Add production settings for docker compose

CodeforNepal / nepalmap_app

An application that maps census and other official data for Nepal to make data more easily accessible and understandable to the public. Want to help us? Check out the Wiki.

https://nepalmap.org

MIT License

64 stars 42 forks source link

Add production settings for docker compose #225

Closed suvash closed 6 years ago

suvash commented 6 years ago

@cliftonmcintosh Starting a branch (and PR) for docker for production. Not quite done yet, just cleaned up some deprecated stuff. Also, a place to talk about all things docker-for-production until it works well.

Need to decide on some stuff before I can add more things. Will have to add one more compose file for production environment. Before that, I have a question for you. Right now, I used the names for environments to be dev, staging and prod, which isn't very consistent. Not sure if that bothers you much, but we could use one of the following

dev, stage, prod
development, staging, production Either works for me, let's decide on one. I'll add the production compose file accordingly. I think it'll be more or less the same as staging, so maybe I can DRY up some stuff there.

suvash commented 6 years ago

@cliftonmcintosh Let me know of the changes above. (I've also dropped a small comment on running Caddy without TLS/cert, for test purposes towards the end of the stage/prod compose file)

cliftonmcintosh commented 6 years ago

@suvash

Thank you for the updates. I will rebuild the staging server this evening with these updates. Assuming that goes well, we can then prepare a new production server in the same way. This will certainly help make our deployment process better.

suvash commented 6 years ago

@cliftonmcintosh One thing though. Don't run the prod environment for certificate generation before the DNS is properly resolving. If Caddy continuously hits the non-staging Let's Encrypt url and fails(because of DNS), you might be rate limited and not be able to generate certs for a week.

cliftonmcintosh commented 6 years ago

@suvash Thanks for the tip about not running

the prod environment certificate generation before the DNS is properly resolving.

I have a question. Does Caddy try to reach out to get a certificate for its domain immediately on startup or does it wait for the first request it receives? If it does it immediately on startup and fails, does it try again and again until we get shut out?

I'm just trying to think through the implications for switching the prod server.

suvash commented 6 years ago

Yes. Caddy tries to reach out to get a certificate immediately on startup if the tls option is enabled. You can follow the logs to see this. make tail-logs. If the cert generation fails, Caddy will exit. But, since the docker compose file always restart services that crash/exit for some reason, this will start Caddy again (and again)

What you can do is to switch off the TLS temporarily. You can do this by

turning off TLS in the Caddyfile. ( tls off )
port mapping 2015 to 80 in compose file. ( 0.0.0.0:80:2015, because 2015 is the default non-TLS port )
passing HOST_NAME to be 0.0.0.0

Once you see that the domain name resolves properly, you can revert the changes and use the certs.

suvash commented 6 years ago

Also, a note that the docker environment makes use of requirements.txt located at compose/web/ instead of the one located at the project root, and they don't exactly match up.