From ea519a3f0b3c3bab26ecbc919b8e7f79fadb02be Mon Sep 17 00:00:00 2001 From: Toni000 Date: Wed, 25 Sep 2024 21:20:55 +0200 Subject: [PATCH 1/6] Add documentation for certificate renewal --- docs/deployment-process.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/docs/deployment-process.md b/docs/deployment-process.md index bdbea550..0af97699 100644 --- a/docs/deployment-process.md +++ b/docs/deployment-process.md @@ -32,4 +32,32 @@ The application is now deployed and the website should be accessible via http (` release and the containers restarted accordingly via [Watchtower](https://github.com/containrrr/watchtower). Note that this also means that it is currently not possible to have multiple Frontend instances deployed that talk to different backend instances. -To achieve that, the Frontend instances each need to be manually built and deployed with the correct environment variables. \ No newline at end of file +To achieve that, the Frontend instances each need to be manually built and deployed with the correct environment variables. + +## Renewing Certificates + +1. ssh into the server, e.g. `ssh manager@139.162.170.6 -i .ssh/bp_server` +2. free up port 80 by stopping website: `sudo docker-compose -f docker-compose.yml down` +3. run certbot: ` sudo certbot certonly --nginx -d klinik-dps.de -d www.klinik-dps.de` +4. kill nginx: `sudo pkill nginx` (yeah it's in a weird state at this point and needs to be killed that way, don't ask me why) +5. restart website: `sudo docker-compose -f docker-compose.yml up` + +If you run into problems: + +1. Check if port 80 is in use by something else: `netstat -antp` +2. Allow http in firewall if necessary: `firewall-cmd --permanent --add-service=http` and `firewall-cmd --reload` +3. Make sure nginx config is fine (should be located in `/etc/nginx/conf.d`): + +``` +server { + listen 80; + server_name klinik-dps.de www.klinik-dps.de; + + root /usr/share/nginx/html; # Base directory for web content + index index.html; + + location /.well-known/ { + try_files $uri $uri/ =404; + } +} +``` From 081177bce767edaeddbfc2a269cf4eebdc2e2aae Mon Sep 17 00:00:00 2001 From: Wolkenfarmer Date: Thu, 3 Oct 2024 16:55:05 +0200 Subject: [PATCH 2/6] #333: update artifact upload action for deploy workflow --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 73f1b403..8d2aa5d0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -54,7 +54,7 @@ jobs: cp backend/dps_training_k/deployment/nginx/nginx_deploy_prod.conf deployment_files/nginx.conf - name: Archive deployment files - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: deployment-files path: deployment_files/ From 57a822b48cecfe59ed32a28c3cc87e1efc9e8dcf Mon Sep 17 00:00:00 2001 From: Wolkenfarmer Date: Thu, 3 Oct 2024 17:29:05 +0200 Subject: [PATCH 3/6] #333: improve artifact upload during deployment workflow to include all files for dev and prod mode in a streamlined manner --- .github/workflows/ci-tests.yml | 1 + .github/workflows/deploy.yml | 10 ++++++---- docker-compose.dev.yml | 2 +- docker-compose.prod.yml | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index 6d543213..fff218ed 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -88,6 +88,7 @@ jobs: - name: Run docker containers with deploy dev configuration run: | + cp backend/dps_training_k/deployment/nginx/nginx_deploy_dev.conf ./nginx_dev.conf docker compose -f docker-compose.dev.yml up -d - name: Run integration tests diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8d2aa5d0..a173b801 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -48,10 +48,12 @@ jobs: - name: Prepare deployment files run: | mkdir deployment_files - cp docker-compose.prod.yml deployment_files/docker-compose.yml - cp ./.env.prod deployment_files/ - cp ./.env.dev deployment_files/ - cp backend/dps_training_k/deployment/nginx/nginx_deploy_prod.conf deployment_files/nginx.conf + cp docker-compose.prod.yml deployment_files/docker-compose.prod.yml + cp docker-compose.dev.yml deployment_files/docker-compose.dev.yml + cp ./.env.prod deployment_files/.env.prod + cp ./.env.dev deployment_files/.env.dev + cp backend/dps_training_k/deployment/nginx/nginx_deploy_prod.conf deployment_files/nginx_prod.conf + cp backend/dps_training_k/deployment/nginx/nginx_deploy_dev.conf deployment_files/nginx_dev.conf - name: Archive deployment files uses: actions/upload-artifact@v4 diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index eefdc242..b03aa911 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -84,7 +84,7 @@ services: - django volumes: - static_volume:/app/staticfiles - - ./backend/dps_training_k/deployment/nginx/nginx_deploy_dev.conf:/etc/nginx/conf.d/nginx.conf + - ./nginx_dev.conf:/etc/nginx/conf.d/nginx.conf ports: - "80:80" - "443:443" diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index dd2c7f59..d5969090 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -86,7 +86,7 @@ services: - static_volume:/app/staticfiles - /etc/letsencrypt/live/klinik-dps.de/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro - /etc/letsencrypt/live/klinik-dps.de/privkey.pem:/etc/nginx/ssl/privkey.pem:ro - - ./nginx.conf:/etc/nginx/conf.d/nginx.conf + - ./nginx_prod.conf:/etc/nginx/conf.d/nginx.conf ports: - "80:80" - "443:443" From 3f5fe1450a7e9c991f1eb23258d3012c8ee574b8 Mon Sep 17 00:00:00 2001 From: Wolkenfarmer Date: Thu, 3 Oct 2024 17:35:31 +0200 Subject: [PATCH 4/6] #333: update docker setup-buildx-action for GitHub workflows --- .github/workflows/ci-tests.yml | 6 +++--- .github/workflows/deploy.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index fff218ed..b7856326 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -12,7 +12,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build frontend Docker container run: | @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Build backend Docker containers run: | @@ -77,7 +77,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a173b801..6c2610b8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 From 218af5b428f5843f7ef54ede2602a536bc6e7b4e Mon Sep 17 00:00:00 2001 From: Wolkenfarmer Date: Thu, 3 Oct 2024 17:44:06 +0200 Subject: [PATCH 5/6] #333: fix env file upload to action artifacts --- .github/workflows/deploy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6c2610b8..81f1beb7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -50,8 +50,8 @@ jobs: mkdir deployment_files cp docker-compose.prod.yml deployment_files/docker-compose.prod.yml cp docker-compose.dev.yml deployment_files/docker-compose.dev.yml - cp ./.env.prod deployment_files/.env.prod - cp ./.env.dev deployment_files/.env.dev + cp .env.prod deployment_files/.env.prod + cp .env.dev deployment_files/.env.dev cp backend/dps_training_k/deployment/nginx/nginx_deploy_prod.conf deployment_files/nginx_prod.conf cp backend/dps_training_k/deployment/nginx/nginx_deploy_dev.conf deployment_files/nginx_dev.conf @@ -60,3 +60,4 @@ jobs: with: name: deployment-files path: deployment_files/ + include-hidden-files: true From c087d3a044bfff4ccac6b08d96bf55329e0be640 Mon Sep 17 00:00:00 2001 From: Wolkenfarmer Date: Thu, 3 Oct 2024 17:47:31 +0200 Subject: [PATCH 6/6] #333: minor doc fix --- docs/deployment-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment-process.md b/docs/deployment-process.md index bdbea550..34ac7c2f 100644 --- a/docs/deployment-process.md +++ b/docs/deployment-process.md @@ -25,7 +25,7 @@ docker login ghcr.io -u -p ``` 8. Run following commands to run the containers: ```bash -docker compose -f docker-compose..yml up --build +docker compose -f docker-compose..yml up ``` The application is now deployed and the website should be accessible via http (`dev`) or https (`prod`). The images will be automatically updated on each