secrets, more config cleanups
This commit is contained in:
parent
6befed0a39
commit
735aea9021
|
@ -2,6 +2,9 @@ TYPE=funkwhale
|
||||||
DOMAIN={{ .Domain }}
|
DOMAIN={{ .Domain }}
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||||
|
|
||||||
# If you have any doubts about what a setting does,
|
# If you have any doubts about what a setting does,
|
||||||
# check https://docs.funkwhale.audio/configuration.html#configuration-reference
|
# check https://docs.funkwhale.audio/configuration.html#configuration-reference
|
||||||
|
|
||||||
|
|
12
compose.yml
12
compose.yml
|
@ -7,6 +7,7 @@ x-environment:
|
||||||
- CELERYD_CONCURRENCY
|
- CELERYD_CONCURRENCY
|
||||||
- C_FORCE_ROOT=true
|
- C_FORCE_ROOT=true
|
||||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||||
|
- DJANGO_SECRET_KEY_FILE=/run/secrets/django_secret_key
|
||||||
- DJANGO_SETTINGS_MODULE
|
- DJANGO_SETTINGS_MODULE
|
||||||
- DOMAIN
|
- DOMAIN
|
||||||
- FUNKWHALE_HOSTNAME
|
- FUNKWHALE_HOSTNAME
|
||||||
|
@ -15,6 +16,11 @@ x-environment:
|
||||||
- REVERSE_PROXY_TYPE
|
- REVERSE_PROXY_TYPE
|
||||||
- STACK_NAME
|
- STACK_NAME
|
||||||
|
|
||||||
|
x-secrets:
|
||||||
|
&default-sec:
|
||||||
|
- db_password
|
||||||
|
- django_secret_key
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: nginx:1.20.0
|
image: nginx:1.20.0
|
||||||
|
@ -45,6 +51,7 @@ services:
|
||||||
- redis
|
- redis
|
||||||
command: celery -A funkwhale_api.taskapp worker -l INFO
|
command: celery -A funkwhale_api.taskapp worker -l INFO
|
||||||
environment: *default-env
|
environment: *default-env
|
||||||
|
secrets: *default-sec
|
||||||
volumes:
|
volumes:
|
||||||
- music-data:/srv/funkwhale/data/music:ro
|
- music-data:/srv/funkwhale/data/music:ro
|
||||||
- media-data:/srv/funkwhale/data/media
|
- media-data:/srv/funkwhale/data/media
|
||||||
|
@ -54,6 +61,7 @@ services:
|
||||||
celerybeat:
|
celerybeat:
|
||||||
image: funkwhale/funkwhale:1.2
|
image: funkwhale/funkwhale:1.2
|
||||||
environment: *default-env
|
environment: *default-env
|
||||||
|
secrets: *default-sec
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
- redis
|
- redis
|
||||||
|
@ -64,12 +72,10 @@ services:
|
||||||
api:
|
api:
|
||||||
image: funkwhale/funkwhale:1.2
|
image: funkwhale/funkwhale:1.2
|
||||||
environment: *default-env
|
environment: *default-env
|
||||||
|
secrets: *default-sec
|
||||||
depends_on:
|
depends_on:
|
||||||
- postgres
|
- postgres
|
||||||
- redis
|
- redis
|
||||||
secrets:
|
|
||||||
- django_secret_key
|
|
||||||
- db_password
|
|
||||||
volumes:
|
volumes:
|
||||||
- music-data:/srv/funkwhale/data/music:ro
|
- music-data:/srv/funkwhale/data/music:ro
|
||||||
- media-data:/srv/funkwhale/data/media
|
- media-data:/srv/funkwhale/data/media
|
||||||
|
|
|
@ -26,7 +26,9 @@ file_env() {
|
||||||
}
|
}
|
||||||
|
|
||||||
file_env "DATABASE_PASSWORD"
|
file_env "DATABASE_PASSWORD"
|
||||||
export DATABASE_URL=postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale
|
export DATABASE_URL="postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale"
|
||||||
|
|
||||||
|
file_env "DJANGO_SECRET_KEY"
|
||||||
|
|
||||||
# upstream entrypoint
|
# upstream entrypoint
|
||||||
# https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/api/Dockerfile
|
# https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/api/Dockerfile
|
||||||
|
|
|
@ -93,7 +93,17 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
location /.well-known/ {
|
location /.well-known/ {
|
||||||
include /etc/nginx/funkwhale_proxy.conf;
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
proxy_redirect off;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
proxy_pass http://funkwhale-api/.well-known/;
|
proxy_pass http://funkwhale-api/.well-known/;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue