prod cleanup for live c10
This commit is contained in:
parent
834c236091
commit
b65daf3784
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,4 +3,5 @@ gitea/
|
|||||||
pmb-pf/
|
pmb-pf/
|
||||||
venv
|
venv
|
||||||
zapp.db
|
zapp.db
|
||||||
|
db/bu
|
||||||
|
|
||||||
|
|||||||
@ -69,6 +69,12 @@ Find in proxy/conf.\
|
|||||||
Find in gitea conf.\
|
Find in gitea conf.\
|
||||||
Rebuild images.
|
Rebuild images.
|
||||||
|
|
||||||
|
### MariaDB backup:
|
||||||
|
```
|
||||||
|
mariadb-dump -uroot -pxxxx gitea > /bu/19840101.sql
|
||||||
|
mariadb -uroot -pxxxx gitea < /bu/19840101.sql
|
||||||
|
```
|
||||||
|
|
||||||
### Todo:
|
### Todo:
|
||||||
- gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
|
- gitea subdomain will require wildcard cert -- therefore "*.oily.dad" AND "oily.dad" DONE
|
||||||
- move more stuff from backend config into root .env
|
- move more stuff from backend config into root .env
|
||||||
24
compose.yaml
24
compose.yaml
@ -3,23 +3,19 @@ services:
|
|||||||
image: mariadb:lts
|
image: mariadb:lts
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
#test: ['CMD-SHELL', 'mysqladmin ping -h 127.0.0.1 --password="${DOTENV_MYSQL_ROOT_PASSWORD}" --silent']
|
|
||||||
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
||||||
interval: 10s
|
interval: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
start_period: 10s
|
start_period: 5s
|
||||||
volumes:
|
volumes:
|
||||||
- db-data:/var/lib/mysql
|
- db-data:/var/lib/mysql
|
||||||
- ./db/init:/docker-entrypoint-initdb.d/
|
- ./db/init:/docker-entrypoint-initdb.d/
|
||||||
|
- ./db/bu:/bu
|
||||||
networks:
|
networks:
|
||||||
- backnet
|
- backnet
|
||||||
environment:
|
environment:
|
||||||
#- MYSQL_DATABASE=gitea
|
- MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
||||||
#- MYSQL_USER=gitea
|
|
||||||
#- MYSQL_PASSWORD=gitea
|
|
||||||
#- MYSQL_ROOT_PASSWORD=rootpass
|
|
||||||
- MYSQL_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
|
||||||
expose:
|
expose:
|
||||||
- 3306
|
- 3306
|
||||||
- 33060
|
- 33060
|
||||||
@ -29,11 +25,11 @@ services:
|
|||||||
context: backend
|
context: backend
|
||||||
target: builder
|
target: builder
|
||||||
# Next two are only debug, used without restart
|
# Next two are only debug, used without restart
|
||||||
stdin_open: true
|
#stdin_open: true
|
||||||
tty: true
|
#tty: true
|
||||||
#restart: always
|
restart: always
|
||||||
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
|
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
|
||||||
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
|
command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_USER=flasku
|
- MYSQL_USER=flasku
|
||||||
#- MYSQL_PASSWORD=flaskp
|
#- MYSQL_PASSWORD=flaskp
|
||||||
@ -96,9 +92,9 @@ services:
|
|||||||
proxy:
|
proxy:
|
||||||
build: proxy
|
build: proxy
|
||||||
restart: always
|
restart: always
|
||||||
#volumes:
|
volumes:
|
||||||
# - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
|
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
|
||||||
# - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
|
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
|
|||||||
@ -3,23 +3,19 @@ services:
|
|||||||
image: mariadb:lts
|
image: mariadb:lts
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
#test: ['CMD-SHELL', 'mysqladmin ping -h 127.0.0.1 --password="${DOTENV_MYSQL_ROOT_PASSWORD}" --silent']
|
|
||||||
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
||||||
interval: 10s
|
interval: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
start_period: 10s
|
start_period: 5s
|
||||||
volumes:
|
volumes:
|
||||||
- db-data:/var/lib/mysql
|
- db-data:/var/lib/mysql
|
||||||
- ./db/init:/docker-entrypoint-initdb.d/
|
- ./db/init:/docker-entrypoint-initdb.d/
|
||||||
|
- ./db/bu:/bu
|
||||||
networks:
|
networks:
|
||||||
- backnet
|
- backnet
|
||||||
environment:
|
environment:
|
||||||
#- MYSQL_DATABASE=gitea
|
- MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
||||||
#- MYSQL_USER=gitea
|
|
||||||
#- MYSQL_PASSWORD=gitea
|
|
||||||
#- MYSQL_ROOT_PASSWORD=rootpass
|
|
||||||
- MYSQL_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
|
||||||
expose:
|
expose:
|
||||||
- 3306
|
- 3306
|
||||||
- 33060
|
- 33060
|
||||||
@ -29,9 +25,9 @@ services:
|
|||||||
context: backend
|
context: backend
|
||||||
target: builder
|
target: builder
|
||||||
# Next two are only debug, used without restart
|
# Next two are only debug, used without restart
|
||||||
stdin_open: true
|
#stdin_open: true
|
||||||
tty: true
|
#tty: true
|
||||||
#restart: always
|
restart: always
|
||||||
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
|
# Comment following line to use flask (1worker, dev), uncomment to use uwsgi (wsgi)
|
||||||
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
|
#command: ["uwsgi", "--http", "0.0.0.0:8000", "--master", "-p", "4", "-w", "microblog:app"]
|
||||||
environment:
|
environment:
|
||||||
|
|||||||
@ -3,23 +3,19 @@ services:
|
|||||||
image: mariadb:lts
|
image: mariadb:lts
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
#test: ['CMD-SHELL', 'mysqladmin ping -h 127.0.0.1 --password="${DOTENV_MYSQL_ROOT_PASSWORD}" --silent']
|
|
||||||
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
||||||
interval: 10s
|
interval: 10s
|
||||||
retries: 5
|
retries: 5
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
start_period: 10s
|
start_period: 5s
|
||||||
volumes:
|
volumes:
|
||||||
- db-data:/var/lib/mysql
|
- db-data:/var/lib/mysql
|
||||||
- ./db/init:/docker-entrypoint-initdb.d/
|
- ./db/init:/docker-entrypoint-initdb.d/
|
||||||
|
- ./db/bu:/bu
|
||||||
networks:
|
networks:
|
||||||
- backnet
|
- backnet
|
||||||
environment:
|
environment:
|
||||||
#- MYSQL_DATABASE=gitea
|
- MARIADB_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
||||||
#- MYSQL_USER=gitea
|
|
||||||
#- MYSQL_PASSWORD=gitea
|
|
||||||
#- MYSQL_ROOT_PASSWORD=rootpass
|
|
||||||
- MYSQL_ROOT_PASSWORD=${DOTENV_MYSQL_ROOT_PASSWORD}
|
|
||||||
expose:
|
expose:
|
||||||
- 3306
|
- 3306
|
||||||
- 33060
|
- 33060
|
||||||
@ -96,9 +92,9 @@ services:
|
|||||||
proxy:
|
proxy:
|
||||||
build: proxy
|
build: proxy
|
||||||
restart: always
|
restart: always
|
||||||
#volumes:
|
volumes:
|
||||||
# - /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
|
- /home/finn/d/cert/var/lib/letsencrypt:/var/lib/letsencrypt
|
||||||
# - /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
|
- /home/finn/d/cert/etc/letsencrypt:/etc/letsencrypt
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
|
|||||||
50
proxy/conf
50
proxy/conf
@ -1,12 +1,52 @@
|
|||||||
|
#server {
|
||||||
|
# listen 80;
|
||||||
|
# server_name localhost;
|
||||||
|
# location / {
|
||||||
|
# proxy_pass http://backend:8000;
|
||||||
|
# }
|
||||||
|
|
||||||
|
|
||||||
|
# always redirect to https
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80 default_server;
|
||||||
server_name localhost;
|
server_name _;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
# use the certificates
|
||||||
|
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
|
||||||
|
server_name oily.dad www.oily.dad;
|
||||||
|
root /var/www/html;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://backend:8000;
|
proxy_pass http://backend:8000/;
|
||||||
}
|
}
|
||||||
location /gutty {
|
|
||||||
proxy_pass http://gitea:3000;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
# use the certificates
|
||||||
|
ssl_certificate /etc/letsencrypt/live/oily.dad/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/oily.dad/privkey.pem;
|
||||||
|
server_name gut.oily.dad;
|
||||||
|
root /var/www/html;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
client_max_body_size 512M;
|
||||||
|
#proxy_pass http://localhost:3000;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_pass http://gitea:3000/;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user