== Build == {{{ docker build -t offtopic/open-pod: . }}} == Deploy su zaphoda == O accediamo come root, o l'utente con cui fate ssh deve essere nel gruppo {{{docker}}}: {{{ docker save offtopic/open-pod: | ssh root@abbiamoundominio.org docker load }}} === Modificare la configurazione di nginx === Creare un certificato per {{{openpod.abbiamoundominio.org}}}. Per farlo ho spento {{{nginx}}} con {{{ systemctl stop nginx }}} e poi ho ottenuto il nuovo certificato {{{ certbot certonly --standalone -d openpod.abbiamoundominio.org }}} e riacceso {{{nginx}}} {{{ systemctl start nginx }}} Poi ho aggiunto il la seguente configurazione in {{{/etc/nginx/sites-available/openpod.abbiamoundominio.org.conf}}} {{{#!highlight nginx server { listen 80; server_name openpod.abbiamoundominio.org; access_log /var/log/nginx/openpod.abbiamoundominio.org-access.log; error_log /var/log/nginx/openpod.abbiamoundominio.org-error.log error; root /var/www/openpod.abbiamoundominio.org; location / { return 301 https://$server_name$request_uri; } include common/robots.conf; include common/letsencrypt.conf; } server { listen 443 ssl; server_name openpod.abbiamoundominio.org; access_log /var/log/nginx/openpod.abbiamoundominio.org-access.log; error_log /var/log/nginx/openpod.abbiamoundominio.org-error.log error; error_page 404 /404.html; include common/ssl.conf; ssl_certificate /etc/letsencrypt/live/openpod.abbiamoundominio.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/openpod.abbiamoundominio.org/privkey.pem; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # WebSocket settings proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 1h; } include common/robots.conf; include common/letsencrypt.conf; } }}} === Accendere il container docker === Con lo script messo in {{{/usr/local/bin/openpod}}} รจ possibile maneggiare il servizio: {{{ openpod start openpod logs -f openpod stop openpod replace }}} Lo script: {{{#!highlight bash #!/usr/bin/env bash function help_fun() { case ${1} in start) help_start_service ;; stop) help_stop_service ;; replace) help_replace_service ;; logs) help_logs ;; *) help_general ;; esac } function help_general() { cat << EOH openpod: Manage openpod service openpod [subcommand] [opts] subcommands: start stop logs help EOH } function help_start_service() { cat << EOH start [VERSION] EOH } function start_service() { local version if [ "z${1}" = "z" ]; then version=latest else version=${1} fi docker run \ -e APP_HOST=localhost \ -e APP_PORT=8080 \ -e SECRET_KEY_BASE="SWl0xVj8AVXoc2G0eUk6VfeOd/lppjkaKbiHWs4ucxAUJ8+wzAEa4bMo0ZVjtVVk" \ -p 8080:8080 \ --restart always \ --name openpod \ --detach \ offtopic/open-pod:${version} } function help_stop_service() { cat << EOH stop EOH } function stop_service() { docker stop openpod } function help_replace_service() { cat << EOH replace [VERSION] EOH } function replace_service() { docker stop openpod || true docker rm openpod || true start_service ${@} } function help_logs() { cat << EOH logs [OPTS] OPTS: all docker-logs options EOH } function logs() { docker logs ${@} openpod } function main() { case ${1} in start) shift start_service ${@} ;; stop) stop_service ;; replace) shift replace_service ${@} ;; logs) shift logs ${@} ;; help) help_fun ${2} exit 0 ;; -h|--help) help_general exit 0 ;; *) help_fun exit 1 ;; esac } main ${@} # vim: set ft=sh et sw=0 ts=2 sts=0: }}}