romeroyonatan · December 7, 2017 12:41
diff --git a/Dockerfile b/Dockerfile
 FROM python:3.6


 # variables de entorno
 ENV DJANGO_SETTINGS_MODULE "project.settings.production"
 ENV SECRET_KEY "##########################################"


 WORKDIR /app


 # instalo dependencias del SO
 RUN wget --quiet -O - https://nginx.org/keys/nginx_signing.key | apt-key add - && \
    wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
    echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list && \
    echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list && \
    echo "deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main" >> /etc/apt/sources.list && \
    apt-get update -qq && \
    apt-get install -qq -y \
        gettext \
        nginx \
        postgresql-client-9.5 \
        supervisor && \
     rm -rf /var/lib/apt/lists


 # instalo dependencias de la aplicacion
 ADD requirements requirements/
 ADD manage.py ./
 RUN pip install -r requirements/production.txt


 # copio codigo fuente
 ADD project/ project/


 # creo estaticos y genero traducciones
 RUN python manage.py collectstatic --noinput && \
    python manage.py compilemessages && \
    apt-get autoremove -y -qq


 # uso puerto 8080 y 8443 para https sin root
 EXPOSE 8080 8443


 # copio configuracion de servicios
 ADD deploy/supervisord.conf /etc/supervisord.conf
 ADD deploy/uwsgi.ini /etc/uwsgi.ini
 ADD deploy/nginx.conf deploy/default.crt deploy/default.key /etc/nginx/


 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/nginx.conf b/nginx.conf
 user  www-data;
 worker_processes  auto;

 error_log /dev/stderr;

 pid /tmp/nginx.pid;

 events {
    worker_connections  1024;
 }

 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /dev/stdout  main;

    client_body_buffer_size 16K;
    client_header_buffer_size 1k;
    client_max_body_size 16m;

    proxy_connect_timeout       600;
    proxy_send_timeout          600;
    proxy_read_timeout          600;
    uwsgi_send_timeout          600;
    uwsgi_read_timeout          600;
    send_timeout                600;

    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    gzip             on;
    gzip_comp_level  5;
    gzip_min_length  256;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_types       text/plain application/javascript text/xml text/css application/xml;

    # force https
    server {
        listen 8080 default_server;
        listen [::]:8080 default_server;
        return 301  https://$host$request_uri;
    }

    server {
        listen 8443 ssl http2;
        listen [::]:8443 ssl http2;

        ssl_certificate     default.crt;
        ssl_certificate_key default.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;

        ssl_protocols TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;

        charset utf-8;

        ## Deny illegal Host headers
        if ($host !~* ^www\.example\.com$ ) {
            return 400;
        }

        location / {
            include uwsgi_params;
            uwsgi_param HTTP_HOST $my_host;
            uwsgi_pass unix:///tmp/uwsgi.sock;
        }
    }
 }
 daemon off;
diff --git a/supervisord.conf b/supervisord.conf
 [supervisord]
 nodaemon=true

 [program:migrate]
 command=python manage.py migrate --noinput
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 exitcodes=0
 startsecs=0
 priority=10

 [program:uwsgi]
 command=/usr/local/bin/uwsgi --ini /etc/uwsgi.ini
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0

 [program:nginx]
 command=/usr/sbin/nginx
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
diff --git a/uwsgi.ini b/uwsgi.ini
 [uwsgi]
 enable-threads=True

 chown-socket = www-data:www-data
 chmod-socket = 600

 socket = /tmp/uwsgi.sock
 wsgi-file = project/wsgi.py
	FROM python:3.6


	# variables de entorno
	ENV DJANGO_SETTINGS_MODULE "project.settings.production"
	ENV SECRET_KEY "##########################################"


	WORKDIR /app


	# instalo dependencias del SO
	RUN wget --quiet -O - https://nginx.org/keys/nginx_signing.key \| apt-key add - && \
	wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc \| apt-key add - && \
	echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list && \
	echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list && \
	echo "deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main" >> /etc/apt/sources.list && \
	apt-get update -qq && \
	apt-get install -qq -y \
	gettext \
	nginx \
	postgresql-client-9.5 \
	supervisor && \
	rm -rf /var/lib/apt/lists


	# instalo dependencias de la aplicacion
	ADD requirements requirements/
	ADD manage.py ./
	RUN pip install -r requirements/production.txt


	# copio codigo fuente
	ADD project/ project/


	# creo estaticos y genero traducciones
	RUN python manage.py collectstatic --noinput && \
	python manage.py compilemessages && \
	apt-get autoremove -y -qq


	# uso puerto 8080 y 8443 para https sin root
	EXPOSE 8080 8443


	# copio configuracion de servicios
	ADD deploy/supervisord.conf /etc/supervisord.conf
	ADD deploy/uwsgi.ini /etc/uwsgi.ini
	ADD deploy/nginx.conf deploy/default.crt deploy/default.key /etc/nginx/


	CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
	user www-data;
	worker_processes auto;

	error_log /dev/stderr;

	pid /tmp/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /dev/stdout main;

	client_body_buffer_size 16K;
	client_header_buffer_size 1k;
	client_max_body_size 16m;

	proxy_connect_timeout 600;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	uwsgi_send_timeout 600;
	uwsgi_read_timeout 600;
	send_timeout 600;

	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	gzip on;
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain application/javascript text/xml text/css application/xml;

	# force https
	server {
	listen 8080 default_server;
	listen [::]:8080 default_server;
	return 301 https://$host$request_uri;
	}

	server {
	listen 8443 ssl http2;
	listen [::]:8443 ssl http2;

	ssl_certificate default.crt;
	ssl_certificate_key default.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;

	charset utf-8;

	## Deny illegal Host headers
	if ($host !~* ^www\.example\.com$ ) {
	return 400;
	}

	location / {
	include uwsgi_params;
	uwsgi_param HTTP_HOST $my_host;
	uwsgi_pass unix:///tmp/uwsgi.sock;
	}
	}
	}
	daemon off;
	[supervisord]
	nodaemon=true

	[program:migrate]
	command=python manage.py migrate --noinput
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	exitcodes=0
	startsecs=0
	priority=10

	[program:uwsgi]
	command=/usr/local/bin/uwsgi --ini /etc/uwsgi.ini
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0

	[program:nginx]
	command=/usr/sbin/nginx
	stdout_logfile=/dev/stdout
	stdout_logfile_maxbytes=0
	stderr_logfile=/dev/stderr
	stderr_logfile_maxbytes=0
	[uwsgi]
	enable-threads=True

	chown-socket = www-data:www-data
	chmod-socket = 600

	socket = /tmp/uwsgi.sock
	wsgi-file = project/wsgi.py