diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 33834ead0..9185d1115 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -78,8 +78,11 @@ jobs: # - name: Set tag in docker-compose.yml # run: sed -i "s/\${TAG}/${{ github.ref }}/" docker-compose.yml - - name: Update docker-compose.yml + - name: Upload Docker Compose configuration run: scp docker-compose.yml staging:/opt/ubyssey.ca/docker-compose.yml + - name: Upload nginx configuration + run: scp -r nginx staging:/opt/ubyssey.ca/nginx + - name: Restart services run: ssh staging 'docker compose -f /opt/ubyssey.ca/docker-compose.yml -p ubyssey up -d' diff --git a/docker-compose.yml b/docker-compose.yml index 915e65b2b..495372af5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,15 +29,30 @@ services: GOOGLE_APPLICATION_CREDENTIALS: /run/secrets/GOOGLE_APPLICATION_CREDENTIALS secrets: - GOOGLE_APPLICATION_CREDENTIALS - ports: - - "8000:8000" - - "4444:4444" + expose: + - 8000 depends_on: db: condition: service_healthy restart: true - stdin_open: true - tty: true + + nginx: + image: nginx:latest + ports: + - 80:80 + - 443:443 + restart: always + volumes: + - ./nginx/conf.d/:/etc/nginx/conf.d/:ro + - ./certbot/www/:/var/www/certbot/:ro + depends_on: + - django + + certbot: + image: certbot/certbot:latest + volumes: + - ./certbot/www/:/var/www/certbot/:rw + - ./certbot/conf/:/etc/letsencrypt/:r secrets: GOOGLE_APPLICATION_CREDENTIALS: diff --git a/nginx/conf.d/app.conf b/nginx/conf.d/app.conf new file mode 100644 index 000000000..7d33925b1 --- /dev/null +++ b/nginx/conf.d/app.conf @@ -0,0 +1,16 @@ +upstream django { + server django:8000; +} + +server { + + listen 80; + + location / { + proxy_pass http://django; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + } + +}