Skip to content

Commit

Permalink
Merge pull request #170 from manuGil/docker-api
Browse files Browse the repository at this point in the history
Docker api
  • Loading branch information
manuGil authored Dec 9, 2024
2 parents 65b5491 + aa50a63 commit 3b286ab
Show file tree
Hide file tree
Showing 27 changed files with 3,134 additions and 3,327 deletions.
10 changes: 0 additions & 10 deletions .env.example

This file was deleted.

37 changes: 37 additions & 0 deletions README.dev.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,43 @@

If you're looking for user documentation, go [here](README.md).


## API Docker container

The api can be reproduced using docker compose as follows:

1. Clone the repository, the latest version is in the `devel` branch.
2. Add a `.env` file to the root of the repository with the following varialbles. Values can be adjusted.

```shell
DATABASE=civo
JDANGO_DB_ENGINE=postgis
DB_USER=citizen
DB_PORT=5432
DJANGO_DEBUG=1
DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]
```

3. Create a directory in the root of the repository called `secrets/`, and create the secrets for the Django token and the database password as follows:

```shell
# file name: django_token.txt
<django-token-plain-text>
```

```shell
# file name: django_token.txt
<postgres-superuser-password>
```

4. Build and run using docker compose. The database will be populated with sample data.

```shell
docker compose -f docker-compose.yaml build

docker compose -f docker-compose.yaml up
```

## Development installation

Follow the instruction below to set up a development environment. We use Python 3.10 and Django 4.0.x for development.
Expand Down
3 changes: 3 additions & 0 deletions citizenvoice/.dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.git
.gitignore
.env
39 changes: 39 additions & 0 deletions citizenvoice/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
FROM python:3.11-alpine3.20

ENV PYTHONUNBUFFERED 1
ENV PYTHONDONTWRITEBYTECODE 1

RUN mkdir -p /var/www/dockerize-django/citizenvoice
WORKDIR /var/www/dockerize-django/citizenvoice

COPY ./requirements.txt ./
# packages required for building GDAL
RUN apk add --no-cache \
python3-dev \
gdal \
gdal-dev \
gcc \
musl-dev \
geos-dev \
proj-dev \
postgresql-dev \
build-base \
libjpeg-turbo-dev \
zlib-dev
RUN pip install --upgrade pip
RUN pip install --no-cache-dir -r requirements.txt

RUN adduser --disabled-password --no-create-home django
COPY . .
RUN chown -R django:django /var/www/dockerize-django/citizenvoice
USER django

# COPY wait-for-it.sh /wait-for-it.sh
# RUN chmod +x /wait-for-it.sh

# ENV DJANGO_ALLOWED_HOSTS=localhost

# EXPOSE 8000

# CMD [ "/wait-for-it.sh", "db-postgis:5432", "--", "python", "manage.py", "runserver", "0.0.0.0:8000" ]
# CMD ["uwsig", "--socket", ":8000", "--workers", "4", "--master", "--enable-threads", "--module", "citizenvoice.wsgi"]
32 changes: 13 additions & 19 deletions citizenvoice/citizenvoice/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,28 +32,25 @@
DEFAULT_SURVEY_PUBLISHING_DURATION = 7

# read environment variable form .env file
load_dotenv("../.env")
# load_dotenv("../.env")

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent

# read environment variable form .env file
load_dotenv("../.env")

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.getenv('SECRET_KEY')
SECRET_KEY = os.environ.get('SECRET_KEY', 'setme-in-production')


# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
DEBUG = bool(os.environ.get("DJANGO_DEBUG", default=0))

# Choice of database engine will be retrieved from .env file
DATABASE_ENGINE = os.getenv('DATABASE_ENGINE')
DATABASE_ENGINE = os.environ.get("DATABASE_ENGINE")

ALLOWED_HOSTS = []
ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS").split(" ")

# Application definition

Expand Down Expand Up @@ -128,10 +125,7 @@
'http://127.0.0.1:3000',
'http://145.94.193.168:3000'
]
ALLOWED_HOSTS = [
'localhost',
'127.0.0.1'
]

CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = (
'http://localhost:3000',
Expand All @@ -149,7 +143,7 @@

# The code below is necessary to distinguish a deployment for CI with
# GitHub Actions (IF part) and any other deployment (the ELSE part)
if os.getenv('GITHUB_WORKFLOW'):
if os.environ.get('GITHUB_WORKFLOW'):
DATABASES = {
'default': {
'ENGINE': 'django.contrib.gis.db.backends.postgis',
Expand All @@ -165,13 +159,13 @@
DATABASES = {
'default': {
'ENGINE': 'django.contrib.gis.db.backends.postgis',
'NAME': os.getenv('POSTGRES_DBASE'),
'USER': os.getenv('POSTGRES_USER'),
'PASSWORD': os.getenv('POSTGRES_PWD'),
'HOST': os.getenv('POSTGRES_HOST'),
'PORT': os.getenv('POSTGRES_PORT'),
'NAME': os.environ.get('POSTGRES_DBASE'),
'USER': os.environ.get('POSTGRES_USER'),
'PASSWORD': os.environ.get('POSTGRES_PWD'),
'HOST': os.environ.get('POSTGRES_HOST'),
'PORT': os.environ.get('POSTGRES_PORT'),
'TEST': {
'NAME': os.getenv('TEST_DBASE'),
'NAME': os.environ.get('TEST_DBASE'),
},
}
}
Expand Down
2 changes: 1 addition & 1 deletion citizenvoice/citizenvoice/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

urlpatterns = [
path('admin/', admin.site.urls),
path('', include('survey_design.urls')),
# path('', include('survey_design.urls')), # enables the survey_design (depricated) app
path('respondent/', include('respondent.urls')),
path('auth/', include('users.urls')),
path('api/v2/', include('apiapp.urls')),
Expand Down
1 change: 1 addition & 0 deletions citizenvoice/civilian-db.json

Large diffs are not rendered by default.

38 changes: 38 additions & 0 deletions citizenvoice/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
asgiref==3.7.2
attrs==23.1.0
certifi==2023.11.17
charset-normalizer==3.3.2
cryptography==41.0.7
defusedxml==0.7.1
Django==5.0
django-allauth==0.54.0
django-bulk-update-or-create==0.3.0
django-cors-headers==4.3.1
django-extensions==3.2.3
django-rest-knox==4.2.0
djangorestframework==3.15.0
djangorestframework-gis==1.0
drf-spectacular==0.26.5
GDAL==3.8
idna==3.6
inflection==0.5.1
jsonschema==4.20.0
jsonschema-specifications==2023.11.2
numpy==2.1.1
oauthlib==3.2.2
psycopg2==2.9.9
pycparser==2.21
PyJWT==2.8.0
python-dotenv==1.0.0
python3-openid==3.2.0
pytz==2023.3.post1
PyYAML==6.0.1
referencing==0.31.1
requests==2.31.0
requests-oauthlib==1.3.1
rpds-py==0.13.2
setuptools==68.2.2
sqlparse==0.4.4
uritemplate==4.1.1
urllib3==2.1.0
wheel==0.42.0
4 changes: 0 additions & 4 deletions citizenvoice/yarn.lock

This file was deleted.

7 changes: 7 additions & 0 deletions container/cerbot/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM cerbos/cerbot:v2.11.0

COPY certify-init.sh /opt/
RUN chmod +x /opt/certify-init.sh

ENTRYPOINT []
CMD [ "cerbot", "reniew"]
22 changes: 22 additions & 0 deletions container/cerbot/certify-init.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/sh

# Wait for proxy to be available, then gets the first certificate

set -e

until nc -z proxy 80; do
echo "Waiting for proxy to be available..."
sleep 5 & wait ${!}
done

echo "Getting certificate for ${DOMAIN}"

certbot certonly \
--webroot \
--webroot-path "/vol/www/" \
-d "${DOMAIN}" \
--email "${EMAIL}" \
--rsa-key-size 4096 \
--agree-tos \
--noninteractive

19 changes: 19 additions & 0 deletions container/frontend/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM node:22.8.0-alpine3.20

RUN mkdir -p /var/www/dockerize-nuxt/nuxt-app
WORKDIR /var/www/dockerize-nuxt/nuxt-app

COPY ../../frontend/package*.json ./
RUN yarn install

COPY ../../frontend/ ./

RUN yarn run build

EXPOSE 3000

ENV NUXT_HOST=0.0.0.0

ENV NUXT_PORT=3000

CMD [ "yarn", "start" ]
16 changes: 16 additions & 0 deletions container/nginx/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
FROM nginx:1.27.1-alpine3.20

COPY ./configs/* /etc/nginx/
COPY ./run.sh /run.sh

ENV APP_HOST=django-app
ENV APP_PORT=8000

RUN apk add --no-cache openssl bash
RUN chmod +x /run.sh

VOLUME /vol/static
VOLUME /vol/www

CMD ["/run.sh"]

31 changes: 31 additions & 0 deletions container/nginx/conf.d/default.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
upstream docker {
server nuxt-app:3000;
}

map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}

server {
listen 80; # the port nginx is listening on
server_name 127.0.0.1 citizenvoice.tudelft.nl; # setup your domain here

gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;

location / {
expires $expires;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://docker;
}
}
35 changes: 35 additions & 0 deletions container/nginx/configs/default-ssl.conf.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
server {
listen 80;
server_name ${DOMAIN} www.${DOMAIN};

location /.well-knon/acme-challenge/ {
root /vol/www/;
}

location / {
return 301 https://$host$request_uri;
}
}

server {
listen 443 ssl;
server_name ${DOMAIN} www.${DOMAIN};

ssl_certificate /etc/letsencryt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencryt/live/${DOMAIN}/privkey.pem;

include /etc/nginx/options-ssl-nginx.conf;
ssl_dhparam /vol/proxy/ssl-dhparams.pem;

add_header Strict-Transport-Security "max-age=315600; includeSubDomains" always;

location /static {
alias /vol/static;
}

location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
12 changes: 12 additions & 0 deletions container/nginx/configs/default.conf.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
server {
listen 80;
server_name ${DOMAIN} www.${DOMAIN};

location /.well-knon/acme-challenge/ {
root /vol/www/;
}

location / {
return 301 https://$host$request_uri;
}
}
14 changes: 14 additions & 0 deletions container/nginx/configs/options-ssl-nginx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
Loading

0 comments on commit 3b286ab

Please sign in to comment.