From 92c19fce557dcb91164c42b614d357f4e90f35aa Mon Sep 17 00:00:00 2001 From: Gerardo Navarro Date: Sun, 21 Aug 2022 16:11:19 +0200 Subject: [PATCH] chore: Add docker compose file for production --- .dockerignore | 6 +++++ .env.prod.default | 13 +++++++++++ docker-compose-prod.yml | 51 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 .env.prod.default create mode 100644 docker-compose-prod.yml diff --git a/.dockerignore b/.dockerignore index 28c6753f5..15643384f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,6 +3,12 @@ .hg Dockerfile +# Ignoring all docker compose files as they are not needed +docker-compose*.yml + +# Ignoring all env files from the host machine to avoid unexpected side effects +.env* + # Remove the git objects, logs, etc. to make final image smaller. # Some files still need to be in the .git directory, because Etherpad at # startup uses them to discover its version number. diff --git a/.env.prod.default b/.env.prod.default new file mode 100644 index 000000000..0d2987a16 --- /dev/null +++ b/.env.prod.default @@ -0,0 +1,13 @@ +# Please copy and rename this file. +# +# !Attention! +# Always ensure to load the env variables in every terminal session. +# Otherwise the env variables will not be available + + +DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED=9001 +DOCKER_COMPOSE_APP_PROD_PORT_TARGET=9001 + +DOCKER_COMPOSE_POSTGRES_PROD_DB= +DOCKER_COMPOSE_POSTGRES_PROD_PASSWORD= +DOCKER_COMPOSE_POSTGRES_PROD_USER= \ No newline at end of file diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml new file mode 100644 index 000000000..7a63e570a --- /dev/null +++ b/docker-compose-prod.yml @@ -0,0 +1,51 @@ +version: "3.8" + +# Add this file to extend the docker-compose setup, e.g.: +# docker-compose -f docker-compose-prod.yml --env-file .env.prod build --no-cache +# docker-compose -f docker-compose-prod.yml --env-file .env.prod up -d --build --force-recreate + +services: + app_prod: + build: + context: . + environment: + DB_HOST: postgres_prod + DB_NAME: ${DOCKER_COMPOSE_POSTGRES_PROD_DB:?} + DB_PASS: ${DOCKER_COMPOSE_POSTGRES_PROD_PASSWORD:?} + DB_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_PORT:-5432} + DB_TYPE: "postgres" + DB_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_USER:?} + ports: + - "${DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED:-9001}:${DOCKER_COMPOSE_APP_PROD_PORT_TARGET:-9001}" + + # If you do not have another postgres database service in this docker-compose, you can add this postgres service. + # Note: Please use other credentials when using this in production. + postgres_prod: + image: postgres:12-alpine + # Pass config parameters to the postgres server. + # Find more information below when you need to generate the ssl-relevant file your self + command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key + environment: + PGDATA: /var/lib/postgresql/data/pgdata + POSTGRES_DB: ${DOCKER_COMPOSE_POSTGRES_PROD_DB:?} + POSTGRES_PASSWORD: ${DOCKER_COMPOSE_POSTGRES_PROD_PASSWORD:?} + POSTGRES_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_PORT:-5432} + POSTGRES_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_USER:?} + volumes: + # To setup an ssl-enabled postgres server locally, you need to generate a self-signed ssl certificate. + # ```bash + # mkdir -p ./ca + # openssl req -new -text -passout pass:abcd -subj /CN=localhost -out ./ca/server.req -keyout ./ca/privkey.pem + # openssl rsa -in ./ca/privkey.pem -passin pass:abcd -out ./ca/server.key + # openssl req -x509 -in ./ca/server.req -text -key ./ca/server.key -out ./ca/server.crt + # chmod 600 ./ca/server.key + # test $(uname -s) = Linux && chown 70 ./ca/server.key + # ``` + # + # Afterwards, the ssl_cert_file and ssl_key_file are mounted into the docker container, see below + - ./ca/server.crt:/var/lib/postgresql/server.crt + - ./ca/server.key:/var/lib/postgresql/server.key + - postgres_prod_data:/var/lib/postgresql/data/pgdata + +volumes: + postgres_prod_data: \ No newline at end of file