diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 10bd4a2..e0a6f06 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -40,8 +40,8 @@ jobs: - name: 🚀 Upload Artifacts uses: actions/upload-artifact@v3 with: - name: build - path: ./build/blog + name: prod-build + path: ./build/blog/prod # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ # /!\ only triggers on (push events AND NOT fork repos) OR manually triggered @@ -65,12 +65,12 @@ jobs: steps: - name: 🛠️ Setup build directory run: | - mkdir -p build/blog + mkdir -p build/blog/prod - name: 📥 Download build Artifacts uses: actions/download-artifact@v3 with: - name: build - path: build/blog + name: prod-build + path: build/blog/prod # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - name: 🔐 Create Key File @@ -88,7 +88,7 @@ jobs: # Upload the build to the remote server location: the volume shared by the nginx container serving http requests - name: 🚀 Upload run: | - rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog + rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod - name: ⏬ Remote git pull run: | diff --git a/README.md b/README.md index 855004a..c6d6892 100644 --- a/README.md +++ b/README.md @@ -70,11 +70,11 @@ docker compose run --rm certbot renew #### Deploy the website itself -Create the blog directory, **it must be writable by users that will write to it: you, builder target, CI user...** +Create the blog/prod directory, **it must be writable by users that will write to it: you, builder target, CI user...** ```sh -mkdir build/blog +mkdir -p build/blog/prod chmod -chmown +chown ``` > you should check first the consistency of the server name (iscsc.fr/localhost) in those files: `nginx.conf`, ... @@ -87,8 +87,7 @@ docker compose up --detach blog > Note: before the next step make sure that when cloning the repository you also updated the git submodule! -Then builds the static website, `./build/blog` is a volume shared with both containers so -building the website will automatically "update" it for nginx. +Then builds the static website, `./build/blog/prod` is a volume shared with both containers so building the website will automatically "update" it for nginx. ```sh docker compose up builder ``` diff --git a/docker-compose.yml b/docker-compose.yml index 85235eb..1fa6df1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,9 @@ services: - HUGO_ENVIRONMENT=production volumes: - ./src:/src:rw - - ./build/blog:/build/blog:rw + # The container is mode-agnostique: it always builds in /build/blog + # the volume shared on the host side determines where it should go + - ./build/blog/prod:/build/blog:rw blog: build: @@ -25,7 +27,10 @@ services: - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro - - ./build/blog:/blog:rw + # serves iscsc.fr ; + - ./build/blog/prod:/blog/prod:rw + # serves dev.iscsc.fr : + - ./build/blog/dev:/blog/dev:rw certbot: image: certbot/certbot:latest diff --git a/nginx.conf b/nginx.conf index d298048..1a90c3b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -17,7 +17,7 @@ http { listen 80; listen [::]:80; - server_name www.iscsc.fr iscsc.fr; + server_name dev.iscsc.fr www.iscsc.fr iscsc.fr; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -28,17 +28,41 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + server_name dev.iscsc.fr; + + ssl_certificate /etc/nginx/ssl/live/dev.iscsc.fr/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/dev.iscsc.fr/privkey.pem; + + root /blog/dev; #Absolute path to where your hugo site is + index index.html; # Hugo generates HTML + + location / { + try_files $uri $uri/ =404; + } + + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + server { listen 443 default_server ssl http2; listen [::]:443 ssl http2; - server_name www.iscsc.fr iscsc.fr; + server_name iscsc.fr; ssl_certificate /etc/nginx/ssl/live/iscsc.fr/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/iscsc.fr/privkey.pem; - root /blog; #Absolute path to where your hugo site is + root /blog/prod; #Absolute path to where your hugo site is index index.html; # Hugo generates HTML location / {