feat: overhaul config to utilize nginx-proxy, acme-champion and docke…

…r-gen imagesd

.github/workflows/main.yaml

@@ -77,7 +77,8 @@ jobs:
             echo 'export IMAGE_TAG="${{ env.IMAGE_TAG }}"' >> export-ecr
 
             source ~/.bash_profile
-            docker stop rumble
-            docker rm rumble
-            cd "${{ secrets.TARGET_DIR }}" && docker compose up -d
-            docker system prune -a
+            cd "${{ secrets.TARGET_DIR }}"
+            docker compose pull app
+            docker compose stop app
+            docker compose up -d app
+            docker system prune -af

docker-compose.yaml

@@ -26,6 +26,7 @@ services:
       - DJANGO_CSRF_TRUSTED_ORIGINS=${DJANGO_CSRF_TRUSTED_ORIGINS}
     depends_on:
       - db
+      - web-server
 
   db:
     image: postgres:15.1-alpine
@@ -45,36 +46,74 @@ services:
       retries: 5
 
   web-server:
-    build:
-      context: ./nginx
-      dockerfile: Dockerfile
-      args:
-        - IS_SSL_ACQUIRED=${IS_SSL_ACQUIRED}
+    image: nginx:1.25.4
     container_name: nginx
-    ports:
-      - "80:80"
-      - "443:443"
     environment:
       - APP_HOST=app
       - APP_PORT=8000
-      - SERVER_NAME=${SERVER_NAME}
-      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+      - VIRTUAL_HOST=${SERVER_NAME}
+      - LETSENCRYPT_HOST=${SERVER_NAME}
     volumes:
       - static-data:/app/staticfiles
       - media-data:/app/media
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
+      - ./nginx/proxy_params:/etc/nginx/proxy_params
+      - ./nginx/default.conf.template:/etc/nginx/templates/default.conf.template
+      - ./nginx/ssl-dhparams.pem:/etc/nginx/ssl-dhparams.pem
+      - ./nginx/options-ssl-nginx.conf:/etc/nginx/options-ssl-nginx.conf
     depends_on:
       - app
+      - nginx-proxy
+      - nginx-proxy-gen
+      - nginx-proxy-acme
+
+  nginx-proxy:
+    image: nginx
+    container_name: nginx-proxy
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - conf:/etc/nginx/conf.d
+      - vhost:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - certs:/etc/nginx/certs
 
-  certbot:
-    image: certbot/certbot:v2.9.0
-    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 24h & wait $${!}; done;'"
+  nginx-proxy-gen:
+    image: nginxproxy/docker-gen
+    container_name: nginx-proxy-gen
     volumes:
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
+      - ./nginx/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
+    depends_on:
+      - nginx-proxy
+    restart: always
+
+  nginx-proxy-acme:
+    image: nginxproxy/acme-companion
+    container_name: nginx-proxy-acme
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - acme:/etc/acme.sh
+    environment:
+      - NGINX_DOCKER_GEN_CONTAINER=nginx-proxy-gen
+      - DEFAULT_EMAIL=${CERTBOT_EMAIL}
+    depends_on:
+      - nginx-proxy
+      - nginx-proxy-gen
+    restart: always
 
 volumes:
   db-data:
   static-data:
   media-data:
+  conf:
+  vhost:
+  html:
+  certs:
+  acme:
+
+networks:
+  default:
+    name: nginx-proxy
+    external: true

nginx/default.conf.template

@@ -16,11 +16,8 @@ server {
     listen [::]:443 ssl http2;
     server_name ${SERVER_NAME};
 
-    ssl_certificate /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${SERVER_NAME}/privkey.pem;
-
-    include /options-ssl-nginx.conf;
-    ssl_dhparam /ssl-dhparams.pem;
+    include /etc/nginx/options-ssl-nginx.conf;
+    ssl_dhparam /etc/nginx/ssl-dhparams.pem;
 
     location /static {
         alias /app/staticfiles/;