diff --git a/Makefile b/Makefile index b7cc5b3..b86a4b5 100644 --- a/Makefile +++ b/Makefile @@ -4,3 +4,7 @@ prod: # execute this target on the production server in the nix-shell sed "s/change_me/$(shell shuf -i1-1000000 -n1)/g" .env.prod.orig > .env.prod sed "s|change_me|$(shell dd if=/dev/urandom bs=1024 count=1|base64)|g" .env.prod.orig > .env.prod docker-compose -f docker-compose.prod.yml up -d --build + +permissions: + chmod -f 660 db.sqlite3 + echo "make sure that db.sqlite3 is owned by group users" \ No newline at end of file diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 979aceb..5d0e9ed 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -5,8 +5,12 @@ services: dockerfile: Dockerfile.prod command: gunicorn franklincce.wsgi:application --bind 0.0.0.0:8000 volumes: - - static_volume:/home/app/web/staticfiles - - db_persist:/home/app/web/franklincce/db.sqlite3 + - type: volume + source: static_volume + target: /home/app/web/staticfiles + - type: bind + source: ./db.sqlite3 + target: /home/app/web/db.sqlite3 expose: - 8000 env_file: diff --git a/franklincce/Dockerfile.prod b/franklincce/Dockerfile.prod index dd0a321..d57f0fa 100644 --- a/franklincce/Dockerfile.prod +++ b/franklincce/Dockerfile.prod @@ -22,6 +22,7 @@ RUN mkdir -p /home/app # create the app user RUN addgroup --system app && adduser --system --group app +RUN usermod -a -G users app # create the appropriate directories ENV HOME=/home/app diff --git a/franklincce/entrypoint.prod.sh b/franklincce/entrypoint.prod.sh index 214eb4c..cb56b49 100755 --- a/franklincce/entrypoint.prod.sh +++ b/franklincce/entrypoint.prod.sh @@ -1,3 +1,6 @@ #!/bin/sh +python3 manage.py makemigrations +python3 manage.py migrate + exec "$@" diff --git a/nginx/nginx.conf b/nginx/nginx.conf index ec0b7c8..5a7b72f 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -10,6 +10,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; + client_max_body_size 100M; } location /static/ {