hackity hack hack
This commit is contained in:
parent
87af051569
commit
1bc48ef99d
27
abra.sh
27
abra.sh
|
@ -1,5 +1,5 @@
|
|||
export NGINX_CONFIG_VERSION=v1
|
||||
export APP_ENTRYPOINT_VERSION=v1
|
||||
export NGINX_CONFIG_VERSION=v7
|
||||
export APP_ENTRYPOINT_VERSION=v4
|
||||
|
||||
secrets() {
|
||||
docker context use default > /dev/null 2>&1
|
||||
|
@ -12,10 +12,33 @@ secrets() {
|
|||
|
||||
migrate(){
|
||||
# run against the "api" service
|
||||
|
||||
export DJANGO_SECRET_KEY=$(cat /run/secrets/django_secret_key)
|
||||
|
||||
DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
||||
export DATABASE_URL="postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale"
|
||||
|
||||
python manage.py migrate
|
||||
}
|
||||
|
||||
admin() {
|
||||
# run against the "api" service
|
||||
|
||||
export DJANGO_SECRET_KEY=$(cat /run/secrets/django_secret_key)
|
||||
|
||||
DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
||||
export DATABASE_URL="postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale"
|
||||
|
||||
python manage.py createsuperuser
|
||||
}
|
||||
|
||||
static() {
|
||||
# run against the "api" service
|
||||
|
||||
export DJANGO_SECRET_KEY=$(cat /run/secrets/django_secret_key)
|
||||
|
||||
DATABASE_PASSWORD=$(cat /run/secrets/db_password)
|
||||
export DATABASE_URL="postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale"
|
||||
|
||||
python manage.py collectstatic --no-input
|
||||
}
|
||||
|
|
48
compose.yml
48
compose.yml
|
@ -2,7 +2,7 @@
|
|||
version: "3.8"
|
||||
|
||||
x-environment: &default-env
|
||||
- CACHE_URL="redis://cache:6379/0"
|
||||
- CACHE_URL=redis://cache:6379/0
|
||||
- CELERYD_CONCURRENCY
|
||||
- C_FORCE_ROOT=true
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
|
@ -10,6 +10,7 @@ x-environment: &default-env
|
|||
- DJANGO_SETTINGS_MODULE
|
||||
- DOMAIN
|
||||
- FUNKWHALE_HOSTNAME
|
||||
- FUNKWHALE_SPA_HTML_ROOT=/srv/funkwhale/front/dist/
|
||||
- FUNKWHALE_WEB_WORKERS
|
||||
- LOGLEVEL
|
||||
- REVERSE_PROXY_TYPE
|
||||
|
@ -23,21 +24,24 @@ services:
|
|||
app:
|
||||
image: nginx:1.20.0
|
||||
environment: *default-env
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
configs:
|
||||
- source: nginx_config
|
||||
target: /etc/nginx/nginx.conf
|
||||
volumes:
|
||||
- music-data:/srv/funkwhale/data/music:ro
|
||||
- media-data:/srv/funkwhale/data/media
|
||||
- static-data:/srv/funkwhale/data/static
|
||||
- frontend-data:/src/funkwhale/front/dist:ro
|
||||
- frontend-data:/srv/funkwhale/front/dist:ro
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version="
|
||||
|
@ -45,11 +49,16 @@ services:
|
|||
celeryworker:
|
||||
image: funkwhale/funkwhale:1.2
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
command: celery -A funkwhale_api.taskapp worker -l INFO
|
||||
- db
|
||||
- cache
|
||||
environment: *default-env
|
||||
secrets: *default-secrets
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
command: celery -A funkwhale_api.taskapp worker -l INFO
|
||||
volumes:
|
||||
- music-data:/srv/funkwhale/data/music:ro
|
||||
- media-data:/srv/funkwhale/data/media
|
||||
|
@ -61,8 +70,13 @@ services:
|
|||
environment: *default-env
|
||||
secrets: *default-secrets
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
- db
|
||||
- cache
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
|
||||
networks:
|
||||
- internal
|
||||
|
@ -72,13 +86,19 @@ services:
|
|||
environment: *default-env
|
||||
secrets: *default-secrets
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
- db
|
||||
- cache
|
||||
volumes:
|
||||
- music-data:/srv/funkwhale/data/music:ro
|
||||
- media-data:/srv/funkwhale/data/media
|
||||
- static-data:/srv/funkwhale/data/static
|
||||
- frontend-data:/src/funkwhale/front/dist
|
||||
- frontend-data:/srv/funkwhale/front/dist
|
||||
configs:
|
||||
- source: app_entrypoint
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
command: /app/compose/django/server.sh
|
||||
networks:
|
||||
- internal
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
@ -32,4 +31,4 @@ file_env "DJANGO_SECRET_KEY"
|
|||
|
||||
# upstream entrypoint
|
||||
# https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/api/Dockerfile
|
||||
./compose/django/entrypoint.sh "$@"
|
||||
/app/compose/django/entrypoint.sh "$@"
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
user www-data;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
}
|
||||
|
||||
http {
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream funkwhale-api {
|
||||
server {{ env "STACK_NAME" }}_api:5000;
|
||||
}
|
||||
|
@ -12,7 +18,6 @@ http {
|
|||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ env "FUNKWHALE_HOSTNAME" }};
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
|
@ -71,6 +76,7 @@ http {
|
|||
add_header Pragma public;
|
||||
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||
}
|
||||
|
||||
location = /front/embed.html {
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
|
@ -83,12 +89,34 @@ http {
|
|||
}
|
||||
|
||||
location /federation/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://funkwhale-api/federation/;
|
||||
}
|
||||
|
||||
location /rest/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://funkwhale-api/api/subsonic/rest/;
|
||||
}
|
||||
|
||||
|
@ -104,6 +132,7 @@ http {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://funkwhale-api/.well-known/;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue