Use nginx as reverse proxy in production

.envs/.production/.django

@@ -3,7 +3,7 @@
 # DJANGO_READ_DOT_ENV_FILE=True
 DJANGO_SETTINGS_MODULE=config.settings.production
 DJANGO_ADMIN_URL=admin
-DJANGO_ALLOWED_HOSTS=osler.umkc.edu
+DJANGO_ALLOWED_HOSTS=localhost
 
 # Security
 # ------------------------------------------------------------------------------

compose/production/django/Dockerfile

@@ -15,12 +15,12 @@ RUN apt-get update \
   && rm -rf /var/lib/apt/lists/*
 
 RUN addgroup --system django \
-    && adduser --system --ingroup django django
+  && adduser --system --ingroup django django
 
 # Requirements are installed here to ensure they will be cached.
 COPY ./requirements /requirements
 RUN pip install --no-cache-dir -r /requirements/production.txt \
-    && rm -rf /requirements
+  && rm -rf /requirements
 
 COPY ./compose/production/django/entrypoint /entrypoint
 RUN sed -i 's/\r$//g' /entrypoint
@@ -33,6 +33,9 @@ RUN chmod +x /start
 RUN chown django /start
 COPY --chown=django:django . /app
 
+RUN mkdir -p /app/staticfiles
+RUN chown django:django /app/staticfiles
+
 USER django
 
 WORKDIR /app

compose/production/django/start

@@ -6,6 +6,6 @@ set -o nounset
 
 
 python /app/manage.py collectstatic --noinput
-
+python manage.py migrate
 
 /usr/local/bin/gunicorn config.wsgi --bind 0.0.0.0:5000 --chdir=/app

compose/production/nginx/Dockerfile

@@ -0,0 +1,4 @@
+FROM nginx:1.19.0-alpine
+
+RUN rm /etc/nginx/conf.d/default.conf
+COPY nginx.conf /etc/nginx/conf.d

compose/production/nginx/nginx.conf

@@ -0,0 +1,38 @@
+# nginx.conf 
+
+upstream app {
+  server django:5000;
+}
+
+server {
+  # use 'listen 80 deferred;' for Linux
+  # use 'listen 80 accept_filter=httpready;' for FreeBSD
+  listen 80;
+  charset utf-8;
+
+  # Handle noisy favicon.ico messages in nginx
+  location = /favicon.ico {
+    return 204;
+    access_log     off;
+    log_not_found  off;
+  }
+
+  location / {
+    # checks for static file, if not found proxy to app
+    try_files $uri @proxy_to_app;
+  }
+
+  location /static/ {
+    alias /app/static/;
+  }
+
+  # django app
+  location @proxy_to_app {
+    proxy_redirect     off;
+    proxy_set_header   Host $host;
+    proxy_set_header   X-Real-IP $remote_addr;
+    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Host $server_name;
+    proxy_pass http://app;
+  }
+}

production.yml

@@ -1,9 +1,9 @@
-version: '3'
+version: "3"
 
 volumes:
   production_postgres_data: {}
   production_postgres_data_backups: {}
-  production_traefik: {}
+  production_static_files: {}
 
 services:
   django:
@@ -17,7 +17,14 @@ services:
     env_file:
       - ./.envs/.production/.django
       - ./.envs/.production/.postgres
+      - ./.envs/.production/.secrets
     command: /start
+    # ports:
+    #   - 5000:5000
+    expose:
+      - 5000
+    volumes:
+      - production_static_files:/app/staticfiles
 
   postgres:
     build:
@@ -28,22 +35,16 @@ services:
       - production_postgres_data:/var/lib/postgresql/data
       - production_postgres_data_backups:/backups
     env_file:
-      - ./.envs/.production/.postgres
+      - ./.envs/.production/.secrets
 
-  traefik:
-    build:
-      context: .
-      dockerfile: ./compose/production/traefik/Dockerfile
-    image: osler_production_traefik
+  nginx:
+    build: ./compose/production/nginx
+    ports:
+      - 1337:80
     depends_on:
       - django
     volumes:
-      - production_traefik:/etc/traefik/acme
-    ports:
-      - "0.0.0.0:8084:80"
-      - "0.0.0.0:443:443"
+      - production_static_files:/app/static
 
   redis:
     image: redis:5.0
-
-