Saleor platform using docker-compose, Traefik, NginX

common.env

DATABASE_URL=postgres://saleor:password@db/saleor
[email protected]
CELERY_BROKER_URL=redis://redis:6379/1
JAEGER_AGENT_HOST=jaeger
SECRET_KEY=secret_key
API_URI=https://saleor-api.domain.com/graphql/
ALLOWED_HOSTS=saleor-api.domain.com,saleor-mail.domain.com,saleor-store.domain.com,saleor-admin.domain.com,saleor-jaeger.domain.com
ALLOWED_CLIENT_HOSTS=saleor-api.domain.com,saleor-mail.domain.com,saleor-store.domain.com,saleor-admin.domain.com,saleor-jaeger.domain.com

docker-compose.override.yml

version: '2.1'

services:
  api:
    labels:
      traefik.enable: true
      traefik.http.routers.saleor-api.entrypoints: https
      traefik.http.routers.saleor-api.rule: Host(`saleor-api.domain.com`)
      traefik.http.routers.saleor-api.service: saleor-api
      traefik.http.services.saleor-api.loadbalancer.server.port: 8000
      traefik.docker.network: web
    networks:
      web:

  storefront:
    labels:
      traefik.enable: true
      traefik.http.routers.saleor-store.entrypoints: https
      traefik.http.routers.saleor-store.rule: Host(`saleor-store.domain.com`)
      traefik.http.routers.saleor-store.service: saleor-store
      traefik.http.services.saleor-store.loadbalancer.server.port: 80
      traefik.docker.network: web
    networks:
      web:

  dashboard:
    labels:
      traefik.enable: true
      traefik.http.routers.saleor-admin.entrypoints: https
      traefik.http.routers.saleor-admin.rule: Host(`saleor-admin.domain.com`)
      traefik.http.routers.saleor-admin.service: saleor-admin
      traefik.http.services.saleor-admin.loadbalancer.server.port: 80
      traefik.docker.network: web
    networks:
      web:

  jaeger:
    labels:
      traefik.enable: true
      traefik.http.routers.saleor-jaeger.entrypoints: https
      traefik.http.routers.saleor-jaeger.rule: Host(`saleor-jaeger.domain.com`)
      traefik.http.routers.saleor-jaeger.service: saleor-jaeger
      traefik.http.services.saleor-jaeger.loadbalancer.server.port: 16686
      traefik.docker.network: web
    networks:
      web:

  mailhog:
    labels:
      traefik.enable: true
      traefik.http.routers.saleor-mail.entrypoints: https
      traefik.http.routers.saleor-mail.rule: Host(`saleor-mail.domain.com`)
      traefik.http.routers.saleor-mail.service: saleor-mail
      traefik.http.services.saleor-mail.loadbalancer.server.port: 8025
      traefik.docker.network: web
    networks:
      web:

  db:
    labels:
      traefik.enable: false

  redis:
    labels:
      traefik.enable: false

  worker:
    labels:
      traefik.enable: false

networks:
  web:
    external:
      name: web

docker-compose.yml

version: '2.1'

services:

  api:
    ports:
      - 8000:8000
    build:
      context: ./saleor
      dockerfile: ./Dockerfile
      args:
        STATIC_URL: '/static/'
    restart: unless-stopped
    networks:
      - saleor-backend-tier
    depends_on:
      - db
      - redis
      - jaeger
    volumes:
      - ./saleor/saleor/:/app/saleor:Z
      - ./saleor/templates/:/app/templates:Z
      - ./saleor/tests/:/app/tests
      # shared volume between worker and api for media
      - saleor-media:/app/media
    command: python manage.py runserver 0.0.0.0:8000
    env_file: common.env
    environment:
      - JAEGER_AGENT_HOST=jaeger
      - STOREFRONT_URL=https://saleor-store.domain.com/
      - DASHBOARD_URL=https://saleor-admin.domain.com/

  storefront:
    build:
      context: ./saleor-storefront
      dockerfile: ./Dockerfile
    ports:
      - 3000:3000
    restart: unless-stopped
    volumes:
      - ./saleor-storefront/:/app:cached
      - /app/node_modules/
    environment:
      - API_URI=https://saleor-api.domain.com/graphql/
      - ALLOWED_CLIENT_HOSTS=domain.com
      - ALLOWED_HOSTS=domain.com

  dashboard:
    build:
      context: ./saleor-dashboard
      dockerfile: ./Dockerfile
    ports:
      - 9000:9000
    restart: unless-stopped
    volumes:
      - ./saleor-dashboard/:/app:cached
      - /app/node_modules/
    environment:
      - API_URI=https://saleor-api.domain.com/graphql/
      - ALLOWED_CLIENT_HOSTS=domain.com
      - ALLOWED_HOSTS=domain.com

  db:
    image: library/postgres:11.1-alpine
    ports:
      - 5432:5432
    restart: unless-stopped
    networks:
      - saleor-backend-tier
    volumes:
      - saleor-db:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=saleor
      - POSTGRES_PASSWORD=password

  redis:
    image: library/redis:5.0-alpine
    ports:
      - 6379:6379
    restart: unless-stopped
    networks:
      - saleor-backend-tier
    volumes:
      - saleor-redis:/data

  worker:
    build:
      context: ./saleor
      dockerfile: ./Dockerfile
      args:
        STATIC_URL: '/static/'
    command: celery -A saleor --app=saleor.celeryconf:app worker --loglevel=info
    restart: unless-stopped
    networks:
      - saleor-backend-tier
    env_file: common.env
    depends_on:
      - redis
      - mailhog
    volumes:
      - ./saleor/saleor/:/app/saleor:Z,cached
      - ./saleor/templates/:/app/templates:Z,cached
      # shared volume between worker and api for media
      - saleor-media:/app/media
    environment:
      - EMAIL_URL=smtp://mailhog:1025

  jaeger:
    image: jaegertracing/all-in-one
    ports:
      - "5775:5775/udp"
      - "6831:6831/udp"
      - "6832:6832/udp"
      - "5778:5778"
      - "16686:16686"
      - "14268:14268"
      - "9411:9411"
    restart: unless-stopped
    networks:
      - saleor-backend-tier

  mailhog:
    image: mailhog/mailhog
    ports:
      - 1025:1025 # smtp server
      - 8025:8025 # web ui. Visit http://localhost:8025/ to check emails
    restart: unless-stopped
    networks:
      - saleor-backend-tier

volumes:
  saleor-db:
    driver: local
  saleor-redis:
    driver: local
  saleor-media:

networks:
  saleor-backend-tier:
    driver: bridge

saleor-dashboard\Dockerfile

FROM node:10 as builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
ARG APP_MOUNT_URI
ARG API_URI
ARG STATIC_URL
ENV API_URI ${API_URI:-https://saleor-api.domain.com/graphql/}
ENV APP_MOUNT_URI ${APP_MOUNT_URI:-/dashboard/}
ENV STATIC_URL ${STATIC_URL:-/dashboard/}
RUN STATIC_URL=${STATIC_URL} API_URI=${API_URI} APP_MOUNT_URI=${APP_MOUNT_URI} npm run build

FROM nginx:stable
COPY --from=builder /app/build /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/default.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

saleor-dashboard\nginx\default.conf

server {

  listen 80;
  server_name saleor-admin.domain.com;

  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
  }

  error_page   500 502 503 504  /50x.html;

  location = /50x.html {
    root   /usr/share/nginx/html;
  }

}

saleor-storefront\Dockerfile

FROM node:10 as builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
ARG API_URI
ARG SENTRY_DSN
ARG SENTRY_APM
ARG DEMO_MODE
ARG GTM_ID
ENV API_URI ${API_URI:-https://saleor-api.domain.com/graphql/}
RUN API_URI=${API_URI} npm run build

FROM nginx:stable
COPY --from=builder /app/dist /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/default.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

saleor-storefront\nginx\default.conf

server {

  listen 80;
  server_name saleor-store.domain.com;

  location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
  }

  error_page   500 502 503 504  /50x.html;

  location = /50x.html {
    root   /usr/share/nginx/html;
  }

}

traefik\config.yml

http:
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

traefik\docker-compose.yml

version: '3.7'

services:
  traefik:
    image: traefik:v2.2.1
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - web
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
    labels:
      traefik.enable: true
      traefik.http.routers.traefik.entrypoints: https
      traefik.http.routers.traefik.rule: Host(`traefik.domain.com`)
      traefik.http.middlewares.traefik-auth.basicauth.users: admin:password
      traefik.http.routers.traefik.middlewares: traefik-auth
      traefik.http.routers.traefik.service: api@internal
    tty: true

networks:
  web:
    external: true

traefik\traefik.yml

log:
  level: INFO

api:
  dashboard: true
  debug: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: https
  https:
    address: ":443"
    http:
      middlewares:
        - default-headers@file
      tls:
        certResolver: domain
        domains:
          - main: domain.com
            sans:
              - "*.domain.com"
          - main: domain2.com
            sans:
              - "*.domain2.com"
              
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
    
certificatesResolvers:
  domain:
    acme:
      email: [email protected]
      storage: acme.json
      dnsChallenge:
        provider: domain
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"