Created
March 9, 2020 22:28
-
-
Save statico/f175db9cf23e3acf92b69514dd1eb13e to your computer and use it in GitHub Desktop.
Single server prototyping with docker-compose + nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "@admin/backend", | |
"version": "1.0.0", | |
"main": "index.js", | |
"license": "UNLICENSED", | |
"private": true, | |
"scripts": { | |
"start": "ts-node src/server.ts", | |
"watch": "nodemon -e ts,graphql -w . -w ../graphql --delay 1s -x ts-node src/server.ts", | |
"migrate": "ts-node ./node_modules/.bin/knex migrate:latest --knexfile knexfile.ts", | |
"rollback": "ts-node ./node_modules/.bin/knex migrate:rollback --knexfile knexfile.ts", | |
"createMigration": "ts-node ./node_modules/.bin/knex migrate:make --knexfile knexfile.ts" | |
}, | |
"dependencies": { | |
"apollo-server-express": "^2.9.1", | |
"cors": "^2.8.5", | |
"dataloader": "^1.4.0", | |
"express": "^4.0.0", | |
"graphql": "^14", | |
"knex": "^0.19.3", | |
"pg": "^7.12.1", | |
"ts-node": "8.3.0", | |
"typescript": "^3.6" | |
} | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# This usually lives in the home directory. | |
# | |
set -eo pipefail | |
path="$HOME/backups/$(date +'%Y%m%d_%H%M%S').sql.bz2" | |
mkdir -p "$HOME/backups" | |
# This command might need SSL options if you're using Google Cloud SQL, hence the quoted format. | |
nice pg_dump "host=xxx user=xxx password=xxx dbname=xxx" | bzip2 >$path | |
if [ -t 1 ]; then | |
echo "Wrote $path" | |
ls -lh "$path" | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3.7' | |
# This file assumes that | |
# (1) You have created a `.env` file with env vars | |
# (2) You've copied any SSL certs into an `ssl/` directory, which doesn't get checked in | |
services: | |
backend: | |
build: | |
context: . | |
target: backend | |
env_file: .env | |
ports: | |
- '4000:4000' | |
volumes: | |
- ~/exports:/exports | |
restart: always | |
frontend: | |
build: | |
context: . | |
target: frontend | |
env_file: .env | |
ports: | |
- '8080:8080' | |
restart: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Remember that additional env vars can be in a .env, which docker-compose | |
# uses when building the image. | |
FROM node:12.9.0-alpine AS base | |
VOLUME /usr/local/share/.cache/yarn | |
COPY ./ /app/ | |
WORKDIR /app/ | |
RUN npm install --silent --global yarn | |
RUN yarn install --pure-lockfile --non-interactive | |
FROM base AS frontend | |
ENV BACKEND_API_SERVER=https://server.mydomain.com:5000 | |
ENV NODE_ENV=production | |
WORKDIR /app/frontend/ | |
RUN yarn global add http-server | |
RUN yarn run build | |
EXPOSE 8080/tcp | |
CMD cd out && http-server | |
FROM base AS backend | |
ENV NODE_ENV=production | |
WORKDIR /app/backend/ | |
CMD yarn run start | |
EXPOSE 4000/tcp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server_tokens off; | |
# Redirect all HTTP to HTTPS | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
server_name _; | |
# Per https://cloud.google.com/monitoring/agent/plugins/nginx | |
location /nginx_status { | |
stub_status on; | |
access_log off; | |
allow 127.0.0.1; | |
deny all; | |
} | |
location / { | |
return 301 https://$host$request_uri; | |
} | |
} | |
# Admin Panel - Static frontend | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 http2; | |
server_name admin.example.com; | |
ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
location / { | |
proxy_pass http://127.0.0.1:8080; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
} | |
location /backups { | |
alias /home/example/backups; | |
autoindex on; | |
auth_basic "backups"; | |
auth_basic_user_file /etc/nginx/htpasswd; | |
} | |
location ^~ /.well-known/ { | |
root /var/www/html; | |
default_type text/plain; | |
auth_basic off; | |
allow all; | |
} | |
location ^~ /.well-known/acme-challenge/ { | |
default_type "text/plain"; | |
root /var/www/html; | |
} | |
} | |
# Admin Panel - API server | |
server { | |
listen 5000 ssl http2; | |
server_name admin.example.com; | |
ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem; | |
include /etc/letsencrypt/options-ssl-nginx.conf; | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
client_max_body_size 50M; | |
location / { | |
proxy_pass http://127.0.0.1:4000; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_read_timeout 500s; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "@admin/frontend", | |
"version": "1.0.0", | |
"license": "UNLICENSED", | |
"private": true, | |
"scripts": { | |
"dev": "next", | |
"build": "next build && next export" | |
}, | |
"dependencies": { | |
"next": "^9.0.5", | |
"react": "^16.9.0", | |
"react-dom": "^16.9.0" | |
} | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"private": true, | |
"workspaces": [ | |
"backend", | |
"frontend", | |
"common" | |
], | |
"dependencies": { | |
"typescript": "^3.6" | |
}, | |
"devDependencies": { | |
"husky": "^3.0.4", | |
"lint-staged": "^9.2.5", | |
"prettier": "^1.18.2" | |
}, | |
"husky": { | |
"hooks": { | |
"pre-commit": "tsc --noEmit && lint-staged" | |
} | |
}, | |
"lint-staged": { | |
"*.{js,json,css,md}": [ | |
"prettier --write", | |
"git add" | |
], | |
"*.{ts,tsx}": [ | |
"tslint --fix", | |
"prettier --write --parser=typescript", | |
"git add" | |
] | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# This usually lives in the home directory so I can run `ssh foo ./push` to push a build. | |
# | |
set -eo pipefail | |
cd ~/app | |
git pull | |
echo | |
echo "Current commit:" | |
git log --oneline -n1 --decorate | |
echo | |
echo "Backing up database..." | |
~/backup | |
docker-compose build | |
docker-compose down || true | |
docker-compose run backend yarn migrate | |
docker-compose up -d | |
echo | |
df -h . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment