Merge pull request TandoorRecipes#2887 from adjokic/patch-1

Add documenation for Docker + Apache + Subfolder

docs/install/other.md

@@ -59,6 +59,155 @@ I used two paths `<sub path>` and `<www path>` for simplicity. In my case I have
 
 I left out the TLS config in this example for simplicity.
 
+## Docker + Apache + Sub-Path
+
+The following could prove to be useful if you are not using Traefik, but instead run Apache as your reverse proxy to route all calls for a shared (sub)domain to a sub path, e.g. https://mydomain.tld/tandoor
+
+As a side note, I am using [Blocky](https://0xerr0r.github.io/blocky/) + [Consul](https://hub.docker.com/r/hashicorp/consul) + [Registrator](https://hub.docker.com/r/gliderlabs/registrator) as a DNS solution.
+
+The relevant Apache config:
+```
+    <Location /tandoor>
+        # in case you want to restrict access to specific IP addresses:
+        Require local
+        Require forward-dns [myhomedomain.useyourdomain.com]
+        Require ip [anylocalorremoteipyouwanttowhitelist]
+
+        # The following assumes that tandoor.service.consul.local resolves to the IP address of the Docker container.
+        ProxyPass http://tandoor.service.consul.local:8080/tandoor
+        ProxyPassReverse http://tandoor.service.consul.local:8080/tandoor
+        RequestHeader add X-Script-Name /tandoor
+        RequestHeader set X-Forwarded-Proto "https"
+        ProxyPreserveHost On
+    </Location>
+    <Location /tandoor/static>
+        Require local
+        Require forward-dns [myhomedomain.useyourdomain.com]
+        Require ip [anylocalorremoteipyouwanttowhitelist]
+
+        ProxyPass http://tandoor.service.consul.local:8080/tandoor/tandoor/static
+        ProxyPassReverse http://tandoor.service.consul.local:8080/tandoor/static
+        RequestHeader add X-Script-Name /tandoor
+        RequestHeader set X-Forwarded-Proto "https"
+        ProxyPreserveHost On
+    </Location>
+```
+and the relevant section from the docker-compose.yml:
+```
+   tandoor:
+     restart: always
+     container_name: tandoor
+     image: vabene1111/recipes
+     environment:
+       - SCRIPT_NAME=/tandoor
+       - JS_REVERSE_SCRIPT_PREFIX=/tandoor
+       - STATIC_URL=/tandoor/static/
+       - MEDIA_URL=/tandoor/media/
+       - GUNICORN_MEDIA=0
+       - SECRET_KEY=${YOUR_TANDOOR_SECRET_KEY}
+       - POSTGRES_HOST=postgres.service.consul.local
+       - POSTGRES_PORT=${POSTGRES_PORT}
+       - POSTGRES_USER=${YOUR_TANDOOR_POSTGRES_USER}
+       - POSTGRES_PASSWORD=${YOUR_TANDOOR_POSTGRES_PASSWORD}
+       - POSTGRES_DB=${YOUR_TANDOOR_POSTGRES_DB}
+     labels:
+        # The following is relevant only if you are using Registrator and Consul
+       - "SERVICE_NAME=tandoor"
+     volumes:
+       - ${YOUR_DOCKER_VOLUME_BASE_DIR}/tandoor/static:/opt/recipes/staticfiles:rw
+       # Do not make this a bind mount, see https://docs.tandoor.dev/install/docker/#volumes- vs-bind-mounts
+       - tandoor_nginx_config:/opt/recipes/nginx/conf.d
+       - ${YOUR_DOCKER_VOLUME_BASE_DIR}}/tandoor/media:/opt/recipes/mediafiles:rw
+     depends_on:
+        # You will have to set up postgres accordingly
+       - postgres
+```
+
+The relevant docker-compose.yml for Registrator, Consul, and Blocky, and Autoheal:
+```
+  consul:
+    image: hashicorp/consul
+    container_name: consul
+    command: >
+      agent -server
+      -domain consul.local
+      -advertise=${YOUR_DOCKER_HOST_IP_ON_THE_LAN}
+      -client=0.0.0.0
+      -encrypt=${SOME_SECRET_KEY}
+      -datacenter=${YOUR_DC_NAME}
+      -bootstrap-expect=1
+      -ui
+      -log-level=info
+    environment:
+      - "CONSUL_LOCAL_CONFIG={\"skip_leave_on_interrupt\": true, \"dns_config\": { \"service_ttl\": { \"*\": \"0s\" } } }"
+    network_mode: "host"
+    restart: always
+
+  registrator:
+    image: gliderlabs/registrator:latest
+    container_name: registrator
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    command: >
+      -internal
+      -cleanup=true
+      -deregister="always"
+      -resync=60
+      consul://host.docker.internal:8500
+    restart: always
+
+  blocky:
+    image: spx01/blocky
+    container_name: blocky
+    restart: unless-stopped
+    healthcheck:
+      interval: 30s
+      timeout: 5s
+      start_period: 1m
+    labels:
+        # The following is only relevant if you use autoheal
+      autoheal: true
+    # Optional the instance hostname for logging purpose
+    hostname: blocky
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    ports:
+      - "1153:53/tcp"
+      - "1153:53/udp"
+      - 4000:4000
+    environment:
+      - TZ=YOUR_TIMEZONE # Optional to synchronize the log timestamp with host
+    volumes:
+      # Optional to synchronize the log timestamp with host
+      - /etc/localtime:/etc/localtime:ro
+      # config file
+      - ${YOUR_DOCKER_VOLUME_BASE_DIR}/blocky/config.yml:/app/config.yml
+    networks:
+        # in case you want to bind Blocky to an IP address
+      your-docker-network-name:
+        ipv4_address: 'some-ip-address-in-the-docker-network-subnet'
+
+  autoheal:
+    image: willfarrell/autoheal
+    volumes:
+        - '/var/run/docker.sock:/var/run/docker.sock'
+    environment:
+        - AUTOHEAL_CONTAINER_LABEL=autoheal
+    restart: always
+    container_name: autoheal
+
+```
+as well as a snippet of the Blocky configuration:
+```
+conditional:
+  fallbackUpstream: false
+  mapping:
+    consul.local: tcp+udp:host.docker.internal:8600
+```
+
+
 ## WSL
 
 If you want to install Tandoor on the Windows Subsystem for Linux you can find a detailed post here: <https://github.com/TandoorRecipes/recipes/issues/1733>.