From b9febd67355f6d369f86a2fb8040abd475e7d944 Mon Sep 17 00:00:00 2001 From: Kevin Morris Date: Sun, 10 Oct 2021 00:39:47 +0000 Subject: [PATCH] Update Docker --- Docker.md | 92 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 83 insertions(+), 9 deletions(-) diff --git a/Docker.md b/Docker.md index c09f45b..dc4321a 100644 --- a/Docker.md +++ b/Docker.md @@ -4,6 +4,15 @@ AURWeb's Docker infrastructure is composed of a [Dockerfile](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/Dockerfile) and [docker-compose.yml Services](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/docker-compose.yml). +## Contents + +- [Services](#services) +- [Getting Started](#getting-started) +- [Development](#development) +- [Production](#production) + +## Services + | Service | Port | Profile | Purpose | |---------------|-------|---------|--------------------------------| | ca | | | Self-signed CA generation | @@ -42,13 +51,13 @@ To get started, you need to build the `aurweb:latest` Docker image by issuing th You can then `docker-compose (up|run)` any one of the services: - $ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test + $ docker-compose run test $ docker-compose up -d nginx Users will notice initially starting up a service can take some time, especially one with many dependencies. After the initial startup, however, users can run services again without much initialization: - $ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test # First run with no up'd services, takes a while. - $ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test # Starts instantly. + $ docker-compose run test # First run with no up'd services, takes a while. + $ docker-compose run test # Starts instantly. ## Continued Imaging @@ -64,7 +73,7 @@ The `ca` service will generate a `ca.root.pem` file in `$aurweb_path/cache`, whi Otherwise, users may also wish to run tests. Users can easily run tests by taking advantage of the `pytest-mysql`, `pytest-sqlite`, `sharness` and `test` services. -For an all in one testing strategy, the `test` service should be preferred, as it also runs linter checks which the aurweb project requires: flake8 and isort. This test is identical to GitLab CI's tests. +For an all in one testing strategy, the `test` service should be preferred, as it also runs linter hecks which the aurweb project requires: flake8 and isort. This test is identical to GitLab CI's tests. Our test suites also provide coverage data via a shared volume directory at `$aurwebdir/cache/`. After tests are complete, users can copy coverage data output by Docker into their local setup by executing `./util/fix-coverage ./cache/.coverage`. After this is done, users can continue on with standard coverage execution: @@ -79,12 +88,77 @@ Test services which provide coverage data: `pytest-mysql`, `pytest-sqlite`, and ## Production -For production, the `fastapi` (exposed on localhost:18000) and `php-fpm` (exposed on localhost:19000) services can be used to supply back-ends to a host instance of nginx. The `git` service (exposed on localhost:2222) should be used for a Docker-contained AUR sshd. +For production, the [docker-compose.prod.yml](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/docker-compose.prod.yml) should be used in unison with the standard `docker-compose.yml`: -These services will both share the `mariadb` service, which they depend on and will be started when starting higher services. + $ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d -`smartgit` is not yet supported for deployment through Docker, unless using our internal services with it. +This provides service overrides which mainly affect volume behavior. In +production, volumes will not be shared with docker from the host. -## Notes +The following services in particular are useful for production: -This wiki document is not as specific and complete as it could be and it will be improved over time. +- `mariadb` +- `git` +- `smartgit` +- `cgit-fastapi` (`fastapi` depends on) +- `redis` (`fastapi` depends on) +- `fastapi` +- `cgit-php` (`php-fpm` depends on) +- `memcached` (`php-fpm` depends on) +- `php-fpm` + +Note: To see exposed ports on the host, take a look at [Services](#services) at +the beginning of this document. + +Deployers will want to use an HTTP front-end like `nginx` which uses +Docker's `php-fpm` and/or `fastapi` services as a backend. + +Example: + + $ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d fastapi + $ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d php-fpm + $ cat /etc/nginx/conf.d/aur-fastapi.conf + server { + listen 443 ssl http2; + server_name aur-fastapi.domain.org; + + ssl_certificate /path/to/aur.cert.pem; + ssl_certificate_key /path/to/aur.key.pem; + + root /path/to/aurweb_root; + + location / { + try_files $uri @proxy_to_app; + } + + # Not yet accessible for production. + location ~ "^/([a-z0-9][a-z0-9.+_-]*?)(\.git)?/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$" { + include uwsgi_params; + uwsgi_pass smartgit; + uwsgi_modifier1 9; + uwsgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + uwsgi_param PATH_INFO /aur.git/$3; + uwsgi_param GIT_HTTP_EXPORT_ALL ""; + uwsgi_param GIT_NAMESPACE $1; + uwsgi_param GIT_PROJECT_ROOT /aurweb; + } + + # Not yet enabled for production. + location ~ ^/cgit { + include uwsgi_params; + rewrite ^/cgit/([^?/]+/[^?]*)?(?:\?(.*))?$ /cgit.cgi?url=$1&$2 last; + uwsgi_modifier1 9; + uwsgi_param CGIT_CONFIG /etc/cgitrc; + uwsgi_pass uwsgi://127.0.0.1:; + } + + location @proxy_to_app { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + proxy_buffering off; + proxy_pass https://127.0.0.1:18000; + } + + }