From 7a4bd08b506c1c20591c0cc01e0783b73019606d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Fri, 8 Mar 2024 15:31:25 +0100 Subject: [PATCH 1/8] =?UTF-8?q?=F0=9F=93=9D=20Add=20first=20version=20of?= =?UTF-8?q?=20deployment=20docs=20with=20Traefik?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deployment.md | 85 +++++++++++++++++++++++++++++++++----- docker-compose.traefik.yml | 77 ++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 11 deletions(-) create mode 100644 docker-compose.traefik.yml diff --git a/deployment.md b/deployment.md index f761b3687e..63bec89b70 100644 --- a/deployment.md +++ b/deployment.md @@ -1,25 +1,88 @@ # FastAPI Project - Deployment -You can deploy the using Docker Compose with a main Traefik proxy outside handling communication to the outside world and HTTPS certificates. +You can deploy the project using Docker Compose in a remote server. -And you can use CI (continuous integration) systems to do it automatically. +It expects you to have a main Traefik proxy handling communication to the outside world and HTTPS certificates. + +And you can use CI (continuous integration) systems to deploy automatically. But you have to configure a couple things first. -## Traefik network +## Preparation + +* Have a remote server ready and available. +* Configure the DNS records of your domain to point to the IP of the server you just created. +* Install and configure [Docker](https://docs.docker.com/engine/install/). +* Create a remote directory to store your code, for example: + +```bash +mkdir -p /root/code/fastapi-project/ +``` + +## Public Traefik + +We need a Traefik proxy to handle incoming connections and HTTPS certificates. + +### Traefik Docker Compose + +Copy the Traefik Docker Compose file to your server, to your code directory. You could do it with `rsync`: + +```bash +rsync -a docker-compose.traefik.yml root@your-server.example.com:/root/code/fastapi-project/ +``` + +### Traefik Public Network -This stack expects the public Traefik network to be named `traefik-public`. +This Traefik will expect a Docker "public network" named `traefik-public` to communicate with your stack(s). -If you need to use a different Traefik public network name, update it in the `docker-compose.yml` files, in the section: +This way, there will be a single public Traefik proxy that handles the communication (HTTP and HTTPS) with the outside world, and then behind that, you could have one or more stacks. -```YAML -networks: - traefik-public: - external: true +To create a Docker "public network" named `traefik-public` run: + +```bash +docker network create traefik-public ``` -Change `traefik-public` to the name of the used Traefik network. And then update it in the file `.env`: +### Traefik Environment Variables + +The Traefik Docker Compose file expects some environment variables to be set. + +Create the environment variables for HTTP Basic Auth. + +* Create the username, e.g.: + +```bash +export USERNAME=admin +``` + +* Create an environment variable with the password, e.g.: + +```bash +export PASSWORD=changethis +``` + +* Use openssl to generate the "hashed" version of the password and store it in an environment variable: + +```bash +export HASHED_PASSWORD=$(openssl passwd -apr1 $PASSWORD) +``` + +* Create an environment variable with the domain name, e.g.: + +```bash +export DOMAIN=fastapi-project.example.com +``` + +* Create an environment variable with the email for Let's Encrypt, e.g.: + +```bash +export EMAIL=admin@example.com +``` + +### Start the Traefik Docker Compose + +Now with the environment variables set and the `docker-compose.traefik.yml` in place, you can start the Traefik Docker Compose: ```bash -TRAEFIK_PUBLIC_NETWORK=traefik-public +docker compose -f docker-compose.traefik.yml up -d ``` diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml new file mode 100644 index 0000000000..1b4afc4056 --- /dev/null +++ b/docker-compose.traefik.yml @@ -0,0 +1,77 @@ +services: + traefik: + image: traefik:v2.3 + ports: + # Listen on port 80, default for HTTP, necessary to redirect to HTTPS + - 80:80 + # Listen on port 443, default for HTTPS + - 443:443 + restart: always + labels: + # Enable Traefik for this service, to make it available in the public network + - traefik.enable=true + # Define the port inside of the Docker service to use + - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080 + # Make Traefik use this domain (from an environment variable) in HTTP + - traefik.http.routers.traefik-dashboard-http.entrypoints=http + - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.${DOMAIN?Variable not set}`) + # Use the traefik-public network (declared below) + - traefik.docker.network=traefik-public + # traefik-https the actual router using HTTPS + - traefik.http.routers.traefik-dashboard-https.entrypoints=https + - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.${DOMAIN?Variable not set}`) + - traefik.http.routers.traefik-dashboard-https.tls=true + # Use the "le" (Let's Encrypt) resolver created below + - traefik.http.routers.traefik-dashboard-https.tls.certresolver=le + # Use the special Traefik service api@internal with the web UI/Dashboard + - traefik.http.routers.traefik-dashboard-https.service=api@internal + # https-redirect middleware to redirect HTTP to HTTPS + - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true + # traefik-http set up only to use the middleware to redirect to https + - traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect + # admin-auth middleware with HTTP Basic auth + # Using the environment variables USERNAME and HASHED_PASSWORD + - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set} + # Enable HTTP Basic auth, using the middleware created above + - traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth + volumes: + # Add Docker as a mounted volume, so that Traefik can read the labels of other services + - /var/run/docker.sock:/var/run/docker.sock:ro + # Mount the volume to store the certificates + - traefik-public-certificates:/certificates + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Create an entrypoint "http" listening on port 80 + - --entrypoints.http.address=:80 + # Create an entrypoint "https" listening on port 443 + - --entrypoints.https.address=:443 + # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL + - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set} + # Store the Let's Encrypt certificates in the mounted volume + - --certificatesresolvers.le.acme.storage=/certificates/acme.json + # Use the TLS Challenge for Let's Encrypt + - --certificatesresolvers.le.acme.tlschallenge=true + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + networks: + # Use the public network created to be shared between Traefik and + # any other service that needs to be publicly available with HTTPS + - traefik-public + +volumes: + # Create a volume to store the certificates, even if the container is recreated + traefik-public-certificates: + +networks: + # Use the previously created public network "traefik-public", shared with other + # services that need to be publicly available via this Traefik + traefik-public: + external: true From bf466074e18cb171fc9a67f00c0fa766fe851825 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 00:38:02 +0100 Subject: [PATCH 2/8] =?UTF-8?q?=F0=9F=94=A7=20Update=20Docker=20Compose=20?= =?UTF-8?q?override=20file?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 5a6de73d22..b037b27e86 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -2,6 +2,9 @@ version: "3.3" services: proxy: + image: traefik:v2.3 + volumes: + - /var/run/docker.sock:/var/run/docker.sock ports: - "80:80" - "8090:8080" @@ -11,9 +14,13 @@ services: - --providers.docker # Add a constraint to only use services with the label for this stack # from the env var TRAEFIK_TAG - - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`) + - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`) # Do not expose all Docker services, only the ones explicitly exposed - --providers.docker.exposedbydefault=false + # Create an entrypoint "http" listening on port 80 + - --entrypoints.http.address=:80 + # Create an entrypoint "https" listening on port 443 + - --entrypoints.https.address=:443 # Enable the access log, with HTTP requests - --accesslog # Enable the Traefik log, for configurations and errors @@ -23,8 +30,12 @@ services: # Enable the Dashboard and API in insecure mode for local development - --api.insecure=true labels: - - traefik.http.routers.${STACK_NAME?Variable not set}-traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`) - - traefik.http.services.${STACK_NAME?Variable not set}-traefik-public.loadbalancer.server.port=80 + # Enable Traefik for this service, to make it available in the public network + - traefik.enable=true + - traefik.constraint-label=traefik-public + # Dummy https-redirect middleware that doesn't really redirect, only to + # allow running it locally + - traefik.http.middlewares.https-redirect.contenttype.autodetect=false db: ports: @@ -72,6 +83,13 @@ services: args: INSTALL_DEV: ${INSTALL_DEV-true} + frontend: + build: + context: ./new-frontend + args: + - VITE_API_URL=http://${DOMAIN?Variable not set} + - NODE_ENV=development + networks: traefik-public: # For local dev, don't expect an external Traefik network From c4e066d04cc9542d25ec544ae0bfff71e1aa5646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:04:33 +0100 Subject: [PATCH 3/8] =?UTF-8?q?=F0=9F=94=A7=20Update=20Docker=20Compose=20?= =?UTF-8?q?files=20to=20use=20a=20single=20global=20Traefik?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.traefik.yml | 4 +- docker-compose.yml | 131 ++++++++++++++++--------------------- 2 files changed, 58 insertions(+), 77 deletions(-) diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index 1b4afc4056..3c918968c2 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -10,13 +10,13 @@ services: labels: # Enable Traefik for this service, to make it available in the public network - traefik.enable=true + # Use the traefik-public network (declared below) + - traefik.docker.network=traefik-public # Define the port inside of the Docker service to use - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080 # Make Traefik use this domain (from an environment variable) in HTTP - traefik.http.routers.traefik-dashboard-http.entrypoints=http - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.${DOMAIN?Variable not set}`) - # Use the traefik-public network (declared below) - - traefik.docker.network=traefik-public # traefik-https the actual router using HTTPS - traefik.http.routers.traefik-dashboard-https.entrypoints=https - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.${DOMAIN?Variable not set}`) diff --git a/docker-compose.yml b/docker-compose.yml index 6dc8c8d104..ea1d5310e9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,67 +1,5 @@ version: "3.3" services: - - proxy: - image: traefik:v2.3 - networks: - - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} - - default - volumes: - - /var/run/docker.sock:/var/run/docker.sock - command: - # Enable Docker in Traefik, so that it reads labels from Docker services - - --providers.docker - # Add a constraint to only use services with the label for this stack - # from the env var TRAEFIK_TAG - - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`) - # Do not expose all Docker services, only the ones explicitly exposed - - --providers.docker.exposedbydefault=false - # Enable the access log, with HTTP requests - - --accesslog - # Enable the Traefik log, for configurations and errors - - --log - # Enable the Dashboard and API - - --api - labels: - # Enable Traefik for this service, to make it available in the public network - - traefik.enable=true - # Use the traefik-public network (declared below) - - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} - # Use the custom label "traefik.constraint-label=traefik-public" - # This public Traefik will only use services with this label - - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} - # traefik-http set up only to use the middleware to redirect to https - - traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.scheme=https - - traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.permanent=true - # Handle host with and without "www" to redirect to only one of them - # Uses environment variable DOMAIN - # To disable www redirection remove the Host() you want to discard, here and - # below for HTTPS - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`) - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.entrypoints=http - # traefik-https the actual router using HTTPS - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`) - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.entrypoints=https - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls=true - # Use the "le" (Let's Encrypt) resolver created below - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls.certresolver=le - # Define the port inside of the Docker service to use - - traefik.http.services.${STACK_NAME?Variable not set}-proxy.loadbalancer.server.port=80 - # Handle domain with and without "www" to redirect to only one - # To disable www redirection remove the next line - - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.regex=^https?://(www.)?(${DOMAIN?Variable not set})/(.*) - # Redirect a domain with www to non-www - # To disable it remove the next line - - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.replacement=https://${DOMAIN?Variable not set}/$${3} - # Redirect a domain without www to www - # To enable it remove the previous line and uncomment the next - # - traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://www.${DOMAIN}/$${3} - # Middleware to redirect www, to disable it remove the next line - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.middlewares=${STACK_NAME?Variable not set}-www-redirect - # Middleware to redirect www, and redirect HTTP to HTTPS - # to disable www redirection remove the section: ${STACK_NAME?Variable not set}-www-redirect, - - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.middlewares=${STACK_NAME?Variable not set}-www-redirect,${STACK_NAME?Variable not set}-https-redirect - db: image: postgres:12 volumes: @@ -82,11 +20,11 @@ services: - .env labels: - traefik.enable=true - - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} - - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.rule=Host(`pgadmin.${DOMAIN?Variable not set}`) - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.entrypoints=http - - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.middlewares=${STACK_NAME?Variable not set}-https-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.middlewares=https-redirect - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.rule=Host(`pgadmin.${DOMAIN?Variable not set}`) - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.entrypoints=https - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.tls=true @@ -115,10 +53,10 @@ services: labels: - traefik.enable=true - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} - - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + - traefik.constraint-label=traefik-public - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.rule=Host(`flower.${DOMAIN?Variable not set}`) - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.entrypoints=http - - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.middlewares=${STACK_NAME?Variable not set}-https-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.middlewares=https-redirect - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.rule=Host(`flower.${DOMAIN?Variable not set}`) - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.entrypoints=https - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.tls=true @@ -127,6 +65,9 @@ services: backend: image: '${DOCKER_IMAGE_BACKEND?Variable not set}:${TAG-latest}' + networks: + - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - default depends_on: - db env_file: @@ -143,10 +84,21 @@ services: INSTALL_DEV: ${INSTALL_DEV-false} labels: - traefik.enable=true - - traefik.constraint-label-stack=${TRAEFIK_TAG?Variable not set} - - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.rule=PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`) + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.services.${STACK_NAME?Variable not set}-backend.loadbalancer.server.port=80 + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.rule=Host(`${DOMAIN?Variable not set}`, `www.${DOMAIN?Variable not set}`) && PathPrefix(`/api`, `/docs`, `/redoc`) + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.entrypoints=http + + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.rule=Host(`${DOMAIN?Variable not set}`, `www.${DOMAIN?Variable not set}`) && PathPrefix(`/api`, `/docs`, `/redoc`) + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.tls=true + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.tls.certresolver=le + + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.middlewares=https-redirect,${STACK_NAME?Variable not set}-www-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-backend-https.middlewares=${STACK_NAME?Variable not set}-www-redirect celeryworker: image: '${DOCKER_IMAGE_CELERYWORKER?Variable not set}:${TAG-latest}' depends_on: @@ -166,18 +118,47 @@ services: frontend: image: '${DOCKER_IMAGE_FRONTEND?Variable not set}:${TAG-latest}' + networks: + - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - default build: context: ./new-frontend - labels: - - traefik.enable=true - - traefik.constraint-label-stack=${TRAEFIK_TAG?Variable not set} - - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.rule=PathPrefix(`/`) - - traefik.http.services.${STACK_NAME?Variable not set}-frontend.loadbalancer.server.port=80 + args: + - VITE_API_URL=https://${DOMAIN?Variable not set} + - NODE_ENV=production + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + + - traefik.http.services.${STACK_NAME?Variable not set}-frontend.loadbalancer.server.port=80 + + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.rule=Host(`${DOMAIN?Variable not set}`, `www.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.entrypoints=http + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.rule=Host(`${DOMAIN?Variable not set}`, `www.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.tls=true + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.tls.certresolver=le + + # Handle domain with and without "www" to redirect to only one + # To disable www redirection remove the next line + - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.regex=^http(s)?://www.(${DOMAIN?Variable not set})/(.*) + # Redirect a domain with www to non-www + # To disable it remove the next line + - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.replacement=http$${1}://${DOMAIN?Variable not set}/$${3} + # Redirect a domain without www to www + # To enable it remove the previous line and uncomment the next + # - traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://www.${DOMAIN}/$${3} + # Middleware to redirect www, to disable it remove the next line + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-https.middlewares=${STACK_NAME?Variable not set}-www-redirect + # Middleware to redirect www, and redirect HTTP to HTTPS + # to disable www redirection remove the section: ${STACK_NAME?Variable not set}-www-redirect, + - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.middlewares=https-redirect,${STACK_NAME?Variable not set}-www-redirect volumes: app-db-data: networks: traefik-public: # Allow setting it to false for testing - external: ${TRAEFIK_PUBLIC_NETWORK_IS_EXTERNAL-true} + external: true From b0f7e7c2371f2b9f23d592d05c69b7e7adce435f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:05:20 +0100 Subject: [PATCH 4/8] =?UTF-8?q?=F0=9F=94=A7=20Update=20Dockerfile=20for=20?= =?UTF-8?q?frontend,=20use=20build=20arg=20to=20point=20to=20API=20URL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- new-frontend/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/new-frontend/Dockerfile b/new-frontend/Dockerfile index c676821937..126ed9f63d 100644 --- a/new-frontend/Dockerfile +++ b/new-frontend/Dockerfile @@ -1,5 +1,5 @@ # Stage 0, "build-stage", based on Node.js, to build and compile the frontend -FROM node:20 as build-stage +FROM node:20 as build-stage WORKDIR /app @@ -9,6 +9,8 @@ RUN npm install COPY ./ /app/ +ARG VITE_API_URL=${VITE_API_URL} + RUN npm run build From e774e35558d2440d528290f78304e4f18c857765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:05:47 +0100 Subject: [PATCH 5/8] =?UTF-8?q?=F0=9F=94=A7=20Remove=20Pydantic=20settings?= =?UTF-8?q?=20obsolete=20comment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/core/config.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/backend/app/core/config.py b/backend/app/core/config.py index 5341e0ad4d..8aeb7eef2a 100644 --- a/backend/app/core/config.py +++ b/backend/app/core/config.py @@ -17,9 +17,6 @@ class Settings(BaseSettings): # 60 minutes * 24 hours * 8 days = 8 days ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 * 8 SERVER_HOST: AnyHttpUrl - # BACKEND_CORS_ORIGINS is a JSON-formatted list of origins - # e.g: '["http://localhost", "http://localhost:4200", "http://localhost:3000", \ - # "http://localhost:8080", "http://local.dockertoolbox.tiangolo.com"]' BACKEND_CORS_ORIGINS: list[AnyHttpUrl] | str = [] @field_validator("BACKEND_CORS_ORIGINS", mode="before") From d78fe307b3caadbb6907d849780bab456856aa76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:27:29 +0100 Subject: [PATCH 6/8] =?UTF-8?q?=F0=9F=93=9D=20Update=20deployment=20docs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deployment.md | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/deployment.md b/deployment.md index 63bec89b70..2bf3a6ce00 100644 --- a/deployment.md +++ b/deployment.md @@ -2,7 +2,7 @@ You can deploy the project using Docker Compose in a remote server. -It expects you to have a main Traefik proxy handling communication to the outside world and HTTPS certificates. +It expects you to have a Traefik proxy handling communication to the outside world and HTTPS certificates. And you can use CI (continuous integration) systems to deploy automatically. @@ -86,3 +86,39 @@ Now with the environment variables set and the `docker-compose.traefik.yml` in p ```bash docker compose -f docker-compose.traefik.yml up -d ``` + +## Deploy the FastAPI Project + +Now that you have Traefik in place you can deploy your FastAPI project with Docker Compose. + +You could configure the variables in the `.env` file to match your domain, or you could override them before running the `docker compose` command. + +For example: + +```bash +export DOMAIN=fastapi-project.example.com +``` + +And then deploy with Docker Compose: + +```bash +docker compose -f docker-compose.yml up -d +``` + +For production you wouldn't want to have the overrides in `docker-compose.override.yml`, so you would need to explicitly specify the file to use, `docker-compose.yml`. + +## URLs + +Replace `fastapi-project.example.com` with your domain: + +Frontend: https://fastapi-project.example.com + +Backend API docs: https://fastapi-project.example.com/docs + +Backend API base URL: https://fastapi-project.example.com/api/ + +PGAdmin: https://pgadmin.fastapi-project.example.com + +Flower: https://flower.fastapi-project.example.com + +Traefik UI: https://traefik.fastapi-project.example.com From aaf83f050ab11be51afba5f1f00f55a473c14550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:31:28 +0100 Subject: [PATCH 7/8] =?UTF-8?q?=F0=9F=94=A5=20Simplify=20files,=20fix=20tr?= =?UTF-8?q?aefik-public=20network=20name=20and=20tag?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 5 ----- docker-compose.override.yml | 1 - docker-compose.yml | 10 +++++----- scripts/deploy.sh | 1 - 4 files changed, 5 insertions(+), 12 deletions(-) diff --git a/.env b/.env index d9ac634cb4..aff6953a4d 100644 --- a/.env +++ b/.env @@ -38,11 +38,6 @@ SENTRY_DSN= # Flower FLOWER_BASIC_AUTH= -# Traefik -TRAEFIK_PUBLIC_NETWORK=traefik-public -TRAEFIK_TAG=traefik -TRAEFIK_PUBLIC_TAG=traefik-public - # Configure these with your own Docker registry images DOCKER_IMAGE_BACKEND=backend DOCKER_IMAGE_CELERYWORKER=celery diff --git a/docker-compose.override.yml b/docker-compose.override.yml index b037b27e86..a28ceedf2d 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -13,7 +13,6 @@ services: # Enable Docker in Traefik, so that it reads labels from Docker services - --providers.docker # Add a constraint to only use services with the label for this stack - # from the env var TRAEFIK_TAG - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`) # Do not expose all Docker services, only the ones explicitly exposed - --providers.docker.exposedbydefault=false diff --git a/docker-compose.yml b/docker-compose.yml index ea1d5310e9..27d60cead6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ services: pgadmin: image: dpage/pgadmin4 networks: - - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik-public - default depends_on: - db @@ -41,7 +41,7 @@ services: flower: image: mher/flower:0.9.7 networks: - - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik-public - default env_file: - .env @@ -52,7 +52,7 @@ services: # - "--broker_api=http://guest:guest@queue:15672/api//" labels: - traefik.enable=true - - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik.docker.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.rule=Host(`flower.${DOMAIN?Variable not set}`) - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.entrypoints=http @@ -66,7 +66,7 @@ services: backend: image: '${DOCKER_IMAGE_BACKEND?Variable not set}:${TAG-latest}' networks: - - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik-public - default depends_on: - db @@ -119,7 +119,7 @@ services: frontend: image: '${DOCKER_IMAGE_FRONTEND?Variable not set}:${TAG-latest}' networks: - - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik-public - default build: context: ./new-frontend diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 55a86ee94c..99faa96bf7 100644 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -4,7 +4,6 @@ set -e DOMAIN=${DOMAIN?Variable not set} \ -TRAEFIK_TAG=${TRAEFIK_TAG?Variable not set} \ STACK_NAME=${STACK_NAME?Variable not set} \ TAG=${TAG?Variable not set} \ docker-compose \ From df84328f7a3e8952ae39148b94c6a71111107079 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sat, 9 Mar 2024 01:35:47 +0100 Subject: [PATCH 8/8] =?UTF-8?q?=F0=9F=94=A7=20Update=20Docker=20Compose=20?= =?UTF-8?q?override=20file=20for=20new=20frontend?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.override.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index a28ceedf2d..248c597010 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -84,7 +84,7 @@ services: frontend: build: - context: ./new-frontend + context: ./frontend args: - VITE_API_URL=http://${DOMAIN?Variable not set} - NODE_ENV=development