backend/Dockerfile

@@ -12,7 +12,7 @@ COPY requirements.txt /code
 RUN target=/root/.cache/pip \
     pip3 install --root-user-action=ignore -q -r requirements.txt
 
-# Need to make this explicit as part of expansion, no migrations or venv
+# Dockerignore has this skip migrations, venv, sqlite db
 COPY . .
 
 ENV FLASK_APP microblog.py

backend/config.py

@@ -9,7 +9,6 @@ class Config:
     SQLALCHEMY_DATABASE_URI = 'mariadb+mariadbconnector://flasku:' + os.environ.get('DOTENV_MYSQL_PASSWORD') + '@db:3306/flask'
 
     MAIL_SERVER = 'pmb'
-    #MAIL_SERVER = ''
     MAIL_PORT = 25
     MAIL_USE_TLS = False
     MAIL_USERNAME = ''

compose.yaml.local

@@ -28,17 +28,23 @@ services:
     build:
       context: backend
       target: builder
-    restart: always
+    # Next two are only debug, used without restart
+    stdin_open: true
+    tty: true
+    #restart: always
     # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"]
+    #command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
     environment:
       - MYSQL_USER=flasku
       #- MYSQL_PASSWORD=flaskp
-      - MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
-      - TOKEN_I=${DOTENV_TOKEN_I}
-      - TOKEN_C=${DOTENV_TOKEN_C}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - FROM_ADDRESS=${GITEA_MAIL_FROM}
+      - DOTENV_MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
+      - DOTENV_FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
+      - DOTENV_TOKEN_I=${FLASK_TOKEN_I}
+      - DOTENV_TOKEN_C=${FLASK_TOKEN_C}
+      - DOTENV_ADMIN_EMAIL=${FLASK_ADMIN_EMAIL}
+      - DOTENV_FROM_ADDRESS=${FLASK_MAIL_FROM}
+      - DOTENV_JWT_PHRASE=${FLASK_JWT_PHRASE}
+      - DOTENV_REAL_HOSTNAME=${FLASK_REAL_HOSTNAME}
     #ports:
     #  - 8000:8000
     expose:

compose.yaml.prod

@@ -28,17 +28,23 @@ services:
     build:
       context: backend
       target: builder
+    # Next two are only debug, used without restart
+    #stdin_open: true
+    #tty: true
     restart: always
     # Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
-    command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "app:server"]
+    command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
     environment:
       - MYSQL_USER=flasku
       #- MYSQL_PASSWORD=flaskp
-      - MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
-      - TOKEN_I=${DOTENV_TOKEN_I}
-      - TOKEN_C=${DOTENV_TOKEN_C}
-      - ADMIN_EMAIL=${ADMIN_EMAIL}
-      - FROM_ADDRESS=${GITEA_MAIL_FROM}
+      - DOTENV_MYSQL_PASSWORD=${DOTENV_MYSQL_FLASK_PASSWORD}
+      - DOTENV_FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
+      - DOTENV_TOKEN_I=${FLASK_TOKEN_I}
+      - DOTENV_TOKEN_C=${FLASK_TOKEN_C}
+      - DOTENV_ADMIN_EMAIL=${FLASK_ADMIN_EMAIL}
+      - DOTENV_FROM_ADDRESS=${FLASK_MAIL_FROM}
+      - DOTENV_JWT_PHRASE=${FLASK_JWT_PHRASE}
+      - DOTENV_REAL_HOSTNAME=${FLASK_REAL_HOSTNAME}
     #ports:
     #  - 8000:8000
     expose:
@@ -90,9 +96,9 @@ services:
   proxy:
     build: proxy
     restart: always
-    volumes:
-      - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
-      - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
+    #volumes:
+    #  - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
+    #  - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
     ports:
       - 80:80
       - 443:443

dotenv

@@ -5,7 +5,7 @@ DOTENV_MYSQL_ROOT_PASSWORD=rootp
 DOTENV_MYSQL_GITEA_PASSWORD=giteap
 DOTENV_MYSQL_FLASK_PASSWORD=flaskp
 
-GITEA_MAIL_FROM=gitea@gitea.changeme
+GITEA_MAIL_FROM="git@changeme"
 
 # Build ARG GPG_PP. May still need to be empty to avoid breakage.
 BUILD_GPG_PP=
@@ -13,12 +13,15 @@ BUILD_GPG_PP=
 
 # Backend:
 
+FLASK_SECRET_KEY="changeme"
 # Inconsequential token: minimal inconvenience if exposed
-DOTENV_TOKEN_I=dti
+FLASK_TOKEN_I=dti
 
 # Consequential token: protect
-DOTENV_TOKEN_C=dtc
-
-# Destination address for handler mailer
-ADMIN_EMAIL="email@email.changeme"
+FLASK_TOKEN_C=dtc
 
+FLASK_MAIL_FROM="git@changeme"
+# admin email must be valid send from with mail subsystem
+FLASK_ADMIN_EMAIL="git@changeme"
+FLASK_JWT_PHRASE="jwtphrase"
+FLASK_REAL_HOSTNAME="localhost"