-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
143 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1 @@ | ||
storage/ | ||
|
||
**/*.pem |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/sh | ||
|
||
rm -rf "/etc/letsencrypt/live/$1" | ||
|
||
comm="certbot certonly --webroot" | ||
comm="$comm --agree-tos -m $EMAIL" | ||
comm="$comm --cert-name $1" | ||
comm="$comm -w /tmp/certbot-acme" | ||
|
||
for domain in "$@" | ||
do | ||
comm="$comm -d $domain" | ||
done | ||
|
||
eval $comm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
The 01-init.sh script was made to be used with a dump obtained with this command: | ||
|
||
```bash | ||
pg_dump [connection params] --create --clean --no-acl --no-owner --file=/full/path/datachile_dump.custom datachile | ||
``` | ||
|
||
The `--file` parameter is the full path to where the data will be saved. | ||
The output file must be placed in this folder before running `docker-compose`. | ||
|
||
Alternatively, if there are no conflicts between usernames and permissions, you can export the whole database in a custom compressed format, made by postgres, using this command: | ||
|
||
```bash | ||
pg_dump [connection params] --format=c --file=/full/path/datachile_dump.custom datachile | ||
``` | ||
|
||
This command ignores all the other flags and creates an exact copy of the database. It's useful to have a backup of the production database too. |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,37 @@ | ||
# ============================================================================== | ||
# Initialize database | ||
# MAKE PERMANENT STORAGE FOLDERS | ||
sudo mkdir /datastore | ||
sudo mkdir /datastore/dumps | ||
sudo mkdir /datastore/postgres | ||
sudo mkdir /datastore/cache-mondrian | ||
sudo mkdir /datastore/cache-canon | ||
|
||
# ============================================================================== | ||
# INITIALIZE DATABASE | ||
# This will run the scripts inside db/init.d/ and restore the data and user. | ||
docker-compose run --rm db | ||
|
||
# ============================================================================== | ||
# Create fake certs | ||
# The nginx server won't run without these files, | ||
# so we have to make a few in the meantime. | ||
# CREATE FAKE CERTIFICATES | ||
# The nginx server won't run without the certificates, so we have to make a few | ||
# in the meantime. Input the root domain only. | ||
docker-compose run --rm --entrypoint sh \ | ||
certbot /make-certs.sh datachile.io es.datachile.io en.datachile.io static.datachile.io chilecube.datawheel.us | ||
certbot /fake-certs.sh prod.datachile.io | ||
|
||
# ============================================================================== | ||
# CREATE CONTAINERS | ||
# Let's make the containers this time. | ||
docker-compose up -d | ||
|
||
# ============================================================================== | ||
# GENERATE THE ACTUAL CERTIFICATES | ||
# Time to run certbot. | ||
# Input all the domains that will be handled; the first one must be | ||
# the root domain. | ||
docker-compose run --rm --entrypoint sh \ | ||
certbot /first-run.sh datachile.io es.datachile.io en.datachile.io static.datachile.io chilecube.datawheel.us | ||
certbot /real-certs.sh prod.datachile.io \ | ||
www.prod.datachile.io \ | ||
es.prod.datachile.io \ | ||
en.prod.datachile.io \ | ||
chilecube.prod.datachile.io \ | ||
static.prod.datachile.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
access_log off; | ||
error_log off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,24 +1,37 @@ | ||
server { | ||
server_name chilecube.datawheel.us; | ||
server_name chilecube.prod.datachile.io; | ||
listen 443 ssl http2; | ||
|
||
include snippets/ssl.conf; | ||
include snippets/ssl-chilecube.datawheel.us.conf; | ||
include ssl/prod.datachile.io; | ||
|
||
include snippets/acme.conf; | ||
|
||
location /ui { | ||
# sub_filter '<head>' '<head><script>window.__API_ENDPOINT__ = "https://chilecube.datawheel.us"; window.__SITE_TITLE__ = "DataChile"; </script>'; | ||
# sub_filter_once on; | ||
root /app/restui; | ||
try_files $uri $uri/index.html; | ||
} | ||
|
||
location / { | ||
access_log /var/log/nginx/access.log cached_log; | ||
|
||
# https://www.nginx.com/blog/nginx-caching-guide/ | ||
proxy_cache mondriancache; | ||
proxy_cache_background_update on; | ||
proxy_cache_lock on; | ||
proxy_cache_min_uses 2; | ||
proxy_cache_revalidate on; | ||
proxy_cache_use_stale error timeout updating | ||
http_500 http_502 http_503 http_504; | ||
proxy_cache_valid 200 302 60m; | ||
proxy_cache_valid 404 1m; | ||
|
||
proxy_pass http://mondrian:9292; | ||
|
||
proxy_set_header Host $host; | ||
|
||
proxy_set_header Host $host; | ||
proxy_set_header Proxy ""; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
|
||
add_header X-Proxy-Cache $upstream_cache_status; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.