Skip to content

Merge web and gateway images; split up server and celery; enable docker to be run as non-root #234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MarcelGeo merged 4 commits into from
Sep 24, 2024
Merged

Merge web and gateway images; split up server and celery; enable docker to be run as non-root #234

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4d6329f
Merge web and gateway images; split up server and celery; enable dock…
domfre May 28, 2024
3d79e5b
Add user home dir to server image
domfre Jun 21, 2024
c2db9e3
chore(server): replace flower dependency by celery=5.2.2 and kombu=5.2.2
hbollon Jun 24, 2024
50a6045
Address comments from Marcel Kocisek
domfre Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .prod.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,3 +160,7 @@ GLOBAL_STORAGE=10737418240
# GLOBAL_WRITE False

# GLOBAL_ADMIN False

# Gunicorn server socket

PORT=5000
14 changes: 14 additions & 0 deletions development.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,20 @@ yarn watch:lib:types
Watching the type definitions is also useful to pick up any changes to imports or new components that are added.


## Running locally in a docker composition

```shell
# Run the docker composition with the current Dockerfiles
docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d

# Give ownership of the ./projects folder to user that is running the gunicorn container
sudo chown 901:999 projects/

# init db and create user
docker exec -it merginmaps-server flask init-db
docker exec -it merginmaps-server flask user create admin topsecret --is-admin --email admin@example.com
```

## Running tests
To launch the unit tests run:
```shell
Expand Down
23 changes: 23 additions & 0 deletions docker-compose.dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
version: "3.7"

services:
server-gunicorn:
image: server-gunicorn
build:
context: ./server
dockerfile: Dockerfile
celery-beat:
image: celery-beat
build:
context: ./server
dockerfile: Dockerfile
celery-worker:
image: celery-worker
build:
context: ./server
dockerfile: Dockerfile
web:
image: merginmaps-frontend
build:
context: ./web-app
dockerfile: Dockerfile
32 changes: 28 additions & 4 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ services:
restart: always
networks:
- merginmaps
server:
server-gunicorn:
image: lutraconsulting/merginmaps-backend:2024.2.2
container_name: merginmaps-server
restart: always
Expand All @@ -32,24 +32,48 @@ services:
depends_on:
- db
- redis
command: [ "gunicorn --config config.py application:application" ]
networks:
- merginmaps
celery-beat:
image: lutraconsulting/merginmaps-backend:2024.2.2
container_name: celery-beat
env_file:
- .prod.env
depends_on:
- redis
- server-gunicorn
command: [ "celery -A application.celery beat --loglevel=info" ]
networks:
- merginmaps
celery-worker:
image: lutraconsulting/merginmaps-backend:2024.2.2
container_name: celery-worker
env_file:
- .prod.env
depends_on:
- redis
- server-gunicorn
- celery-beat
command: [ "celery -A application.celery worker --loglevel=info" ]
networks:
- merginmaps
web:
image: lutraconsulting/merginmaps-frontend:2024.2.2
container_name: merginmaps-web
restart: always
depends_on:
- server
- server-gunicorn
links:
- db
networks:
- merginmaps
proxy:
Copy link
Collaborator

@MarcelGeo MarcelGeo Jun 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for production is more reasonable to have gateway. Frontend is just one container in stack ...

Copy link

@danduk82 danduk82 Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MarcelGeo I actually disagree on this point, could we discuss it a bit (here or in a meet)? Having 2 nginx servers, one for routing and one for statically serving the webapp actually uses more ram (you need 2 containers), degrades (minimally) the services as an additional request is sent and processed by the second nginx, and makes the deployment on k8s more cumbersome.

Copy link
Collaborator

@varmar05 varmar05 Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it depends on deployment type, I know there are some users already using host nginx as both, proxy and for TLS termination. Also there are users using dockerized proxy as stated in current docker-compose example, so I am bit worried about such changes for inexperienced users.

I agree it could be merged and you guys can certainly do that for your k8s deployments but I would prefer here in public repo to keep is as is even if not optimal. We can instead maybe provide some optimization hints instead?

Copy link
Collaborator

@MarcelGeo MarcelGeo Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @varmar05 ... It should be useful to have volume for web-app (a.k.a dashboard) nginx config and upgrade It in custom deployment.

image: nginx
image: nginxinc/nginx-unprivileged:1.25.5
container_name: merginmaps-proxy
restart: always
ports:
- "8080:80"
- "8080:8080"
volumes:
- ./projects:/data # map data dir to host
- ./nginx.conf:/etc/nginx/conf.d/default.conf
Expand Down
4 changes: 2 additions & 2 deletions nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
server {
listen 80;
listen [::]:80;
listen 8080;
listen [::]:8080;
server_name _;

client_max_body_size 4G;
Expand Down
3 changes: 1 addition & 2 deletions server/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,8 @@ ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8

RUN pipenv install --system --deploy --verbose
RUN pip3 install flower==0.9.7

USER mergin

COPY ./entrypoint.sh .
ENTRYPOINT ["./entrypoint.sh"]
ENTRYPOINT ["/app/entrypoint.sh"]
2 changes: 0 additions & 2 deletions server/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@
)
sys.exit(1)

bind = "0.0.0.0:5000"

worker_class = "gevent"

workers = 2
Expand Down
4 changes: 1 addition & 3 deletions server/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,4 @@ umask 0027
# We store a base config in config.py and override things as needed
# using the environment variable GUNICORN_CMD_ARGS.

/bin/bash -c "celery -A application.celery beat --loglevel=info &"
/bin/bash -c "celery -A application.celery worker --loglevel=info &"
/bin/bash -c "gunicorn --config config.py application:application"
exec sh -c "$@"
2 changes: 1 addition & 1 deletion web-app/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ RUN yarn link:dependencies
RUN yarn build:all
RUN PUBLIC_PATH=/admin/ yarn build:all:admin

FROM nginx:alpine
FROM nginxinc/nginx-unprivileged:1.25.5
MAINTAINER Martin Varga "martin.varga@lutraconsulting.co.uk"
WORKDIR /usr/share/nginx/html
# client app
Expand Down