From 68813f9453af409b9f9470f7cfe2efbd1c3a0175 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 5 Oct 2020 14:17:04 -0700
Subject: [PATCH 1/4] Nginx and certbot config for prod deploy

---
 nginx/Dockerfile                   |  4 --
 nginx/{nginx.conf => default.conf} |  0
 nginx/prod-default.conf            | 44 ++++++++++++++++++
 prod-docker-compose.yml            | 74 ++++++++++++++++++++++++++++++
 4 files changed, 118 insertions(+), 4 deletions(-)
 delete mode 100644 nginx/Dockerfile
 rename nginx/{nginx.conf => default.conf} (100%)
 create mode 100644 nginx/prod-default.conf
 create mode 100644 prod-docker-compose.yml

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
deleted file mode 100644
index 66074cf6..00000000
--- a/nginx/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM nginx:1.17.4-alpine
-
-RUN rm /etc/nginx/conf.d/default.conf
-COPY nginx.conf /etc/nginx/conf.d
diff --git a/nginx/nginx.conf b/nginx/default.conf
similarity index 100%
rename from nginx/nginx.conf
rename to nginx/default.conf
diff --git a/nginx/prod-default.conf b/nginx/prod-default.conf
new file mode 100644
index 00000000..079a7aaf
--- /dev/null
+++ b/nginx/prod-default.conf
@@ -0,0 +1,44 @@
+upstream web {
+    server web:8000;
+}
+
+server {
+    listen [::]:80;
+    listen 80;
+
+    server_name bookwyrm.social www.bookwyrm.social;
+
+    location ~ /.well-known/acme-challenge {
+        allow all;
+        root /var/www/certbot;
+    }
+
+    # redirect http to https www
+    return 301 https://www.bookwyrm.social$request_uri;
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+
+    server_name bookwyrm.social;
+
+    # SSL code
+    ssl_certificate /etc/nginx/ssl/live/bookwyrm.social/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/bookwyrm.social/privkey.pem;
+
+    location / {
+        proxy_pass http://web;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+    }
+
+    location /images/ {
+        alias /app/images/;
+    }
+
+    location /static/ {
+        alias /app/static/;
+    }
+}
diff --git a/prod-docker-compose.yml b/prod-docker-compose.yml
new file mode 100644
index 00000000..5f5ac9c6
--- /dev/null
+++ b/prod-docker-compose.yml
@@ -0,0 +1,74 @@
+version: '3'
+
+services:
+    nginx:
+        image: nginx:latest
+        ports:
+            - 80:80
+            - 443:443
+        depends_on:
+            - web
+        networks:
+            - main
+        volumes:
+            - ./nginx:/etc/nginx/conf.d
+            - ./certbot/conf:/etc/nginx/ssl
+            - ./certbot/data:/var/www/certbot
+            - static_volume:/app/static
+            - media_volume:/app/images
+    certbot:
+        image: certbot/certbot:latest
+        command: certonly --webroot --webroot-path=/var/www/certbot --email mouse.reeve@gmail.com --agree-tos --no-eff-email -d bookwyrm.social -d www.bookwyrm.social
+        volumes:
+            - ./certbot/conf:/etc/letsencrypt
+            - ./certbot/logs:/var/log/letsencrypt
+            - ./certbot/data:/var/www/certbot
+    db:
+        image: postgres
+        env_file: .env
+        volumes:
+          - pgdata:/var/lib/postgresql/data
+        networks:
+            - main
+    web:
+        build: .
+        command: python manage.py runserver 0.0.0.0:8000
+        volumes:
+            - .:/app
+            - static_volume:/app/static
+            - media_volume:/app/images
+        depends_on:
+            - db
+            - celery_worker
+        networks:
+            - main
+        ports:
+            - 8000:8000
+    redis:
+        image: redis
+        env_file: .env
+        ports:
+          - "6379:6379"
+        networks:
+            - main
+        restart: on-failure
+    celery_worker:
+        env_file: .env
+        build: .
+        networks:
+            - main
+        command: celery -A celerywyrm worker -l info
+        volumes:
+            - .:/app
+            - static_volume:/app/static
+            - media_volume:/app/images
+        depends_on:
+            - db
+            - redis
+        restart: on-failure
+volumes:
+    pgdata:
+    static_volume:
+    media_volume:
+networks:
+    main:

From e24eca7da0a8b49c22f2e650ce0cf918cf53d713 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 5 Oct 2020 14:22:37 -0700
Subject: [PATCH 2/4] Config files for prod deployment

---
 docker-compose.yml |  3 ++-
 nginx/default.conf | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 6f9dbdc2..d7c4ec3b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3'
 
 services:
     nginx:
-        build: ./nginx
+        image: nginx:latest
         ports:
             - 1333:80
         depends_on:
@@ -10,6 +10,7 @@ services:
         networks:
             - main
         volumes:
+            - ./nginx:/etc/nginx/conf.d
             - static_volume:/app/static
             - media_volume:/app/images
     db:
diff --git a/nginx/default.conf b/nginx/default.conf
index d3898287..396852e2 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -20,3 +20,46 @@ server {
         alias /app/static/;
     }
 }
+
+# PROD version
+#
+#server {
+#    listen [::]:80;
+#    listen 80;
+#
+#    server_name you-domain.com www.you-domain.com;
+#
+#    location ~ /.well-known/acme-challenge {
+#        allow all;
+#        root /var/www/certbot;
+#    }
+#
+#    # redirect http to https www
+#    return 301 https://www.you-domain.com$request_uri;
+#}
+#
+#server {
+#    listen [::]:443 ssl http2;
+#    listen 443 ssl http2;
+#
+#    server_name you-domain.com;
+#
+#    # SSL code
+#    ssl_certificate /etc/nginx/ssl/live/you-domain.com/fullchain.pem;
+#    ssl_certificate_key /etc/nginx/ssl/live/you-domain.com/privkey.pem;
+#
+#    location / {
+#        proxy_pass http://web;
+#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#        proxy_set_header Host $host;
+#        proxy_redirect off;
+#    }
+#
+#    location /images/ {
+#        alias /app/images/;
+#    }
+#
+#    location /static/ {
+#        alias /app/static/;
+#    }
+#}

From d29ed2746ab03424900e451bee7f8f5c44d752fb Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 5 Oct 2020 14:24:14 -0700
Subject: [PATCH 3/4] Removed old prod nginx conf

---
 nginx/prod-default.conf | 44 -----------------------------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 nginx/prod-default.conf

diff --git a/nginx/prod-default.conf b/nginx/prod-default.conf
deleted file mode 100644
index 079a7aaf..00000000
--- a/nginx/prod-default.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-upstream web {
-    server web:8000;
-}
-
-server {
-    listen [::]:80;
-    listen 80;
-
-    server_name bookwyrm.social www.bookwyrm.social;
-
-    location ~ /.well-known/acme-challenge {
-        allow all;
-        root /var/www/certbot;
-    }
-
-    # redirect http to https www
-    return 301 https://www.bookwyrm.social$request_uri;
-}
-
-server {
-    listen [::]:443 ssl http2;
-    listen 443 ssl http2;
-
-    server_name bookwyrm.social;
-
-    # SSL code
-    ssl_certificate /etc/nginx/ssl/live/bookwyrm.social/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/live/bookwyrm.social/privkey.pem;
-
-    location / {
-        proxy_pass http://web;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $host;
-        proxy_redirect off;
-    }
-
-    location /images/ {
-        alias /app/images/;
-    }
-
-    location /static/ {
-        alias /app/static/;
-    }
-}

From ba396f19a643de368c32df50d04ef2bb7faa6c01 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 5 Oct 2020 14:25:53 -0700
Subject: [PATCH 4/4] typos in example domain

---
 nginx/default.conf      | 10 +++++-----
 prod-docker-compose.yml |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/nginx/default.conf b/nginx/default.conf
index 396852e2..51165243 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -27,7 +27,7 @@ server {
 #    listen [::]:80;
 #    listen 80;
 #
-#    server_name you-domain.com www.you-domain.com;
+#    server_name your-domain.com www.your-domain.com;
 #
 #    location ~ /.well-known/acme-challenge {
 #        allow all;
@@ -35,18 +35,18 @@ server {
 #    }
 #
 #    # redirect http to https www
-#    return 301 https://www.you-domain.com$request_uri;
+#    return 301 https://www.your-domain.com$request_uri;
 #}
 #
 #server {
 #    listen [::]:443 ssl http2;
 #    listen 443 ssl http2;
 #
-#    server_name you-domain.com;
+#    server_name your-domain.com;
 #
 #    # SSL code
-#    ssl_certificate /etc/nginx/ssl/live/you-domain.com/fullchain.pem;
-#    ssl_certificate_key /etc/nginx/ssl/live/you-domain.com/privkey.pem;
+#    ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
+#    ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
 #
 #    location / {
 #        proxy_pass http://web;
diff --git a/prod-docker-compose.yml b/prod-docker-compose.yml
index 5f5ac9c6..0ace0df0 100644
--- a/prod-docker-compose.yml
+++ b/prod-docker-compose.yml
@@ -18,7 +18,7 @@ services:
             - media_volume:/app/images
     certbot:
         image: certbot/certbot:latest
-        command: certonly --webroot --webroot-path=/var/www/certbot --email mouse.reeve@gmail.com --agree-tos --no-eff-email -d bookwyrm.social -d www.bookwyrm.social
+        command: certonly --webroot --webroot-path=/var/www/certbot --email your-email@domain.com --agree-tos --no-eff-email -d your-domain.com -d www.your-domain.com
         volumes:
             - ./certbot/conf:/etc/letsencrypt
             - ./certbot/logs:/var/log/letsencrypt