diff --git a/README.md b/README.md index 366801f..76a1c57 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Bootstrap 4 and the Bootstrap template Clean Blog is used as the base styling, b Image | Base | Usage ------------ | ------------- | ------------- -fe-custom | nginx:1.17.9 | frontend reverse proxy for Django +fe-custom | nginx:1.19.8 | frontend reverse proxy for Django wagtail-custom | python:3.8-slim | Django with the Wagtail CMS postgres-custom | postgres:12.0 | database instance for Django redis-custom | redis:5.0.8 | cache for Django @@ -34,10 +34,6 @@ smtp-custom | alpine:3.10 | mail relay for Django - To follow best practice each image is built to run as a **non-root** user. - To follow best practice each image supports Docker secrets. -- The **wagtail-custom** image is split into 2 Dockerfiles in case you would like to tweak and test the application code to suite your needs. - - Dockerfile 1, application requirements which takes some time to build - - Dockerfile 2, application code which has a quick build time - # Instructions Assuming you have Docker installed, Docker Swarm initialized and you're not using Windows to host Docker - do the following. @@ -54,27 +50,31 @@ vi build/mail/Dockerfile vi build/app/Dockerfile ``` -Build each image. +Build each image all at once. +```sh +cd build +./build.sh +``` +Or build individually. ```sh cd build/fe -./build-image.sh +./build.sh ``` ```sh cd build/db -./build-image.sh +./build.sh ``` ```sh cd build/cache -./build-image.sh +./build.sh ``` ```sh cd build/mail -./build-image.sh +./build.sh ``` - ```sh cd build/app -./build-image.sh +./build.sh ``` ### Prepare Server Files @@ -93,6 +93,8 @@ persistance system ``` +Use the script under the `persistance` folder to make the necessary folders - `mkdir.sh` + ### Create Certificates For local testing, just use self-signed certificates. @@ -153,27 +155,19 @@ echo -n "emailpassword" | docker secret create SMTP_PASSWORD - ### Edit Compose File + + This variable controls whether the Nginx logs will be preserved across container restarts. ```yaml x-fe-environment: &fe-environment LOG_RETENTION: "false" ``` -This section refers to application settings. Instead of using a menu management pacakge and templatetags, I have implemented search and replace in the startup of the **wagtail-custom** container for these values. +This section refers to application settings. ```yaml x-app-environment: &app-environment SITE_TITLE: "My Site" SITE_FOOTER: 'Thanks for checking out My Site. Maybe consider visiting some of my social media accounts for more good stuff.' - A_SITE_NAV_SLUG: "home" - A_SITE_NAV_TITLE: "Home" - B_SITE_NAV_SLUG: "blog" - B_SITE_NAV_TITLE: "Blog" - C_SITE_NAV_SLUG: "archive" - C_SITE_NAV_TITLE: "Archive" - D_SITE_NAV_SLUG: "resume" - D_SITE_NAV_TITLE: "Resume" - E_SITE_NAV_SLUG: "contact" - E_SITE_NAV_TITLE: "Contact" LINK_GITHUB: "https://github.com" LINK_TELEGRAM: "https://telegram.org/" LINK_YOUTUBE: "https://youtube.com" @@ -224,7 +218,7 @@ resources: Ensure the following files are in place. Every other unamed volume is an empty folder for logs or data. ```sh -persistance/app/img/error-page.jpg #this is displaying 403,404,500,etc +persistance/app/img/error-page.jpg #this is display upon 403,404,500 errors persistance/app/img/favicon.ico #this is the icon displayed in the browser tab ``` @@ -292,9 +286,9 @@ To go along with these two scripts there are two cronjobs. Adjust the timing and 30 3 * * * source /home/user/.profile; /opt/docker-stacks/blog/system/scripts/exec-system-backup-cleaning.sh 2> /dev/null ``` -# Optional Instruction - Customizing the Footer and Menu +# Optional Instruction - Customizing the Footer -You can edit 4 files to add/remove menu items and footer items. +You can edit these 4 files to add/remove footer items. 1. Add or remove an environment variable from `deploy/docker-compose.yml` for either the menu or footer. 1. Add or remove replacement commands from `build/app/code/service-init/run.sh` and rebuild the app image. 1. Add or remove a navigation or footer chunk from `build/app/code/service/base/templates/base.html` and `build/app/code/service/base/templates/base-default.html` @@ -304,7 +298,7 @@ Look into glyphcons to find the right icons for your needs. # Additional Notes * Port 80 is exposed becaused nginx redirects http to https. -* `persistance/fe/conf/nginx.conf` can be edited to suite your needs but the default state will get an A+ on SSL Labs. +* `build/fe/code/service-init/nginx.conf` can be edited to suite your needs but the default state will get an A+ on SSL Labs. * Build the `fe-custom` image with your edited conf file or map it in by adding a volume entry under **fe** service in the compose file. `- "/opt/docker-stacks/blog/persistance/fe/conf/nginx.conf:/etc/nginx/nginx.conf"` * To have the best cropping of your images these are the ideal dimensions @@ -313,3 +307,4 @@ Look into glyphcons to find the right icons for your needs. * Notes regarding gif files * gif uploads are supported but Wagtail processing can be resource intensive upon initial upload * gif files should be under 4MB +* This project supports wagtailmenus, see their documentation for creating a menu in the Wagtail UI. diff --git a/build/app/Dockerfile b/build/app/Dockerfile index 19d7652..14cd45e 100644 --- a/build/app/Dockerfile +++ b/build/app/Dockerfile @@ -1,9 +1,4 @@ -#set the source image -################################################### -FROM app-base:latest -LABEL maintainer="gavin" - -#set vars, build time +#set vars, global build time ################################################### ARG APP_UID=1000 ARG APP_GID=1000 @@ -12,6 +7,78 @@ ARG APP_GROUP=app ARG APP_ROOT=/app ARG CODE=code + + + +######################### +#builder phase +######################### + +#set the source image +################################################### +FROM python:3.8-slim AS builder +LABEL maintainer="gavin" + +#set used global variables +################################################### +ARG APP_UID +ARG APP_GID +ARG APP_USER +ARG APP_GROUP +ARG APP_ROOT +ARG CODE + +#run as root for setup +################################################### +USER root + +#copy code +################################################### +RUN mkdir "$APP_ROOT" && mkdir "$APP_ROOT"/wheel-builder +COPY "$CODE"/ "$APP_ROOT"/ + +#app dependencies +################################################### +RUN apt-get update + +RUN set -ex \ + && BUILD_DEPS=" \ + gcc \ + python3-dev \ + libpq-dev \ + libmagickwand-dev \ + " \ + && apt-get install -y --no-install-recommends $BUILD_DEPS + +RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS && \ + rm -rf /var/lib/apt/lists/* + +#python packages - build wheel +################################################### +RUN pip install --upgrade pip && \ + pip wheel --no-cache-dir --no-deps --wheel-dir "$APP_ROOT"/wheel-builder -r "$APP_ROOT"/service-req/requirements.txt + + + + +######################### +#final phase +######################### + +#set the source image +################################################### +FROM python:3.8-slim +LABEL maintainer="gavin" + +#set used global variables +################################################### +ARG APP_UID +ARG APP_GID +ARG APP_USER +ARG APP_GROUP +ARG APP_ROOT +ARG CODE + #run as root for setup ################################################### USER root @@ -25,7 +92,10 @@ RUN groupadd -g "$APP_GID" "$APP_GROUP" && \ #copy code ################################################### +RUN mkdir "$APP_ROOT" && \ + mkdir "$APP_ROOT"/wheel COPY "$CODE"/ "$APP_ROOT"/ +COPY --from=builder "$APP_ROOT"/wheel-builder/ "$APP_ROOT"/wheel/ #add other directories and modify permissions ################################################### @@ -37,6 +107,47 @@ RUN mkdir /static && \ chmod +x "$APP_ROOT"/service-init/run.sh && \ chmod +x "$APP_ROOT"/service-init/create-user.sh +#python packages - use the pre-built wheel +################################################### +RUN pip install --upgrade pip && \ + pip install --no-cache "$APP_ROOT"/wheel/* && \ + rm -rf "$APP_ROOT"/wheel + +#app dependencies +################################################### +RUN set -ex \ + && RUN_DEPS=" \ + libexpat1 \ + libjpeg62-turbo \ + libpcre3 \ + libpq5 \ + mime-support \ + procps \ + zlib1g \ + " \ + && seq 1 8 | xargs -I{} mkdir -p /usr/share/man/man{} \ + && apt-get update && apt-get install -y --no-install-recommends $RUN_DEPS + +RUN set -ex \ + && BUILD_DEPS=" \ + build-essential \ + libexpat1-dev \ + libjpeg62-turbo-dev \ + libpcre3-dev \ + libpq-dev \ + zlib1g-dev \ + gcc \ + python3-dev \ + libpq-dev \ + netcat-openbsd \ + iputils-ping \ + libmagickwand-dev \ + " \ + && apt-get install -y --no-install-recommends $BUILD_DEPS + +RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS && \ + rm -rf /var/lib/apt/lists/* + #set image defaults ################################################### EXPOSE 8000 diff --git a/build/app/build-image.sh b/build/app/build-image.sh deleted file mode 100755 index b533f5b..0000000 --- a/build/app/build-image.sh +++ /dev/null @@ -1,30 +0,0 @@ -########### -#CLEANUP -########### - -echo -echo -echo "[removing previous image builds]" -echo - echo "[]" - docker image rm $(docker images | grep "" | awk '{print $3}') --force - echo "[app]" - docker image rm $(docker images | grep wagtail | awk '{print $3}') --force - -########### -#APP BUILD -########### - -echo -echo -echo "[building new app base image]" -echo - cd code-base - docker build -t app-base . - -echo -echo -echo "[building new app image]" -echo - cd .. - docker build -t wagtail-custom . \ No newline at end of file diff --git a/build/app/build.sh b/build/app/build.sh new file mode 100755 index 0000000..08c84ca --- /dev/null +++ b/build/app/build.sh @@ -0,0 +1 @@ +docker build -t wagtail-custom . \ No newline at end of file diff --git a/build/app/code-base/Dockerfile b/build/app/code-base/Dockerfile deleted file mode 100644 index 0fa9daa..0000000 --- a/build/app/code-base/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -#set the source image -######################### -FROM python:3.8-slim -LABEL maintainer="gavin" - -#set vars, build time -######################### -ARG APP_ROOT=/app -ARG CODE=code - -#copy code -######################### -RUN mkdir "$APP_ROOT" -COPY "$CODE"/ "$APP_ROOT"/ - -#base dependencies -######################### -RUN apt-get update && \ - pip install --upgrade pip - -#app dependencies -######################### -RUN set -ex \ - && RUN_DEPS=" \ - libexpat1 \ - libjpeg62-turbo \ - libpcre3 \ - libpq5 \ - mime-support \ - procps \ - zlib1g \ - " \ - && seq 1 8 | xargs -I{} mkdir -p /usr/share/man/man{} \ - && apt-get update && apt-get install -y --no-install-recommends $RUN_DEPS - -RUN set -ex \ - && BUILD_DEPS=" \ - build-essential \ - libexpat1-dev \ - libjpeg62-turbo-dev \ - libpcre3-dev \ - libpq-dev \ - zlib1g-dev \ - gcc \ - python3-dev \ - libpq-dev \ - netcat-openbsd \ - iputils-ping \ - libmagickwand-dev \ - " \ - && apt-get install -y --no-install-recommends $BUILD_DEPS - -RUN pip install --no-cache-dir -r "$APP_ROOT"/service-req/requirements.txt && \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $BUILD_DEPS && \ - rm -rf /var/lib/apt/lists/* \ No newline at end of file diff --git a/build/app/code/service-init/run.sh b/build/app/code/service-init/run.sh index 33f3123..7462a17 100644 --- a/build/app/code/service-init/run.sh +++ b/build/app/code/service-init/run.sh @@ -44,36 +44,19 @@ export UWSGI_WSGI_FILE sed -i.bak 's^SITE_TITLE^'"$SITE_TITLE"'^' $BASE_HTML_FILE sed -i.bak 's^SITE_FOOTER^'"$SITE_FOOTER"'^' $BASE_HTML_FILE -sed -i.bak 's^A_SITE_NAV_SLUG^'"$A_SITE_NAV_SLUG"'^' $BASE_HTML_FILE -sed -i.bak 's^A_SITE_NAV_TITLE^'"$A_SITE_NAV_TITLE"'^' $BASE_HTML_FILE -sed -i.bak 's^B_SITE_NAV_SLUG^'"$B_SITE_NAV_SLUG"'^' $BASE_HTML_FILE -sed -i.bak 's^B_SITE_NAV_TITLE^'"$B_SITE_NAV_TITLE"'^' $BASE_HTML_FILE -sed -i.bak 's^C_SITE_NAV_SLUG^'"$C_SITE_NAV_SLUG"'^' $BASE_HTML_FILE -sed -i.bak 's^C_SITE_NAV_TITLE^'"$C_SITE_NAV_TITLE"'^' $BASE_HTML_FILE -sed -i.bak 's^D_SITE_NAV_SLUG^'"$D_SITE_NAV_SLUG"'^' $BASE_HTML_FILE -sed -i.bak 's^D_SITE_NAV_TITLE^'"$D_SITE_NAV_TITLE"'^' $BASE_HTML_FILE -sed -i.bak 's^E_SITE_NAV_SLUG^'"$E_SITE_NAV_SLUG"'^' $BASE_HTML_FILE -sed -i.bak 's^E_SITE_NAV_TITLE^'"$E_SITE_NAV_TITLE"'^' $BASE_HTML_FILE sed -i.bak 's^LINK_GITHUB^'"$LINK_GITHUB"'^' $BASE_HTML_FILE +sed -i.bak 's^LINK_INSTAGRAM^'"$LINK_INSTAGRAM"'^' $BASE_HTML_FILE sed -i.bak 's^LINK_TELEGRAM^'"$LINK_TELEGRAM"'^' $BASE_HTML_FILE sed -i.bak 's^LINK_YOUTUBE^'"$LINK_YOUTUBE"'^' $BASE_HTML_FILE sed -i.bak 's^SITE_TITLE^'"$SITE_TITLE"'^' $BASE_DEFAULT_HTML_FILE sed -i.bak 's^SITE_FOOTER^'"$SITE_FOOTER"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^A_SITE_NAV_SLUG^'"$A_SITE_NAV_SLUG"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^A_SITE_NAV_TITLE^'"$A_SITE_NAV_TITLE"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^B_SITE_NAV_SLUG^'"$B_SITE_NAV_SLUG"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^B_SITE_NAV_TITLE^'"$B_SITE_NAV_TITLE"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^C_SITE_NAV_SLUG^'"$C_SITE_NAV_SLUG"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^C_SITE_NAV_TITLE^'"$C_SITE_NAV_TITLE"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^D_SITE_NAV_SLUG^'"$D_SITE_NAV_SLUG"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^D_SITE_NAV_TITLE^'"$D_SITE_NAV_TITLE"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^E_SITE_NAV_SLUG^'"$E_SITE_NAV_SLUG"'^' $BASE_DEFAULT_HTML_FILE -sed -i.bak 's^E_SITE_NAV_TITLE^'"$E_SITE_NAV_TITLE"'^' $BASE_DEFAULT_HTML_FILE sed -i.bak 's^LINK_GITHUB^'"$LINK_GITHUB"'^' $BASE_DEFAULT_HTML_FILE +sed -i.bak 's^LINK_INSTAGRAM^'"$LINK_INSTAGRAM"'^' $BASE_DEFAULT_HTML_FILE sed -i.bak 's^LINK_TELEGRAM^'"$LINK_TELEGRAM"'^' $BASE_DEFAULT_HTML_FILE sed -i.bak 's^LINK_YOUTUBE^'"$LINK_YOUTUBE"'^' $BASE_HTML_FILE + echo "[INFO] environment set" #wait for the db @@ -94,15 +77,6 @@ while ! nc -z ${DJANGO_CACHE_HOST} ${DJANGO_CACHE_PORT}; do done echo "[INFO] cache is online" -#wait for the mail -######################################################################## - -while ! nc -z ${DJANGO_EMAIL_HOST} ${DJANGO_EMAIL_PORT}; do - echo "[INFO] mail is offline - sleep 10ms" - sleep 0.1 -done -echo "[INFO] mail is online" - #prepare the webserver ######################################################################## diff --git a/build/app/code-base/code/service-req/requirements.txt b/build/app/code/service-req/requirements.txt similarity index 82% rename from build/app/code-base/code/service-req/requirements.txt rename to build/app/code/service-req/requirements.txt index b5bd177..d21c2dc 100644 --- a/build/app/code-base/code/service-req/requirements.txt +++ b/build/app/code/service-req/requirements.txt @@ -1,4 +1,4 @@ -#latest wagtail (2.9) compatible with django>=2.1,<=3.0 +#wagtail (2.9.3) compatible with django>=2.1,<=3.0 #django ###################### @@ -12,7 +12,8 @@ django-secure==1.0.2 Pillow>=6.2.2,<8.0.0 Wand==0.6.1 Willow<1.4,>=1.3 -wagtail>=2.9,<3.0 +#wagtail>=2.9,<2.10 +wagtail==2.9.3 wagtailfontawesome>=1.1.3,<1.2 #redis @@ -44,4 +45,8 @@ django-widget-tweaks>=1.4.8 #blog/info app ###################### django-taggit>=1.2.0 -django-el-pagination>=3.3.0 \ No newline at end of file +django-el-pagination>=3.3.0 + +#menu generation +###################### +wagtailmenus==3.0.2 \ No newline at end of file diff --git a/build/app/code/service/base/settings/base.py b/build/app/code/service/base/settings/base.py index 298b0fc..3ed2a0d 100644 --- a/build/app/code/service/base/settings/base.py +++ b/build/app/code/service/base/settings/base.py @@ -47,6 +47,7 @@ 'taggit', 'widget_tweaks', 'el_pagination', + 'wagtailmenus', #main apps ###################### @@ -85,6 +86,7 @@ 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', + 'wagtailmenus.context_processors.wagtailmenus', ], }, }, diff --git a/build/app/code/service/base/settings/production.py b/build/app/code/service/base/settings/production.py index af0f67f..bd55cf6 100644 --- a/build/app/code/service/base/settings/production.py +++ b/build/app/code/service/base/settings/production.py @@ -48,6 +48,13 @@ } } +#emailing +###################### +EMAIL_USER = os.environ["DJANGO_EMAIL_USER"] +EMAIL_HOST = os.environ["DJANGO_EMAIL_HOST"] +EMAIL_PORT = os.environ["DJANGO_EMAIL_PORT"] +EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' + #file-serving ###################### #serving files via nginx - the following urls and directories are shared config for nginx.conf @@ -64,13 +71,6 @@ os.path.join(PROJECT_DIR, 'static'), ) -#emailing -###################### -EMAIL_USER = os.environ["DJANGO_EMAIL_USER"] -EMAIL_HOST = os.environ["DJANGO_EMAIL_HOST"] -EMAIL_PORT = os.environ["DJANGO_EMAIL_PORT"] -EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' - #search ###################### WAGTAILSEARCH_BACKENDS = { diff --git a/build/app/code/service/base/templates/base-default.html b/build/app/code/service/base/templates/base-default.html index a0bc0fc..c15c927 100644 --- a/build/app/code/service/base/templates/base-default.html +++ b/build/app/code/service/base/templates/base-default.html @@ -1,4 +1,4 @@ -{% load static wagtailcore_tags %} +{% load static wagtailcore_tags menu_tags %} @@ -43,35 +43,13 @@ @@ -101,6 +79,15 @@ +
  • + + + + + + +
    • +
  • @@ -109,7 +96,8 @@
    • - + + diff --git a/build/app/code/service/base/templates/base.html b/build/app/code/service/base/templates/base.html index 56ce971..7f20092 100644 --- a/build/app/code/service/base/templates/base.html +++ b/build/app/code/service/base/templates/base.html @@ -1,4 +1,4 @@ -{% load static wagtailcore_tags wagtailimages_tags blogapp_tags infoapp_tags el_pagination_tags %} +{% load static wagtailcore_tags wagtailimages_tags blogapp_tags infoapp_tags el_pagination_tags menu_tags %} @@ -43,35 +43,13 @@ @@ -101,6 +79,15 @@ +
  • + + + + + + +
    • +
  • @@ -109,7 +96,8 @@
    • - + + diff --git a/build/app/code/service/base/templates/menu/main_menu.html b/build/app/code/service/base/templates/menu/main_menu.html new file mode 100644 index 0000000..38f6361 --- /dev/null +++ b/build/app/code/service/base/templates/menu/main_menu.html @@ -0,0 +1,12 @@ +{% load menu_tags %} + \ No newline at end of file diff --git a/build/app/code/service/base/urls.py b/build/app/code/service/base/urls.py index 99b411c..e741cad 100644 --- a/build/app/code/service/base/urls.py +++ b/build/app/code/service/base/urls.py @@ -16,8 +16,7 @@ handler500 = 'default.views.handler500' urlpatterns = [ - url(r'^django-admin/', admin.site.urls), - url(r'^admin/', include(wagtailadmin_urls)), + url(r'^wagmin/', include(wagtailadmin_urls)), url(r'^documents/', include(wagtaildocs_urls)), ] urlpatterns += [ diff --git a/build/build.sh b/build/build.sh new file mode 100644 index 0000000..4aad7d2 --- /dev/null +++ b/build/build.sh @@ -0,0 +1,19 @@ +cd app +./build.sh +cd .. + +cd cache +./build.sh +cd .. + +cd db +./build.sh +cd .. + +cd fe +./build.sh +cd .. + +cd mail +./build.sh +cd .. \ No newline at end of file diff --git a/build/cache/build-image.sh b/build/cache/build-image.sh deleted file mode 100755 index b679848..0000000 --- a/build/cache/build-image.sh +++ /dev/null @@ -1,19 +0,0 @@ -########### -#CLEANUP -########### - -echo -echo -echo "[removing previous image build]" -echo - docker image rm $(docker image ls | grep redis-custom | awk '{print $3}') --force - -########### -#DB BUILD -########### - -echo -echo -echo "[building new image]" -echo - docker build -t redis-custom . \ No newline at end of file diff --git a/build/cache/build.sh b/build/cache/build.sh new file mode 100755 index 0000000..5f681d8 --- /dev/null +++ b/build/cache/build.sh @@ -0,0 +1 @@ +docker build -t redis-custom . \ No newline at end of file diff --git a/build/db/build-image.sh b/build/db/build-image.sh deleted file mode 100755 index 8d4e3ef..0000000 --- a/build/db/build-image.sh +++ /dev/null @@ -1,19 +0,0 @@ -########### -#CLEANUP -########### - -echo -echo -echo "[removing previous image build]" -echo - docker image rm $(docker image ls | grep postgres-custom | awk '{print $3}') --force - -########### -#DB BUILD -########### - -echo -echo -echo "[building new image]" -echo - docker build -t postgres-custom . \ No newline at end of file diff --git a/build/db/build.sh b/build/db/build.sh new file mode 100755 index 0000000..ae046a6 --- /dev/null +++ b/build/db/build.sh @@ -0,0 +1 @@ +docker build -t postgres-custom . \ No newline at end of file diff --git a/build/fe/Dockerfile b/build/fe/Dockerfile index acf6578..dc00b0b 100644 --- a/build/fe/Dockerfile +++ b/build/fe/Dockerfile @@ -1,6 +1,6 @@ #set the source image ################################################### -FROM nginx:1.17.9 +FROM nginx:1.19.8 LABEL maintainer="gavin" #set vars, build time @@ -58,4 +58,4 @@ CMD ["/bin/bash", "/app/service-init/run.sh"] #set docker healthcheck ################################################### -HEALTHCHECK NONE \ No newline at end of file +HEALTHCHECK NONE diff --git a/build/fe/build-image.sh b/build/fe/build-image.sh deleted file mode 100755 index 9f41c02..0000000 --- a/build/fe/build-image.sh +++ /dev/null @@ -1,19 +0,0 @@ -########### -#CLEANUP -########### - -echo -echo -echo "[removing previous image build]" -echo - docker image rm $(docker image ls | grep nginx-custom | awk '{print $3}') --force - -########### -#DB BUILD -########### - -echo -echo -echo "[building new image]" -echo - docker build -t nginx-custom . \ No newline at end of file diff --git a/build/fe/build.sh b/build/fe/build.sh new file mode 100755 index 0000000..af1dd78 --- /dev/null +++ b/build/fe/build.sh @@ -0,0 +1 @@ +docker build -t nginx-custom . \ No newline at end of file diff --git a/build/fe/code/service-init/nginx.conf b/build/fe/code/service-init/nginx.conf index 354f0b3..9f344a7 100644 --- a/build/fe/code/service-init/nginx.conf +++ b/build/fe/code/service-init/nginx.conf @@ -17,6 +17,11 @@ accept_mutex on; http { + ############################### + #disable the display of nginx version + ############################### + server_tokens off; + ############################### #let nginx identify file types ############################### diff --git a/build/mail/build-image.sh b/build/mail/build-image.sh deleted file mode 100755 index 855f139..0000000 --- a/build/mail/build-image.sh +++ /dev/null @@ -1,19 +0,0 @@ -########### -#CLEANUP -########### - -echo -echo -echo "[removing previous image build]" -echo - docker image rm $(docker image ls | grep smtp-custom | awk '{print $3}') --force - -########### -#DB BUILD -########### - -echo -echo -echo "[building new image]" -echo - docker build -t smtp-custom . \ No newline at end of file diff --git a/build/mail/build.sh b/build/mail/build.sh new file mode 100755 index 0000000..0cf7ecc --- /dev/null +++ b/build/mail/build.sh @@ -0,0 +1 @@ +docker build -t smtp-custom . \ No newline at end of file diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index dfe1acf..6885d3d 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -120,18 +120,8 @@ x-fe-environment: &fe-environment x-app-environment: &app-environment SITE_TITLE: "My Site" SITE_FOOTER: 'Thanks for checking out My Site. Maybe consider visiting some of my social media accounts for more good stuff.' - A_SITE_NAV_SLUG: "home" - A_SITE_NAV_TITLE: "Home" - B_SITE_NAV_SLUG: "blog" - B_SITE_NAV_TITLE: "Blog" - C_SITE_NAV_SLUG: "archive" - C_SITE_NAV_TITLE: "Archive" - D_SITE_NAV_SLUG: "resume" - D_SITE_NAV_TITLE: "Resume" - E_SITE_NAV_SLUG: "contact" - E_SITE_NAV_TITLE: "Contact" LINK_GITHUB: "https://github.com" - LINK_TELEGRAM: "https://telegram.org/" + LINK_TELEGRAM: "https://telegram.org" LINK_YOUTUBE: "https://youtube.com" x-mail-environment: &mail-environment diff --git a/persistance/fe/conf/nginx.conf b/persistance/fe/conf/nginx.conf deleted file mode 100644 index 354f0b3..0000000 --- a/persistance/fe/conf/nginx.conf +++ /dev/null @@ -1,165 +0,0 @@ -######################################################## -#main context -######################################################## - -error_log /etc/nginx/logs/nginx-error.log; -worker_processes 2; -worker_rlimit_nofile 65535; - -events { -worker_connections 4096; -accept_mutex on; -} - -######################################################## -#http context -######################################################## - -http { - - ############################### - #let nginx identify file types - ############################### - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ############################### - #log file config - ############################### - log_format main '$remote_addr - $remote_user [$time_local] $status ' - '"$request" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /etc/nginx/logs/nginx-access.log main; - - ############################### - #messages for error codes - ############################### - map $status $status_text { - 401 'Unauthorized'; - 402 'Payment Required'; - 405 'Method Not Allowed'; - 406 'Not Acceptable'; - 407 'Proxy Authentication Required'; - 408 'Request Timeout'; - 409 'Conflict'; - 410 'Gone'; - 411 'Length Required'; - 412 'Precondition Failed'; - 413 'Payload Too Large'; - 414 'URI Too Long'; - 415 'Unsupported Media Type'; - 416 'Range Not Satisfiable'; - 417 'Expectation Failed'; - 418 'I\'m a teapot'; - 421 'Misdirected Request'; - 422 'Unprocessable Entity'; - 423 'Locked'; - 424 'Failed Dependency'; - 425 'Too Early'; - 426 'Upgrade Required'; - 428 'Precondition Required'; - 429 'Too Many Requests'; - 431 'Request Header Fields Too Large'; - 451 'Unavailable For Legal Reasons'; - 501 'Not Implemented'; - 502 'Bad Gateway'; - 503 'Service Unavailable'; - 504 'Gateway Timeout'; - 505 'HTTP Version Not Supported'; - 506 'Variant Also Negotiates'; - 507 'Insufficient Storage'; - 508 'Loop Detected'; - 510 'Not Extended'; - 511 'Network Authentication Required'; - default 'Something went wrong'; - } - - ############################### - #redirect to app server - ############################### - upstream app { - server app:8000 fail_timeout=0; - } - - ############################### - #redirect all requests to https - ############################### - server { - listen 8080 default_server; - listen [::]:8080 default_server; - server_name _; - return 301 https://$host$request_uri; - } - - ############################### - #app redirect config - ############################### - server { - - ############################### - #set DNS resolution to the Docker DNS - #make timeout small so nginx is sooner aware of when the app goes down - ############################### - resolver 127.0.0.11 valid=30s; - - ############################### - #variable for app upstream so nginx will not fail if it is offline - ############################### - set $upstream_app app; - - #variables for custom error page defaults - error_page 401 402 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 501 502 503 504 505 506 507 508 510 511 /error.html; - - listen 8443 ssl http2; - server_name app; - keepalive_timeout 5; - client_max_body_size 4G; - - ssl_stapling on; - ssl_stapling_verify on; - ssl_prefer_server_ciphers on; - ssl_session_timeout 1h; - ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_certificate /etc/nginx/ssl/app.crt; - ssl_certificate_key /etc/nginx/ssl/app.key; - ssl_trusted_certificate /etc/nginx/ssl/ca.crt; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - proxy_cookie_path / "/; HTTPOnly; Secure"; - add_header 'Referrer-Policy' 'origin'; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options "nosniff"; - add_header X-XSS-Protection "1; mode=block" always; - add_header Content-Security-Policy "frame-ancestors 'self';"; - add_header Content-Security-Policy "upgrade-insecure-requests; "; - add_header Strict-Transport-Security "max-age=31536000"; - - location / { - proxy_pass https://$upstream_app; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - } - - location = /error.html { - ssi on; - internal; - auth_basic off; - root /etc/nginx/pages; - } - - ############################### - #app file serving - ############################### - location /static/ { - alias /static/; - } - location /media/ { - alias /media/; - } - - } - -} \ No newline at end of file diff --git a/persistance/mkdir.sh b/persistance/mkdir.sh new file mode 100644 index 0000000..e7b97aa --- /dev/null +++ b/persistance/mkdir.sh @@ -0,0 +1,15 @@ +mkdir shared +mkdir shared/static +mkdir shared/media +mkdir shared/security +mkdir shared/security/letsencrypt + +mkdir app/ +mkdir app/img + +mkdir db +mkdir db/data + +mkdir fe +mkdir fe/logs +mkdir fe/conf \ No newline at end of file