New host setup (#78)

* Update docker-compose files for new host * New host setup: fix csrf error * Fix dbbackups environment variables
qgis · Apr 3, 2024 · e8b98bc · e8b98bc
1 parent 8e20d68
commit e8b98bc
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 18 deletions.
diff --git a/Makefile b/Makefile
@@ -88,6 +88,14 @@ start:
 	@echo "------------------------------------------------------------------"
 	@docker-compose -f docker-compose-production-ssl.yml up -d
 
+dbrestore:
+	@echo
+	@echo "------------------------------------------------------------------"
+	@echo "Restore dump from /backups/latest-qgisfeed.dmp and  /backups/latest-metabase.dmp in production mode"
+	@echo "------------------------------------------------------------------"
+	@docker-compose -f docker-compose-production-ssl.yml exec postgis su - postgres -c "pg_restore -c /backups/latest-qgisfeed.dmp -d qgisfeed"
+	@docker-compose -f docker-compose-production-ssl.yml exec postgis su - postgres -c "pg_restore -c /backups/latest-metabase.dmp -d metabase"
+
 updatemigrations:
 	@echo
 	@echo "------------------------------------------------------------------"

diff --git a/docker-compose-production-ssl.yml b/docker-compose-production-ssl.yml
@@ -3,7 +3,7 @@ version: "3.7"
 services:
 
   postgis:
-    image: kartoza/postgis:11.0-2.5
+    image: kartoza/postgis:16-3.4
     ports:
       - "5432"
     environment:
@@ -16,13 +16,15 @@ services:
         max-size: "200k"
         max-file: "10"
     restart: always
+    healthcheck:
+      test: "POSTGRES_PASS=$${QGISFEED_DOCKER_DBPASSWORD} pg_isready -h 127.0.0.1 -U ${QGISFEED_DOCKER_DBUSER} -d ${QGISFEED_DOCKER_DBNAME}"
     volumes:
       - ${QGISFEED_DOCKER_SHARED_VOLUME}:/var/lib/postgresql
     networks:
       internal:
 
   metabase:
-    image: metabase/metabase:v0.46.6.1
+    image: metabase/metabase:v0.49.0
     hostname: metabase-secrets
     volumes:
       - /dev/urandom:/dev/random:ro
@@ -47,7 +49,7 @@ services:
   qgisfeed:
     # Note you cannot scale if you use container_name
     container_name: qgisfeed
-    image: qgisfeed:production-1.3
+    image: qgisfeed:production
     build:
       context: .
       dockerfile: Dockerfile.production
@@ -68,7 +70,7 @@ services:
       - "8000"
     volumes:
       - ${QGISFEED_DOCKER_SHARED_VOLUME}:/shared-volume
-      - /home/web/qgis-feed:/code
+      - ../qgis-feed:/code
     depends_on:
       - postgis
     logging:
@@ -118,15 +120,17 @@ services:
       DUMPPREFIX: PG_QGIS_FEED
       POSTGRES_DATABASE: ${QGISFEED_DOCKER_DBNAME}
       POSTGRES_HOST: postgis
-      POSTGRES_PASSWORD: ${QGISFEED_DOCKER_DBPASSWORD}
+      POSTGRES_PASS: ${QGISFEED_DOCKER_DBPASSWORD}
       POSTGRES_PORT: '5432'
       POSTGRES_USER: ${QGISFEED_DOCKER_DBUSER}
     volumes:
-    - /mnt/backups/:/backups
-    links:
-    - postgis:postgis
-    command:
-    - /start.sh
+    - ${QGISFEED_BACKUP_VOLUME}:/backups
+    restart: on-failure
+    depends_on:
+      postgis:
+        condition: service_healthy
+    networks:
+      internal:
 
 networks:
     internal:

diff --git a/docker-compose-production.yml b/docker-compose-production.yml
@@ -16,14 +16,16 @@ services:
         max-size: "200k"
         max-file: "10"
     restart: always
+    healthcheck:
+      test: "POSTGRES_PASS=$${QGISFEED_DOCKER_DBPASSWORD} pg_isready -h 127.0.0.1 -U ${QGISFEED_DOCKER_DBUSER} -d ${QGISFEED_DOCKER_DBNAME}"
     volumes:
       - ${QGISFEED_DOCKER_SHARED_VOLUME}:/var/lib/postgresql
-      - ../qgis-feed:/code
+      - ${QGISFEED_BACKUP_VOLUME}:/backups
     networks:
       internal:
 
   metabase:
-    image: metabase/metabase:v0.46.6.1
+    image: metabase/metabase:v0.49.0
     hostname: metabase-secrets
     volumes:
       - /dev/urandom:/dev/random:ro
@@ -48,19 +50,28 @@ services:
   qgisfeed:
     # Note you cannot scale if you use container_name
     container_name: qgisfeed
-    image: xpirix/qgisfeed:production-1.4
+    image: qgisfeed:production
     build:
       context: .
       dockerfile: Dockerfile.production
     environment:
-      - QGISFEED_DOCKER_DBNAME
-      - QGISFEED_DOCKER_DBUSER
-      - QGISFEED_DOCKER_DBPASSWORD
+      QGISFEED_DOCKER_DBNAME: ${QGISFEED_DOCKER_DBNAME}
+      QGISFEED_DOCKER_DBUSER: ${QGISFEED_DOCKER_DBUSER}
+      QGISFEED_DOCKER_DBPASSWORD: ${QGISFEED_DOCKER_DBPASSWORD}
+      QGIS_FEED_PROD_URL: ${QGIS_FEED_PROD_URL}
+      QGISFEED_FROM_EMAIL: ${QGISFEED_FROM_EMAIL:-automation}
+      EMAIL_BACKEND: ${EMAIL_BACKEND}
+      EMAIL_HOST: ${EMAIL_HOST}
+      EMAIL_PORT: ${EMAIL_PORT}
+      EMAIL_USE_TLS: ${EMAIL_USE_TLS}
+      EMAIL_HOST_USER: ${EMAIL_HOST_USER:-automation}
+      EMAIL_HOST_PASSWORD: ${EMAIL_HOST_PASSWORD}
     command: /code/entrypoint_production.sh
     expose:
     - "8000"
     volumes:
       - ${QGISFEED_DOCKER_SHARED_VOLUME}:/shared-volume
+      - ../qgis-feed:/code
     depends_on:
       - postgis
     logging:
@@ -75,7 +86,7 @@ services:
   nginx:
     image: nginx:latest
     ports:
-    - "80:8000"
+    - "80:80"
     logging:
       driver: "json-file"
       options:
@@ -98,7 +109,7 @@ services:
       POSTGRES_PORT: '5432'
       POSTGRES_USER: ${QGISFEED_DOCKER_DBUSER}
     volumes:
-    - /mnt/backups/:/backups
+    - ${QGISFEED_BACKUP_VOLUME}:/backups
     restart: on-failure
     depends_on:
       postgis:

diff --git a/env.template b/env.template
@@ -6,6 +6,9 @@
 # the user from the Docker containers.
 QGISFEED_DOCKER_SHARED_VOLUME=/shared-volume
 
+# Backup Volume
+QGISFEED_BACKUP_VOLUME=/mnt/backups/
+
 # Number of Gunicorn workers (usually: number of cores * 2 + 1)
 QGISFEED_GUNICORN_WORKERS=4
 

diff --git a/settings_docker_production.py b/settings_docker_production.py
@@ -31,3 +31,7 @@
 # settings for enabling https forwarding
 USE_X_FORWARDED_PORT = True
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
+QGIS_FEED_PROD_URL = os.environ.get('QGIS_FEED_PROD_URL', False)
+CSRF_TRUSTED_ORIGINS = [p + QGIS_FEED_PROD_URL for p in ['http://', 'https://'] if QGIS_FEED_PROD_URL]
+CORS_ORIGIN_WHITELIST = CSRF_TRUSTED_ORIGINS