Skip to content

Commit

Permalink
test
Browse files Browse the repository at this point in the history
  • Loading branch information
@dens-al
dens-al committed Jun 2, 2024
1 parent 72080dd commit d30ff08
Show file tree
Hide file tree
Showing 22 changed files with 2,238 additions and 73 deletions.
13 changes: 12 additions & 1 deletion .github/workflows/docker-build-push.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
name: Create and publish a Docker image to GHCR

on: workflow_dispatch
on:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
workflow_dispatch:
inputs:
dockerfile:
description: Dockerfile to build
required: true
type: choice
options:
- simple-app
- django

env:
REGISTRY: ghcr.io
Expand Down Expand Up @@ -34,6 +44,7 @@ jobs:
uses: docker/build-push-action@v5
with:
context: .
context: ${{ inputs.dockerfile }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
5 changes: 1 addition & 4 deletions Dockerfile → django/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,4 @@ USER app

EXPOSE 8000

#CMD ["gunicorn", "digital_twin.wsgi:application", "--bind", "0.0.0.0:8000", "--workers=1"]

#docker build --network=host -t digital_twin .
#docker run --net=host -p 8000:8000 -v /home/whoami/NSF/digital_twin_backend/digital_twin/media:/digital_twin_backend/digital_twin/media digital_twin
#CMD ["gunicorn", "digital_twin.wsgi:application", "--bind", "0.0.0.0:8000", "--workers=1"]
0 requirements.txt → django/requirements.txt
View file
File renamed without changes.
150 changes: 82 additions & 68 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -1,82 +1,96 @@
services:

# database:
# image: postgres:14.6-alpine
# container_name: postgres-db
# restart: always
# volumes:
# - /opt/pgdata:/var/lib/postgresql/data/
# env_file:
# - ./env.dev

django_app:
container_name: app
restart: always
build: .
ports:
- 8000:8000
# image: postgres:14.6-alpine
# container_name: postgres-db
# restart: always
# volumes:
# - /opt/media:/home/app/media # Need to have write permissions for user app on host server
# - /opt/pgdata:/var/lib/postgresql/data/
# env_file:
# - ./env.dev
command: bash -c "
python manage.py migrate &&
gunicorn digital_twin.wsgi:application --bind 0.0.0.0:8000 --workers=1
"
# depends_on:
# - database

# https://github.com/nginx-proxy/nginx-proxy
# nginx-proxy:
# container_name: nginx-proxy
# pgadmin:
# image: dpage/pgadmin4
# container_name: pgadmin4
# restart: always
# build: nginx
# ports:
# - 443:443
# - 80:80
# volumes:
# - certs:/etc/nginx/certs
# - html:/usr/share/nginx/html
# - vhost:/etc/nginx/vhost.d
# - /var/run/docker.sock:/tmp/docker.sock:ro
# depends_on:
# - digital_twin
#
# acme-companion:
# container_name: acme
# restart: always
# image: nginxproxy/acme-companion
# environment:
# DEFAULT_EMAIL: "[email protected]"
## ACME_CA_URI: "https://acme-staging-v02.api.letsencrypt.org/directory"
# ACME_CA_URI: "https://acme-v02.api.letsencrypt.org/directory"
# NGINX_PROXY_CONTAINER: "nginx-proxy"
# PGADMIN_DEFAULT_EMAIL: [email protected]
# PGADMIN_DEFAULT_PASSWORD: p@55w0rd
# VIRTUAL_HOST: tapi.fusiontwin.io
# VIRTUAL_PATH: /pgadmin
# VIRTUAL_PORT: 80
# SCRIPT_NAME: /pgadmin
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock:ro
# - certs:/etc/nginx/certs
# - html:/usr/share/nginx/html
# - vhost:/etc/nginx/vhost.d
# - acme:/etc/acme.sh
# - /opt/pgadmin:/var/lib/pgadmin # to store sessions (Need permissions for uid 5050 (pgadmin user) or just 777)
# depends_on:
# - nginx-proxy
#
# dozzle:
# container_name: dozzle
# - database

# app:
# container_name: dt-be
# restart: always
# image: amir20/dozzle:latest
# build: . # TODO better to build separately and here pull existing image
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# ports:
# - 8080:8080
# environment:
# VIRTUAL_HOST: fusiontwin.io
# VIRTUAL_PATH: /logs
# DOZZLE_BASE: /logs
# VIRTUAL_PORT: 8080
#
# - /opt/media:/home/app/media # Need write permissions for user app on host server
# - /opt/static:/home/app/static
# env_file:
# - ./env.dev
# command: bash -c "
# python manage.py migrate &&
# python manage.py collectstatic -v 2 --noinput &&
# gunicorn digital_twin.wsgi:application --bind 0.0.0.0:8000 --workers=4 --preload
# "
# depends_on:
# - database

# https://github.com/nginx-proxy/nginx-proxy
nginx-proxy:
container_name: nginx-proxy
restart: always
build: nginx-proxy # my folder with custom Dockerfile for nginx-proxy
ports:
- 80:80 # must be for acme challenge to approve LetsEncrypt domain
- 443:443
volumes:
- /opt/nginx/certs:/etc/nginx/certs # must contain valid SSL certs and key with domain name e.g. den-ops.ru.crt and den-ops.ru.key
- /opt/static:/mount/app/static # added for django static files. Defined in vhost.d/default
- html:/usr/share/nginx/html # must be for acme challenge to approve LetsEncrypt domain
- vhost:/etc/nginx/vhost.d
- /var/run/docker.sock:/tmp/docker.sock:ro
environment:
LOG_JSON=: true
LOG_FORMAT: '{"msec":"$msec","connection":"$connection","connection_requests":"$connection_requests","pid": "$pid","request_id": "$request_id","request_length": "$request_length","remote_addr": "$remote_addr","remote_user": "$remote_user","remote_port": "$remote_port","time_local": "$time_local","time_iso8601": "$time_iso8601","request": "$request","request_uri": "$request_uri","args": "$args","status": "$status","body_bytes_sent": "$body_bytes_sent","bytes_sent": "$bytes_sent","http_referer": "$http_referer","http_user_agent": "$http_user_agent","http_x_forwarded_for": "$http_x_forwarded_for","http_host": "$http_host","server_name": "$server_name","request_time": "$request_time","upstream": "$upstream_addr","upstream_connect_time": "$upstream_connect_time","upstream_header_time": "$upstream_header_time","upstream_response_time": "$upstream_response_time","upstream_response_length": "$upstream_response_length","upstream_cache_status": "$upstream_cache_status","ssl_protocol": "$ssl_protocol","ssl_cipher": "$ssl_cipher","scheme": "$scheme","request_method": "$request_method","server_protocol": "$server_protocol","pipe": "$pipe","gzip_ratio": "$gzip_ratio" }'

acme-companion:
container_name: acme
restart: always
image: nginxproxy/acme-companion
environment:
DEFAULT_EMAIL: "[email protected]"
#ACME_CA_URI: "https://acme-staging-v02.api.letsencrypt.org/directory"
ACME_CA_URI: "https://acme-v02.api.letsencrypt.org/directory"
NGINX_PROXY_CONTAINER: "nginx-proxy"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/nginx/certs:/etc/nginx/certs
- html:/usr/share/nginx/html
- vhost:/etc/nginx/vhost.d
- acme:/etc/acme.sh
depends_on:
- nginx-proxy

dozzle:
container_name: dozzle
restart: always
image: amir20/dozzle:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
VIRTUAL_HOST: tapi.fusiontwin.io
VIRTUAL_PATH: /logs
DOZZLE_BASE: /logs
VIRTUAL_PORT: 8080

volumes:
vol:
# certs:
# html:
# vhost:
# acme:
html:
vhost:
acme:
39 changes: 39 additions & 0 deletions nginx-proxy/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Build necessary modules for Nginx
FROM ubuntu:22.04 as builder

RUN apt update \
&& apt upgrade -y \
&& apt install -y libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev wget git gcc make libbrotli-dev libmaxminddb0 libmaxminddb-dev mmdb-bin

WORKDIR /app
# Build Brotli module from Google
RUN wget https://nginx.org/download/nginx-1.25.4.tar.gz && tar -zxf nginx-1.25.4.tar.gz
RUN git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli
RUN cd nginx-1.25.4 && ./configure --with-compat --add-dynamic-module=../ngx_brotli \
&& make modules \

# Build GeoIP2 module
RUN git clone https://github.com/leev/ngx_http_geoip2_module.git
RUN cd nginx-1.25.4 && ./configure --with-compat --add-dynamic-module=../ngx_http_geoip2_module \
&& make modules

#CMD ["sleep", "3600"] # for debugging

# Use nginx-proxy as base pre-configured proxy https://github.com/nginx-proxy/nginx-proxy
FROM nginxproxy/nginx-proxy:1.5.1
# Contains nginx 1.25.4 which must be the same version for compiled brotli modules

RUN apt-get update \
&& apt-get install -y --no-install-recommends --no-install-suggests libmaxminddb0 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

COPY --from=builder /app/nginx-1.25.4/objs/ngx_http_brotli_static_module.so /etc/nginx/modules/
COPY --from=builder /app/nginx-1.25.4/objs/ngx_http_brotli_filter_module.so /etc/nginx/modules/
COPY --from=builder /app/nginx-1.25.4/objs/ngx_http_geoip2_module.so /etc/nginx/modules/
RUN echo "load_module modules/ngx_http_brotli_filter_module.so;\nload_module modules/ngx_http_brotli_static_module.so;\nload_module modules/ngx_http_geoip2_module.so;\n$(cat /etc/nginx/nginx.conf)" > /etc/nginx/nginx.conf
COPY brotli.conf /etc/nginx/conf.d/brotli.conf
COPY nginx-logs.conf /etc/nginx/conf.d/nginx-logs.conf

COPY vhost.d/default /etc/nginx/vhost.d/default
COPY custom.conf /etc/nginx/conf.d/custom.conf
8 changes: 8 additions & 0 deletions nginx-proxy/brotli.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
1 change: 1 addition & 0 deletions nginx-proxy/custom.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
client_max_body_size 1000M;
2 changes: 2 additions & 0 deletions nginx-proxy/env.nginx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
LOG_JSON=true
LOG_FORMAT='{"msec":"$msec","connection":"$connection","connection_requests":"$connection_requests","pid": "$pid","request_id":"$request_id","request_length":"$request_length","remote_addr":"$remote_addr","remote_user":"$remote_user","remote_port":"$remote_port","time_local": "$time_local","time_iso8601":"$time_iso8601","request":"$request","request_uri":"$request_uri","args":"$args","status":"$status","body_bytes_sent":"$body_bytes_sent","bytes_sent":"$bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","http_host":"$http_host","server_name":"$server_name","request_time":"$request_time","upstream":"$upstream_addr","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","upstream_response_time":"$upstream_response_time","upstream_response_length":"$upstream_response_length","upstream_cache_status":"$upstream_cache_status","ssl_protocol":"$ssl_protocol","ssl_cipher":"$ssl_cipher","scheme":"$scheme","request_method":"$request_method","server_protocol":"$server_protocol","pipe":"$pipe","gzip_ratio":"$gzip_ratio"}'
7 changes: 7 additions & 0 deletions nginx-proxy/geoip2.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
'"gzip_ratio": "$gzip_ratio", '
'"geoip_country_code": "$geoip_country_code"'
'}';

geoip_country /etc/nginx/GeoLite2-Country.mmdb {
$geoip_country_code default=US source=$remote_addr country iso_code;
}
102 changes: 102 additions & 0 deletions nginx-proxy/nginx-logs.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
log_format json_analytics escape=json '{'
'"msec": "$msec",' # request unixtime in seconds with a milliseconds resolution
'"connection": "$connection",' # connection serial number
'"connection_requests": "$connection_requests",' # number of requests made in connection
'"pid": "$pid",' # process pid
'"request_id": "$request_id",' # the unique request id
'"request_length": "$request_length",' # request length (including headers and body)
'"remote_addr": "$remote_addr",' # client IP
'"remote_user": "$remote_user",' # client HTTP username
'"remote_port": "$remote_port",' # client port
'"time_local": "$time_local",'
'"time_iso8601": "$time_iso8601",' # local time in the ISO 8601 standard format
'"request": "$request",' # full path no arguments if the request
'"request_uri": "$request_uri",' # full path and arguments if the request
'"args": "$args",' # args
'"status": "$status",' # response status code
'"body_bytes_sent": "$body_bytes_sent",' # the number of body bytes exclude headers sent to a client
'"bytes_sent": "$bytes_sent",' # the number of bytes sent to a client
'"http_referer": "$http_referer",' # HTTP referer
'"http_user_agent": "$http_user_agent",' # user agent
'"http_x_forwarded_for": "$http_x_forwarded_for",' # http_x_forwarded_for
'"http_host": "$http_host",' # the request Host: header
'"server_name": "$server_name",' # the name of the vhost serving the request
'"request_time": "$request_time",' # request processing time in seconds with msec resolution
'"upstream": "$upstream_addr",' # upstream backend server for proxied requests
'"upstream_connect_time": "$upstream_connect_time",' # upstream handshake time incl. TLS
'"upstream_header_time": "$upstream_header_time",' # time spent receiving upstream headers
'"upstream_response_time": "$upstream_response_time",' # time spent receiving upstream body
'"upstream_response_length": "$upstream_response_length",' # upstream response length
'"upstream_cache_status": "$upstream_cache_status",' # cache HIT/MISS where applicable
'"ssl_protocol": "$ssl_protocol",' # TLS protocol
'"ssl_cipher": "$ssl_cipher",' # TLS cipher
'"scheme": "$scheme",' # http or https
'"request_method": "$request_method",' # request method
'"server_protocol": "$server_protocol",' # request protocol, like HTTP/1.1 or HTTP/2.0
'"pipe": "$pipe",' # "p" if request was pipelined, "." otherwise
'"gzip_ratio": "$gzip_ratio"'
#'"geoip_country_code": "$geoip_country_code"'
'}';

# geoip_country /etc/nginx/GeoLite2-Country.mmdb {
# $geoip_country_code default=US source=$remote_addr country iso_code;
# }

access_log /var/log/nginx/access.log json_analytics;


log_format vhost escape=json '{"time_local":"$time_iso8601","client_ip":"$http_x_forwarded_for","remote_addr":"$remote_addr","request":"$request","status":"$status","body_bytes_sent":"$body_bytes_sent","request_time":"$request_time","upstream_response_time":"$upstream_response_time","upstream_addr":"$upstream_addr","http_referrer":"$http_referer","http_user_agent":"$http_user_agent","request_id":"$request_id"}';
log_format vhost escape=default '$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr"';

$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$upstream_addr"

{
"time_local": "$time_iso8601",
"client_ip": "$http_x_forwarded_for",
"remote_addr": "$remote_addr",
"request": "$request",
"status": "$status",
"body_bytes_sent": "$body_bytes_sent",
"request_time": "$request_time",
"upstream_response_time": "$upstream_response_time",
"upstream_addr": "$upstream_addr",
"http_referrer": "$http_referer",
"http_user_agent": "$http_user_agent",
"request_id": "$request_id"
}
'{"msec":"$$msec",\
"connection":"$$connection",\
"connection_requests":"$$connection_requests",\
"pid": "$$pid",\
"request_id":"$$request_id",\
"request_length":"$$request_length",\
"remote_addr":"$$remote_addr",\
"remote_user":"$$remote_user",\
"remote_port":"$$remote_port",\
"time_local": "$$time_local",\
"time_iso8601":"$$time_iso8601",\
"request":"$$request",\
"request_uri":"$$request_uri",\
"args":"$$args",\
"status":"$$status",\
"body_bytes_sent":"$$body_bytes_sent",\
"bytes_sent":"$$bytes_sent",\
"http_referer":"$$http_referer",\
"http_user_agent":"$$http_user_agent",\
"http_x_forwarded_for":"$$http_x_forwarded_for"\
"http_host":"$$http_host",\
"server_name":"$$server_name",\
"request_time":"$$request_time",\
"upstream":"$$upstream_addr",\
"upstream_connect_time":"$$upstream_connect_time",\
"upstream_header_time":"$$upstream_header_time",\
"upstream_response_time":"$$upstream_response_time",\
"upstream_response_length":"$$upstream_response_lengt,\
"upstream_cache_status":"$$upstream_cache_status",\
"ssl_protocol":"$$ssl_protocol",\
"ssl_cipher":"$$ssl_cipher",\
"scheme":"$$scheme",\
"request_method":"$$request_method",\
"server_protocol":"$$server_protocol",\
"pipe":"$$pipe",\
"gzip_ratio":"$$gzip_ratio}\
8 changes: 8 additions & 0 deletions nginx-proxy/vhost.d/default
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# location /media/ {
# alias /mount/media/;
# add_header Access-Control-Allow-Origin *;
# }
location /static/ {
alias /mount/app/static/;
add_header Access-Control-Allow-Origin *;
}
8 changes: 8 additions & 0 deletions simple-app/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM nginx:1.26.0-alpine

COPY nginx.conf /etc/nginx/nginx.conf
COPY fastcgi.conf /etc/nginx/fastcgi.conf
COPY site /opt/site
COPY site.conf /etc/nginx/conf.d/default.conf

EXPOSE 80
Loading

0 comments on commit d30ff08

Please sign in to comment.