Merge pull request #1 from tutorcruncher/nginx-simplification

simplifying deploy with one fewer container
tutorcruncher · Mar 25, 2018 · b773670 · b773670
2 parents 7e2e4e6 + 36f708a
commit b773670
Show file tree

Hide file tree

Showing 11 changed files with 143 additions and 173 deletions.
diff --git a/deploy/build-push b/deploy/build-push
@@ -6,18 +6,17 @@ if [[ `docker info` = *"amazon"* ]]; then
   exit 1
 fi
 
-export COMMIT="`git rev-parse --short HEAD`"
-
 echo "================================================================================"
-echo "building mithra_js..."
+echo "building js..."
 cd js
 yarn build
 cd ..
-docker build js/ -t $DOCKER_ID_USER/mithra_js:${COMMIT} -t $DOCKER_ID_USER/mithra_js:latest
 echo "================================================================================"
-echo "building mithra_js done"
+echo "building js done"
 echo ""
 
+export COMMIT="`git rev-parse --short HEAD`"
+
 echo "================================================================================"
 echo "building mithra_backend..."
 docker build src/ -f src/Dockerfile.backend -t $DOCKER_ID_USER/mithra_backend:${COMMIT} -t $DOCKER_ID_USER/mithra_backend:latest
@@ -31,9 +30,6 @@ docker build src/ -f src/Dockerfile.web -t $DOCKER_ID_USER/mithra_web:${COMMIT}
 echo "================================================================================"
 echo "building mithra_web done"
 echo ""
-echo "Pushing js image:"
-docker push $DOCKER_ID_USER/mithra_js:${COMMIT}
-docker push $DOCKER_ID_USER/mithra_js:latest
 echo "Pushing backend image:"
 docker push $DOCKER_ID_USER/mithra_backend:${COMMIT}
 docker push $DOCKER_ID_USER/mithra_backend:latest

diff --git a/deploy/deploy b/deploy/deploy
@@ -1,6 +1,21 @@
 #!/usr/bin/env bash
 set -e
 THIS_DIR=$(dirname "$0")
-eval "${THIS_DIR}/compose pull js backend web"
-# NOTICE: by default this doesn't build nginx/prod, you need to add --build for that
+
+echo ""
+echo "================================================================================"
+echo "copying nginx and js files to machine..."
+
+docker-machine scp -r -d $THIS_DIR/../nginx/prod/ $DOCKER_MACHINE_NAME:/home/ubuntu/nginx-conf/
+docker-machine scp -r -d $THIS_DIR/../js/build/   $DOCKER_MACHINE_NAME:/home/ubuntu/js-src/
+
+echo ""
+echo "================================================================================"
+echo "pulling new images..."
+
+eval "${THIS_DIR}/compose pull backend web"
+
+echo ""
+echo "================================================================================"
+echo "deploying new build..."
 eval "${THIS_DIR}/compose up -d $@"
diff --git a/deploy/deploy-js b/deploy/deploy-js
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -e
+
+echo "================================================================================"
+echo "building js..."
+cd js
+yarn build
+cd ..
+echo "================================================================================"
+echo "building js done"
+
+echo ""
+echo "================================================================================"
+echo "copying js files to machine..."
+
+docker-machine scp -r -d js/build/ $DOCKER_MACHINE_NAME:/home/ubuntu/js-src/
+
+echo ""
+echo "================================================================================"
+echo "restarting nginx..."
+docker-compose $(docker-machine config $DOCKER_MACHINE_NAME) restart nginx
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
@@ -5,9 +5,6 @@ services:
     ports:
     - 5001:80
 
-  js:
-    build: js
-
   web:
     build:
       context: src
@@ -19,7 +16,9 @@ services:
       dockerfile: Dockerfile.backend
 
   nginx:
-    build: nginx/dev
-    restart: always
+    image: nginx:1.13-alpine
+    volumes:
+    - ./nginx/dev/:/etc/nginx/conf.d/:ro
+    - ./js/build/:/js-src/:ro
     ports:
     - 5000:80
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -6,17 +6,17 @@ services:
     - '/bin/logspout'
     - '${LOGSPOUT_ENDPOINT}'
 
-  js:
-    image: samuelcolvin/mithra_js:latest
-
   backend:
     image: samuelcolvin/mithra_backend:latest
 
   web:
     image: samuelcolvin/mithra_web:latest
 
   nginx:
-    build: nginx/prod
+    image: nginx:1.13-alpine
+    volumes:
+    - /home/ubuntu/nginx-conf/:/etc/nginx/conf.d/:ro
+    - /home/ubuntu/js-src/:/js-src/:ro
     restart: always
     ports:
     - 443:443

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -18,7 +18,7 @@ services:
       SYSLOG_HOSTNAME: ${SERVER_NAME:-mithra}
     volumes:
     - /var/run/docker.sock:/var/run/docker.sock
-    restart: always
+    restart: unless-stopped
 
   postgres:
     image: postgres:10.3-alpine
@@ -27,16 +27,10 @@ services:
       POSTGRES_PASSWORD: docker
     volumes:
     - pg_data:/var/lib/postgresql/data
-    restart: always
+    restart: unless-stopped
     depends_on:
     - logs
 
-  js:
-    restart: always
-    networks:
-      default:
-        ipv4_address: 172.20.0.101
-
   web:
     environment:
       APP_PG_HOST: postgres
@@ -48,7 +42,7 @@ services:
       RELEASE_DATE: ${RELEASE_DATE}
       RAVEN_DSN: ${RAVEN_DSN}
       SERVER_NAME: ${SERVER_NAME:-mithra}
-    restart: always
+    restart: unless-stopped
     volumes:
     - cache_data:/persistent
     networks:
@@ -71,7 +65,7 @@ services:
       SERVER_NAME: ${SERVER_NAME:-mithra}
     volumes:
     - cache_data:/persistent
-    restart: always
+    restart: unless-stopped
     depends_on:
     - postgres
 
@@ -83,7 +77,7 @@ services:
     - '--listen=80'
     - '--auth-user=${PG_AUTH_USER:-testing}'
     - '--auth-pass=${PG_AUTH_PASS:-wq96nbgqe35msT41Jr7LaHzANhxcyU4V7lesFzD0wJjef07PwS}'
-    restart: always
+    restart: unless-stopped
     environment:
     - DATABASE_URL=postgres://postgres:docker@postgres:5432/mithra?sslmode=disable
     networks:

diff --git a/nginx/dev/Dockerfile b/nginx/dev/Dockerfile
diff --git a/nginx/dev/nginx.conf b/nginx/dev/nginx.conf
@@ -1,70 +1,47 @@
-worker_processes 1;
-
-user nobody nogroup;
-pid /tmp/nginx.pid;
-error_log /dev/stdout crit;
-
-events {
-  worker_connections 1024; # increase if you have lots of clients
-  accept_mutex off; # set to 'on' if nginx worker_processes > 1
-  use epoll;
+log_format custom '$remote_addr request="$request" status=$status time=${request_time}s '
+                  'request_size=$request_length response_size=$body_bytes_sent '
+                  'referrer="$http_referer"';
+access_log /dev/stdout custom;
+
+upstream app_server {
+  # fail_timeout=0 means we always retry an upstream event if it failed
+  # to return a good HTTP response
+  # for a TCP configuration
+  server web:8000 fail_timeout=0;
 }
 
-http {
-  include mime.types;
-  # fallback in case we can't determine a type
-  default_type application/octet-stream;
-
-  log_format custom '$remote_addr request="$request" status=$status time=${request_time}s '
-                    'request_size=$request_length response_size=$body_bytes_sent '
-                    'referrer="$http_referer"';
-  access_log /dev/stdout custom;
-  sendfile on;
-
-  upstream app_server {
-    # fail_timeout=0 means we always retry an upstream event if it failed
-    # to return a good HTTP response
-    # for a TCP configuration
-    server web:8000 fail_timeout=0;
-  }
-
-  upstream js_server {
-    server js:80 fail_timeout=0;
-  }
-
-  server {
-    listen 80 default_server;
+server {
+  listen 80 default_server;
 
-    client_max_body_size 4G;
+  client_max_body_size 1G;
 
-    keepalive_timeout 5;
+  keepalive_timeout 5;
 
-    location /api/ {
-      proxy_set_header Host $http_host;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_http_version 1.1;
-      proxy_set_header Connection "upgrade";
-      proxy_redirect off;
+  location /api/ {
+    proxy_set_header Host $http_host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_http_version 1.1;
+    proxy_set_header Connection "upgrade";
+    proxy_redirect off;
 
-      # 30 will mean websocket connections disconnect,
-      # this is intentional, ws clients should be resilient enough to reconnect
-      # less than in prod to easier testing
-      proxy_send_timeout 30;
-      proxy_read_timeout 30;
-      proxy_connect_timeout 3;
+    # 30 will mean websocket connections disconnect,
+    # this is intentional, ws clients should be resilient enough to reconnect
+    # less than in prod to easier testing
+    proxy_send_timeout 30;
+    proxy_read_timeout 30;
+    proxy_connect_timeout 3;
 
-      proxy_pass http://app_server;
-    }
+    proxy_pass http://app_server;
+  }
 
-    location /pgweb/ {
-      access_log off;
-      rewrite /pgweb(/.*) $1 break;
-      proxy_pass http://pgweb;
-    }
+  location /pgweb/ {
+    access_log off;
+    rewrite /pgweb(/.*) $1 break;
+    proxy_pass http://pgweb;
+  }
 
-    location / {
-      proxy_redirect off;
-      proxy_pass http://js_server;
-    }
+  location / {
+    alias /js-src/;
+    try_files $uri /index.html =404;
   }
 }
diff --git a/nginx/prod/Dockerfile b/nginx/prod/Dockerfile
diff --git a/nginx/prod/allowed.nginx.conf → nginx/prod/cloudflare-ips.txt b/nginx/prod/allowed.nginx.conf → nginx/prod/cloudflare-ips.txt
@@ -1,6 +1,7 @@
-## address from https://www.cloudflare.com/ips/
+# address from https://www.cloudflare.com/ips/
 # set which addressse are allowed,
 # unfortunately this doesn't seem to play nicely with set_real_ip_from
+# uses .txt extension to avoid confusing nginx imports
 allow 103.21.244.0/22;
 allow 103.22.200.0/22;
 allow 103.31.4.0/22;
@@ -15,7 +16,6 @@ allow 188.114.96.0/20;
 allow 190.93.240.0/20;
 allow 197.234.240.0/22;
 allow 198.41.128.0/17;
-allow 199.27.128.0/21;
 allow 2400:cb00::/32;
 allow 2405:8100::/32;
 allow 2405:b500::/32;