From f4c900b906c9b6721f2ac8438de61dd12823d9b9 Mon Sep 17 00:00:00 2001
From: krzys-h <krzys_h@interia.pl>
Date: Sat, 30 Jan 2021 19:26:04 +0100
Subject: [PATCH] Docker config for testing a more production-like setup with
 nginx

---
 .dockerignore      |  8 +++++
 Dockerfile         | 38 +++++++++++++++++++++
 docker-compose.yml | 44 ++++++++++++++++++++++++
 entrypoint.sh      | 14 ++++++++
 nginx.conf         | 69 +++++++++++++++++++++++++++++++++++++
 nginx.conf.example | 85 ----------------------------------------------
 6 files changed, 173 insertions(+), 85 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml
 create mode 100755 entrypoint.sh
 create mode 100644 nginx.conf
 delete mode 100644 nginx.conf.example

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..3fa579eb
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+node_modules
+media
+htmlcov
+.mypy_cache
+venv
+database.sqlite3
+.env
+.coverage
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..f0d36505
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+FROM node:current-alpine AS build_frontend
+WORKDIR /app
+
+COPY package.json package-lock.json ./
+RUN npm ci
+COPY webpack.config.js .
+COPY frontend ./frontend
+RUN npm run build
+
+
+
+FROM python:alpine
+WORKDIR /usr/src/app
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+RUN apk update && apk add postgresql-dev gcc python3-dev musl-dev libffi-dev zlib-dev jpeg-dev
+
+RUN pip install --upgrade pip
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+RUN pip install gunicorn
+
+COPY . .
+COPY --from=build_frontend /app/static/dist static/dist
+
+RUN echo "import os" > wwwapp/local_settings.py
+RUN echo "SECRET_KEY = os.environ['SECRET_KEY']" >> wwwapp/local_settings.py
+RUN echo "ALLOWED_HOSTS = ['*']" >> wwwapp/local_settings.py
+RUN echo "DATABASES = {'default': {'ENGINE': 'django.db.backends.postgresql_psycopg2', 'HOST': 'db', 'NAME': 'aplikacjawww', 'USER': 'app', 'PASSWORD': 'app'}}" >> wwwapp/local_settings.py
+RUN echo "GOOGLE_ANALYTICS_KEY = None" >> wwwapp/local_settings.py
+RUN echo "MEDIA_ROOT = os.environ['MEDIA_ROOT']" >> wwwapp/local_settings.py
+RUN echo "USE_X_FORWARDED_HOST = True" >> wwwapp/local_settings.py
+RUN echo "SESSION_COOKIE_SECURE = False" >> wwwapp/local_settings.py
+RUN echo "CSRF_COOKIE_SECURE = False" >> wwwapp/local_settings.py
+
+CMD gunicorn wwwapp.wsgi:application --bind 0.0.0.0:8000
+ENTRYPOINT ["./entrypoint.sh"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..fa063771
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,44 @@
+version: '3.7'
+
+services:
+  django:
+    build: .
+    volumes:
+      - static_volume:/usr/src/static
+      - media_volume:/usr/src/media
+    expose:
+      - 8000
+    environment:
+      - DJANGO_SETTINGS_MODULE=wwwapp.settings_prod
+      - MEDIA_ROOT=/usr/src/media
+      - SECRET_KEY=test123
+      - SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=${SOCIAL_AUTH_GOOGLE_OAUTH2_KEY}
+      - SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=${SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET}
+      - SOCIAL_AUTH_FACEBOOK_KEY=${SOCIAL_AUTH_FACEBOOK_KEY}
+      - SOCIAL_AUTH_FACEBOOK_SECRET=${SOCIAL_AUTH_FACEBOOK_SECRET}
+    depends_on:
+      - db
+  db:
+    image: postgres:alpine
+    volumes:
+      - postgres_data:/var/lib/postgresql/data/
+    environment:
+      - POSTGRES_DB=aplikacjawww
+      - POSTGRES_USER=app
+      - POSTGRES_PASSWORD=app
+  nginx:
+    image: nginx:alpine
+    volumes:
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+      - static_volume:/usr/share/nginx/static
+      - media_volume:/usr/share/nginx/media
+      - ${INTERNETY:-/dev/null}:/usr/share/nginx/internet
+    ports:
+      - 8000:8000
+    depends_on:
+      - django
+
+volumes:
+  postgres_data:
+  static_volume:
+  media_volume:
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 00000000..5fc54272
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+echo "Collecting static files"
+rm -rf /usr/src/static/*
+python manage.py collectstatic
+
+echo "Waiting for postgres..."
+while ! nc -z db 5432; do
+  sleep 0.1
+done
+echo "PostgreSQL started"
+python manage.py migrate
+
+exec "$@"
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 00000000..fe503a75
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,69 @@
+# ResourceYearPermission config example:
+# display_name=Internet WWW11, access_url=http://localhost:8080/internet/www11, path=internet/www11, year=2015
+
+server {
+    listen       8000;
+    listen  [::]:8000;
+    server_name  localhost;
+
+    client_max_body_size 32M;
+
+    location / {
+        proxy_pass http://django:8000;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        location = /resource_auth/ {
+            internal; # disallow external access to this endpoint
+            proxy_pass http://django:8000/resource_auth/;
+            proxy_redirect off;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-Host $host:$server_port;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Original-URI $request_uri;
+            proxy_set_header Content-Length "";
+            proxy_pass_request_body off;
+        }
+    }
+
+    location /static {
+        alias /usr/share/nginx/static/;
+    }
+
+    location /media {
+        alias /usr/share/nginx/media/;
+    }
+
+    location /internet {
+        alias /usr/share/nginx/internet/;
+        index index.html index.htm;
+        autoindex on;
+
+        auth_request /resource_auth/;
+        error_page 403 =200 /login/;
+        disable_symlinks on;
+
+        # Earlier internets don't have any specific configuration
+
+        location /internet/www14/ {
+            # We need to fix the paths because a lot of things were specified relative to / ¯\_(ツ)_/¯
+            sub_filter 'href="/' 'href="/internet/www14/';
+            sub_filter 'src="/' 'src="/internet/www14/';
+            sub_filter 'href=\\"/' 'href=\\"/internet/www14/';
+            sub_filter 'src=\\"/' 'src=\\"/internet/www14/';
+            sub_filter 'Index of /internet/www14/' 'Index of /'; # required for the scripts to correctly detect the root index page
+            sub_filter_once off;
+            sub_filter_types text/plain; # text/html is always included, but we also need to process the cancer1.txt and cancer2.txt files
+
+            # Our magical header/footer config
+            location ~* ^/internet/www14.*/$ {
+                add_before_body /internet/www14/cancer1.txt;
+                add_after_body /internet/www14/cancer2.txt;
+            }
+        }
+
+        # I don't have WWW15 files to test but it will be almost identical to WWW14
+    }
+}
\ No newline at end of file
diff --git a/nginx.conf.example b/nginx.conf.example
deleted file mode 100644
index ac19e3c6..00000000
--- a/nginx.conf.example
+++ /dev/null
@@ -1,85 +0,0 @@
-# nginx -p ./ -c nginx.conf
-
-# display_name=Internet WWW11, access_url=http://localhost:8080/internet/www11, path=internet/www11, year=2015
-# display_name=Internet WWW12, access_url=http://localhost:8080/internet/www12, path=internet/www12, year=2016 - nie ma plików bo zaginęły :P
-# display_name=Internet WWW13, access_url=http://localhost:8080/internet/www13, path=internet/www13, year=2017
-# display_name=Internet WWW14, access_url=http://localhost:8080/internet/www14, path=internet/www14, year=2018
-
-worker_processes auto;
-daemon off;
-pid nginx.pid;
-error_log /dev/stdout;
-
-events {
-	worker_connections 768;
-	# multi_accept on;
-}
-
-http {
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	# server_tokens off;
-
-	# server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-	
-	error_log /dev/stdout;
-	access_log /dev/stdout;
-
-	server {
-		listen 8080 default_server;
-		listen [::]:8080 default_server;
-		
-		try_files $uri $uri/ =404;
-		
-		location / {
-			# This should be configured with wsgi but I'm too lazy to do that for testing
-			proxy_pass http://localhost:8000;
-		
-			location = /resource_auth/ {
-				internal; # disallow external access to this endpoint
-				proxy_pass http://localhost:8000/resource_auth/;
-				proxy_pass_request_body off;
-				proxy_set_header Content-Length "";
-				proxy_set_header X-Original-URI $request_uri;
-			}
-		}
-		
-		location /internet {
-			alias /media/krzys_h/Archiwum/WakacyjneWarsztatyWielodyscyplinarne/Internet;
-			index index.html index.htm;
-			autoindex on;
-			
-		    auth_request /resource_auth/;
-			error_page 403 =200 /login/;
-			disable_symlinks on;
-			
-			# Earlier internets don't have any specific configuration
-			
-			location /internet/www14/ {
-				# We need to fix the paths because a lot of things were specified relative to / ¯\_(ツ)_/¯
-				sub_filter 'href="/' 'href="/internet/www14/';
-				sub_filter 'src="/' 'src="/internet/www14/';
-				sub_filter 'href=\\"/' 'href=\\"/internet/www14/';
-				sub_filter 'src=\\"/' 'src=\\"/internet/www14/';
-				sub_filter 'Index of /internet/www14/' 'Index of /'; # required for the scripts to correctly detect the root index page
-				sub_filter_once off;
-				sub_filter_types text/plain; # text/html is always included, but we also need to process the cancer1.txt and cancer2.txt files
-				
-				# Our magical header/footer config
-				location ~* ^/internet/www14.*/$ {
-					add_before_body /internet/www14/cancer1.txt;
-					add_after_body /internet/www14/cancer2.txt;
-				}
-			}
-			
-			# I don't have WWW15 files to test but it will be almost identical to WWW14
-		}
-	}
-}