Skip to content

Instantly share code, notes, and snippets.

@ashald

ashald/ghost.tf

Created March 16, 2017 03:59
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ashald/5435a566ce37f423404a7a5d96d18a26 to your computer and use it in GitHub Desktop.
Save ashald/5435a566ce37f423404a7a5d96d18a26 to your computer and use it in GitHub Desktop.
Download ZIP
Ghost in the Container
Raw
ghost.tf
variable "socket" {}
variable "BLOG_HOST" {}
variable "EMAIL_LETSENCRYPT" {}
variable "DOCKER_PREFIX" { default = "ghost" }
variable "image_letsencrypt" { default = "jrcs/letsencrypt-nginx-proxy-companion:v1.4" }
variable "image_nginx_proxy" { default = "jwilder/nginx-proxy:alpine" }
variable "image_ghost" { default = "ashald/alpine-ghost:hydrogen" }
# Configure Docker provider so Terraform knows how to talk to Docker
provider "docker" { host = "unix://${var.socket}" }
# Images
data "docker_registry_image" "letsencrypt" { name = "${var.image_letsencrypt}" }
resource "docker_image" "letsencrypt" { name = "${data.docker_registry_image.letsencrypt.name}" }
data "docker_registry_image" "ghost" { name = "${var.image_ghost}" }
resource "docker_image" "ghost" { name = "${data.docker_registry_image.ghost.name}" }
data "docker_registry_image" "nginx-proxy" { name = "${var.image_nginx_proxy}" }
resource "docker_image" "nginx-proxy" {
name = "${data.docker_registry_image.nginx-proxy.name}"
pull_triggers = ["${data.docker_registry_image.nginx-proxy.sha256_digest}"]
}
# Volumes
resource "docker_volume" "letsencrypt" { name = "${var.DOCKER_PREFIX}-letsencrypt" lifecycle {prevent_destroy = true} }
resource "docker_volume" "ghost-data" { name = "${var.DOCKER_PREFIX}-data" lifecycle {prevent_destroy = true} }
# Wiring Things Up
resource "docker_container" "nginx" {
name = "${var.DOCKER_PREFIX}-nginx"
image = "${docker_image.nginx-proxy.latest}"
restart = "unless-stopped"
entrypoint = ["/usr/sbin/nginx"]
upload { content = "client_max_body_size 100m;\n" file = "/etc/nginx/conf.d/client_max_body_size.conf" }
ports { internal = 80 external = 80 }
ports { internal = 443 external = 443 }
# nginx should be able to read certificates provided by letsencrypt
volumes { container_path = "/etc/nginx/certs" volume_name = "${docker_volume.letsencrypt.name}" read_only = true }
# Expose nginx config dirs as volumes so other containers can write there
volumes { container_path = "/etc/nginx/conf.d" }
volumes { container_path = "/etc/nginx/vhost.d" }
volumes { container_path = "/usr/share/nginx/html" }
}
resource "docker_container" "docker-gen" {
name = "${var.DOCKER_PREFIX}-docker-gen"
image = "${docker_image.nginx-proxy.latest}"
restart = "unless-stopped"
entrypoint = ["/usr/local/bin/docker-gen", "-notify-sighup", "${docker_container.nginx.name}", "-watch"]
command = ["/app/nginx.tmpl", "/etc/nginx/conf.d/default.conf"]
upload { content = "${sha256("${docker_container.nginx.id}")}" file = "/tmp/_" }
volumes { from_container = "${docker_container.nginx.name}" }
volumes { container_path = "/tmp/docker.sock" host_path = "/var/run/docker.sock" read_only = true }
}
resource "docker_container" "letsencrypt" {
name = "${var.DOCKER_PREFIX}-letsencrypt"
image = "${docker_image.letsencrypt.latest}"
restart = "unless-stopped"
env = [ "NGINX_DOCKER_GEN_CONTAINER=${docker_container.docker-gen.name}" ]
volumes { from_container = "${docker_container.docker-gen.name}" }
volumes { container_path = "/etc/nginx/certs" volume_name = "${docker_volume.letsencrypt.name}" }
volumes { container_path = "/var/run/docker.sock" host_path = "/var/run/docker.sock" read_only = true }
}
resource "docker_container" "ghost" {
name = "${var.DOCKER_PREFIX}-blog"
image = "${docker_image.ghost.latest}"
restart = "unless-stopped"
env = [
"VIRTUAL_HOST=${var.BLOG_HOST}",
"LETSENCRYPT_HOST=${var.BLOG_HOST}",
"LETSENCRYPT_EMAIL=${var.EMAIL_LETSENCRYPT}",
"GHOST_OPTIONS_url=\"https://${var.BLOG_HOST}\""
]
volumes { container_path = "/var/lib/ghost" volume_name = "${docker_volume.ghost-data.name}" }
}
Raw
guide.sh
# Setup an SSH tunnel to the remote host
$ ssh=$(mktemp -u)
$ docker=$(mktemp -u)
$ ssh -o "ControlMaster=auto" -o "ControlPersist=10m" -S ${ssh} -N -f -L${docker}:/var/run/docker.sock blog.example.com
# Setup Terraform variables
$ export TF_VAR_SOCKET=$docker
$ export TF_VAR_BLOG_HOST=blog.example.com
$ export TF_VAR_EMAIL_LETSENCRYPT=admin@blog.example.com
# Provision Ghost
$ terraform plan
$ terraform apply
# Terminate SSH tunnel
$ ssh -O exit -S ${ssh} blog.ashald.net
@amanjeev
Copy link

It kinda looks better if you remove the space around =.

module "gws"        {source="keys" dc="${var.dc}" path="${var.base}dtabs/shared/gws/"}
module "manual"     {source="keys" dc="${var.dc}" path="${var.base}dtabs/shared/manual/"}
module "resolvers"  {source="keys" dc="${var.dc}" path="${var.base}dtabs/shared/resolvers/"}
module "namespaces" {source="keys" dc="${var.dc}" path="${var.base}namespaces/"}```

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment