vadikas/SARBase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added SSL certificates management for both development and production, gunicorn and nginx.

Browse Source
This commit is contained in:
Vadim Likholetov 2023-11-26 19:34:24 +02:00
parent c7ce5cbdda
commit 5e53a33398
5 changed files with 83 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile → Dockerfile-app
View File

@ -9,13 +9,10 @@ COPY . .
# Install any needed packages specified in requirements.txt # Install any needed packages specified in requirements.txt
RUN pip install --no-cache-dir -r requirements.txt RUN pip install --no-cache-dir -r requirements.txt
RUN pip install --no-cache-dir gunicorn
# Make port 5000 available to the world outside this container
EXPOSE 5000
# Define environment variable # Define environment variable
ENV FLASK_APP=app.py ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
# Run app.py when the container launches # Run app.py when the container launches
CMD ["flask", "run"] CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app" ]

9
Dockerfile-nginx Normal file
View File

@ -0,0 +1,9 @@
FROM nginx:stable
# Copy the Nginx configuration
COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
EXPOSE 443
CMD ["nginx", "-g", "daemon off;"]

24
docker-compose.yml
View File

@ -1,14 +1,30 @@
version: '3.8' version: '3.8'
services: services:
web:
build: . flask-app:
ports: build:
- "5000:5000" context: .
dockerfile: Dockerfile-app
depends_on: depends_on:
- db - db
environment: environment:
- FLASK_ENV=development - FLASK_ENV=development
- DATABASE_URL=mysql+mysqlconnector://sarbaseuser:password@db/sarbaseapp - DATABASE_URL=mysql+mysqlconnector://sarbaseuser:password@db/sarbaseapp
volumes:
- ./certs:/certs
nginx:
build:
context: .
dockerfile: Dockerfile-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./certs:/certs
depends_on:
- flask-app
db: db:
image: mysql:8.0 image: mysql:8.0

20
generate_certs.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/bash
ENV=$1 # Pass "prod" or "dev" as an argument
DOM=mydomain.com # Replace with your domain
MAIL=your-email@mydomain.com # Replace with your email
mkdir ./certs
if [ "$ENV" == "prod" ]; then
# Generate certificates with Let's Encrypt
sudo certbot certonly --standalone -d "$DOM" --non-interactive --agree-tos --email "$MAIL"
sudo cp /etc/letsencrypt/live/$DOM/fullchain.pem ./certs/cert.pem
sudo cp /etc/letsencrypt/live/$DOM/privkey.pem ./certs/key.pem
elif [ "$ENV" == "dev" ]; then
# Generate certificates with mkcert
mkcert -install
mkcert -key-file ./certs/key.pem -cert-file ./certs/cert.pem localhost
else
echo "Please specify 'prod' or 'dev' as an environment."
fi

32
nginx/nginx.conf Normal file
View File

@ -0,0 +1,32 @@
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
location / {
proxy_pass http://flask-app:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}