Update/feature

.dockerignore

@@ -2,4 +2,5 @@
 /web/composer.lock
 /web/vendor
 /web/.env
-/template
+/template
+/web/storage/webconfig/active.d

.gitignore

@@ -3,4 +3,5 @@
 /web/composer.lock
 /web/.env
 /web/public/storage
-/template
+/template
+/production.zip

Dockerfile

@@ -42,8 +42,6 @@ RUN chmod +x /run/start.sh
 ADD --chown=nginx:nginx ./web /app
 ADD ./infra/db.sqlite /app/database/
 COPY --chown=nginx:nginx ./infra/.env /app/.env
-COPY --chown=nginx:nginx ./infra/nginx/index.html /www/default/
-COPY --chown=nginx:nginx ./infra/php/healty.php /www/default/
 RUN chmod +x /app/artisan
 
 WORKDIR /app

Dockerfile-prod

@@ -39,8 +39,6 @@ RUN chmod +x /run/start.sh
 ADD --chown=nginx:nginx ./web /app
 ADD ./infra/db.sqlite /app/database/
 COPY --chown=nginx:nginx ./infra/.env-prod /app/.env
-COPY --chown=nginx:nginx ./infra/nginx/index.html /www/default/
-COPY --chown=nginx:nginx ./infra/php/healty.php /www/default/
 RUN chmod +x /app/artisan
 
 WORKDIR /app

Makefile

@@ -20,10 +20,11 @@ up-vm: build-vm
 		&& mkdir ./data/grafana/provisioning; \
 	fi
 	@make precommit
-	docker-compose --compatibility up -d
+	docker-compose --compatibility up -d bangunsite
 restart-vm:
-	docker-compose down && docker-compose up -d
-###	docker-compose logs -f
+	docker-compose down && docker-compose up -d bangunsite
+logs-vm:
+	docker-compose logs -f -n 100
 down-vm:
 	make clear-cache
 	docker-compose down --remove-orphans
@@ -59,3 +60,12 @@ precommit:
 
 force-composer:
 	cp infra/platform_check.php web/vendor/composer/
+
+setup-prod:
+	cp -r infra prod/
+	chmod +x web/artisan
+	sed -i "s#APP_KEY=.*#APP_KEY=${shell web/artisan app:generate-key}#g" ./prod/infra/.env-prod
+	docker build . --tag ${VMName}:latest --file Dockerfile-prod
+	docker save bangunsite:latest | gzip > prod/bangunsite.tar.gz
+	zip production.zip prod/*
+

infra/.env

@@ -1,6 +1,6 @@
 APP_NAME="BangunSite"
 APP_ENV=local
-APP_KEY=
+APP_KEY=base64:pwlvrVB/O+PzVADedKkAO3LQyuxe2nEBofpBvAXsBsc=
 APP_DEBUG=true
 APP_URL=http://localhost
 APP_VERSION="1.0.0@beta"

infra/.env-prod

@@ -5,9 +5,9 @@ APP_DEBUG=false
 APP_URL=http://localhost
 APP_VERSION="1.0.0"
 
-AUTH_ENABLE=false
+AUTH_ENABLE=true
 AUTH_USER=admin
-AUTH_PASS=admin
+AUTH_PASS=yourstrongpassword
 
 ENABLE_LOCKSCREEN=false
 LOCK_AFTER=300

infra/nginx/nginx.conf

@@ -33,7 +33,7 @@ http {
 		'' close;
 	}
 
-	log_format main 'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
+	log_format main 'host="$host" src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
 					'time_local="$time_local" status="$status" '
 					'bytes_out="$bytes_sent" bytes_in="$upstream_bytes_received" '
 					'http_referer="$http_referer" http_user_agent="$http_user_agent" '

infra/php/php.ini

@@ -852,7 +852,7 @@ file_uploads = On
 
 ; Maximum allowed size for uploaded files.
 ; https://php.net/upload-max-filesize
-upload_max_filesize = 2M
+upload_max_filesize = 8M
 
 ; Maximum number of files that can be uploaded via a single request
 max_file_uploads = 20

infra/php/www.conf

@@ -156,3 +156,5 @@ php_flag[display_errors] = off
 ;php_admin_value[error_log] = /var/log/php82/$pool.error.log
 ;php_admin_flag[log_errors] = on
 php_admin_value[memory_limit] = 64M
+php_admin_value[upload_max_filesize] = 8M
+php_admin_value[post_max_size] = 8M

infra/start.sh

@@ -14,9 +14,21 @@ if [ ! -d /var/log/php/ ]; then
     chown -R nginx: /var/log/php82
 fi
 
+if [ ! -f /www/default/index.html ]; then
+    @mkdir -p /www/default/
+    cp /app/storage/webconfig/index.html /www/default/ 
+    cp /app/storage/webconfig/healty.php /www/default/ 
+    @chown -R nginx:nginx /www/default/
+fi
+
 if [ ! -d /app/vendor ]; then
     composer update --no-cache --optimize-autoloader
     chown -R nginx: /app/vendor
 fi
 
+if [ ! -f /app/database/db.sqlite ]; then
+    touch /app/database/db.sqlite
+    cd /app && artisan migrate --force
+fi
+
 supervisord -n -c /etc/supervisord.conf

infra/supervisord.conf

@@ -48,15 +48,16 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 
 [program:bangunsite]
-command=/app/artisan serve --host=0.0.0.0 --port=8000
+# artisan serve not load custom ini config. So why not clone the serve class ?
+command=/app/artisan server --host=0.0.0.0 --port=8000
 autostart=true
 autorestart=true
 priority=15
-stdout_events_enabled=true
-stderr_events_enabled=true
-stdout_logfile=/dev/stdout
+stdout_events_enabled=false
+stderr_events_enabled=false
+stdout_logfile=/app/storage/logs/webapp.log
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
+stderr_logfile=/app/storage/logs/webapp.error.log
 stderr_logfile_maxbytes=0
 
 [program:crond]

prod/.gitignore

@@ -0,0 +1,4 @@
+*
+!docker-compose.yml
+!Makefile
+!.gitignore

prod/Makefile

@@ -0,0 +1,43 @@
+VMTag=bangunsite:latest
+VMName=bangunsite
+
+install:
+	@make up-vm
+	@make cp-db
+	@make migrate
+
+up-vm:
+	if [ -z `docker network ls -qf name=cloudflared_bangunsoft` ]; then docker network create -d bridge cloudflared_bangunsoft; fi
+	if [ ! -d ./data ]; then \
+		mkdir -p ./data/logs/nginx \
+		&& mkdir ./data/logs/php82 \
+		&& mkdir ./data/grafana/lib \
+		&& mkdir ./data/grafana/provisioning; \
+	fi
+	@make precommit
+	docker-compose --compatibility up -d bangunsite
+restart-vm: down
+	docker-compose up -d bangunsite
+logs-vm:
+	docker-compose logs -f -n 100
+down-vm:
+	docker-compose down --remove-orphans
+clear-cache:
+	docker exec -i ${VMName} artisan optimize:clear && \
+	docker exec -i ${VMName} artisan view:clear && \
+	docker exec -i ${VMName} artisan session:flush
+bash-vm:
+	docker exec -it ${VMName} bash
+sh-vm:
+	docker exec -it ${VMName} sh
+cp-db:
+	docker cp ./infra/db.sqlite ${VMName}:/app/database/db.sqlite
+migrate:
+	docker exec -i ${VMName} php artisan migrate
+
+force-composer:
+	cp infra/platform_check.php web/vendor/composer/
+
+setup-prod:
+	docker load < bangunsite.tar.gz
+

prod/docker-compose.yml

@@ -0,0 +1,96 @@
+version: '3'
+services:
+  bangunsite: 
+    image: bangunsite:latest
+    container_name: bangunsite
+    privileged: true
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8000:8000"
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f localhost:80/healty"]
+      interval: 1m
+      timeout: 30s
+      retries: 5
+      start_period: 30s
+    volumes:
+      # laravel
+      - ./infra/.env-prod:/app/.env:ro
+      #php
+      - ./infra/php/php.ini:/etc/php82/php.ini:ro
+      - ./infra/php/php-fpm.ini:/etc/php82/php-fpm.ini:ro
+      - ./infra/php/www.conf:/etc/php82/php-fpm.d/www.conf:ro
+      #nginx
+      - ./infra/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./infra/nginx/default.conf:/etc/nginx/http.d/default.conf:ro
+      #site
+      - ./data/www:/www:rw
+      - ./data/active.d:/app/storage/webconfig/active.d:rw
+      - ./data/site.d:/app/storage/webconfig/site.d:rw
+      - ./data/ssl:/app/storage/webconfig/ssl:rw
+    networks:
+      - bangunsite
+
+  grafana:
+    image: grafana/grafana
+    container_name: bangunsite-grafana
+    user: '0'
+    restart: always
+    depends_on:
+      - prometheus
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=yourstrongpassword
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/var/lib/grafana/dashboards/dashboard.json
+    volumes:
+      - ./data/grafana/lib:/var/lib/grafana:rw
+      - ./infra/grafana/dashboard.json:/var/lib/grafana/dashboards/dashboard.json
+      - ./infra/grafana/dashboard.yml:/etc/grafana/provisioning/dashboards/dashboard.yml
+      - ./infra/grafana/datasource.yml:/etc/grafana/provisioning/datasources/dashboard.yml
+    ports:
+    - '3000:3000'
+    networks:
+      - bangunsite
+
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: bangunsite-prometheus
+    restart: always
+    volumes:
+      - ./infra/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+    # ports:
+    #   - '9090:9090'
+    networks:
+      - bangunsite
+
+  node-exporter:
+    image: quay.io/prometheus/node-exporter:latest
+    container_name: bangunsite-node-exporter
+    restart: unless-stopped
+    depends_on:
+      - prometheus
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+      - /:/host:ro,rslave
+    command: 
+      - '--path.rootfs=/host'
+      - '--path.procfs=/host/proc' 
+      - '--path.sysfs=/host/sys'
+      - --collector.filesystem.ignored-mount-points
+      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
+    # ports:
+    #   - '9100:9100'
+    networks:
+      - bangunsite
+
+networks:
+  bangunsite:
+    external: true
+    name: cloudflared_bangunsoft

web/app/Console/Commands/GenerateKey.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Encryption\Encrypter;
+
+class GenerateKey extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'app:generate-key';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Command description';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        echo 'base64:'.base64_encode(
+            Encrypter::generateKey($this->laravel['config']['app.cipher'])
+        );
+    }
+}