Rework Docker Deployment and add frontend container

2022-06-28 13:55:54 +00:00 · 2022-06-28 13:55:54 +00:00 · d22a7fa57b
commit d22a7fa57b
parent d0a52a4c14
10 changed files with 73 additions and 32 deletions
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@ -58,7 +58,7 @@ services:

  api:
    restart: unless-stopped
-    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
+    image: funkwhale/api:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
@ -69,13 +69,12 @@ services:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
      - "${STATIC_ROOT}:${STATIC_ROOT}"
-      - "${FUNKWHALE_FRONTEND_PATH}:/frontend"
    ports:
      - "5000"

-  nginx:
+  front:
    restart: unless-stopped
-    image: nginx
+    image: funkwhale/front:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
@ -86,12 +85,15 @@ services:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
    volumes:
-      - "./nginx/funkwhale.template:/etc/nginx/conf.d/funkwhale.template:ro"
-      - "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
+      # Uncomment if you want to use your previous nginx config, please let us
+      # know what special configuration you need, so we can support it with out
+      # upstream nginx configuration!
+      #- "./nginx/funkwhale.template:/etc/nginx/conf.d/funkwhale.template:ro"
+      #- "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
+
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
      - "${STATIC_ROOT}:${STATIC_ROOT}:ro"
-      - "${FUNKWHALE_FRONTEND_PATH}:/frontend:ro"
    ports:
      # override those variables in your .env file if needed
      - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
--- a/deploy/docker.funkwhale_proxy.conf
+++ b/deploy/docker.funkwhale_proxy.conf
@ -1,19 +0,0 @@
-# use this one if you put the nginx container behind another proxy
-# you will have to set some headers on this proxy as well to ensure
-# everything works correctly, you can use the ones from the funkwhale_proxy.conf file
-# at https://dev.funkwhale.audio/funkwhale/funkwhale/blob/develop/deploy/funkwhale_proxy.conf
-# your proxy will also need to support websockets
-
-proxy_set_header Host $host;
-proxy_set_header X-Real-IP $remote_addr;
-
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
-proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
-proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
-proxy_redirect off;
-
-# websocket support
-proxy_http_version 1.1;
-proxy_set_header Upgrade $http_upgrade;
-proxy_set_header Connection $connection_upgrade;
--- a/deploy/docker.nginx.template
+++ b/deploy/docker.nginx.template
@ -1,111 +0,0 @@
-upstream funkwhale-api {
-    # depending on your setup, you may want to update this
-    server api:5000;
-}
-
-
-# required for websocket support
-map $http_upgrade $connection_upgrade {
-    default upgrade;
-    ''      close;
-}
-
-server {
-    listen 80;
-    server_name ${FUNKWHALE_HOSTNAME};
-
-    # TLS
-    # Feel free to use your own configuration for SSL here or simply remove the
-    # lines and move the configuration to the previous server block if you
-    # don't want to run funkwhale behind https (this is not recommended)
-    # have a look here for let's encrypt configuration:
-    # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
-
-    root /frontend;
-
-    # If you are using S3 to host your files, remember to add your S3 URL to the
-    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
-
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-    add_header Referrer-Policy "strict-origin-when-cross-origin";
-    add_header X-Frame-Options "SAMEORIGIN" always;
-
-    location / {
-        include /etc/nginx/funkwhale_proxy.conf;
-        # this is needed if you have file import via upload enabled
-        client_max_body_size ${NGINX_MAX_BODY_SIZE};
-        proxy_pass   http://funkwhale-api/;
-    }
-
-    location /front/ {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-        add_header Service-Worker-Allowed "/";
-        alias /frontend/;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    location = /front/embed.html {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-
-        add_header X-Frame-Options "" always;
-        alias /frontend/embed.html;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    location /federation/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/federation/;
-    }
-
-    # You can comment this if you do not plan to use the Subsonic API
-    location /rest/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/api/subsonic/rest/;
-    }
-
-    location /.well-known/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/.well-known/;
-    }
-
-    location /media/ {
-        alias ${MEDIA_ROOT}/;
-    }
-
-    # this is an internal location that is used to serve
-    # audio files once correct permission / authentication
-    # has been checked on API side
-    location /_protected/media/ {
-        internal;
-        alias   ${MEDIA_ROOT};
-
-    }
-    # Comment the previous location and uncomment this one if you're storing
-    # media files in a S3 bucket
-    # location ~ /_protected/media/(.+) {
-    #     internal;
-    #     # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
-    #     proxy_set_header Authorization "";
-    #     proxy_pass $1;
-    # }
-
-    location /_protected/music/ {
-        # this is an internal location that is used to serve
-        # audio files once correct permission / authentication
-        # has been checked on API side
-        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
-        internal;
-        alias   ${MUSIC_DIRECTORY_PATH};
-    }
-
-    location /staticfiles/ {
-        # django static files
-        alias ${STATIC_ROOT}/;
-    }
-}