Skip to content

Instantly share code, notes, and snippets.

@peleteiro

peleteiro/Makefile

Last active November 15, 2016 12:28
Show Gist options
  • Save peleteiro/9276b85f8ef3651829b217d17184a43a to your computer and use it in GitHub Desktop.
Save peleteiro/9276b85f8ef3651829b217d17184a43a to your computer and use it in GitHub Desktop.
Download ZIP
Terraform to launch a thumbor server on Digital Ocean
Raw
Makefile
.PHONY: apply
plan:
cd terraform && terraform plan -var-file terraform.tfvars -parallelism=1
apply:
cd terraform && terraform apply -var-file terraform.tfvars
destroy:
cd terraform && terraform plan -destroy -var-file terraform.tfvars -out terraform.tfplan
cd terraform && terraform apply terraform.tfplan
cache-purge:
@curl https://www.cloudflare.com/api_json.html \
-d 'a=fpurge_ts' \
-d 'tkn=${CLOUDFLARE_TOKEN}' \
-d 'email=${CLOUDFLARE_EMAIL}' \
-d 'z=***YOUR DOMAIN***' \
-d 'v=1'
Raw
setup.tf
provider "digitalocean" {
token = "${var.do_token}"
}
resource "digitalocean_ssh_key" "default" {
name = "biblebox"
public_key = "${file("keys/YOU_SSH.pub")}"
}
provider "cloudflare" {
email = "***YOUR CF ACCOUNT EMAIL*** "
token = "${var.cloudflare_token}"
}
Raw
thumbor.tf
resource "digitalocean_droplet" "thumbor" {
image = "coreos-stable"
name = "thumbor"
region = "nyc1"
size = "512mb"
private_networking = false
ssh_keys = ["${digitalocean_ssh_key.default.id}"]
user_data = "${file("cloud-config/thumbor.yml")}"
}
resource "digitalocean_floating_ip" "thumbor" {
droplet_id = "${digitalocean_droplet.thumbor.id}"
region = "nyc1"
}
resource "cloudflare_record" "thumbor" {
domain = "***YOUR DOMAIN***"
name = "***YOUR DOMAIN PREFIX***"
value = "${digitalocean_floating_ip.thumbor.ip_address}"
type = "A"
proxied = true
}
output "thumbor.ipv4_address" {
value = "${digitalocean_floating_ip.thumbor.ip_address}"
}
Raw
thumbor.yml
#cloud-config
coreos:
units:
- name: iptables-restore.service
enable: true
- name: redis.service
command: start
content: |
[Unit]
Description=Redis Service
After=docker.service
Requires=iptables-restore.service
[Service]
Restart=always
User=core
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill redis
ExecStartPre=-/usr/bin/docker rm redis
ExecStartPre=/usr/bin/docker pull redis:latest
ExecStart=/usr/bin/docker run \
--name redis redis:latest
ExecStop=/usr/bin/docker stop redis
- name: remotecv.service
command: start
content: |
[Unit]
Description=RemoteCV Service
After=docker.service
Requires=redis.service
Requires=iptables-restore.service
[Service]
Restart=always
User=core
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill remotecv
ExecStartPre=-/usr/bin/docker rm remotecv
ExecStartPre=/usr/bin/docker pull apsl/remotecv:latest
ExecStart=/usr/bin/docker run \
--link redis \
-e "REDIS_HOST=redis" \
-e "REDIS_PORT=6379" \
-e "REDIS_DATABASE=0" \
--name remotecv apsl/remotecv:latest
ExecStop=/usr/bin/docker stop remotecv
- name: thumbor.service
command: start
content: |
[Unit]
Description=Thumbor Service
After=docker.service
Requires=redis.service
Requires=remotecv.service
Requires=iptables-restore.service
[Service]
Restart=always
User=core
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill thumbor
ExecStartPre=-/usr/bin/docker rm thumbor
ExecStartPre=/usr/bin/docker pull apsl/thumbor-multiprocess:latest
ExecStart=/usr/bin/docker run \
-v /logs:/srv/thumbor/logs \
-v /data:/srv/thumbor/data \
--link redis \
-e "THUMBOR_NUM_PROCESSES=4" \
-e "ALLOW_UNSAFE_URL=False" \
-e "SECURITY_KEY=******YOUR_SECURITY_KEY******" \
-e "DETECTORS=['thumbor.detectors.queued_detector.queued_complete_detector']" \
-e "STORAGE=thumbor.storages.mixed_storage" \
-e "MIXED_STORAGE_FILE_STORAGE=thumbor.storages.file_storage" \
-e "RESULT_STORAGE=thumbor.result_storages.file_storage" \
-e "REDIS_STORAGE_SERVER_HOST=redis" \
-e "REDIS_STORAGE_SERVER_PORT=6379" \
-e "REDIS_STORAGE_SERVER_DB=0" \
-e "REDIS_QUEUE_SERVER_HOST=redis" \
-e "REDIS_QUEUE_SERVER_PORT=6379" \
-e "REDIS_QUEUE_SERVER_DB=0" \
-e "STORAGE_EXPIRATION_SECONDS=None" \
-e "RESULT_STORAGE_EXPIRATION_SECONDS=None" \
-e "MIXED_STORAGE_DETECTOR_STORAGE=tc_redis.storages.redis_storage" \
--name thumbor apsl/thumbor-multiprocess:latest
ExecStop=/usr/bin/docker stop thumbor
- name: thumbor-nginx.service
command: start
content: |
[Unit]
Description=Thumbor Nginx Service
After=docker.service
Requires=thumbor.service
Requires=iptables-restore.service
[Service]
Restart=always
User=core
TimeoutStartSec=0
KillMode=none
EnvironmentFile=/etc/environment
ExecStartPre=-/usr/bin/docker kill thumbor-nginx
ExecStartPre=-/usr/bin/docker rm thumbor-nginx
ExecStartPre=/usr/bin/docker pull apsl/thumbor-nginx:latest
ExecStart=/usr/bin/docker run \
--link thumbor \
--hostname nginx \
-p 0.0.0.0:80:80 \
--name thumbor-nginx apsl/thumbor-nginx:latest
ExecStop=/usr/bin/docker stop thumbor-nginx
write_files:
- path: /var/lib/iptables/rules-save
permissions: 0644
owner: 'root:root'
content: |
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
COMMIT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment