Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure VPS docker environment #52

Open
5 of 6 tasks
Tracked by #51
allyharrison opened this issue Jan 11, 2025 · 2 comments · May be fixed by #106
Open
5 of 6 tasks
Tracked by #51

Configure VPS docker environment #52

allyharrison opened this issue Jan 11, 2025 · 2 comments · May be fixed by #106
Assignees
@allyharrison
Labels
infrastructure

Comments

@allyharrison
Copy link
Contributor

allyharrison commented Jan 11, 2025
edited
Loading

Basic Information

  • Configure Docker environment VPS: docker containers for ngnix, django, postgressSQL, watchtower (just copy settings from csf dockercompose_prod.yml)
  • Configure Django application on port 8000
  • Nginx reverse proxy
  • Postgres database
  • Watchtower (does auto updates)
  • Test container communication: to check for watchtower would probably have to push to main

Other Information

[Are there any additional information that we should know about?]
@allyharrison allyharrison mentioned this issue Jan 11, 2025
Open
5 tasks
@allyharrison allyharrison self-assigned this Jan 11, 2025
@github-actions GitHub Actions
Copy link

Branch issue-52-Configure_VPS_docker_environment created!

@ErikaKK ErikaKK added the backend Task must have a back end issue label Jan 11, 2025
@allyharrison allyharrison added infrastructure and removed backend Task must have a back end issue labels Jan 11, 2025
@torry2
Copy link
Contributor

torry2 commented Jan 24, 2025

we'll need to conduct some load testing to gauge how the backend handles concurrent users even with the proxy, in the case we just want to use cloudflare here is a quick script to configure iptables to allow/limit traffic to docker, then we can use ufw or similar (assuming a debian based box e.g digital ocean droplet)

#!/bin/bash

# Adapted from: https://forums.docker.com/t/restricting-external-container-access-with-iptables/2225/2
# Create a PRE_DOCKER table
iptables -N PRE_DOCKER

# Default action
iptables -I PRE_DOCKER -j DROP

# Docker Containers Public access
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I PRE_DOCKER -i eth0 -s $i -j ACCEPT; done

# Docker internal use
iptables -I PRE_DOCKER -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -I PRE_DOCKER -i docker0 ! -o docker0 -j ACCEPT
iptables -I PRE_DOCKER -m state --state RELATED -j ACCEPT
iptables -I PRE_DOCKER -i docker0 -o docker0 -j ACCEPT

# Finally insert the PRE_DOCKER table before the DOCKER table in the FORWARD chain.
iptables -I FORWARD -o docker0 -j PRE_DOCKER

netfilter-persistent save

@github-actions github-actions bot linked a pull request Feb 1, 2025 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@allyharrison allyharrison

Labels
infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 52 configure vps docker environment codersforcauses/wajo
3 participants
@allyharrison @ErikaKK @torry2