extern/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2025-06-22 04:51:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

mount src folder, fix permissions, store db and media on host directories

Browse Source
This commit is contained in:
Swift Ugandan 2021-01-25 12:36:16 +00:00
parent a15ed70d44
commit ac3ce569a8
16 changed files with 150 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@ -1,3 +1,11 @@
media_files/encoded/ media_files/encoded/
media_files/original/ media_files/original/
postgres_data/ postgres_data/
celerybeat-schedule
logs/
pids/
static/admin/
static/ckeditor/
static/debug_toolbar/
static/mptt/
static/rest_framework/

12
Dockerfile
View File

@ -21,12 +21,11 @@ RUN wget -q http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-632.x86_64-u
unzip -j Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/mp4hls -d Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/ && \ unzip -j Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/mp4hls -d Bento4-SDK-1-6-0-632.x86_64-unknown-linux/bin/ && \
rm Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip rm Bento4-SDK-1-6-0-632.x86_64-unknown-linux.zip
RUN chown -R www-data. /home/mediacms.io/ && chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh
############ RUNTIME IMAGE ############ ############ RUNTIME IMAGE ############
FROM python:3.8-slim-buster as runtime-image FROM python:3.8-slim-buster as runtime-image
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV ADMIN_USER='admin' ENV ADMIN_USER='admin'
ENV ADMIN_PASSWORD='mediacms' ENV ADMIN_PASSWORD='mediacms'
ENV ADMIN_EMAIL='admin@localhost' ENV ADMIN_EMAIL='admin@localhost'
@ -54,13 +53,12 @@ RUN apt-get update -y && apt-get -y upgrade && apt-get install --no-install-reco
apt-get purge --auto-remove && \ apt-get purge --auto-remove && \
apt-get clean apt-get clean
# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && \
ln -sf /dev/stdout /var/log/nginx/mediacms.io.access.log && ln -sf /dev/stderr /var/log/nginx/mediacms.io.error.log
WORKDIR /home/mediacms.io/mediacms WORKDIR /home/mediacms.io/mediacms
EXPOSE 9000 80 EXPOSE 9000 80
RUN chmod +x ./deploy/docker/entrypoint.sh
ENTRYPOINT ["./deploy/docker/entrypoint.sh"]
CMD ["./deploy/docker/start.sh"] CMD ["./deploy/docker/start.sh"]

32
cms/local_settings.py Executable file
View File

@ -0,0 +1,32 @@
FRONTEND_HOST = 'http://localhost'
PORTAL_NAME = 'MediaCMS'
SECRET_KEY = 'ma!s3^b-cw!f#7s6s0m3*jx77a@riw(7701**(r=ww%w!2+yk2'
POSTGRES_HOST = 'db'
REDIS_LOCATION = "redis://redis:6379/1"
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "mediacms",
"HOST": POSTGRES_HOST,
"PORT": "5432",
"USER": "mediacms",
"PASSWORD": "mediacms",
}
}
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": REDIS_LOCATION,
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
},
}
}
# CELERY STUFF
BROKER_URL = REDIS_LOCATION
CELERY_RESULT_BACKEND = BROKER_URL
DEBUG = False

30
deploy/docker/entrypoint.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
set -e
# forward request and error logs to docker log collector
ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && \
ln -sf /dev/stdout /var/log/nginx/mediacms.io.access.log && ln -sf /dev/stderr /var/log/nginx/mediacms.io.error.log
cp /home/mediacms.io/mediacms/deploy/docker/local_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
mkdir -p /home/mediacms.io/mediacms/{logs,pids}
touch /home/mediacms.io/mediacms/logs/debug.log
chown -R www-data. /home/mediacms.io/
TARGET_GID=$(stat -c "%g" /home/mediacms.io/mediacms/)
EXISTS=$(cat /etc/group | grep $TARGET_GID | wc -l)
# Create new group using target GID and add www-data user
if [ $EXISTS == "0" ]; then
groupadd -g $TARGET_GID tempgroup
usermod -a -G tempgroup www-data
else
# GID exists, find group name and add
GROUP=$(getent group $TARGET_GID | cut -d: -f1)
usermod -a -G $GROUP www-data
fi
chmod +x /home/mediacms.io/mediacms/deploy/docker/start.sh /home/mediacms.io/mediacms/deploy/docker/prestart.sh
exec "$@"

3
deploy/docker/prestart.sh Normal file → Executable file
View File

@ -1,7 +1,4 @@
#!/bin/bash #!/bin/bash
mkdir -p /home/mediacms.io/mediacms/logs
touch /home/mediacms.io/mediacms/logs/debug.log
chown www-data. -R /home/mediacms.io/mediacms/logs
RANDOM_ADMIN_PASS=`python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))"` RANDOM_ADMIN_PASS=`python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))"`
ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS} ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS}

17
deploy/docker/reverse_proxy/certs/localhost.crt Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICwzCCAaugAwIBAgIJAOyvdwguJQd+MA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
BAMTCWxvY2FsaG9zdDAeFw0yMTAxMjQxMjUwMzFaFw0zMTAxMjIxMjUwMzFaMBQx
EjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONswEwBzkgoO+lkewiKUnwvYqC54qleCUg9hidqjoyzd5XWKh1mIF7aaSCG
rJGSxCce8CbqAqGkpvsgXzwwbY72l7FwmAXFHO5ObQfpmFhjt2fsKRM9MTCo/UyU
liuhgP+Q+BNzUontTUC40NVHs8R7IHG4z8unB7qB/7zGK2tfilLB8JDqPTkc22vN
C4P1YxiGyY5bm37wQrroC9zPJ8bqanrF9Y90QJHubibnPWqnZvK2HkDWjp5LYkn8
IuzBycs1cLd8eMjU9aT72kweykvnGDDc3YbXFzT2zBTGSFEBROsVdPrNF9PaeE3j
pu4UZ8Ge3Fp3VYd+04DnWtbQq0MCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxo
b3N0MA0GCSqGSIb3DQEBBQUAA4IBAQAdm2aGn4evosbdWgBHgzr6oYWBIiPpf1SA
GXizuf5OaMActFP0rZ0mogndLH5d51J2qqSfOtaWSA5qwlPvDSTn1nvJeHoVLfZf
kQHaB7/DaOPGsZCQBELPhYHwl7+Ej3HYE+siiaRfjC2NVgf8P/pAsTlKbe2e+34l
GwWSFol24w5xAmUezCF41JiZbqHoZhSh7s/PuJnK2RvhpjkrIot8GvxnbvOcKDIv
JzEKo3qPq8pc5RBkpP7Kp2+EgAYn1xAn0CekxZracW/MY+tg2mCeFucZW2V1iwVs
LpAw6GJnjYz5mbrQskPbrJ9t78JGUKQ0kL/VUTfryUHMHYCiJlvd
-----END CERTIFICATE-----

27
deploy/docker/reverse_proxy/certs/localhost.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA42zATAHOSCg76WR7CIpSfC9ioLniqV4JSD2GJ2qOjLN3ldYq
HWYgXtppIIaskZLEJx7wJuoCoaSm+yBfPDBtjvaXsXCYBcUc7k5tB+mYWGO3Z+wp
Ez0xMKj9TJSWK6GA/5D4E3NSie1NQLjQ1UezxHsgcbjPy6cHuoH/vMYra1+KUsHw
kOo9ORzba80Lg/VjGIbJjlubfvBCuugL3M8nxupqesX1j3RAke5uJuc9aqdm8rYe
QNaOnktiSfwi7MHJyzVwt3x4yNT1pPvaTB7KS+cYMNzdhtcXNPbMFMZIUQFE6xV0
+s0X09p4TeOm7hRnwZ7cWndVh37TgOda1tCrQwIDAQABAoIBAQCmKKyOW7tlCNBN
AzbI1JbTWKOMnoM2DxhlCV5cqgOgVPcIKEL428bGxniMZRjr+vkJRBddtxdZFj1R
uSMbjJ5fF1dZMtQ/UvaCPhZ283p1CdXUPbz863ZnAPCf5Oea1RK0piw5ucYSM6h/
owgg65Qx92uK6uYW+uAwqg440+ihNvnaZoVTx5CjZbL9KISkrlNJnuYiB5vzOD0i
UVklO5Qz8VCuOcOVGZCA2SxHm4HAbg/aiQnpaUa9de4TsZ4ygF66pZh77T0wNOos
sS1riKtHQpX+osJyoTI/rIKFAhycsZ+AA7Qpu6GW4xQlNS6K8vRiIbktwkC+IT0O
RSn8Dg7BAoGBAPe5R8SpgXx9jKdA1eFa/Vjx5bmB96r2MviIOIWF8rs2K33xe+rj
v+BZ2ZjdpVjcm2nRMf9r/eDq2ScNFWmKoZsUmdyT84Qq9yLcTSUdno+zCy+L0LNH
DqJq5jIxJaV7amHeR/w10BVuiDmzhSsTmhfnXTUGRO/h2PjRyC3yEYdxAoGBAOsF
2+gTsdOGlq6AVzW5MLZkreq8WCU2wWpZRiCPh6HJa8htuynYxO5AWUiNUbYKddj2
0za9DFiXgH+Oo8wrkTYLEdN0T5/o+ScL5t3VG3m9R6pnuudLC2vmGQP0hNuZUpnF
7FzdJ85h6taR2bM1zFzOfl81K0BhTHGxTU2r70vzAoGAVXuLJ3LyqtnMKn72DzDN
0d6PTkdqBoW0qwyerHy/eRjFQ02MXE7BDJMUwmphv1tJCefVX/WNAwsnahFavTPI
dnJSccpgMtB8vXvV5yPkbmPzTTHrD6JKi4Nl8hYBjqwa1rDUmFSdfHfK7FZlcqrt
9qexAzYpnbmKnLoPYMNyhxECgYEAm5OCUeuPoL2MS7GLiXWwyFx3QFczZlcLzBGS
uYUpvLBwF/qDlhz3p9uS/tMFzyK3hktF4Ate+9o2ZroOtd31PzgusbJh7zIylGVt
i1VB3eGtaiFGeUuVIPTthE++Dvw80KxTXdnMOvNYmHduDBLF2H2c6/tvSSvfhbdf
u9XgD38CgYAiLcVySxMKNpsXatuC31wjT+rnaH22SD/7pXe2q6MRW/s+bGOspu0v
NeJSLoM98v8F99q0W0lgqesYJVI20Frru0DfXIp60ryaDolzve3Iwk8SOJUlcnUG
cCtmPUkjyr18QAlrcCB4PozJGjpPWyabaY8gGwo8wAEpJWHrIJlHew==
-----END RSA PRIVATE KEY-----

17
deploy/docker/reverse_proxy/certs/mediacms.io.crt
View File

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICyTCCAbGgAwIBAgIJAPHG6VrZeH1/MA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
BAMTC21lZGlhY21zLmlvMB4XDTIxMDExNjE1NDUzNVoXDTMxMDExNDE1NDUzNVow
FjEUMBIGA1UEAxMLbWVkaWFjbXMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+xxnUwjoIZq8sTw2DYGgIYxQ5lJ8Uvt+z+K/PQpT5nFqd1jURF8Zd
a92TlJjM5aSKosavuPHbFNkA7rSnLvP+I+8qsNPoinEUlE12Spg4E7dQkOkvTGty
/amFq69o9vm46GpvwImTZ5AQkzejk0ARUuFSdq9ev4aA44IBYiV4c2jRqnP7LY4j
+SA/rt+9bNUTwQ6QWEHDTHmKePr91UTZBcDw/oaoaJwWFXuEVC7VjtDN09ZNjkdg
pI6PvQZVw2IlBHS4S+ol+G2k2ckSCLgOj+dZrndr8OGrlAb8wgsInLK54nHm6VRe
G883CJd/VlOQAulE26ZkzIdAIjJCwb+DAgMBAAGjGjAYMBYGA1UdEQQPMA2CC21l
ZGlhY21zLmlvMA0GCSqGSIb3DQEBBQUAA4IBAQBwxkTE5GBuFjcFsBzMqhePgC7W
INzoTmyMLJrNClFLkUKkDrwNmShLNhZUbMHeDD1W40aKYJCV44QhT04fK18HU/DW
RkprlJDI8WUnuY97zN6Ms9z/GwYDGNXGLh8I/SEMhfJ8cIQuofhvuyi/E4AdWRva
Hw1RSC8RikTZQ5Y84oJ44RfHNfK7xkaeurcm/Tn4Vxx4RgXA2MMoFA7XbT08vhKw
iiQ9u4QL1GP3Nm8cTDDA9OChhLl56k24MD3WJM2HFTFlE5S4hFRkEqzy4pI/BTU4
S4fkXK88xDtB/kHlHgRQiNH+6ik8ZXXP1F56+vDLuR28nK3hRTpQwaRQ7dzC
-----END CERTIFICATE-----

27
deploy/docker/reverse_proxy/certs/mediacms.io.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvscZ1MI6CGavLE8Ng2BoCGMUOZSfFL7fs/ivz0KU+ZxandY1
ERfGXWvdk5SYzOWkiqLGr7jx2xTZAO60py7z/iPvKrDT6IpxFJRNdkqYOBO3UJDp
L0xrcv2phauvaPb5uOhqb8CJk2eQEJM3o5NAEVLhUnavXr+GgOOCAWIleHNo0apz
+y2OI/kgP67fvWzVE8EOkFhBw0x5inj6/dVE2QXA8P6GqGicFhV7hFQu1Y7QzdPW
TY5HYKSOj70GVcNiJQR0uEvqJfhtpNnJEgi4Do/nWa53a/Dhq5QG/MILCJyyueJx
5ulUXhvPNwiXf1ZTkALpRNumZMyHQCIyQsG/gwIDAQABAoIBAQCMauVTWOX3+wRi
G4l5skLAMZTYUNDKJzdmMtvMNFiMZI258Mk8XIBvkI4VKuFQppH2TJrrCbhSJUUX
z5p+FywVWYOWq3I9jXBv0jw1ne/uDmz1ysMnQhswFw5oSZahLm9drwtwV4mrSiWa
XZEtP5t/ZL5dwOeRWGz6fvnYZNHpldkyZDO8+ywB55P+XDfGyxUppMOWdbNV9wGo
Fg6ypUFWFEUD8Ou8xd5FT5QqrQ5ruZJDKcYhPTuK0/dRsMgAxB+Bhf8XH3ynUZp2
+qMXcKyIQumq9r+/ulE/Yhnbh/E4hYBbThhnmPejNeSvWb7niYfL/fsPI8FLmtmi
z+Ab5IABAoGBAPb4rUP3rVDatzsf2jJSUXcMn9gAdf3ajbw+Z2CCf4j1wj1BTIM5
5YmABJMS7D97H+a6Vn+SZd426UJYMlKPDnVOTXvvlzhP/TmiSFa8FW8Rjho9Rcnc
LDwnO48q0AJg3HslrjEUaDuWaNHJkqB5tGqzKgZCZxrqoNRYgufPwH+DAoGBAMXA
hr4KxwlcXYIwbM+Uj8eHnESwPWk2+cRwpv62u4ezctZrBCHgAHKvznG7VUeniQfj
P2MaGFz6Pvzw3cFRLKRVqJom5iXO6+H0EucusdqJY4xdWZt02ZweoJXZi9tiDGmG
fPOp3vUax4uGUS4LeSo+ZhPNfbfy9c8ZGQ7Z9cABAoGAA0oyvKoK8/3F3RLCjFMO
ZMCVTIJNEBGeO7i1FdMHMeLcMIazJzhZN2iuJutknD/en+sxhceEdd5TYx/bo7/m
GGfvnkwFvqlKHT9tKUKeInmgY/cW++Zj7HU1VOXkGXQC290Xoe28qbaKNOkze9HD
NnymfajayMABXnLDY6Uf0lMCgYBgVLIOn4dnuvPeOKK42ADWTOxF1aiEuYAgPlRL
Hk7qAvN9GfKQYeM1+whRBNW9KxKoof290/dsS4clhlwwEM/zWbrhJPPWFR95GYGf
1nJTJ7wzo0HEZb6fu5e0h54Gh5POT/JMbEKtGZd9Ezg2euZSOsVU/jQwyI0PjoVT
Y7/AAQKBgHEWxqZwJ3BE9gXRRGhKiPLNG9+OzwjrMiinN4s9Hol0STB1AqryswpU
9QL7Mb8SdxCDY2CseQRwT2VFiP10ElCuzZJ6Yk2cxzmrxAAhRWGHSIuNlnXTA6LR
AhIMLFLz+7KqBx8VHybkhZNCR1nPR9MicS9MpSEYTuRAnV2B1cuU
-----END RSA PRIVATE KEY-----

0
deploy/docker/start.sh Normal file → Executable file
View File

14
docker-compose-http-proxy.yaml
View File

@ -11,7 +11,7 @@ services:
migrations: migrations:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -31,9 +31,7 @@ services:
deploy: deploy:
replicas: 1 replicas: 1
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no' ENABLE_CELERY_SHORT: 'no'
@ -45,7 +43,7 @@ services:
celery_beat: celery_beat:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -59,9 +57,7 @@ services:
deploy: deploy:
replicas: 1 replicas: 1
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -72,7 +68,7 @@ services:
db: db:
image: postgres image: postgres
volumes: volumes:
- ./postgres_data/:/var/lib/postgresql/data/ - ../postgres_data/:/var/lib/postgresql/data/
restart: always restart: always
environment: environment:
POSTGRES_USER: mediacms POSTGRES_USER: mediacms

16
docker-compose-https-proxy.yaml
View File

@ -8,12 +8,12 @@ services:
- "443:443" - "443:443"
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- ./deploy/docker/reverse_proxy/certs:/etc/nginx/certs - ./deploy/docker/reverse_proxy/certs/:/etc/nginx/certs/
- ./deploy/docker/reverse_proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro - ./deploy/docker/reverse_proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
migrations: migrations:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -33,9 +33,7 @@ services:
deploy: deploy:
replicas: 1 replicas: 1
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no' ENABLE_CELERY_SHORT: 'no'
@ -47,7 +45,7 @@ services:
celery_beat: celery_beat:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -61,9 +59,7 @@ services:
deploy: deploy:
replicas: 2 replicas: 2
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -74,7 +70,7 @@ services:
db: db:
image: postgres image: postgres
volumes: volumes:
- ./postgres_data/:/var/lib/postgresql/data/ - ../postgres_data/:/var/lib/postgresql/data/
restart: always restart: always
environment: environment:
POSTGRES_USER: mediacms POSTGRES_USER: mediacms

16
docker-compose-named-volumes.yaml
View File

@ -4,7 +4,7 @@ services:
migrations: migrations:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -28,7 +28,7 @@ services:
volumes: volumes:
- media_store:/home/mediacms.io/mediacms/media_files/ - media_store:/home/mediacms.io/mediacms/media_files/
- static_store:/home/mediacms.io/mediacms/static/ - static_store:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py
environment: environment:
ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no' ENABLE_CELERY_SHORT: 'no'
@ -39,7 +39,7 @@ services:
celery_beat: celery_beat:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -51,11 +51,11 @@ services:
celery_worker: celery_worker:
image: mediacms:latest image: mediacms:latest
deploy: deploy:
replicas: 2 replicas: 1
volumes: volumes:
- media_store:/home/mediacms.io/mediacms/media_files/ - media_store:/home/mediacms.io/mediacms/media_files/
- static_store:/home/mediacms.io/mediacms/static/ - static_store:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -73,9 +73,9 @@ services:
POSTGRES_PASSWORD: mediacms POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms POSTGRES_DB: mediacms
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U $mediacms"] test: ["CMD-SHELL", "pg_isready -U mediacms"]
interval: 10s interval: 30s
timeout: 5s timeout: 10s
retries: 5 retries: 5
redis: redis:
image: "redis:alpine" image: "redis:alpine"

14
docker-compose.yaml
View File

@ -4,7 +4,7 @@ services:
migrations: migrations:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -26,9 +26,7 @@ services:
ports: ports:
- "80:80" - "80:80"
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_CELERY_BEAT: 'no' ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no' ENABLE_CELERY_SHORT: 'no'
@ -39,7 +37,7 @@ services:
celery_beat: celery_beat:
image: mediacms:latest image: mediacms:latest
volumes: volumes:
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py - ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -53,9 +51,7 @@ services:
deploy: deploy:
replicas: 1 replicas: 1
volumes: volumes:
- ./media_files/:/home/mediacms.io/mediacms/media_files/ - ./:/home/mediacms.io/mediacms/
- ./static/:/home/mediacms.io/mediacms/static/
- ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/cms/local_settings.py
environment: environment:
ENABLE_UWSGI: 'no' ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' ENABLE_NGINX: 'no'
@ -66,7 +62,7 @@ services:
db: db:
image: postgres image: postgres
volumes: volumes:
- ./postgres_data:/var/lib/postgresql/data/ - ../postgres_data:/var/lib/postgresql/data/
restart: always restart: always
environment: environment:
POSTGRES_USER: mediacms POSTGRES_USER: mediacms

10
docs/Docker_deployment.md
View File

@ -9,9 +9,9 @@ The mediacms image is built to use supervisord as the main process, which manage
* ENABLE_CELERY_LONG * ENABLE_CELERY_LONG
* ENABLE_MIGRATIONS * ENABLE_MIGRATIONS
By default, all these services are enabled, but in order to create a scaleable deployment, some of them are disabled. By default, all these services are enabled, but in order to create a scaleable deployment, some of them can be disabled, splitting the service up into smaller services.
Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings can also be overridden by updating the `deploy/docker/local_settings.py` file. Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings, eg. `FRONTEND_HOST` can also be overridden by updating the `deploy/docker/local_settings.py` file.
See example deployments in the sections below. These example deployments have been tested on `docker-compose version 1.27.4` running on `Docker version 19.03.13` See example deployments in the sections below. These example deployments have been tested on `docker-compose version 1.27.4` running on `Docker version 19.03.13`
@ -23,15 +23,15 @@ The main container runs migrations, mediacms_web, celery_beat, celery_workers (c
## Advanced Deployment, accessed as http://localhost:8000 ## Advanced Deployment, accessed as http://localhost:8000
Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST. Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST.
## Advanced Deployment, with reverse proxy, accessed as http://mediacms.io ## Advanced Deployment, with reverse proxy, accessed as http://mediacms.io
Here we can use `jwilder/nginx-proxy` to reverse proxy to 1 or more instances of mediacms_web supported by other services as mentioned in the previous deployment. The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://mediacms.io, nginx-proxy has port 80 exposed. Clients can access the service on http://mediacms.io (Assuming DNS or the hosts file is setup correctly to point to the IP of the nginx-proxy instance). This is similar to [this deployment](../docker-compose-http-proxy.yaml). Here we can use `jwilder/nginx-proxy` to reverse proxy to 1 or more instances of mediacms_web supported by other services as mentioned in the previous deployment. The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://mediacms.io, nginx-proxy has port 80 exposed. Clients can access the service on http://mediacms.io (Assuming DNS or the hosts file is setup correctly to point to the IP of the nginx-proxy instance). This is similar to [this deployment](../docker-compose-http-proxy.yaml).
## Advanced Deployment, with reverse proxy, accessed as https://mediacms.io ## Advanced Deployment, with reverse proxy, accessed as https://localhost
The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml). The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy or [LetsEncrypt Example](https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/) ). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml).
## A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes) ## A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes)

2
files/context_processors.py
View File

@ -5,7 +5,7 @@ from .methods import is_mediacms_editor, is_mediacms_manager
def stuff(request): def stuff(request):
"""Pass settings to the frontend""" """Pass settings to the frontend"""
ret = {} ret = {}
if request.is_secure() and settings.LOCAL_INSTALL: if request.is_secure():
# in case session is https, pass this setting so # in case session is https, pass this setting so
# that the frontend uses https too # that the frontend uses https too
ret["FRONTEND_HOST"] = settings.SSL_FRONTEND_HOST ret["FRONTEND_HOST"] = settings.SSL_FRONTEND_HOST