Closed suvash closed 6 years ago
@cliftonmcintosh Let me know of the changes above. (I've also dropped a small comment on running Caddy without TLS/cert, for test purposes towards the end of the stage/prod compose file)
@suvash
Thank you for the updates. I will rebuild the staging server this evening with these updates. Assuming that goes well, we can then prepare a new production server in the same way. This will certainly help make our deployment process better.
@cliftonmcintosh One thing though. Don't run the prod
environment for certificate generation before the DNS is properly resolving. If Caddy continuously hits the non-staging Let's Encrypt url and fails(because of DNS), you might be rate limited and not be able to generate certs for a week.
@suvash Thanks for the tip about not running
the
prod
environment certificate generation before the DNS is properly resolving.
I have a question. Does Caddy try to reach out to get a certificate for its domain immediately on startup or does it wait for the first request it receives? If it does it immediately on startup and fails, does it try again and again until we get shut out?
I'm just trying to think through the implications for switching the prod server.
Yes. Caddy tries to reach out to get a certificate immediately on startup if the tls option is enabled. You can follow the logs to see this. make tail-logs
.
If the cert generation fails, Caddy will exit. But, since the docker compose file always restart services that crash/exit for some reason, this will start Caddy again (and again)
What you can do is to switch off the TLS temporarily. You can do this by
tls off
)0.0.0.0:80:2015
, because 2015
is the default non-TLS port )passing HOST_NAME to be 0.0.0.0
Once you see that the domain name resolves properly, you can revert the changes and use the certs.
Also, a note that the docker environment makes use of requirements.txt
located at compose/web/
instead of the one located at the project root, and they don't exactly match up.
@cliftonmcintosh Starting a branch (and PR) for docker for production. Not quite done yet, just cleaned up some deprecated stuff. Also, a place to talk about all things docker-for-production until it works well.
Need to decide on some stuff before I can add more things. Will have to add one more compose file for production environment. Before that, I have a question for you. Right now, I used the names for environments to be
dev
,staging
andprod
, which isn't very consistent. Not sure if that bothers you much, but we could use one of the followingdev
,stage
,prod
development
,staging
,production
Either works for me, let's decide on one. I'll add the production compose file accordingly. I think it'll be more or less the same as staging, so maybe I can DRY up some stuff there.