From 270418ced02dc5b1481d5ce459fe83fc9eb8e47f Mon Sep 17 00:00:00 2001 From: ZhymabekRoman Date: Tue, 29 Oct 2024 20:50:41 +0500 Subject: [PATCH] feat(docker): multiple profiles --- README.md | 51 +++++--- caddy/CaddyfileTemplate | 4 +- docker-compose/docker-compose.db.yml | 2 - docker-compose/docker-compose.main.yml | 138 +++++++++++++------- docker-compose/docker-compose.plausible.yml | 2 - docker-compose/docker-compose.proxy.yml | 4 +- docker-compose/docker-compose.utility.yml | 2 - docker-compose/docker-compose.wgcf.yml | 14 +- docker-compose/docker-compose.yml | 2 - 9 files changed, 136 insertions(+), 83 deletions(-) diff --git a/README.md b/README.md index d061689..866cc78 100644 --- a/README.md +++ b/README.md @@ -8,25 +8,33 @@ ## Stack: -- Backend: Python 3.9+, Unicorn, FastAPI, Jinja2, Sentry -- Frontend: Tailwinds CSS v3 -- Database: PostgreSQL, Dragonfly (Redis and Memcached compatible key-value database) -- Utils: Caddy, Docker, Docker Compose, Cloudflare WARP proxy (wgcf) +- Backend: + - language: Python 3.9+ + - framework: Unicorn, FastAPI +- Frontend: + - framework: Tailwinds CSS v3, Jinja2 + - monitoring: Sentry +- Database: + - PostgreSQL, Dragonfly (Redis and Memcached compatible key-value database) +- Utils: + - Caddy, Docker, Docker Compose, Cloudflare WARP proxy (wgcf) -## Local run: +## Project configuration: -There is two profiles: +There is three (3) docker-compose profiles: - `min` - without 2 Cluster of Cloudflare WARP proxy, HAProxy proxy balancer, Plausible, Grafana. +- `local` - based on `min`, but with `freedium.local` exposed hostname, both 80 and 443 ports are exposed, with self-signed TLS certificate. - `prod` - with all services for production. -For local development, we recommend to use `min` profile. +### Requirements: -Requirements: - -- Docker +- Docker, Docker Compose, last version is preferred. +- Linux, preferably rolling release. We can't guarantee that Freedium instance will work on other OS. Tested on Ubuntu 22.04 and Fedora 39. - git -- Linux. Officially, we can't guarantee that Freedium will work on other OS. +- Preferably, fresh and clean brain. + +### Local run: To configure your Freedium instance, follow these steps: @@ -48,13 +56,16 @@ To configure your Freedium instance, follow these steps: 3. (Optional) Set up the Docker network: ``` - sudo docker network create caddy_freedium_net + sudo docker network create caddy_net ``` 4. Change your hosts file: ``` sudo nano /etc/hosts + # or + vim /etc/hosts + # and when you are closed vim, type `:w !sudo tee %` to save file without executing vim in root mode ``` Add the following line: @@ -66,21 +77,23 @@ To configure your Freedium instance, follow these steps: 5. Start the Freedium services (`min` profile): ``` - sudo docker compose --profile min -f ./docker-compose/docker-compose.yml up + sudo docker compose --profile local -f ./docker-compose/docker-compose.yml up ``` Stopping the services: ``` - sudo docker compose --profile min -f ./docker-compose/docker-compose.yml down + sudo docker compose --profile local -f ./docker-compose/docker-compose.yml down ``` -6. (Optional) Configure your reverse proxy (Caddy, Nginx, etc.) to use `freedium.local` as a host. - -If you use Dockerized reverse proxy, you can specify network `caddy_freedium_net` with `external: true` option in networks section of your reverse proxy container. Specify `caddy_freedium` hostname with port `80` (or `443`) in your reverse proxy configuration. - And now you can access local instance of Freedium by opening browser and type `https://freedium.local`. There is would be a warning about insecure connection, because we use self-signed TLS certificate. Ignore it. +### Production run: + +All production services are running on `prod` profile. If you use Dockerized reverse proxy, you can specify network `caddy_freedium_net` with `external: true` option in networks section of your reverse proxy container. Specify `caddy_freedium` hostname with port `6752` (or `6753` for Plausible) in your reverse proxy configuration. + +As alternative, you can directly change docker-compose configurations to use your reverse proxy. See `docker-compose` and `caddy` folders for more details. + ## Architecture: ```mermaid @@ -174,7 +187,7 @@ graph TB ## TODO: - ~~Integrate library notifiers - https://github.com/liiight/notifiers~~ Use Graphana and Loki instead -- Do not use 'shturman/dante' image, because it is does not have updates for a long time. (Probably) Use https://hub.docker.com/r/vimagick/dante/ +- ~~Do not use 'shturman/dante' image, because it is does not have updates for a long time. (Probably) Use https://hub.docker.com/r/vimagick/dante/~~ Works, don't touch ## Roadmap diff --git a/caddy/CaddyfileTemplate b/caddy/CaddyfileTemplate index 592b14b..fb12d57 100644 --- a/caddy/CaddyfileTemplate +++ b/caddy/CaddyfileTemplate @@ -18,7 +18,7 @@ lb_try_interval 1s } -plausible.freedium.local { +plausible.freedium.local, :6753 { import common reverse_proxy freedium_plausible:8000 { @@ -27,7 +27,7 @@ plausible.freedium.local { } } -freedium.local { +freedium.local, :6752 { import common reverse_proxy freedium_web:7080 { diff --git a/docker-compose/docker-compose.db.yml b/docker-compose/docker-compose.db.yml index 453f0df..90118a7 100644 --- a/docker-compose/docker-compose.db.yml +++ b/docker-compose/docker-compose.db.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: redis_service: container_name: redis_service diff --git a/docker-compose/docker-compose.main.yml b/docker-compose/docker-compose.main.yml index 97e23f1..1d42348 100644 --- a/docker-compose/docker-compose.main.yml +++ b/docker-compose/docker-compose.main.yml @@ -1,66 +1,104 @@ version: '3.7' +x-expose: &expose + networks: + freedium_local_net: + ipv4_address: 177.28.0.5 + ports: + - "80:80" + - "443:443" + +x-freedium_web: &freedium_web + env_file: ../.env + build: + context: ../ + dockerfile: Dockerfile + # postgres_freedium: + # condition: service_healthy + volumes: + - ../web:/app/web + ports: + - "7080:7080" + networks: + - freedium_net + mem_limit: 4g + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:7080/ --max-time 80 --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15'" ] + interval: 30s + start_period: 20s + timeout: 80s + retries: 3 + stop_grace_period: 2m + +x-caddy_freedium: &caddy_freedium + build: + context: ../caddy + dockerfile: Dockerfile + cap_add: + - NET_ADMIN + volumes: + - ../caddy/Caddyfile:/etc/caddy/Caddyfile + - ../caddy/static:/static + - freedium_caddy_data:/data + - freedium_caddy_config:/config + restart: always + healthcheck: + test: [ "CMD-SHELL", "curl -f http://localhost:80/ --max-time 80 --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15'" ] + interval: 30s + start_period: 20s + timeout: 80s + retries: 3 + stop_grace_period: 2m + services: - caddy_freedium: - container_name: caddy_freedium - build: - context: ../caddy - dockerfile: Dockerfile - cap_add: - - NET_ADMIN + caddy_freedium_local: + <<: [ *caddy_freedium, *expose ] + container_name: caddy_freedium_local + profiles: + - local networks: - freedium_local_net: - ipv4_address: 177.28.0.5 freedium_net: caddy_freedium_net: caddy_net: - # ports: - # - "6752:6752" - # - "6753:6753" - # - "80:80" - # - "443:443" - volumes: - - ../caddy/Caddyfile:/etc/caddy/Caddyfile - - freedium_caddy_data:/data - - freedium_caddy_config:/config - - ../caddy/static:/static - restart: always - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:80/ --max-time 80 --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15'" ] - interval: 30s - start_period: 20s - timeout: 80s - retries: 3 - stop_grace_period: 2m + freedium_local_net: + ipv4_address: 177.28.0.5 + + caddy_freedium: + <<: *caddy_freedium + container_name: caddy_freedium + networks: + freedium_net: + caddy_freedium_net: + caddy_net: + ports: + - "6752:6752" + - "6753:6753" + profiles: + - prod + - min + + freedium_web_mini: + <<: *freedium_web + profiles: + - min + - local + environment: + - "PROXY_LIST=${PROXY_LIST:-}" + container_name: freedium_web_mini + hostname: freedium_web freedium_web: - container_name: freedium_web - env_file: ../.env - build: - context: ../ - dockerfile: Dockerfile + <<: *freedium_web + profiles: + - prod environment: - - "PROXY_LIST=${PROXY_LIST:-socks5://haproxy-pb:1080}" + - "PROXY_LIST=socks5://haproxy-pb:1080" depends_on: haproxy-proxy-balancer: condition: service_healthy - # postgres_freedium: - # condition: service_healthy - volumes: - - ../web:/app/web - ports: - - "7080:7080" - networks: - - freedium_net - mem_limit: 4g - restart: always - healthcheck: - test: [ "CMD-SHELL", "curl -f http://localhost:7080/ --max-time 80 --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15'" ] - interval: 30s - start_period: 20s - timeout: 80s - retries: 3 - stop_grace_period: 2m + container_name: freedium_web + hostname: freedium_web volumes: freedium_caddy_data: diff --git a/docker-compose/docker-compose.plausible.yml b/docker-compose/docker-compose.plausible.yml index 5c02283..a660692 100644 --- a/docker-compose/docker-compose.plausible.yml +++ b/docker-compose/docker-compose.plausible.yml @@ -1,5 +1,3 @@ -version: '3.7' - # Based on: https://github.com/plausible/community-edition/blob/v2.1.4/compose.yml services: plausible_db: diff --git a/docker-compose/docker-compose.proxy.yml b/docker-compose/docker-compose.proxy.yml index 3d3f020..9074b4a 100644 --- a/docker-compose/docker-compose.proxy.yml +++ b/docker-compose/docker-compose.proxy.yml @@ -1,7 +1,7 @@ -version: '3.7' - services: haproxy-proxy-balancer: + profiles: + - prod build: context: ../proxy-balancer dockerfile: Dockerfile diff --git a/docker-compose/docker-compose.utility.yml b/docker-compose/docker-compose.utility.yml index e263d3d..f0b6e64 100644 --- a/docker-compose/docker-compose.utility.yml +++ b/docker-compose/docker-compose.utility.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: autoheal: container_name: freedium_autoheal diff --git a/docker-compose/docker-compose.wgcf.yml b/docker-compose/docker-compose.wgcf.yml index 225913a..b14b0d5 100644 --- a/docker-compose/docker-compose.wgcf.yml +++ b/docker-compose/docker-compose.wgcf.yml @@ -1,5 +1,3 @@ -version: '3.7' - services: wgcf1: image: neilpang/wgcf-docker:latest @@ -21,6 +19,8 @@ services: interval: 5s timeout: 2s retries: 10000 + profiles: + - prod dante_1: image: shturman/dante:1.4.2 @@ -35,6 +35,8 @@ services: depends_on: wgcf1: condition: service_healthy + profiles: + - prod wgcf1_healthcare_service: build: @@ -53,6 +55,8 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro + profiles: + - prod wgcf2: image: neilpang/wgcf-docker:latest @@ -77,6 +81,8 @@ services: interval: 5s timeout: 2s retries: 10000 + profiles: + - prod dante_2: image: shturman/dante:1.4.2 @@ -91,6 +97,8 @@ services: depends_on: wgcf2: condition: service_healthy + profiles: + - prod wgcf2_healthcare_service: build: @@ -109,3 +117,5 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro + profiles: + - prod diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index f44825f..db5f65c 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.7' - include: - docker-compose.main.yml - docker-compose.wgcf.yml