refactor: convert SERVER_ENVIRONMENT + DEPLOYMENT_TYPE to DEPLOYMENT_…

…ENVIRONMENT

- No more 'local|remote', only 'dev|staging|prod'

justfile

@@ -69,7 +69,7 @@ color_reset := "\\033[39m"
   echo "Pruning digested assets..."
   @mix phx.digest.clean --all
 
-# copy caddyfile, then validate and reload caddy [environment: local|vagrant|staging|prod]
+# copy caddyfile, then validate and reload caddy [environment: dev|vagrant|staging|prod]
 @caddyfile-copy-validate-reload environment:
   echo "Copying the Caddyfile, then validating and reloading Caddy..."
   @./support/scripts/caddyfile-copy-validate-reload {{ environment }}

support/containers/README.md

@@ -99,26 +99,30 @@ To run this project's built-in Traefik container service:
 - You will need to include the following Compose files when running a Traefik container via `docker-compose`:
   - `compose.traefik.yaml`
     - The Traefik container
-  - `compose.traefik-config-[local|remote].yaml` (pick one of `local` or `remote`)
+  - `compose.traefik-config-[dev|staging|prod].yaml` (must be one of `dev`, `staging`, or `prod`)
     - The Traefik container's environment-specific config
   - `compose.phoenix.yaml`
     - This project's Phoenix container
   - `networks/compose.phoenix-traefik.yaml`
     - This project's network configuration for Phoenix + Traefik
-  - `compose.phoenix-config-traefik-[local|remote].yaml`
+  - `compose.phoenix-config-traefik-[dev|staging|prod].yaml`
     - This project's environment-specific Traefik configuration
 - Create a Docker network for proxying services through Traefik:
   - Docker: `docker network create traefik-global-proxy`
   - Podman: `podman network create traefik-global-proxy`
   - **NOTE:** The name `traefik-global-proxy` is hardcoded in the Compose files. Do not use a different name for the network!
 - Launch the **Postgres + Traefik + Phoenix** container service:
   - Examples:
-    - In a local environment (HTTP only):
+    - In a dev environment (HTTP only):
       - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-local.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-local.yaml up`
-      - Podman: `docker-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-local.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-local.yaml up`
-    - In a remote environment (exposed to Internet, uses HTTPS):
-      - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-remote.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-remote.yaml up`
-      - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-remote.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-remote.yaml up`
+      - Podman: `docker-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-dev.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-dev.yaml up`
+    - In a staging environment (exposed to Internet, uses HTTPS):
+      - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-staging.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-staging.yaml up`
+      - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-staging.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-staging.yaml up`
+    - In a prod environment (exposed to Internet, uses HTTPS):
+      - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-prod.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-prod.yaml up`
+      - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-prod.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-prod.yaml up`
+    - NOTE: The `staging` and `prod` environments are the same, except the staging environment uses [the Let's Encrypt staging environment](https://letsencrypt.org/docs/staging-environment/).
     - To avoid running these long commands, use the easy-use scripts in `support/containers/scripts`.
 - To access the Traefik dashboard:
   - Using a web browser, navigate to the location of your `$TRAEFIK_DASHBOARD_FQDN`.

support/containers/compose.phoenix-config-traefik-staging.yaml

@@ -0,0 +1 @@
+compose.phoenix-config-traefik-prod.yaml

support/containers/compose.traefik-config-dev.yml

@@ -0,0 +1,16 @@
+---
+services:
+  traefik:
+    volumes:
+      - "./etc/dev:/etc/traefik"
+    labels:
+      - "traefik.http.routers.traefik.entrypoints=web"
+
+      # # require authentication to access the dashboard (uncomment the next lines to enable)
+      # - "traefik.http.routers.traefik.middlewares=auth"
+      #
+      # # use `mkpasswd --method=bcrypt` to convert your password to a bcrypt
+      # # hash before pasting it here. (make sure to double up any dollar sign
+      # # symbols ($ -> $$) since the dollar sign symbol is used as an escape
+      # # character in YAML)
+      # - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}"

support/containers/compose.traefik-config-remote.yaml → support/containers/compose.traefik-config-prod.yml

@@ -4,7 +4,7 @@ services:
     ports:
       - "443:443"
     volumes:
-      - "./etc/remote:/etc/traefik"
+      - "./etc/prod:/etc/traefik"
       - "./volumes/letsencrypt:/letsencrypt"
     labels:
       - "traefik.http.routers.traefik.entrypoints=websecure"
@@ -18,4 +18,4 @@ services:
       # hash before pasting it here. (make sure to double up any dollar sign
       # symbols ($ -> $$) since the dollar sign symbol is used as an escape
       # character in YAML)
-      - "traefik.http.middlewares.auth.basicauth.users=admin:$$2b$$05$$Ih60v/ETUR94rysSQBRbgO/S91DRdohjusSYz5RVIpbzBAyGW1Dke"
+      - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}"

support/containers/compose.traefik-config-staging.yml

@@ -0,0 +1,21 @@
+---
+services:
+  traefik:
+    ports:
+      - "443:443"
+    volumes:
+      - "./etc/staging:/etc/traefik"
+      - "./volumes/letsencrypt:/letsencrypt"
+    labels:
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+
+      # require authentication to access the dashboard (you can comment out the
+      # next line to disable authentication (not recommended in production!)
+      - "traefik.http.routers.traefik.middlewares=auth"
+
+      # use `mkpasswd --method=bcrypt` to convert your password to a bcrypt
+      # hash before pasting it here. (make sure to double up any dollar sign
+      # symbols ($ -> $$) since the dollar sign symbol is used as an escape
+      # character in YAML)
+      - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}"

support/containers/etc/local/traefik.yml → support/containers/etc/dev/traefik.yml

@@ -19,6 +19,3 @@ providers:
 entryPoints:
   web:
     address: ":80"
-
-pilot:
-  dashboard: false

support/containers/etc/remote/traefik.yml → support/containers/etc/prod/traefik.yml

@@ -3,9 +3,6 @@ global:
   sendAnonymousUsage: false
   checkNewVersion: false
 
-log:
-  level: "DEBUG"
-
 api:
   dashboard: true
 
@@ -33,6 +30,3 @@ certificatesResolvers:
       email: "letsencrypt@example.com"
       storage: "/letsencrypt/acme.json"
       tlsChallenge: {}
-
-pilot:
-  dashboard: false

support/containers/etc/staging/middleware.yml

@@ -0,0 +1,17 @@
+---
+http:
+  middlewares:
+    redirect-non-www-to-www:
+      redirectregex:
+        regex: "^https?://(?:www\\.)?(.+)" # also redirects http -> https
+        replacement: "https://www.${1}"
+        permanent: true
+    redirect-www-to-non-www:
+      redirectregex:
+        regex: "^https?://www\\.(.+)" # also redirects http -> https
+        replacement: "https://${1}"
+        permanent: true
+    short-analytics-url:
+      replacepathregex:
+        regex: "^(.*)/pl.js$$"
+        replacement: "${1}/plausible.js"

support/containers/etc/staging/traefik.yml

@@ -0,0 +1,33 @@
+---
+global:
+  sendAnonymousUsage: false
+  checkNewVersion: false
+
+api:
+  dashboard: true
+
+providers:
+  docker:
+    exposedByDefault: false
+    network: "traefik-global-proxy"
+  file:
+    directory: "/etc/traefik"
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: "websecure"
+          scheme: "https"
+  websecure:
+    address: ":443"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
+      email: "letsencrypt@example.com"
+      storage: "/letsencrypt/acme.json"
+      tlsChallenge: {}

support/deployment/README.md

@@ -128,8 +128,8 @@ To deploy with Caddy, complete the following steps:
 
 3. There are several example Caddyfiles:
 
-   - `Caddyfile.local`: Uses 'localhost' subdomain
-   - `Caddyfile.vagrant`: Like local, but sets a manual path for the TLS certificates.
+   - `Caddyfile.dev`: Uses 'localhost' subdomain
+   - `Caddyfile.vagrant`: Like dev, but sets a manual path for the TLS certificates.
      - This allows a self-signed certificate to be made on the host (e.g. using 'mkcert'), and used in the VM.
      - Designed for use with [Vagrant](https://github.com/hashicorp/vagrant)
    - `Caddyfile.staging`: Uses a live domain name, but not the production one.
@@ -138,7 +138,7 @@ To deploy with Caddy, complete the following steps:
 
 4. Copy the desired project's Caddyfile to the Caddy configuration directory:
 
-- local: `sudo cp Caddyfile.local /etc/caddy/Caddyfile`
+- dev: `sudo cp Caddyfile.dev /etc/caddy/Caddyfile`
 - vagrant: `sudo cp Caddyfile.vagrant /etc/caddy/Caddyfile`
 - staging: `sudo cp Caddyfile.staging /etc/caddy/Caddyfile`
 - prod: `sudo cp Caddyfile.prod /etc/caddy/Caddyfile`
@@ -208,18 +208,22 @@ You can use the `support/scripts/systemd-container-service-file-generate` to eas
     - The output of a `--dry-run` is identical to the real service file, and can be piped as needed.
   - `--podman` - Configures the service for use with Podman instead of Docker.
   - `--postgres` - Run a Postgres container as part of the service.
-  - `--remote` - Configures Traefik to work in a remote environment.
-    - Supports HTTPS certificates via Let's Encrypt.
-    - If the machine will be accessible from the Internet, you will probably want to use this option.
   - `--traefik-client` - Configures the service to be used as Traefik.
     - Does not start a Traefik server.
   - `--traefik-host` - Configures the service to be used as Traefik.
     - Runs a Traefik container as part of the service.
+  - Traefik-specific options:
+    - `--dev` - Configures Traefik to work in a dev environment.
+      - HTTP only (No HTTPS)
+    - `--staging` - Configures Traefik to work in a staging environment.
+      - Supports HTTPS certificates via Let's Encrypt, but uses [the Let's Encrypt staging environment](https://letsencrypt.org/docs/staging-environment/)
+    - `--prod` - Configures Traefik to work in a production environment.
+      - Supports HTTPS certificates via Let's Encrypt
 
 After running the `systemd-container-service-file-generate` script:
 
 - The output will be sent here:
-  - '~/.confir/systemd/user/phoenix-todo-list.service'
+  - '~/.config/systemd/user/phoenix-todo-list.service'
 - Before you can manage the systemd service, you will need to reload the systemd daemons:
   - systemctl --user daemon-reload
 - To enable this service:

support/deployment/caddy/Caddyfile.local → support/deployment/caddy/Caddyfile.dev

@@ -4,7 +4,7 @@ phoenix-todo-list.localhost {
 
 	basicauth /metrics {
 		# use `mkpasswd --method=bcrypt` to generate a secure password
-		# password for local config is 'admin'
+		# default password for dev config is 'admin'
 		admin $2b$05$Z0uqobvCRq0E11ZUmNwON.BJQKU3xXwGndjblofiQ.6DC9JUYu7Be
 	}
 }
@@ -16,7 +16,7 @@ dev.phoenix-todo-list.localhost {
 	# # use `mkpasswd --method=bcrypt` to generate a secure password
 	# basicauth /metrics {
 	#		# use `mkpasswd --method=bcrypt` to generate a secure password
-	#		# password for local config is 'admin'
+	#		# default password for dev config is 'admin'
 	# 	admin $2b$05$Z0uqobvCRq0E11ZUmNwON.BJQKU3xXwGndjblofiQ.6DC9JUYu7Be
 	# }
 }

support/scripts/caddyfile-copy-validate-reload

@@ -4,9 +4,9 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
   echo "Copy this project's Caddyfile to the Caddy config directory, then validate the config and restart Caddy.
 
 This script accepts a single positional argument that will specify the Caddyfile to use.
-  - Must be one of: local, vagrant, staging, prod
-    - local: Uses 'localhost' subdomain
-    - vagrant: Like local, but sets a manual path for the TLS certificates.
+  - Must be one of: dev, vagrant, staging, prod
+    - dev: Uses 'localhost' subdomain
+    - vagrant: Like dev, but sets a manual path for the TLS certificates.
       - Designed for use with Vagrant (https://github.com/hashicorp/vagrant)
     - This allows a self-signed certificate to be made on the host (e.g. using 'mkcert'), and used in the VM.
     - staging: Uses a live domain name, but not the production one.
@@ -19,13 +19,13 @@ fi
 cd "$(dirname "$0")/../.." || exit 1
 
 # use first positional argument to set caddyfile type
-if [ "$1" = "local" ] || [ "$1" = "vagrant" ] || [ "$1" = "staging" ] || [ "$1" = "prod" ]; then
+if [ "$1" = "dev" ] || [ "$1" = "vagrant" ] || [ "$1" = "staging" ] || [ "$1" = "prod" ]; then
   echo "Using '$1' Caddyfile..."
   caddyfile_to_use="support/deployment/caddy/Caddyfile.$1"
 else
 
   # if invalid caddyfile type is specified, then abort
-  echo "\033[91mFirst positional argument must be one of: local, vagrant, staging, prod. Aborting...\033[39m"
+  echo "\033[91mFirst positional argument must be one of: dev, vagrant, staging, prod. Aborting...\033[39m"
   exit 1
 
 fi

support/scripts/containers/README.md

@@ -5,9 +5,10 @@ This is a collection of scripts designed to save you from having to type out ted
 # Notes
 
 - The first positional argument must be the `docker-compose` action you want to perform, e.g. up, down, restart, etc.
-- When running a Traefik container, your will need to specify 'local' or 'remote' (without quotes) as the second positional argument.
-  - local - no HTTPS
-  - remote - uses HTTPS
+- When running a Traefik container, your will need to specify the deployment environment as the second positional argument. Must be one of:
+  - dev - no HTTPS
+  - staging - uses HTTPS + Let's Encrypt staging environment
+  - prod - uses HTTPS
 - To use Podman instead of Docker, pass the flag '--podman' as the last positional argument.
 - Running any of the Traefik containers will attempt to create a `traefik-global-proxy` network before starting the containers.
 

support/scripts/containers/compose--phoenix-postgres-traefik

@@ -6,10 +6,11 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
 The first positional argument must specify the 'docker-compose' command(s) to run.
   - Examples: up, down, restart, etc.
 
-The second positional argument must specify the location of the deployment.
-  - Must be one of: local, remote
-    - local: no HTTPS
-    - remote: uses HTTPS
+The second positional argument must specify the deployment environment.
+  - Must be one of: 'dev', 'staging', 'prod'
+    - dev: no HTTPS
+    - staging: uses HTTPS + Let's Encrypt staging environment
+    - prod: uses HTTPS
 
 To use Podman instead of Docker, pass the '--podman' flag as the last positional argument."
   exit
@@ -35,15 +36,11 @@ else
 fi
 
 # ensure second (first after shifting) positional argument is present
-if [ "$1" = "" ] || [ "$1" != "local" ] && [ "$1" != "remote" ]; then
-  echo "Error: The second positional argument must specify whether the Traefik container should use a 'local' (no HTTPS) or 'remote' (uses HTTPS) config (without the quotes).
-
-The second positional argument must be one of: local, remote
-
-Aborting..."
+if [ "$1" = "" ] || [ "$1" != "dev" ] && [ "$1" != "staging" ] && [ "$1" != "staging" ]; then
+  printf "\033[31mThe second positional argument must be one of: dev, staging, prod\033[39m\nAborting...\n"
   exit 1
 else
-  local_or_remote=$1
+  deployment_type=$1
 
   # shift first positional argument out of args
   shift
@@ -74,4 +71,4 @@ fi
 
 # run container action
 # shellcheck disable=SC2068,SC2086
-$application_to_run -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-$local_or_remote.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-$local_or_remote.yaml $action $@
+$application_to_run -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-$deployment_type.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-$deployment_type.yaml $action $@