ontrack
ontrack copied to clipboard
inoda
Add docker production configuration
Hi @inoda
I added configurations to run the server in production mode behind a proxy with docker as discussed in my previous PR.
@luketainton If you have time, would you mind doing another docker test on the changes in this PR?
@luketainton If you have time, would you mind doing another docker test on the changes in this PR?
Hey @salquier - sorry it's taken me a couple of days to do this. This looks good but the only issue I found was that the proxy dies if it can't find a certificate, but I guess that could be by design if this container is going to be internet facing.
ontrack-proxy | 20-envsubst-on-templates.sh: Running envsubst on /etc/nginx/templates/nginx.conf.template to /etc/nginx/conf.d/nginx.conf
ontrack-proxy | /docker-entrypoint.sh: Configuration complete; ready for start up
ontrack-proxy | 2020/10/17 11:14:29 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/localhost/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/localhost/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
ontrack-proxy | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/localhost/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/localhost/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
ontrack-proxy exited with code 1
In my personal setup I use Traefik as my frontend so I wouldn't use the proxy - I'd have Traefik go directly to the app container.
Other than that, this is really good :)
No problem @luketainton
Yeah, this is a known problem. As workaround you can create empty files but the best is to generate the certificates before running nginx.
I've done this as I usually do but I'll take a look at traefik to see if it can give a simpler configuration than with nginx.