From 697e01024e9412e5f346fe315ab3990acc137b5f Mon Sep 17 00:00:00 2001 From: Nicholas Moen Date: Fri, 6 Oct 2023 06:20:09 -0600 Subject: [PATCH] refactor: convert SERVER_ENVIRONMENT + DEPLOYMENT_TYPE to DEPLOYMENT_ENVIRONMENT - No more 'local|remote', only 'dev|staging|prod' --- justfile | 2 +- support/containers/README.md | 18 +++++---- .../compose.phoenix-config-traefik-local.yaml | 7 ---- ... compose.phoenix-config-traefik-prod.yaml} | 0 ...ompose.phoenix-config-traefik-staging.yaml | 1 + .../containers/compose.traefik-config-dev.yml | 16 ++++++++ .../compose.traefik-config-local.yaml | 16 -------- ...e.yaml => compose.traefik-config-prod.yml} | 4 +- .../compose.traefik-config-staging.yml | 21 ++++++++++ .../etc/{local => dev}/middleware.yml | 0 .../containers/etc/{local => dev}/traefik.yml | 3 -- .../etc/{remote => prod}/middleware.yml | 0 .../etc/{remote => prod}/traefik.yml | 6 --- support/containers/etc/staging/middleware.yml | 17 ++++++++ support/containers/etc/staging/traefik.yml | 33 +++++++++++++++ support/deployment/README.md | 18 +++++---- .../caddy/{Caddyfile.local => Caddyfile.dev} | 4 +- .../scripts/caddyfile-copy-validate-reload | 10 ++--- support/scripts/containers/README.md | 7 ++-- .../compose--phoenix-postgres-traefik | 21 +++++----- .../systemd-container-service-file-generate | 40 +++++++++++++------ 21 files changed, 161 insertions(+), 83 deletions(-) delete mode 100644 support/containers/compose.phoenix-config-traefik-local.yaml rename support/containers/{compose.phoenix-config-traefik-remote.yaml => compose.phoenix-config-traefik-prod.yaml} (100%) create mode 120000 support/containers/compose.phoenix-config-traefik-staging.yaml create mode 100644 support/containers/compose.traefik-config-dev.yml delete mode 100644 support/containers/compose.traefik-config-local.yaml rename support/containers/{compose.traefik-config-remote.yaml => compose.traefik-config-prod.yml} (79%) create mode 100644 support/containers/compose.traefik-config-staging.yml rename support/containers/etc/{local => dev}/middleware.yml (100%) rename support/containers/etc/{local => dev}/traefik.yml (91%) rename support/containers/etc/{remote => prod}/middleware.yml (100%) rename support/containers/etc/{remote => prod}/traefik.yml (91%) create mode 100644 support/containers/etc/staging/middleware.yml create mode 100644 support/containers/etc/staging/traefik.yml rename support/deployment/caddy/{Caddyfile.local => Caddyfile.dev} (84%) diff --git a/justfile b/justfile index a1d8147a..517f5860 100644 --- a/justfile +++ b/justfile @@ -69,7 +69,7 @@ color_reset := "\\033[39m" echo "Pruning digested assets..." @mix phx.digest.clean --all -# copy caddyfile, then validate and reload caddy [environment: local|vagrant|staging|prod] +# copy caddyfile, then validate and reload caddy [environment: dev|vagrant|staging|prod] @caddyfile-copy-validate-reload environment: echo "Copying the Caddyfile, then validating and reloading Caddy..." @./support/scripts/caddyfile-copy-validate-reload {{ environment }} diff --git a/support/containers/README.md b/support/containers/README.md index 67a53fb1..4db99a07 100644 --- a/support/containers/README.md +++ b/support/containers/README.md @@ -99,13 +99,13 @@ To run this project's built-in Traefik container service: - You will need to include the following Compose files when running a Traefik container via `docker-compose`: - `compose.traefik.yaml` - The Traefik container - - `compose.traefik-config-[local|remote].yaml` (pick one of `local` or `remote`) + - `compose.traefik-config-[dev|staging|prod].yaml` (must be one of `dev`, `staging`, or `prod`) - The Traefik container's environment-specific config - `compose.phoenix.yaml` - This project's Phoenix container - `networks/compose.phoenix-traefik.yaml` - This project's network configuration for Phoenix + Traefik - - `compose.phoenix-config-traefik-[local|remote].yaml` + - `compose.phoenix-config-traefik-[dev|staging|prod].yaml` - This project's environment-specific Traefik configuration - Create a Docker network for proxying services through Traefik: - Docker: `docker network create traefik-global-proxy` @@ -113,12 +113,16 @@ To run this project's built-in Traefik container service: - **NOTE:** The name `traefik-global-proxy` is hardcoded in the Compose files. Do not use a different name for the network! - Launch the **Postgres + Traefik + Phoenix** container service: - Examples: - - In a local environment (HTTP only): + - In a dev environment (HTTP only): - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-local.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-local.yaml up` - - Podman: `docker-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-local.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-local.yaml up` - - In a remote environment (exposed to Internet, uses HTTPS): - - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-remote.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-remote.yaml up` - - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-remote.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-remote.yaml up` + - Podman: `docker-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-dev.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-dev.yaml up` + - In a staging environment (exposed to Internet, uses HTTPS): + - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-staging.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-staging.yaml up` + - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-staging.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-staging.yaml up` + - In a prod environment (exposed to Internet, uses HTTPS): + - Docker: `docker compose -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-prod.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-prod.yaml up` + - Podman: `podman-compose -H unix:$(podman info --format '{{.Host.RemoteSocket.Path}}') -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-prod.yaml -f compose.phoenix-postgres.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-prod.yaml up` + - NOTE: The `staging` and `prod` environments are the same, except the staging environment uses [the Let's Encrypt staging environment](https://letsencrypt.org/docs/staging-environment/). - To avoid running these long commands, use the easy-use scripts in `support/containers/scripts`. - To access the Traefik dashboard: - Using a web browser, navigate to the location of your `$TRAEFIK_DASHBOARD_FQDN`. diff --git a/support/containers/compose.phoenix-config-traefik-local.yaml b/support/containers/compose.phoenix-config-traefik-local.yaml deleted file mode 100644 index 19485123..00000000 --- a/support/containers/compose.phoenix-config-traefik-local.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -services: - phoenix: - labels: - - "traefik.enable=true" - - "traefik.http.routers.phoenix-todo-list.rule=Host(`${PHX_HOST:?}`)" - - "traefik.http.routers.phoenix-todo-list.entrypoints=web" diff --git a/support/containers/compose.phoenix-config-traefik-remote.yaml b/support/containers/compose.phoenix-config-traefik-prod.yaml similarity index 100% rename from support/containers/compose.phoenix-config-traefik-remote.yaml rename to support/containers/compose.phoenix-config-traefik-prod.yaml diff --git a/support/containers/compose.phoenix-config-traefik-staging.yaml b/support/containers/compose.phoenix-config-traefik-staging.yaml new file mode 120000 index 00000000..7a900b2e --- /dev/null +++ b/support/containers/compose.phoenix-config-traefik-staging.yaml @@ -0,0 +1 @@ +compose.phoenix-config-traefik-prod.yaml \ No newline at end of file diff --git a/support/containers/compose.traefik-config-dev.yml b/support/containers/compose.traefik-config-dev.yml new file mode 100644 index 00000000..02ae5180 --- /dev/null +++ b/support/containers/compose.traefik-config-dev.yml @@ -0,0 +1,16 @@ +--- +services: + traefik: + volumes: + - "./etc/dev:/etc/traefik" + labels: + - "traefik.http.routers.traefik.entrypoints=web" + + # # require authentication to access the dashboard (uncomment the next lines to enable) + # - "traefik.http.routers.traefik.middlewares=auth" + # + # # use `mkpasswd --method=bcrypt` to convert your password to a bcrypt + # # hash before pasting it here. (make sure to double up any dollar sign + # # symbols ($ -> $$) since the dollar sign symbol is used as an escape + # # character in YAML) + # - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}" diff --git a/support/containers/compose.traefik-config-local.yaml b/support/containers/compose.traefik-config-local.yaml deleted file mode 100644 index 78aac5c8..00000000 --- a/support/containers/compose.traefik-config-local.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -services: - traefik: - volumes: - - "./etc/local:/etc/traefik" - labels: - - "traefik.http.routers.traefik.entrypoints=web" - - # # require authentication to access the dashboard (uncomment the next lines to enable) - # - "traefik.http.routers.traefik.middlewares=auth" - # - # use `mkpasswd --method=bcrypt` to convert your password to a bcrypt - # hash before pasting it here. (make sure to double up any dollar sign - # symbols ($ -> $$) since the dollar sign symbol is used as an escape - # character in YAML) - # - "traefik.http.middlewares.auth.basicauth.users=admin:${TRAEFIK_DASHBOARD_PASSWORD_HASH:-$$2b$$05$$v2kiZzxQVEouDNeILmzUTeJBE2ScPBJgfKagbLQSDD3fqJtg6.6VW}" diff --git a/support/containers/compose.traefik-config-remote.yaml b/support/containers/compose.traefik-config-prod.yml similarity index 79% rename from support/containers/compose.traefik-config-remote.yaml rename to support/containers/compose.traefik-config-prod.yml index 4b8f7cc9..58d685a4 100644 --- a/support/containers/compose.traefik-config-remote.yaml +++ b/support/containers/compose.traefik-config-prod.yml @@ -4,7 +4,7 @@ services: ports: - "443:443" volumes: - - "./etc/remote:/etc/traefik" + - "./etc/prod:/etc/traefik" - "./volumes/letsencrypt:/letsencrypt" labels: - "traefik.http.routers.traefik.entrypoints=websecure" @@ -18,4 +18,4 @@ services: # hash before pasting it here. (make sure to double up any dollar sign # symbols ($ -> $$) since the dollar sign symbol is used as an escape # character in YAML) - - "traefik.http.middlewares.auth.basicauth.users=admin:$$2b$$05$$Ih60v/ETUR94rysSQBRbgO/S91DRdohjusSYz5RVIpbzBAyGW1Dke" + - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}" diff --git a/support/containers/compose.traefik-config-staging.yml b/support/containers/compose.traefik-config-staging.yml new file mode 100644 index 00000000..83fbe5de --- /dev/null +++ b/support/containers/compose.traefik-config-staging.yml @@ -0,0 +1,21 @@ +--- +services: + traefik: + ports: + - "443:443" + volumes: + - "./etc/staging:/etc/traefik" + - "./volumes/letsencrypt:/letsencrypt" + labels: + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" + + # require authentication to access the dashboard (you can comment out the + # next line to disable authentication (not recommended in production!) + - "traefik.http.routers.traefik.middlewares=auth" + + # use `mkpasswd --method=bcrypt` to convert your password to a bcrypt + # hash before pasting it here. (make sure to double up any dollar sign + # symbols ($ -> $$) since the dollar sign symbol is used as an escape + # character in YAML) + - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS:-admin:$2b$05$ziXkIFQh5zJHZYsmX1LGluwyTYx4UVT2hz/CkEsjbuxG8kdXTfuUm}" diff --git a/support/containers/etc/local/middleware.yml b/support/containers/etc/dev/middleware.yml similarity index 100% rename from support/containers/etc/local/middleware.yml rename to support/containers/etc/dev/middleware.yml diff --git a/support/containers/etc/local/traefik.yml b/support/containers/etc/dev/traefik.yml similarity index 91% rename from support/containers/etc/local/traefik.yml rename to support/containers/etc/dev/traefik.yml index 59fdbcfe..b6482560 100644 --- a/support/containers/etc/local/traefik.yml +++ b/support/containers/etc/dev/traefik.yml @@ -19,6 +19,3 @@ providers: entryPoints: web: address: ":80" - -pilot: - dashboard: false diff --git a/support/containers/etc/remote/middleware.yml b/support/containers/etc/prod/middleware.yml similarity index 100% rename from support/containers/etc/remote/middleware.yml rename to support/containers/etc/prod/middleware.yml diff --git a/support/containers/etc/remote/traefik.yml b/support/containers/etc/prod/traefik.yml similarity index 91% rename from support/containers/etc/remote/traefik.yml rename to support/containers/etc/prod/traefik.yml index 1d5a8df1..2e892b98 100644 --- a/support/containers/etc/remote/traefik.yml +++ b/support/containers/etc/prod/traefik.yml @@ -3,9 +3,6 @@ global: sendAnonymousUsage: false checkNewVersion: false -log: - level: "DEBUG" - api: dashboard: true @@ -33,6 +30,3 @@ certificatesResolvers: email: "letsencrypt@example.com" storage: "/letsencrypt/acme.json" tlsChallenge: {} - -pilot: - dashboard: false diff --git a/support/containers/etc/staging/middleware.yml b/support/containers/etc/staging/middleware.yml new file mode 100644 index 00000000..d846c776 --- /dev/null +++ b/support/containers/etc/staging/middleware.yml @@ -0,0 +1,17 @@ +--- +http: + middlewares: + redirect-non-www-to-www: + redirectregex: + regex: "^https?://(?:www\\.)?(.+)" # also redirects http -> https + replacement: "https://www.${1}" + permanent: true + redirect-www-to-non-www: + redirectregex: + regex: "^https?://www\\.(.+)" # also redirects http -> https + replacement: "https://${1}" + permanent: true + short-analytics-url: + replacepathregex: + regex: "^(.*)/pl.js$$" + replacement: "${1}/plausible.js" diff --git a/support/containers/etc/staging/traefik.yml b/support/containers/etc/staging/traefik.yml new file mode 100644 index 00000000..ad4bfc6d --- /dev/null +++ b/support/containers/etc/staging/traefik.yml @@ -0,0 +1,33 @@ +--- +global: + sendAnonymousUsage: false + checkNewVersion: false + +api: + dashboard: true + +providers: + docker: + exposedByDefault: false + network: "traefik-global-proxy" + file: + directory: "/etc/traefik" + +entryPoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: "websecure" + scheme: "https" + websecure: + address: ":443" + +certificatesResolvers: + letsencrypt: + acme: + caServer: https://acme-staging-v02.api.letsencrypt.org/directory + email: "letsencrypt@example.com" + storage: "/letsencrypt/acme.json" + tlsChallenge: {} diff --git a/support/deployment/README.md b/support/deployment/README.md index 710876bc..2d99a440 100644 --- a/support/deployment/README.md +++ b/support/deployment/README.md @@ -128,8 +128,8 @@ To deploy with Caddy, complete the following steps: 3. There are several example Caddyfiles: - - `Caddyfile.local`: Uses 'localhost' subdomain - - `Caddyfile.vagrant`: Like local, but sets a manual path for the TLS certificates. + - `Caddyfile.dev`: Uses 'localhost' subdomain + - `Caddyfile.vagrant`: Like dev, but sets a manual path for the TLS certificates. - This allows a self-signed certificate to be made on the host (e.g. using 'mkcert'), and used in the VM. - Designed for use with [Vagrant](https://github.com/hashicorp/vagrant) - `Caddyfile.staging`: Uses a live domain name, but not the production one. @@ -138,7 +138,7 @@ To deploy with Caddy, complete the following steps: 4. Copy the desired project's Caddyfile to the Caddy configuration directory: -- local: `sudo cp Caddyfile.local /etc/caddy/Caddyfile` +- dev: `sudo cp Caddyfile.dev /etc/caddy/Caddyfile` - vagrant: `sudo cp Caddyfile.vagrant /etc/caddy/Caddyfile` - staging: `sudo cp Caddyfile.staging /etc/caddy/Caddyfile` - prod: `sudo cp Caddyfile.prod /etc/caddy/Caddyfile` @@ -208,18 +208,22 @@ You can use the `support/scripts/systemd-container-service-file-generate` to eas - The output of a `--dry-run` is identical to the real service file, and can be piped as needed. - `--podman` - Configures the service for use with Podman instead of Docker. - `--postgres` - Run a Postgres container as part of the service. - - `--remote` - Configures Traefik to work in a remote environment. - - Supports HTTPS certificates via Let's Encrypt. - - If the machine will be accessible from the Internet, you will probably want to use this option. - `--traefik-client` - Configures the service to be used as Traefik. - Does not start a Traefik server. - `--traefik-host` - Configures the service to be used as Traefik. - Runs a Traefik container as part of the service. + - Traefik-specific options: + - `--dev` - Configures Traefik to work in a dev environment. + - HTTP only (No HTTPS) + - `--staging` - Configures Traefik to work in a staging environment. + - Supports HTTPS certificates via Let's Encrypt, but uses [the Let's Encrypt staging environment](https://letsencrypt.org/docs/staging-environment/) + - `--prod` - Configures Traefik to work in a production environment. + - Supports HTTPS certificates via Let's Encrypt After running the `systemd-container-service-file-generate` script: - The output will be sent here: - - '~/.confir/systemd/user/phoenix-todo-list.service' + - '~/.config/systemd/user/phoenix-todo-list.service' - Before you can manage the systemd service, you will need to reload the systemd daemons: - systemctl --user daemon-reload - To enable this service: diff --git a/support/deployment/caddy/Caddyfile.local b/support/deployment/caddy/Caddyfile.dev similarity index 84% rename from support/deployment/caddy/Caddyfile.local rename to support/deployment/caddy/Caddyfile.dev index 69065a4d..be6b85e6 100644 --- a/support/deployment/caddy/Caddyfile.local +++ b/support/deployment/caddy/Caddyfile.dev @@ -4,7 +4,7 @@ phoenix-todo-list.localhost { basicauth /metrics { # use `mkpasswd --method=bcrypt` to generate a secure password - # password for local config is 'admin' + # default password for dev config is 'admin' admin $2b$05$Z0uqobvCRq0E11ZUmNwON.BJQKU3xXwGndjblofiQ.6DC9JUYu7Be } } @@ -16,7 +16,7 @@ dev.phoenix-todo-list.localhost { # # use `mkpasswd --method=bcrypt` to generate a secure password # basicauth /metrics { # # use `mkpasswd --method=bcrypt` to generate a secure password - # # password for local config is 'admin' + # # default password for dev config is 'admin' # admin $2b$05$Z0uqobvCRq0E11ZUmNwON.BJQKU3xXwGndjblofiQ.6DC9JUYu7Be # } } diff --git a/support/scripts/caddyfile-copy-validate-reload b/support/scripts/caddyfile-copy-validate-reload index 52dd4c2c..9fd722a9 100755 --- a/support/scripts/caddyfile-copy-validate-reload +++ b/support/scripts/caddyfile-copy-validate-reload @@ -4,9 +4,9 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo "Copy this project's Caddyfile to the Caddy config directory, then validate the config and restart Caddy. This script accepts a single positional argument that will specify the Caddyfile to use. - - Must be one of: local, vagrant, staging, prod - - local: Uses 'localhost' subdomain - - vagrant: Like local, but sets a manual path for the TLS certificates. + - Must be one of: dev, vagrant, staging, prod + - dev: Uses 'localhost' subdomain + - vagrant: Like dev, but sets a manual path for the TLS certificates. - Designed for use with Vagrant (https://github.com/hashicorp/vagrant) - This allows a self-signed certificate to be made on the host (e.g. using 'mkcert'), and used in the VM. - staging: Uses a live domain name, but not the production one. @@ -19,13 +19,13 @@ fi cd "$(dirname "$0")/../.." || exit 1 # use first positional argument to set caddyfile type -if [ "$1" = "local" ] || [ "$1" = "vagrant" ] || [ "$1" = "staging" ] || [ "$1" = "prod" ]; then +if [ "$1" = "dev" ] || [ "$1" = "vagrant" ] || [ "$1" = "staging" ] || [ "$1" = "prod" ]; then echo "Using '$1' Caddyfile..." caddyfile_to_use="support/deployment/caddy/Caddyfile.$1" else # if invalid caddyfile type is specified, then abort - echo "\033[91mFirst positional argument must be one of: local, vagrant, staging, prod. Aborting...\033[39m" + echo "\033[91mFirst positional argument must be one of: dev, vagrant, staging, prod. Aborting...\033[39m" exit 1 fi diff --git a/support/scripts/containers/README.md b/support/scripts/containers/README.md index 29aa0fca..19fa53ea 100644 --- a/support/scripts/containers/README.md +++ b/support/scripts/containers/README.md @@ -5,9 +5,10 @@ This is a collection of scripts designed to save you from having to type out ted # Notes - The first positional argument must be the `docker-compose` action you want to perform, e.g. up, down, restart, etc. -- When running a Traefik container, your will need to specify 'local' or 'remote' (without quotes) as the second positional argument. - - local - no HTTPS - - remote - uses HTTPS +- When running a Traefik container, your will need to specify the deployment environment as the second positional argument. Must be one of: + - dev - no HTTPS + - staging - uses HTTPS + Let's Encrypt staging environment + - prod - uses HTTPS - To use Podman instead of Docker, pass the flag '--podman' as the last positional argument. - Running any of the Traefik containers will attempt to create a `traefik-global-proxy` network before starting the containers. diff --git a/support/scripts/containers/compose--phoenix-postgres-traefik b/support/scripts/containers/compose--phoenix-postgres-traefik index fc00c4eb..00a35079 100755 --- a/support/scripts/containers/compose--phoenix-postgres-traefik +++ b/support/scripts/containers/compose--phoenix-postgres-traefik @@ -6,10 +6,11 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then The first positional argument must specify the 'docker-compose' command(s) to run. - Examples: up, down, restart, etc. -The second positional argument must specify the location of the deployment. - - Must be one of: local, remote - - local: no HTTPS - - remote: uses HTTPS +The second positional argument must specify the deployment environment. + - Must be one of: 'dev', 'staging', 'prod' + - dev: no HTTPS + - staging: uses HTTPS + Let's Encrypt staging environment + - prod: uses HTTPS To use Podman instead of Docker, pass the '--podman' flag as the last positional argument." exit @@ -35,15 +36,11 @@ else fi # ensure second (first after shifting) positional argument is present -if [ "$1" = "" ] || [ "$1" != "local" ] && [ "$1" != "remote" ]; then - echo "Error: The second positional argument must specify whether the Traefik container should use a 'local' (no HTTPS) or 'remote' (uses HTTPS) config (without the quotes). - -The second positional argument must be one of: local, remote - -Aborting..." +if [ "$1" = "" ] || [ "$1" != "dev" ] && [ "$1" != "staging" ] && [ "$1" != "staging" ]; then + printf "\033[31mThe second positional argument must be one of: dev, staging, prod\033[39m\nAborting...\n" exit 1 else - local_or_remote=$1 + deployment_type=$1 # shift first positional argument out of args shift @@ -74,4 +71,4 @@ fi # run container action # shellcheck disable=SC2068,SC2086 -$application_to_run -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-$local_or_remote.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-$local_or_remote.yaml $action $@ +$application_to_run -f compose.phoenix.yaml -f networks/compose.phoenix-traefik.yaml -f compose.phoenix-config-traefik-$deployment_type.yaml -f compose.postgres.yaml -f compose.traefik.yaml -f compose.traefik-config-$deployment_type.yaml $action $@ diff --git a/support/scripts/systemd-container-service-file-generate b/support/scripts/systemd-container-service-file-generate index ece7cd2b..9dd95175 100755 --- a/support/scripts/systemd-container-service-file-generate +++ b/support/scripts/systemd-container-service-file-generate @@ -17,9 +17,10 @@ Optional arguments: - Traefik-specific options: - --remote - Configures the service for a remote environment (i.e. uses HTTPS). - - This flag only affects Traefik-based setups. It will have no effect if you are not using Traefik. - - If not set, the containers will be configured for local use (i.e. no HTTPS). + --dev - Configures the service for a development environment (i.e. no HTTPS). + - If no option is selected, then 'dev' will be used by default. + --staging - Configures the service for a production environment (i.e. uses HTTPS). + --prod - Configures the service for a production environment (i.e. uses HTTPS). --traefik-client - Configures the service to be used with Traefik. - This flag does not run a Traefik server. It just configures the service to work with a Traefik server defined elsewhere on the server. @@ -68,9 +69,17 @@ while test $# -gt 0; do # run a postgres server as part of the service use_postgres=1 ;; - --remote) - # configure traefik for use in a remote deployment (i.e. uses HTTPS) - is_remote=1 + --dev) + # configures traefik for use in a dev deployment (i.e. no HTTPS) + is_dev=1 + ;; + --staging) + # configures traefik for use in a staging deployment (i.e. HTTPS + Let's Encrypt staging environment) + is_staging=1 + ;; + --prod) + # configures traefik for use in a production deployment (i.e. uses HTTPS) + is_prod=1 ;; --traefik-client) # configure the service for use with traefik, but don't start a traefik server @@ -121,11 +130,18 @@ else use_docker=1 # use docker-specific options in the systemd service file fi -# set $deployment_type based on whether or not the '--remote' flag was passed -if [ "$is_remote" = 1 ]; then - deployment_type="remote" -else - deployment_type="local" +# set deployment_type (based on DEPLOYMENT_TYPE env var, or relevant flags) +# shellcheck disable=SC2153 +deployment_type="$DEPLOYMENT_TYPE" # use global env var by default +if [ "$is_dev" = 1 ]; then + deployment_type="dev" +elif [ "$is_staging" = 1 ]; then + deployment_type="staging" +elif [ "$is_prod" = 1 ]; then + deployment_type="prod" +elif [ "$deployment_type" = "" ]; then + printf "\033m[36mNo deployment type specified. Using 'dev' (no HTTPS)...\033[39m\n" + deployment_type="dev" fi # containers_to_run # @@ -142,8 +158,8 @@ fi if [ "$use_postgres" = 1 ]; then containers_to_run="$containers_to_run -f compose.phoenix-postgres.yaml -f compose.postgres.yaml" - # enable postgres host networking if [ "$use_traefik_client" != 1 ] && [ "$use_traefik_host" != 1 ]; then + # enable postgres host networking containers_to_run="$containers_to_run -f networks/compose.postgres-host.yaml" fi fi