From ba9b4b970686692e9c60b6e79b1a31e97ad517e6 Mon Sep 17 00:00:00 2001
From: Steve Brownlee <chortlehoort@gmail.com>
Date: Thu, 18 Jul 2024 22:43:30 -0500
Subject: [PATCH] Initial docker files

---
 .gitignore                   |  1 +
 Dockerfile                   | 11 ++++++
 config/nginx/conf.d/api.conf | 45 ++++++++++++++++++++++++
 config/nginx/nginx.conf      | 66 ++++++++++++++++++++++++++++++++++++
 docker-compose.yml           | 29 ++++++++++++++++
 entrypoint.sh                |  7 ++++
 6 files changed, 159 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 config/nginx/conf.d/api.conf
 create mode 100644 config/nginx/nginx.conf
 create mode 100644 docker-compose.yml
 create mode 100644 entrypoint.sh

diff --git a/.gitignore b/.gitignore
index 93944dc..bcf9525 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ setup
 learning.service
 logs/
 .env
+.env*
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..01831bb
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM python:3
+RUN mkdir /api
+RUN mkdir -p /var/www/learning.nss.team
+WORKDIR /api
+ADD . /api/
+RUN pip install -r requirements.txt
+ADD entrypoint.sh /entrypoint.sh
+RUN chmod a+x /entrypoint.sh
+COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
+
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/config/nginx/conf.d/api.conf b/config/nginx/conf.d/api.conf
new file mode 100644
index 0000000..83fb4f8
--- /dev/null
+++ b/config/nginx/conf.d/api.conf
@@ -0,0 +1,45 @@
+upstream learningapicontainer {
+    server apihost:8000;
+}
+
+server {
+    if ($host = learningapi.nss.team) {
+        return 301 https://$host$request_uri;
+    }
+
+    listen 80;
+    server_name learningapi.nss.team;
+    return 404;
+}
+
+server {
+    listen 443 ssl;
+    server_name learningapi.nss.team;
+
+    location /static/ {
+        autoindex off;
+        root   /var/www/learning.nss.team;
+    }
+
+    location / {
+        proxy_set_header HOST $http_host;
+        proxy_set_header X-NginX-Proxy true;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        include proxy_params;
+        proxy_pass http://learningapicontainer;
+
+        # Preflighted requests
+        if ($request_method = OPTIONS ) {
+            add_header "Access-Control-Allow-Origin"  *;
+            add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS, HEAD";
+            add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
+            return 200;
+        }
+
+        if ($request_method ~* "(GET|POST|PUT|DELETE)") {
+            add_header "Access-Control-Allow-Origin"  *;
+        }
+    }
+}
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
new file mode 100644
index 0000000..11ef1da
--- /dev/null
+++ b/config/nginx/nginx.conf
@@ -0,0 +1,66 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+}
+
+
+http {
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+    client_max_body_size 40m;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	default_type application/octet-stream;
+
+	## Caching Settings
+    # proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=512m;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+
+}
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..2ede17f
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,29 @@
+services:
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ./certs:/etc/letsencrypt
+    command: certonly --webroot --webroot-path=/var/www/learning.nss.team --email steve@stevebrownlee.com --agree-tos --non-interactive --domains -d learning.nss.team
+  nginx:
+    image: nginx:latest
+    container_name: ng01
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - .:/api
+      - ./config/nginx/conf.d:/etc/nginx/conf.d
+      - ./certs:/etc/nginx/ssl
+    depends_on:
+      - certbot
+  apihost:
+    build: .
+    container_name: learningapi
+    command: gunicorn -w 3 -b 0.0.0.0:8000 LearningPlatform.wsgi
+    volumes:
+      - .:/api
+    env_file:
+      - .env
+    depends_on:
+      - nginx
+
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..8ce1046
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+python manage.py makemigrations
+python manage.py migrate
+python manage.py collectstatic
+
+exec gunicorn -w 3 -b 0.0.0.0:8000 LearningPlatform.wsgi