Improve docker setup

- Add .dockerignore - Use version 3 - Move wait_for_it.sh to docker-compose.yml - Persist db data - Use nginx-proxy - Use Letsencrypt in production - Rate limit in production
2024-11-21 18:42:29 +01:00 · 2017-11-03 21:32:30 +00:00 · 2017-11-03 21:32:30 +00:00 · d74fefa9c9
commit d74fefa9c9
parent 7eb3055f0f
7 changed files with 70 additions and 7 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,11 @@
+.dockerignore
+.git*
+.pryrc
+.ruby*
+Dockerfile
+LICENSE
+Procfile
+docker-compose*.yml
+spec
+*.md
+*.yml
--- a/.env.sample
+++ b/.env.sample
@ -0,0 +1,4 @@
+LETSENCRYPT_EMAIL=jane@example.com
+LETSENCRYPT_HOST=api.fixer.io
+RACK_ENV=production
+VIRTUAL_HOST=api.fixer.io
--- a/2
+++ b/2
@ -6,4 +6,4 @@ ADD Gemfile /app/Gemfile
 ADD Gemfile.lock /app/Gemfile.lock
 RUN bundle install --without development test
 ADD . /app
-CMD ./wait-for-it.sh db:5432 -s -- unicorn -c /app/config/unicorn.rb
+CMD unicorn -c ./config/unicorn.rb
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@ -0,0 +1,9 @@
+version: '3'
+services:
+  web:
+    environment:
+      RACK_ENV: development
+      VIRTUAL_HOST: localhost
+  nginx-proxy:
+    ports:
+      - '8080:80'
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -0,0 +1,29 @@
+version: '3'
+services:
+  web:
+    env_file: .env
+  nginx-proxy:
+    labels:
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /etc/nginx/conf.d
+      - ./limit_req.conf:/etc/nginx/conf.d/limit_req.conf:ro
+      - certs:/etc/nginx/certs:ro
+      - html:/usr/share/nginx/html
+      - vhost.d:/etc/nginx/vhost.d
+  letsencrypt-nginx-proxy-companion:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    depends_on:
+      - nginx-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - certs:/etc/nginx/certs:rw
+      - html:/usr/share/nginx/html
+      - vhost.d:/etc/nginx/vhost.d
+volumes:
+  certs:
+  html:
+  vhost.d:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,15 +1,22 @@
-version: '2'
+version: '3'
 services:
  db:
    image: postgres
+    volumes:
+      - data:/var/lib/postgresql/data
  web:
    build: .
-    volumes:
-      - .:/app
-    ports:
-      - 8080:8080
+    command: unicorn -c ./config/unicorn.rb
    environment:
-      RACK_ENV: production
      DATABASE_URL: postgres://postgres@db/postgres
+    entrypoint: ./wait-for-it.sh db:5432 -s --
+    expose:
+      - '8080'
    links:
      - db
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+volumes:
+  data:
--- a/limit_req.conf
+++ b/limit_req.conf
@ -0,0 +1,3 @@
+limit_req_zone $binary_remote_addr zone=api:10m rate=1r/s;
+limit_req_status 429;
+limit_req zone=api burst=50 nodelay;