Compare commits
No commits in common. "cfb9970c26e488da1304e6496d58daf1501814ed" and "e74a28b0a8662d2c71a4cf652184897dd6951777" have entirely different histories.
cfb9970c26
...
e74a28b0a8
36
README.md
36
README.md
@ -40,10 +40,6 @@ The following settings are required to be adapted:
|
|||||||
- `DJANGO_SECRET_KEY`: Provide a secret, and randomly generated key. Do not share this with anybody!
|
- `DJANGO_SECRET_KEY`: Provide a secret, and randomly generated key. Do not share this with anybody!
|
||||||
- `DJANGO_ALLOWED_HOST`: Set this to the domain, the application will be reached at. E.g: `lab.example.com`
|
- `DJANGO_ALLOWED_HOST`: Set this to the domain, the application will be reached at. E.g: `lab.example.com`
|
||||||
- `DJANGO_MEDIA_URL`: Set this to the media URL at which your webserver serves the `DJANGO_MEDIA_VOL` diretory. E.g: `media.lab.example.com/` Note the **slash at the end**. It is important.
|
- `DJANGO_MEDIA_URL`: Set this to the media URL at which your webserver serves the `DJANGO_MEDIA_VOL` diretory. E.g: `media.lab.example.com/` Note the **slash at the end**. It is important.
|
||||||
- `DJANGO_USER_ID`: The user ID to run the application inside the docker container. This is the user id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`. Make sure the user has access.
|
|
||||||
- `DJANGO_USER_GID`: The group ID to run the application inside the docker container. This is the group id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`.
|
|
||||||
|
|
||||||
> Note: It is not recommended to run the docker container without a set `DJANGO_USER_ID` and `DJANGO_USER_GID`. It will default to `0 (root)`.
|
|
||||||
|
|
||||||
Once the environment is set up, the docker containers can be built and started. Run
|
Once the environment is set up, the docker containers can be built and started. Run
|
||||||
```
|
```
|
||||||
@ -100,18 +96,18 @@ server {
|
|||||||
|
|
||||||
# Reverse Proxy for application
|
# Reverse Proxy for application
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
http2 on;
|
http2 on;
|
||||||
|
|
||||||
|
|
||||||
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
||||||
######################################################################################
|
######################################################################################
|
||||||
# listen 443 quic reuseport;
|
# listen 443 quic reuseport;
|
||||||
# listen [::]:443 quic reuseport;
|
# listen [::]:443 quic reuseport;
|
||||||
# Enable QUIC and HTTP/3
|
# Enable QUIC and HTTP/3
|
||||||
# ssl_early_data on;
|
# ssl_early_data on;
|
||||||
# add_header Alt-Svc 'h3=":443"; ma=86400';
|
# add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||||
#######################################################################################
|
#######################################################################################
|
||||||
|
|
||||||
server_name lab.example.com; # Adapt domain
|
server_name lab.example.com; # Adapt domain
|
||||||
@ -150,7 +146,7 @@ server {
|
|||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
||||||
######################################################################################
|
######################################################################################
|
||||||
# listen 443 quic reuseport;
|
# listen 443 quic reuseport;
|
||||||
# listen [::]:443 quic reuseport;
|
# listen [::]:443 quic reuseport;
|
||||||
@ -162,15 +158,15 @@ server {
|
|||||||
|
|
||||||
server_name media.lab.example.com; # Adapt according to DJANGO_MEDIA_URL
|
server_name media.lab.example.com; # Adapt according to DJANGO_MEDIA_URL
|
||||||
|
|
||||||
# Use letsencrypt as SSL certificate provider.
|
# Use letsencrypt as SSL certificate provider.
|
||||||
ssl_certificate /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
|
||||||
|
|
||||||
ssl_protocols TLSv1.3;
|
ssl_protocols TLSv1.3;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
ssl_session_cache shared:SSL:1m;
|
ssl_session_cache shared:SSL:1m;
|
||||||
ssl_ession_timeout 5m;
|
ssl_session_timeout 5m;
|
||||||
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
error_page 502 /lab_down.html;
|
error_page 502 /lab_down.html;
|
||||||
|
@ -5,7 +5,7 @@ services:
|
|||||||
shimatta-kenkyusho-web:
|
shimatta-kenkyusho-web:
|
||||||
<<: *restart_policy
|
<<: *restart_policy
|
||||||
build: .
|
build: .
|
||||||
user: "${DJANGO_USER_ID:-0}:${DJANGO_USER_GID:-0}"
|
user: "${DJANGO_USER_ID}:${DJANGO_USER_GID}"
|
||||||
volumes:
|
volumes:
|
||||||
- "${DJANGO_STATIC_VOL:-./run/static}:/var/static"
|
- "${DJANGO_STATIC_VOL:-./run/static}:/var/static"
|
||||||
- "${DJANGO_MEDIA_VOL:-./run/media}:/var/media"
|
- "${DJANGO_MEDIA_VOL:-./run/media}:/var/media"
|
||||||
|
Loading…
Reference in New Issue
Block a user