diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..98037882 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +web/settings/local.py diff --git a/Dockerfile b/Dockerfile index 46ad8b45..10002eaf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,24 @@ -FROM python:3.12 +FROM ubuntu/nginx -WORKDIR /app/web +RUN apt-get update +RUN apt-get install -y python3.12 python3.12-venv -ENTRYPOINT ["/app/docker-entrypoint.sh"] -EXPOSE 3000 -CMD ["python", "./manage.py", "runserver", "0.0.0.0:3000"] -COPY . /app/ -COPY web/settings/docker.py.example /app/web/settings/docker.py -RUN pip install -r /app/requirements.txt +COPY web /app/ +COPY --chown=nobody:nogroup web/media /media +COPY web/settings/docker.py.example /app/settings/docker.py +COPY requirements.txt / +COPY nginx.conf /etc/nginx/ + +RUN tr -dc A-Za-z0-9 < /dev/urandom | head -c 40 > /secret.txt +RUN python3.12 -m venv venv +ENV PATH="/venv/bin:$PATH" +RUN pip install -r requirements.txt +WORKDIR /app +RUN python manage.py makemigrations tupa +RUN python manage.py migrate + +RUN nginx -t + +RUN echo "gunicorn --daemon --bind unix:/tmp/kipa.sock wsgi" > /docker-entrypoint.d/gunicorn.sh +RUN chmod +x /docker-entrypoint.d/gunicorn.sh diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index afbbc6c4..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: '3' -services: - web: - build: . - ports: - - 3000:3000 diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh deleted file mode 100755 index 9727dbcd..00000000 --- a/docker-entrypoint.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -if [ ! -f "/app/db/secret.txt" ]; then - tr -dc A-Za-z0-9 < /dev/urandom | head -c 40 > /app/db/secret.txt -fi -if [ ! -f "/app/db/kipa.db" ]; then - cp /app/docs/initial.db /app/db/kipa.db -fi - -exec "$@" diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 00000000..ac66cab9 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,42 @@ +worker_processes 1; + +user nobody nogroup; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; + accept_mutex off; # set to 'on' if nginx worker_processes > 1 +} + +http { + include mime.types; + # fallback in case we can't determine a type + default_type application/octet-stream; + access_log /var/log/nginx/access.log combined; + sendfile on; + + upstream app_server { + server unix:/tmp/kipa.sock fail_timeout=0; + } + + server { + listen 80 deferred; + client_max_body_size 4G; + server_name kipa; + keepalive_timeout 5; + + location /kipamedia { + alias /media; + } + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + # we don't want nginx trying to do something clever with + # redirects, we set the Host: header above already. + proxy_redirect off; + proxy_pass http://app_server; + } + } +} diff --git a/web/settings/docker.py.example b/web/settings/docker.py.example index 1c7806ad..3ab324ae 100644 --- a/web/settings/docker.py.example +++ b/web/settings/docker.py.example @@ -1,12 +1,9 @@ -with open("/app/db/secret.txt", "r") as f: +with open("/secret.txt", "r") as f: SECRET_KEY = f.readline() DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", - "NAME": "/app/db/kipa.db", + "NAME": "/tmp/kipa.db", } } - -# Should we serve the media files through Python? -SERVE_MEDIA = True