From d74fefa9c9965b1e7671ac94b48167e185f7e7d6 Mon Sep 17 00:00:00 2001 From: Hakan Ensari Date: Fri, 3 Nov 2017 21:32:30 +0000 Subject: [PATCH] Improve docker setup - Add .dockerignore - Use version 3 - Move wait_for_it.sh to docker-compose.yml - Persist db data - Use nginx-proxy - Use Letsencrypt in production - Rate limit in production --- .dockerignore | 11 +++++++++++ .env.sample | 4 ++++ Dockerfile | 2 +- docker-compose.override.yml | 9 +++++++++ docker-compose.prod.yml | 29 +++++++++++++++++++++++++++++ docker-compose.yml | 19 +++++++++++++------ limit_req.conf | 3 +++ 7 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 .dockerignore create mode 100644 .env.sample create mode 100644 docker-compose.override.yml create mode 100644 docker-compose.prod.yml create mode 100644 limit_req.conf diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c9952ed --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +.dockerignore +.git* +.pryrc +.ruby* +Dockerfile +LICENSE +Procfile +docker-compose*.yml +spec +*.md +*.yml diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..bf82387 --- /dev/null +++ b/.env.sample @@ -0,0 +1,4 @@ +LETSENCRYPT_EMAIL=jane@example.com +LETSENCRYPT_HOST=api.fixer.io +RACK_ENV=production +VIRTUAL_HOST=api.fixer.io diff --git a/Dockerfile b/Dockerfile index 40925e4..22a629d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,4 +6,4 @@ ADD Gemfile /app/Gemfile ADD Gemfile.lock /app/Gemfile.lock RUN bundle install --without development test ADD . /app -CMD ./wait-for-it.sh db:5432 -s -- unicorn -c /app/config/unicorn.rb +CMD unicorn -c ./config/unicorn.rb diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..82b9bf1 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,9 @@ +version: '3' +services: + web: + environment: + RACK_ENV: development + VIRTUAL_HOST: localhost + nginx-proxy: + ports: + - '8080:80' diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml new file mode 100644 index 0000000..6fc7765 --- /dev/null +++ b/docker-compose.prod.yml @@ -0,0 +1,29 @@ +version: '3' +services: + web: + env_file: .env + nginx-proxy: + labels: + - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true" + ports: + - "80:80" + - "443:443" + volumes: + - /etc/nginx/conf.d + - ./limit_req.conf:/etc/nginx/conf.d/limit_req.conf:ro + - certs:/etc/nginx/certs:ro + - html:/usr/share/nginx/html + - vhost.d:/etc/nginx/vhost.d + letsencrypt-nginx-proxy-companion: + image: jrcs/letsencrypt-nginx-proxy-companion + depends_on: + - nginx-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - certs:/etc/nginx/certs:rw + - html:/usr/share/nginx/html + - vhost.d:/etc/nginx/vhost.d +volumes: + certs: + html: + vhost.d: diff --git a/docker-compose.yml b/docker-compose.yml index c6b393a..327d682 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,15 +1,22 @@ -version: '2' +version: '3' services: db: image: postgres + volumes: + - data:/var/lib/postgresql/data web: build: . - volumes: - - .:/app - ports: - - 8080:8080 + command: unicorn -c ./config/unicorn.rb environment: - RACK_ENV: production DATABASE_URL: postgres://postgres@db/postgres + entrypoint: ./wait-for-it.sh db:5432 -s -- + expose: + - '8080' links: - db + nginx-proxy: + image: jwilder/nginx-proxy + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro +volumes: + data: diff --git a/limit_req.conf b/limit_req.conf new file mode 100644 index 0000000..5e5455c --- /dev/null +++ b/limit_req.conf @@ -0,0 +1,3 @@ +limit_req_zone $binary_remote_addr zone=api:10m rate=1r/s; +limit_req_status 429; +limit_req zone=api burst=50 nodelay;