Add certificate config and docs
This commit is contained in:
parent
2b1c6cd49f
commit
687a256fff
5 changed files with 76 additions and 9 deletions
38
README.md
38
README.md
|
@ -113,11 +113,37 @@ A summary of available commands are outlined below. Note that if the command req
|
|||
| `build` | Builds required images (frontend and backend) for production | No
|
||||
| `start` | Runs all services in production mode including the frontend, backend and postgres database | No
|
||||
|
||||
## Running application for production
|
||||
## Setting up and running the application for production
|
||||
|
||||
1. Ensure the prerequisites are met as defined in [#Initial Setup]
|
||||
2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Fill in the values as appropriate
|
||||
3. Update `frontend/config.js` with values as appropriate
|
||||
4. Run a production build using `./dev build_production`
|
||||
5. Initialise the database using `./dev init_database`
|
||||
6. Run the production application using `./dev start_production`
|
||||
2. Create an `.env` file (if not done prior) in the root directory using `default.env` as an example. Uncomment values relating to production and fill in the values as appropriate.
|
||||
3. Build backend image `sudo ./dev build_production`
|
||||
4. Create the database `sudo ./dev create_database`
|
||||
5. Manually create postgres user with password and add the user to the `righttree` database with all permissions.
|
||||
|
||||
Create an interactive terminal into the postgres container
|
||||
```bash
|
||||
sudo docker-compose -f docker-compose.production.yaml up postgres
|
||||
sudo docker exec -it postgres bash
|
||||
```
|
||||
|
||||
Within the interactive terminal. Connect to the database, add the righttree_admin user and give permissions. Please use the same credentials as defined in .env.
|
||||
```bash
|
||||
psql -U postgres
|
||||
/c righttree
|
||||
CREATE USER righttree_admin;
|
||||
ALTER USER righttree_admin with encrypted password 'YOUR PASSWORD';
|
||||
GRANT ALL PRIVILEGES ON DATABASE righttree TO righttree_admin;
|
||||
```
|
||||
|
||||
6. Populate the database using `sudo ./dev populate_database`
|
||||
7. Build optimised frontend build and collect together staticfiles `sudo ./dev create_staticfiles`
|
||||
8. Create a django superuser for access to the admin interface. Please use the same credentials as defined in .env `sudo ./dev createsuperuser`
|
||||
9. Run the production application using `sudo ./dev start_production`
|
||||
|
||||
### Setting up certificates
|
||||
|
||||
Create certificate using certbot and letsencrypt, choose option 1 and provide an appropriate email. Ensure port 80 and 443 are externally exposed for the domain before running this command. To retrieve a staging certificate, use the `--test-cert` flag.
|
||||
```
|
||||
sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly -d [YOUR DOMAIN] --logs-dir /etc/letsencrypt/logs
|
||||
```
|
||||
|
|
|
@ -88,7 +88,7 @@ DATABASES = {
|
|||
'NAME': os.getenv("RIGHTTREE_DB", "postgres"),
|
||||
'USER': os.getenv("RIGHTTREE_DB_USER", "postgres"),
|
||||
'PASSWORD': os.getenv("RIGHTTREE_DB_PASSWORD", "postgres"),
|
||||
'HOST': os.getenv("POSTGRES_DB", "postgres"),
|
||||
'HOST': "postgres",
|
||||
'PORT': 5432,
|
||||
}
|
||||
}
|
||||
|
|
10
dev
10
dev
|
@ -123,6 +123,16 @@ cmd_stop_production() {
|
|||
docker-compose -f docker-compose.production.yaml stop --remove-orphans
|
||||
}
|
||||
|
||||
cmd_stop_production() {
|
||||
docker-compose -f docker-compose.production.yaml stop --remove-orphans
|
||||
}
|
||||
|
||||
cmd_renew_certifcate() {
|
||||
cmd_stop_production
|
||||
sudo docker run -i --rm --name certbot -p 443:443 -p 80:80 -v /etc/letsencrypt:/etc/letsencrypt/ certbot/certbot renew --dry-run -d $BASE_URL --logs-dir /etc/letsencrypt/logs
|
||||
cmd_start_production
|
||||
}
|
||||
|
||||
# Run the command
|
||||
cmd="$1"
|
||||
"cmd_$cmd" "$@"
|
||||
|
|
|
@ -25,12 +25,13 @@ services:
|
|||
- postgres
|
||||
- backend
|
||||
volumes:
|
||||
- ./nginx.conf:/etc/nginx/nginx.conf
|
||||
- ./nginx.production.conf:/etc/nginx/nginx.conf
|
||||
- ./backend/right_tree/staticfiles:/etc/nginx/html/staticfiles
|
||||
- ./frontend/build:/etc/nginx/html/build
|
||||
- ./keys:/etc/ssl/private/nginx
|
||||
- /etc/letsencrypt:/etc/letsencrypt
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
|
||||
postgres:
|
||||
image: postgis/postgis:13-3.0
|
||||
|
|
30
nginx.production.conf
Normal file
30
nginx.production.conf
Normal file
|
@ -0,0 +1,30 @@
|
|||
http {
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
index index.html;
|
||||
include /etc/nginx/mime.types;
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/righttree.maps.net.nz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/righttree.maps.net.nz/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/righttree.maps.net.nz/chain.pem;
|
||||
|
||||
location / {
|
||||
root /etc/nginx/html/build;
|
||||
}
|
||||
|
||||
location /staticfiles {
|
||||
root /etc/nginx/html/;
|
||||
}
|
||||
|
||||
location ~* ^/(api|admin) {
|
||||
proxy_pass http://backend:8000;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
events {
|
||||
# configuration of connection processing
|
||||
}
|
Loading…
Reference in a new issue