external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update Docker

Kevin Morris 2021-10-10 00:39:47 +00:00
parent 9363e1926c
commit b9febd6735
1 changed files with 83 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
Docker.md

@ -4,6 +4,15 @@
AURWeb's Docker infrastructure is composed of a [Dockerfile](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/Dockerfile) and [docker-compose.yml Services](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/docker-compose.yml).
## Contents
- [Services](#services)
- [Getting Started](#getting-started)
- [Development](#development)
- [Production](#production)
## Services
| Service | Port | Profile | Purpose |
|---------------|-------|---------|--------------------------------|
| ca | | | Self-signed CA generation |
@ -42,13 +51,13 @@ To get started, you need to build the `aurweb:latest` Docker image by issuing th
You can then `docker-compose (up|run)` any one of the services:
$ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test
$ docker-compose run test
$ docker-compose up -d nginx
Users will notice initially starting up a service can take some time, especially one with many dependencies. After the initial startup, however, users can run services again without much initialization:
$ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test # First run with no up'd services, takes a while.
$ docker-compose -f docker-compose.yml -f docker-compose.dev.yml --profile dev run test # Starts instantly.
$ docker-compose run test # First run with no up'd services, takes a while.
$ docker-compose run test # Starts instantly.
## Continued Imaging
@ -64,7 +73,7 @@ The `ca` service will generate a `ca.root.pem` file in `$aurweb_path/cache`, whi
Otherwise, users may also wish to run tests. Users can easily run tests by taking advantage of the `pytest-mysql`, `pytest-sqlite`, `sharness` and `test` services.
For an all in one testing strategy, the `test` service should be preferred, as it also runs linter checks which the aurweb project requires: flake8 and isort. This test is identical to GitLab CI's tests.
For an all in one testing strategy, the `test` service should be preferred, as it also runs linter hecks which the aurweb project requires: flake8 and isort. This test is identical to GitLab CI's tests.
Our test suites also provide coverage data via a shared volume directory at `$aurwebdir/cache/`. After tests are complete, users can copy coverage data output by Docker into their local setup by executing `./util/fix-coverage ./cache/.coverage`. After this is done, users can continue on with standard coverage execution:
@ -79,12 +88,77 @@ Test services which provide coverage data: `pytest-mysql`, `pytest-sqlite`, and
## Production
For production, the `fastapi` (exposed on localhost:18000) and `php-fpm` (exposed on localhost:19000) services can be used to supply back-ends to a host instance of nginx. The `git` service (exposed on localhost:2222) should be used for a Docker-contained AUR sshd.
For production, the [docker-compose.prod.yml](https://gitlab.archlinux.org/archlinux/aurweb/-/tree/pu/docker-compose.prod.yml) should be used in unison with the standard `docker-compose.yml`:
These services will both share the `mariadb` service, which they depend on and will be started when starting higher services.
$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d <service>
`smartgit` is not yet supported for deployment through Docker, unless using our internal services with it.
This provides service overrides which mainly affect volume behavior. In
production, volumes will not be shared with docker from the host.
## Notes
The following services in particular are useful for production:
This wiki document is not as specific and complete as it could be and it will be improved over time.
- `mariadb`
- `git`
- `smartgit`
- `cgit-fastapi` (`fastapi` depends on)
- `redis` (`fastapi` depends on)
- `fastapi`
- `cgit-php` (`php-fpm` depends on)
- `memcached` (`php-fpm` depends on)
- `php-fpm`
Note: To see exposed ports on the host, take a look at [Services](#services) at
the beginning of this document.
Deployers will want to use an HTTP front-end like `nginx` which uses
Docker's `php-fpm` and/or `fastapi` services as a backend.
Example:
$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d fastapi
$ docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d php-fpm
$ cat /etc/nginx/conf.d/aur-fastapi.conf
server {
listen 443 ssl http2;
server_name aur-fastapi.domain.org;
ssl_certificate /path/to/aur.cert.pem;
ssl_certificate_key /path/to/aur.key.pem;
root /path/to/aurweb_root;
location / {
try_files $uri @proxy_to_app;
}
# Not yet accessible for production.
location ~ "^/([a-z0-9][a-z0-9.+_-]*?)(\.git)?/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$" {
include uwsgi_params;
uwsgi_pass smartgit;
uwsgi_modifier1 9;
uwsgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
uwsgi_param PATH_INFO /aur.git/$3;
uwsgi_param GIT_HTTP_EXPORT_ALL "";
uwsgi_param GIT_NAMESPACE $1;
uwsgi_param GIT_PROJECT_ROOT /aurweb;
}
# Not yet enabled for production.
location ~ ^/cgit {
include uwsgi_params;
rewrite ^/cgit/([^?/]+/[^?]*)?(?:\?(.*))?$ /cgit.cgi?url=$1&$2 last;
uwsgi_modifier1 9;
uwsgi_param CGIT_CONFIG /etc/cgitrc;
uwsgi_pass uwsgi://127.0.0.1:<exposed_cgit_fastapi_port>;
}
location @proxy_to_app {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
proxy_pass https://127.0.0.1:18000;
}
}