Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuration lightweight #15

Open
cl-parsons opened this issue Oct 6, 2024 · 0 comments
Open

Configuration lightweight #15

cl-parsons opened this issue Oct 6, 2024 · 0 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@cl-parsons
Copy link

Voici un example de configuration complète pour faire tourner Tibillet en local tout en minimisant le nombre de conteneur.

La configuration des certificats SSL est faite avec le résolveur Gandi, à adapter selon les besoins.

Préparatifs

On clone les dépôts Fedow, Lespass, LaBoutik dans le dossier courant.

Les conteneurs Nginx sont centralisés, et on monte le dossier "www" de chaque projet dans le /www du conteneur nginx.

Les dossier "letsencrypt", "backup", "logs", "nginx", "lespass_database" et "laboutik_database" doivent être créés dans le dossier courant.

Créer les fichiers YAML suivants dans le dossier courant.

docker-compose.yml

services:
  ### TRAEFIK PROXY ####
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    hostname: "traefik"
    command:
      - "--log.level=INFO"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.entrypoints-https.address=:443"
      - "--entrypoints.entrypoints-http.address=:80"
      - "--entrypoints.entrypoints-http.http.redirections.entryPoint.to=entrypoints-https"
      - "--entrypoints.entrypoints-http.http.redirections.entryPoint.scheme=https"
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=gandiv5
      - --certificatesresolvers.myresolver.acme.dnschallenge.delayBeforeCheck=60
      - --certificatesResolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
      - --certificatesresolvers.myresolver.acme.email=root@freepoteries.fr
      - --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json

    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: always
    networks:
      - frontend
    environment:
      - "GANDIV5_PERSONAL_ACCESS_TOKEN=xxx"

# Pour test stripe :
# stripe listen --forward-to https://fedow.tibillet.localhost/webhook_stripe/ --skip-verify

networks:
  frontend:
    external: true
  fedow_backend:
  lespass_backend:
  laboutik_backend:

include:
  - nginx-compose.yml
  - postgres-compose.yml
  - memcached-compose.yml
  - redis-compose.yml
  - fedow-compose.yml
  - lespass-compose.yml
  - laboutik-compose.yml

fedow-compose.yml

services:
  fedow_django:
    image: tibillet/fedow:latest
    container_name: fedow_django
    hostname: fedow_django
    restart: always
    env_file: env_fedow
    extra_hosts:
      - "fedow.tibillet.ptrs.top:172.17.0.1"
      - "lespass.tibillet.ptrs.top:172.17.0.1"
      - "laboutik.tibillet.ptrs.top:172.17.0.1"
    ports:
      - 8442:8000 # test stripe listen --forward-to http://127.0.0.1:8442/webhook_stripe/
    user: fedow
    links:
      - memcached:memcached
    volumes:
      - ./Fedow:/home/fedow/Fedow
      - fedow_database:/home/fedow/Fedow/database
    networks:
      - fedow_backend
    command: "bash start.sh"
    depends_on:
      memcached:
        condition: service_started
    healthcheck:
      test: ["CMD-SHELL", "ps aux|grep gunicorn"]
      interval: 15s
      retries: 15
      start_period: 60s
      timeout: 1s


volumes:
  fedow_database:

laboutik-compose.yml

services:
  laboutik_django:
    image: tibillet/laboutik:latest
    restart: always
    env_file: env_laboutik
    container_name: laboutik_django
    hostname: laboutik_django
    volumes:
      - ./LaBoutik:/DjangoFiles
      - ./backup:/Backup
    links:
      - postgres_laboutik:postgres
      - redis:redis
      - memcached:memcached
    networks:
      - laboutik_backend
    extra_hosts:
      - "fedow.tibillet.ptrs.top:172.17.0.1"
      - "lespass.tibillet.ptrs.top:172.17.0.1"
      - "laboutik.tibillet.ptrs.top:172.17.0.1"
    labels:
      - traefik.http.services.justAdummyService.loadbalancer.server.port=8000
      - traefik.enable=true
    depends_on:
      postgres_laboutik:
        condition: service_healthy
      redis:
        condition: service_healthy
      lespass_django:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "ps aux|grep gunicorn"]
      interval: 15s
      retries: 15
      start_period: 60s
      timeout: 1s

  laboutik_celery:
    image: tibillet/laboutik:latest
    restart: always
    env_file: env_laboutik
    container_name: laboutik_celery
    hostname: laboutik_celery
    volumes:
      - ./LaBoutik:/DjangoFiles
    links:
      - postgres_laboutik:postgres
      - redis:redis
      - memcached:memcached
    networks:
      - laboutik_backend
    extra_hosts:
      - "fedow.tibillet.ptrs.top:172.17.0.1"
      - "lespass.tibillet.ptrs.top:172.17.0.1"
      - "laboutik.tibillet.ptrs.top:172.17.0.1"
    command: "bash start_celery.sh"
    labels:
      - traefik.enable=false
    depends_on:
      laboutik_django:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "ps aux|grep celery"]
      interval: 10s
      retries: 5
      start_period: 10s
      timeout: 1s


lespass-compose.yml

services:
  lespass_django:
    image: tibillet/lespass:latest
    restart: always
    container_name: lespass_django
    hostname: lespass_django
    volumes:
      - ./Lespass:/DjangoFiles
      - ./backup:/Backup/dumps/
    env_file: env_lespass
    links:
      - postgres_lespass:postgres
      - redis:redis
      - memcached:memcached
    networks:
      - lespass_backend
    extra_hosts:
      - "fedow.tibillet.ptrs.top:172.17.0.1"
      - "lespass.tibillet.ptrs.top:172.17.0.1"
      - "laboutik.tibillet.ptrs.top:172.17.0.1"
    command: 'bash start.sh'
    labels:
      - traefik.http.services.lespass_django.loadbalancer.server.port=8002
      - traefik.enable=true
    depends_on:
      postgres_lespass:
        condition: service_healthy
      redis:
        condition: service_healthy
      fedow_django:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "ps aux|grep gunicorn"]
      interval: 15s
      retries: 15
      start_period: 60s
      timeout: 1s

  lespass_celery:
    image: tibillet/lespass:latest
    container_name: lespass_celery
    restart: always
    hostname: lespass_celery
    env_file: env_lespass
    volumes:
      - ./Lespass:/DjangoFiles
    links:
      - postgres_lespass:postgres
      - redis:redis
      - memcached:memcached
    networks:
      - lespass_backend
    extra_hosts:
      - "fedow.tibillet.ptrs.top:172.17.0.1"
    command: "poetry run celery -A TiBillet worker -l INFO"
    labels:
      - traefik.enable=false
    depends_on:
      lespass_django:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "ps aux|grep celery"]
      interval: 10s
      retries: 5
      start_period: 10s
      timeout: 1s


networks:
  lespass_backend:

memcached-compose.yml

services:
  memcached:
    image: memcached:1.6
    container_name: memcached
    hostname: memcached
    restart: always
    networks:
      - fedow_backend
      - lespass_backend
      - laboutik_backend

nginx-compose.yml

services:
  nginx:
    depends_on:
      - traefik
    image: nginx
    restart: always
    container_name: nginx
    hostname: nginx
    volumes:
      - ./Fedow/www:/www/fedow
      - ./Lespass/www:/www/lespass
      - ./LaBoutik/www:/www/laboutik
      - ./logs:/logs
      - ./nginx:/etc/nginx/conf.d
    links:
      - fedow_django:fedow_django
      - lespass_django:lespass_django
      - laboutik_django:laboutik_django
    labels:
      - traefik.enable=true
      - traefik.docker.network=frontend
      - traefik.http.routers.nginx.tls=true
      - traefik.http.routers.nginx.tls.certresolver=myresolver
      - traefik.http.routers.nginx.rule=Host(`fedow.$DOMAIN`) || Host(`lespass.$DOMAIN`) || Host(`laboutik.$DOMAIN`) || Host(`$DOMAIN`) || Host(`www.$DOMAIN`) || Host(`$META.$DOMAIN`) || Host(`public.$DOMAIN`)
      - traefik.http.services.nginx.loadbalancer.server.port=80

    networks:
      - frontend
      - fedow_backend
      - lespass_backend
      - laboutik_backend

postgres-compose.yml

services:
  postgres_lespass:
    image: postgres:13-bookworm
    restart: always
    container_name: postgres_lespass
    hostname: postgres_lespass
    volumes:
      - lespass_db:/var/lib/postgresql/data
    networks:
      - lespass_backend
      - laboutik_backend
    environment:
      - "POSTGRES_PASSWORD=truepassword"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      retries: 5
      start_period: 10s
      timeout: 1s

  postgres_laboutik:
    image: postgres:13-bookworm
    restart: always
    container_name: postgres_laboutik
    hostname: postgres_laboutik
    volumes:
      - laboutik_db:/var/lib/postgresql/data
    networks:
      - laboutik_backend
    environment:
      - "POSTGRES_PASSWORD=truepassword"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      retries: 5
      start_period: 10s
      timeout: 1s

volumes:
  lespass_db:
  laboutik_db:

redis-compose.yml

services:
  redis:
    container_name: redis
    hostname: redis
    image: redis:7.2.3-bookworm
    restart: always
    networks:
      - lespass_backend
      - laboutik_backend
    healthcheck:
      test: ["CMD-SHELL", "redis-cli -r incr ping"]
      interval: 10s
      retries: 5
      start_period: 10s
      timeout: 1s

Créer les fichiers environment suivants en adaptant les champs pour votre configuration

env_fedow

##########################
# TiBillet / Fedow
# All the env are needed
##########################

SECRET_KEY='a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008d111111'
FERNET_KEY='JrGVI3GM-NfNMqJmQwRZhRzcrseV9KTFa0bJDJQlFaM='
DOMAIN='fedow2.tibillet.ptrs.top' # ex : fedow.tibillet.localhost
DOMAIN_ALT='fedow.tibillet.ptrs.top' # ex : fedow.tibillet.localhost

# Prod or test key are needed
STRIPE_KEY='sk_test_***'
STRIPE_KEY_TEST='sk_test_***'
STRIPE_TEST=1 # set to 1 if only test key provided


### OPTIONAL : FOR DEV & TEST ###
# Don't push on production with 1 !

STRIPE_ENDPOINT_SECRET_TEST=''
DEBUG=0
TEST=0

env_laboutik

##########################
# TiBillet / LaBoutik
# All the env are needed
##########################

DJANGO_SECRET='a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa009d111111'
FERNET_KEY='JrGVI3GM-NfNMqJmQwRZhRzcrseV9KTFa0bJDJQlFaU='

POSTGRES_DB='postgres'
POSTGRES_USER=postgres
POSTGRES_PASSWORD=truepassword

DOMAIN='laboutik.tibillet.ptrs.top' # The domain of this instance ex : 'laboutik.tibillet.localhost'
FEDOW_URL='https://fedow.tibillet.ptrs.top/' # ex : https://fedow.tibillet.localhost/
LESPASS_TENANT_URL='https://lespass.tibillet.ptrs.top/' # ex : https://lespass.tibillet.localhost/

# The name of your cashless asset ex : TestCoin, FestivalCoin, etc ....
MAIN_ASSET_NAME='TestCoin'

# admin email. Required for the first user.
ADMIN_EMAIL='[email protected]' # needed for the first admin account

TIME_ZONE='Europe/Paris'
LANGUAGE_CODE='fr'

### OPTIONAL ENV ###

# For transactionnal email
# Usefull new admin and terminal verification
# Required for production
EMAIL_HOST="172.19.0.1"
EMAIL_PORT="25"
EMAIL_HOST_USER=""
EMAIL_HOST_PASSWORD=""

# BACKUP CRON TASK

# can be empty if you don't want to backup
# ex : borg init --encryption=repokey-blake2 .
# save key : borg key export . ./key && cat key && rm key
BORG_REPO=''
BORG_PASSPHRASE=''

# DEV AND TEST ONLY
# admin auto login, flush database, demonstration data, etc ...
# Don't push to production with debug, test or demo !

# Sentry Debug for django backend
SENTRY_DNS=""
# Sentry Debug for js frontend
SENTRY_FRONT_DNS=""
SENTRY_FRONT_ASSET=""

###!!!!!! Don't push to production with debug, test or demo !!!!!!###

DEBUG=0
TEST=0
DEMO=0

DEMO_TAGID_CM='EE144CE8'
DEMO_TAGID_CLIENT1='41726643'
DEMO_TAGID_CLIENT2='93BD3684'

env_lespass

##########################
# TiBillet / Lespass
# All the env are needed
##########################

# Secret
DJANGO_SECRET='a4244aa43ddd6e3ef9e64bb80f4ee952f68232aa008e111111'
FERNET_KEY='JrGVI3GM-NfNMqJmQwRZhRzcrseV9KTFa0bJDJQlFaS='

STRIPE_KEY='sk_test_***'
STRIPE_KEY_TEST='sk_test_***'
STRIPE_TEST=1

# Database
POSTGRES_DB='postgres'
POSTGRES_USER=postgres
POSTGRES_PASSWORD=truepassword

TIME_ZONE='Europe/Paris'

PUBLIC='TiBillet Coop.'
DOMAIN='tibillet.ptrs.top'
SUB='lespass'
META='agenda'

ADDITIONAL_DOMAINS=''

ADMIN_EMAIL='[email protected]'

FEDOW_DOMAIN='fedow.tibillet.ptrs.top'



#### OPTIONAL ENV

# For transactionnal email.
# Required on prod or if you want to test... emails !
# Not required on dev' env.
EMAIL_HOST='172.19.0.1'
EMAIL_PORT='25'
EMAIL_HOST_USER=''
EMAIL_HOST_PASSWORD=''


# Usefull for dev/test
# Auto login for admin, no https cert' verification, demonstration data, auto database flush, etc ...
# don't set 1 to production !
TEST=0
DEBUG=0

# If you have already linked an account on stripe
STRIPE_CONNECT_ACCOUNT=''

Créer les fichiers suivants dans le dossier "nginx", en adaptant les champs server_name à votre nom de domaine

nginx/fedow.conf

# Fedow
server {

    listen 80;
    server_name fedow.tibillet.ptrs.top;

    access_log /logs/fedowNginxAccess.log;
    error_log /logs/fedowNginxError.log;

    location /static {
        root /www/fedow;
    }

    location /media {
        root /www/fedow;
    }

    location / {
        # everything is passed to Gunicorn
        proxy_pass http://fedow_django:8000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

nginx/laboutik.conf

# Laboutik
server {

    listen 80;
    server_name laboutik.tibillet.ptrs.top;

    access_log /logs/laboutikNginxAccess.log;
    error_log /logs/laboutikNginxError.log;

    # Static and media géré par Nginx :
    location /static {
        root /www/laboutik;
    }

    location /media {
        root /www/laboutik;
    }

    location / {
        # everything is passed to Gunicorn/Django
        proxy_pass http://laboutik_django:8000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
}

nginx/lespass.conf

# Lespass
server {

    listen 80;
    server_name tibillet.ptrs.top lespass.tibillet.ptrs.top agenda.tibillet.ptrs.top www.tibillet.ptrs.top public.tibillet.ptrs.top;

    access_log /logs/lespassNginxAccess.log;
    error_log /logs/lespassNginxError.log;

    location /static {
        root /www/lespass;
    }
    location /media {
        root /www/lespass;
    }

    location / {
        # everything is passed to Gunicorn
        proxy_pass http://lespass_django:8002;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_http_version 1.1;
        client_max_body_size 4M;
        # nico tests
        proxy_buffer_size 16k;
        proxy_buffers 32 16k;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
    }

}

Lancer "docker compose up -d" en mode détaché, le lancer sans le "-d" pour débugger votre conf.

@Nasjoe Nasjoe added documentation Improvements or additions to documentation enhancement New feature or request labels Oct 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
Status: No status
Development

No branches or pull requests

2 participants