Use Nginx & gunicorn to run Kipa in container

partio-scout · Dec 5, 2024 · 8a22d16 · 8a22d16
1 parent 9a55b4c
commit 8a22d16
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 29 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1 @@
+web/settings/local.py
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,24 @@
-FROM python:3.12
+FROM ubuntu/nginx
 
-WORKDIR /app/web
+RUN apt-get update
+RUN apt-get install -y python3.12 python3.12-venv
 
-ENTRYPOINT ["/app/docker-entrypoint.sh"]
-EXPOSE 3000
-CMD ["python", "./manage.py", "runserver", "0.0.0.0:3000"]
 
-COPY . /app/
-COPY web/settings/docker.py.example /app/web/settings/docker.py
-RUN pip install -r /app/requirements.txt
+COPY web /app/
+COPY --chown=nobody:nogroup web/media /media
+COPY web/settings/docker.py.example /app/settings/docker.py
+COPY requirements.txt /
+COPY nginx.conf /etc/nginx/
+
+RUN tr -dc A-Za-z0-9 < /dev/urandom | head -c 40 > /secret.txt
+RUN python3.12 -m venv venv
+ENV PATH="/venv/bin:$PATH"
+RUN pip install -r requirements.txt
+WORKDIR /app
+RUN python manage.py makemigrations tupa
+RUN python manage.py migrate
+
+RUN nginx -t
+
+RUN echo "gunicorn --daemon --bind unix:/tmp/kipa.sock wsgi" > /docker-entrypoint.d/gunicorn.sh
+RUN chmod +x /docker-entrypoint.d/gunicorn.sh
diff --git a/docker-compose.yml b/docker-compose.yml
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,42 @@
+worker_processes 1;
+
+user nobody nogroup;
+error_log  /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+  worker_connections 1024;
+  accept_mutex off; # set to 'on' if nginx worker_processes > 1
+}
+
+http {
+  include mime.types;
+  # fallback in case we can't determine a type
+  default_type application/octet-stream;
+  access_log /var/log/nginx/access.log combined;
+  sendfile on;
+
+  upstream app_server {
+    server unix:/tmp/kipa.sock fail_timeout=0;
+  }
+
+  server {
+    listen 80 deferred;
+    client_max_body_size 4G;
+    server_name kipa;
+    keepalive_timeout 5;
+
+    location /kipamedia {
+      alias /media;
+    }
+    location / {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+      proxy_pass http://app_server;
+    }
+  }
+}
diff --git a/web/settings/docker.py.example b/web/settings/docker.py.example
@@ -1,12 +1,9 @@
-with open("/app/db/secret.txt", "r") as f:
+with open("/secret.txt", "r") as f:
     SECRET_KEY = f.readline()
 
 DATABASES = {
     "default": {
         "ENGINE": "django.db.backends.sqlite3",
-        "NAME": "/app/db/kipa.db",
+        "NAME": "/tmp/kipa.db",
     }
 }
-
-# Should we serve the media files through Python?
-SERVE_MEDIA = True