diff --git a/README.md b/README.md index 2dddb4a..2bd940d 100644 --- a/README.md +++ b/README.md @@ -113,11 +113,37 @@ A summary of available commands are outlined below. Note that if the command req | `build` | Builds required images (frontend and backend) for production | No | `start` | Runs all services in production mode including the frontend, backend and postgres database | No -## Running application for production +## Setting up and running the application for production 1. Ensure the prerequisites are met as defined in [#Initial Setup] -2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Fill in the values as appropriate -3. Update `frontend/config.js` with values as appropriate -4. Run a production build using `./dev build_production` -5. Initialise the database using `./dev init_database` -6. Run the production application using `./dev start_production` \ No newline at end of file +2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Uncomment values relating to production and fill in the values as appropriate. +3. Build backend image `sudo ./dev build_production` +4. Create the database `sudo ./dev create_database` +5. Manually create postgres user with password and add the user to the `righttree` database with all permissions. + +Create an interactive terminal into the postgres container +```bash +sudo docker-compose -f docker-compose.production.yaml up postgres +sudo docker exec -it postgres bash +``` + +Within the interactive terminal. Connect to the database, add the righttree_admin user and give permissions. Please use the same credentials as defined in .env. +```bash +psql -U postgres +/c righttree +CREATE USER righttree_admin; +ALTER USER righttree_admin with encrypted password 'YOUR PASSWORD'; +GRANT ALL PRIVILEGES ON DATABASE righttree TO righttree_admin; +``` + +6. Populate the database using `sudo ./dev populate_database` +7. Build optimised frontend build and collect together staticfiles `sudo ./dev create_staticfiles` +8. Create a django superuser for access to the admin interface. Please use the same credentials as defined in .env `sudo ./dev createsuperuser` +9. Run the production application using `sudo ./dev start_production` + +### Setting up certificates + +Create certificate using certbot and letsencrypt, choose option 1 and provide an appropriate email. Ensure port 80 and 443 are externally exposed for the domain before running this command. To retrieve a staging certificate, use the `--test-cert` flag. +``` +sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly -d [YOUR DOMAIN] --logs-dir /etc/letsencrypt/logs +``` diff --git a/backend/right_tree/settings.py b/backend/right_tree/settings.py index 40ad1a8..b7c0ace 100644 --- a/backend/right_tree/settings.py +++ b/backend/right_tree/settings.py @@ -88,7 +88,7 @@ DATABASES = { 'NAME': os.getenv("RIGHTTREE_DB", "postgres"), 'USER': os.getenv("RIGHTTREE_DB_USER", "postgres"), 'PASSWORD': os.getenv("RIGHTTREE_DB_PASSWORD", "postgres"), - 'HOST': os.getenv("POSTGRES_DB", "postgres"), + 'HOST': "postgres", 'PORT': 5432, } } diff --git a/dev b/dev index a9b526c..dc76aaa 100755 --- a/dev +++ b/dev @@ -123,6 +123,16 @@ cmd_stop_production() { docker-compose -f docker-compose.production.yaml stop --remove-orphans } +cmd_stop_production() { + docker-compose -f docker-compose.production.yaml stop --remove-orphans +} + +cmd_renew_certifcate() { + cmd_stop_production + sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot renew --dry-run -d $BASE_URL --logs-dir /etc/letsencrypt/logs + cmd_start_production +} + # Run the command cmd="$1" "cmd_$cmd" "$@" diff --git a/docker-compose.production.yaml b/docker-compose.production.yaml index b742d1d..546589b 100644 --- a/docker-compose.production.yaml +++ b/docker-compose.production.yaml @@ -25,12 +25,13 @@ services: - postgres - backend volumes: - - ./nginx.conf:/etc/nginx/nginx.conf + - ./nginx.production.conf:/etc/nginx/nginx.conf - ./backend/right_tree/staticfiles:/etc/nginx/html/staticfiles - ./frontend/build:/etc/nginx/html/build - - ./keys:/etc/ssl/private/nginx + - /etc/letsencrypt:/etc/letsencrypt ports: - "80:80" + - "443:443" postgres: image: postgis/postgis:13-3.0 diff --git a/nginx.production.conf b/nginx.production.conf new file mode 100644 index 0000000..7c831f1 --- /dev/null +++ b/nginx.production.conf @@ -0,0 +1,30 @@ +http { + server { + listen 80; + listen 443 ssl; + index index.html; + include /etc/nginx/mime.types; + proxy_set_header Host $http_host; + + ssl_certificate /etc/letsencrypt/live/righttree.maps.net.nz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/righttree.maps.net.nz/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/righttree.maps.net.nz/chain.pem; + + location / { + root /etc/nginx/html/build; + } + + location /staticfiles { + root /etc/nginx/html/; + } + + location ~* ^/(api|admin) { + proxy_pass http://backend:8000; + } + } +} + + +events { + # configuration of connection processing +}