grassrootseconomics/pelican-website-ge
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add: docker deploy

Browse Source
This commit is contained in:
Mohamed Sohail 2021-10-08 13:13:43 +03:00
parent 20f6cfe53e
commit 8dd5e90785
Signed by: kamikazechaser
GPG Key ID: 7DD45520C01CD85D
6 changed files with 184 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@ __pycache__
output/ output/
node_modules/ node_modules/
.venv/ .venv/
standalone-deploy/data/certbot

16
README.md
View File

@ -17,3 +17,19 @@ docker build -t ge-blog .
docker run -p 8000:80 ge-blog docker run -p 8000:80 ge-blog
## Standalone Deploy
__On a new or existing droplet (requires docker and docker-compose)__
```sh
# Make sure the A name choosen point to the droplet IP
# Replace domain name init-cert.sh (line 8) and data/nginx.conf (lines 3,16,20,21)
$ cd standalone-deploy && bash init-cert.sh
$ docker build -t ge-blog -f Dockerfile ../
$ docker run -d -p 80:80 -p 443:443 -v $(pwd)/data/certbot/conf:/etc/letsencrypt -v $(pwd)/data/certbot/www:/var/www/certbot ge-blog
# Check if http->https redirect works https://httpstatus.io/
# http://www.stormspirit.tech
# https://www.stormspirit.tech
```

22
standalone-deploy/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM python:3.9.7-slim-buster as build
WORKDIR /app
RUN apt-get update && apt-get install make
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
RUN make publish
FROM openresty/openresty:buster-fat
COPY --from=build /app/output /var/www/pelican/output/
EXPOSE 80
COPY standalone-deploy/data/nginx.conf /etc/nginx/conf.d/default.conf

43
standalone-deploy/data/nginx.conf Normal file
View File

@ -0,0 +1,43 @@
server {
listen 80;
server_name grassrootseconomics.org;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name grassrootseconomics.org;
root /var/www/pelican/output;
ssl_certificate /etc/letsencrypt/live/grassrootseconomics.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/grassrootseconomics.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
location = / {
rewrite ^ /index.html;
}
location / {
gzip_static on;
try_files $uri.htm $uri.html $uri =404;
}
location = /favicon.ico {
expires max;
}
location ^~ /theme {
expires 1y;
}
}

19
standalone-deploy/docker-compose-cert.yml Normal file
View File

@ -0,0 +1,19 @@
version: '3'
services:
nginx:
image: nginx:1.15-alpine
restart: unless-stopped
volumes:
- ./data/nginx.conf:/etc/nginx/conf.d/default.conf
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- '80:80'
command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 400h & wait $${!}; done;'"

83
standalone-deploy/init-cert.sh Normal file
View File

@ -0,0 +1,83 @@
#!/bin/bash
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
domains=(grassrootseconomics.org)
rsa_key_size=4096
data_path="./data/certbot"
email="sohailsameja@gmail.com"
staging=0
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose -f docker-compose-cert.yml run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker-compose -f docker-compose-cert.yml up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker-compose -f docker-compose-cert.yml run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose -f docker-compose-cert.yml run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose -f docker-compose-cert.yml exec nginx nginx -s reload
echo "### Killing nginx ..."
docker-compose -f docker-compose-cert.yml down