Last active
June 7, 2023 02:03
-
-
Save v-stickykeys/df3abdad950924508933976a46dd4a80 to your computer and use it in GitHub Desktop.
Dockerized Django Gunicorn app with Nginx SSL proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| └── replace_me_code | |
| ├── Dockerfile | |
| ├── replace_me | |
| │ ├── README.md | |
| │ └── src | |
| │ ├── .env | |
| │ ├── replace_me | |
| │ ├── manage.py | |
| │ └── requirements.txt | |
| ├── docker-compose.yml | |
| └── nginx | |
| └── replace.me.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| nginx: | |
| image: nginx:latest | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| volumes: | |
| - ./nginx:/etc/nginx/conf.d | |
| - /etc/letsencrypt:/etc/letsencrypt | |
| depends_on: | |
| - gunicorn | |
| gunicorn: | |
| build: . | |
| command: > | |
| sh -c "python manage.py makemigrations && | |
| python manage.py migrate && | |
| python manage.py collectstatic --noinput && | |
| gunicorn --bind :8000 --workers 2 dailypear.wsgi:application" | |
| env_file: | |
| - ./replace_me/src/.env | |
| ports: | |
| - 8000:8000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM python:3.7.4-alpine3.10 | |
| ADD replace_me/src/requirements.txt /app/requirements.txt | |
| RUN set -ex \ | |
| && apk add --no-cache --virtual .build-deps postgresql-dev build-base \ | |
| && python -m venv /env \ | |
| && /env/bin/pip install --upgrade pip \ | |
| && /env/bin/pip install --no-cache-dir -r /app/requirements.txt \ | |
| && runDeps="$(scanelf --needed --nobanner --recursive /env \ | |
| | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | |
| | sort -u \ | |
| | xargs -r apk info --installed \ | |
| | sort -u)" \ | |
| && apk add --virtual rundeps $runDeps \ | |
| && apk del .build-deps | |
| ADD replace_me/src /app | |
| WORKDIR /app | |
| ENV VIRTUAL_ENV /env | |
| ENV PATH /env/bin:$PATH | |
| EXPOSE 8000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream service { | |
| server gunicorn:8000; | |
| } | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| return 301 https://replace.me$request_uri; | |
| } | |
| server { | |
| listen [::]:443 ssl ipv6only=on; | |
| listen 443 ssl; | |
| server_name replace.me; | |
| # Let's Encrypt parameters | |
| ssl_certificate /etc/letsencrypt/live/replace.me/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/replace.me/privkey.pem; | |
| include /etc/letsencrypt/options-ssl-nginx.conf; | |
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
| location = /favicon.ico { access_log off; log_not_found off; } | |
| location / { | |
| proxy_pass http://service; | |
| proxy_redirect off; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto https; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment