Add certificate config and docs
This commit is contained in:
parent
2b1c6cd49f
commit
687a256fff
5 changed files with 76 additions and 9 deletions
38
README.md
38
README.md
|
@ -113,11 +113,37 @@ A summary of available commands are outlined below. Note that if the command req
|
||||||
| `build` | Builds required images (frontend and backend) for production | No
|
| `build` | Builds required images (frontend and backend) for production | No
|
||||||
| `start` | Runs all services in production mode including the frontend, backend and postgres database | No
|
| `start` | Runs all services in production mode including the frontend, backend and postgres database | No
|
||||||
|
|
||||||
## Running application for production
|
## Setting up and running the application for production
|
||||||
|
|
||||||
1. Ensure the prerequisites are met as defined in [#Initial Setup]
|
1. Ensure the prerequisites are met as defined in [#Initial Setup]
|
||||||
2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Fill in the values as appropriate
|
2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Uncomment values relating to production and fill in the values as appropriate.
|
||||||
3. Update `frontend/config.js` with values as appropriate
|
3. Build backend image `sudo ./dev build_production`
|
||||||
4. Run a production build using `./dev build_production`
|
4. Create the database `sudo ./dev create_database`
|
||||||
5. Initialise the database using `./dev init_database`
|
5. Manually create postgres user with password and add the user to the `righttree` database with all permissions.
|
||||||
6. Run the production application using `./dev start_production`
|
|
||||||
|
Create an interactive terminal into the postgres container
|
||||||
|
```bash
|
||||||
|
sudo docker-compose -f docker-compose.production.yaml up postgres
|
||||||
|
sudo docker exec -it postgres bash
|
||||||
|
```
|
||||||
|
|
||||||
|
Within the interactive terminal. Connect to the database, add the righttree_admin user and give permissions. Please use the same credentials as defined in .env.
|
||||||
|
```bash
|
||||||
|
psql -U postgres
|
||||||
|
/c righttree
|
||||||
|
CREATE USER righttree_admin;
|
||||||
|
ALTER USER righttree_admin with encrypted password 'YOUR PASSWORD';
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE righttree TO righttree_admin;
|
||||||
|
```
|
||||||
|
|
||||||
|
6. Populate the database using `sudo ./dev populate_database`
|
||||||
|
7. Build optimised frontend build and collect together staticfiles `sudo ./dev create_staticfiles`
|
||||||
|
8. Create a django superuser for access to the admin interface. Please use the same credentials as defined in .env `sudo ./dev createsuperuser`
|
||||||
|
9. Run the production application using `sudo ./dev start_production`
|
||||||
|
|
||||||
|
### Setting up certificates
|
||||||
|
|
||||||
|
Create certificate using certbot and letsencrypt, choose option 1 and provide an appropriate email. Ensure port 80 and 443 are externally exposed for the domain before running this command. To retrieve a staging certificate, use the `--test-cert` flag.
|
||||||
|
```
|
||||||
|
sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly -d [YOUR DOMAIN] --logs-dir /etc/letsencrypt/logs
|
||||||
|
```
|
||||||
|
|
|
@ -88,7 +88,7 @@ DATABASES = {
|
||||||
'NAME': os.getenv("RIGHTTREE_DB", "postgres"),
|
'NAME': os.getenv("RIGHTTREE_DB", "postgres"),
|
||||||
'USER': os.getenv("RIGHTTREE_DB_USER", "postgres"),
|
'USER': os.getenv("RIGHTTREE_DB_USER", "postgres"),
|
||||||
'PASSWORD': os.getenv("RIGHTTREE_DB_PASSWORD", "postgres"),
|
'PASSWORD': os.getenv("RIGHTTREE_DB_PASSWORD", "postgres"),
|
||||||
'HOST': os.getenv("POSTGRES_DB", "postgres"),
|
'HOST': "postgres",
|
||||||
'PORT': 5432,
|
'PORT': 5432,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
10
dev
10
dev
|
@ -123,6 +123,16 @@ cmd_stop_production() {
|
||||||
docker-compose -f docker-compose.production.yaml stop --remove-orphans
|
docker-compose -f docker-compose.production.yaml stop --remove-orphans
|
||||||
}
|
}
|
||||||
|
|
||||||
|
cmd_stop_production() {
|
||||||
|
docker-compose -f docker-compose.production.yaml stop --remove-orphans
|
||||||
|
}
|
||||||
|
|
||||||
|
cmd_renew_certifcate() {
|
||||||
|
cmd_stop_production
|
||||||
|
sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot renew --dry-run -d $BASE_URL --logs-dir /etc/letsencrypt/logs
|
||||||
|
cmd_start_production
|
||||||
|
}
|
||||||
|
|
||||||
# Run the command
|
# Run the command
|
||||||
cmd="$1"
|
cmd="$1"
|
||||||
"cmd_$cmd" "$@"
|
"cmd_$cmd" "$@"
|
||||||
|
|
|
@ -25,12 +25,13 @@ services:
|
||||||
- postgres
|
- postgres
|
||||||
- backend
|
- backend
|
||||||
volumes:
|
volumes:
|
||||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
- ./nginx.production.conf:/etc/nginx/nginx.conf
|
||||||
- ./backend/right_tree/staticfiles:/etc/nginx/html/staticfiles
|
- ./backend/right_tree/staticfiles:/etc/nginx/html/staticfiles
|
||||||
- ./frontend/build:/etc/nginx/html/build
|
- ./frontend/build:/etc/nginx/html/build
|
||||||
- ./keys:/etc/ssl/private/nginx
|
- /etc/letsencrypt:/etc/letsencrypt
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgis/postgis:13-3.0
|
image: postgis/postgis:13-3.0
|
||||||
|
|
30
nginx.production.conf
Normal file
30
nginx.production.conf
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
http {
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen 443 ssl;
|
||||||
|
index index.html;
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/righttree.maps.net.nz/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/righttree.maps.net.nz/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/righttree.maps.net.nz/chain.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /etc/nginx/html/build;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /staticfiles {
|
||||||
|
root /etc/nginx/html/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* ^/(api|admin) {
|
||||||
|
proxy_pass http://backend:8000;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
# configuration of connection processing
|
||||||
|
}
|
Loading…
Reference in a new issue