @@ pip3 install -r ./deps/dev.txt ## Prod ### Docker +Sample docker-compose.yml and dockerfile are enough to test out the nginx/database/staticfiles + +Base image is alpine and after dependencies and staticfiles weighs in at 130.5mb + +You can tell if nginx is picking up the default vhost config by changing if static files are logged in the /deps/nginx/default_conf + + +Docker deployment should not be considered secure yet until the docker socket is moved to it's own container for nginx-gen and letsencrypt support.. +Wait for the docker-compose.prod.yml + #### Docker Compose ```